Ahoj, furt mi tu vyskakovali okna a kecala nějaká ženská... po spuštění ComboFIX už snad ok... zde prosím o kontrolu logu. Děkuji
ComboFix 10-05-02.01 - Crixus 02.05.2010 21:06:20.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.2046.1290 [GMT 2:00]
Spuštěný z: c:\users\Crixus\Desktop\ComboFix.exe
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Crixus\AppData\Roaming\Desktop Security 2010
c:\users\Crixus\AppData\Roaming\Desktop Security 2010\Desktop Security 2010.exe
c:\users\Crixus\AppData\Roaming\Desktop Security 2010\mfc71.dll
c:\users\Crixus\AppData\Roaming\Desktop Security 2010\MFC71ENU.DLL
c:\users\Crixus\AppData\Roaming\Desktop Security 2010\msvcp71.dll
c:\users\Crixus\AppData\Roaming\Desktop Security 2010\msvcr71.dll
c:\users\Crixus\AppData\Roaming\Desktop Security 2010\securitycenter.exe
c:\users\Crixus\AppData\Roaming\Desktop Security 2010\taskmgr.dll
c:\users\Crixus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Desktop Security 2010.lnk
c:\users\Crixus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010
c:\users\Crixus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010.lnk
c:\users\Crixus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010\Activate Desktop Security 2010.lnk
c:\users\Crixus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010\Desktop Security 2010.lnk
c:\users\Crixus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010\Help Desktop Security 2010.lnk
c:\users\Crixus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010\How to Activate Desktop Security 2010.lnk
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-02 do 2010-05-02 )))))))))))))))))))))))))))))))
.
2010-05-02 19:12 . 2010-05-02 19:13 -------- d-----w- c:\users\Crixus\AppData\Local\temp
2010-05-02 19:12 . 2010-05-02 19:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-02 19:06 . 2010-05-02 19:06 -------- d-----w- c:\users\Crixus\AppData\Local\ESET
2010-05-02 18:22 . 2010-05-02 18:23 -------- d-----w- c:\program files\ESET
2010-05-02 17:01 . 2009-11-25 19:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-05-02 17:01 . 2009-11-25 19:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-05-02 17:01 . 2009-11-25 19:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-05-02 17:01 . 2009-11-25 19:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-05-02 17:01 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-05-02 17:00 . 2010-05-02 17:00 -------- d-----w- c:\users\Crixus\AppData\Local\Deployment
2010-05-02 17:00 . 2010-05-02 17:00 -------- d-----w- c:\users\Crixus\AppData\Local\Apps
2010-05-02 15:12 . 2010-05-02 15:12 -------- d-----w- c:\users\Crixus\AppData\Roaming\HEXelon
2010-05-02 15:12 . 2010-05-02 15:18 -------- d-----w- c:\program files\TC UP
2010-05-02 13:54 . 2010-05-02 13:54 -------- d-----w- c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2010-05-02 13:53 . 2010-05-02 13:53 -------- d-----w- c:\users\Crixus\AppData\Roaming\InstallShield Installation Information
2010-05-02 13:53 . 2010-05-02 13:47 331776 ----a-w- c:\users\Crixus\AppData\Roaming\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\SetupUT3.exe
2010-05-02 13:53 . 2007-11-27 13:31 1998686 ------w- c:\users\Crixus\AppData\Roaming\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\ISSetup.dll
2010-04-29 08:20 . 2010-04-29 08:20 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-04-29 08:18 . 2010-04-29 08:18 -------- d-----w- c:\programdata\Blizzard
2010-04-28 15:56 . 2010-04-28 15:56 -------- d-----w- c:\programdata\BioWare
2010-04-28 15:43 . 2010-04-28 15:43 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2010-04-28 15:42 . 2010-04-28 15:42 -------- d-----w- c:\programdata\Media Center Programs
2010-04-28 14:24 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-04-28 11:43 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-28 11:43 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-28 11:43 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-25 18:55 . 2009-09-09 14:13 210352 ----a-w- c:\windows\system32\idmmbc.dll
2010-04-25 18:45 . 2010-04-25 18:45 -------- d-----w- c:\users\Crixus\AppData\Local\Google
2010-04-25 15:03 . 2010-04-25 15:03 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2010-04-25 14:49 . 2010-04-28 15:42 -------- d-----w- c:\program files\Common Files\BioWare
2010-04-24 17:30 . 2010-04-24 17:30 -------- d-----w- c:\program files\MSXML 4.0
2010-04-23 16:46 . 2010-04-23 16:47 -------- d-----w- c:\program files\Gene6 FTP Server
2010-04-23 15:53 . 1997-05-26 12:55 23040 ----a-w- c:\windows\system32\irisco32.dll
2010-04-23 15:53 . 2010-04-23 15:53 -------- d-----w- c:\program files\Readiris10
2010-04-23 15:53 . 2010-04-23 15:54 -------- d-----w- c:\program files\SmarThru 4
2010-04-23 15:53 . 2010-04-23 15:53 -------- d-----w- c:\temp\SmarThru_4
2010-04-23 15:42 . 2010-04-23 15:42 -------- d-----w- c:\users\Crixus\AppData\Roaming\Foxit
2010-04-23 15:42 . 2010-04-23 15:42 -------- d-----w- c:\program files\Foxit Software
2010-04-23 15:27 . 2010-04-23 15:27 -------- d-----w- c:\users\Crixus\AppData\Local\PSU
2010-04-23 15:27 . 2010-04-23 15:27 -------- d-----w- c:\users\Crixus\AppData\Local\S2PC
2010-04-23 15:26 . 2009-09-08 20:09 113768 ----a-w- c:\windows\Wiainst.exe
2010-04-23 15:26 . 2010-04-23 15:26 -------- d-----w- c:\temp\SCX-4600 Series_Scan_32bit
2010-04-23 15:26 . 2010-04-30 07:24 -------- d-----w- c:\program files\SamsungPrinterLiveUpdate
2010-04-23 15:26 . 2010-04-23 15:26 -------- d-----w- c:\windows\Samsung
2010-04-23 15:26 . 2009-09-08 20:09 482408 ----a-w- c:\windows\ssndii.exe
2010-04-23 15:26 . 2009-02-19 06:22 82432 ----a-w- c:\windows\system32\msxml4r.dll
2010-04-23 15:26 . 2009-02-19 06:22 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-04-23 15:26 . 2009-02-19 06:22 38160 ----a-w- c:\windows\system32\msxml2r.dll
2010-04-23 15:26 . 2009-02-19 06:22 21776 ----a-w- c:\windows\system32\msxml2a.dll
2010-04-23 15:26 . 2009-02-19 06:22 701440 ----a-w- c:\windows\system32\msxml2.dll
2010-04-23 15:25 . 2010-04-23 15:26 -------- d-----w- c:\temp\SCX-4600Series_SP
2010-04-23 15:25 . 2009-02-19 04:41 19968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\sso1mpc.dll
2010-04-23 15:25 . 2009-02-19 04:44 26624 ----a-w- c:\windows\system32\sso1ml3.dll
2010-04-23 15:25 . 2009-02-19 04:37 151552 ----a-w- c:\windows\system32\sso1mci.exe
2010-04-23 15:25 . 2009-02-19 04:36 65536 ----a-w- c:\windows\system32\sso1mci.dll
2010-04-23 15:25 . 2010-04-23 15:25 -------- d-----w- c:\program files\Samsung
2010-04-23 15:23 . 2009-02-20 01:09 5120 ------w- c:\windows\system32\drivers\SSPORT.SYS
2010-04-23 15:23 . 2010-04-23 15:53 -------- d-----w- C:\Temp
2010-04-23 15:23 . 2010-04-23 15:23 -------- d-----w- c:\temp\SCX-4600 Series_Print_32bit
2010-04-20 12:08 . 2010-04-20 12:08 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-20 12:08 . 2010-04-20 12:08 22328 ----a-w- c:\users\Crixus\AppData\Roaming\PnkBstrK.sys
2010-04-20 12:07 . 2010-04-20 12:07 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-20 12:07 . 2010-04-20 12:07 669184 ----a-w- c:\windows\system32\pbsvc.exe
2010-04-20 12:07 . 2010-04-20 12:07 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-04-20 11:12 . 2010-04-20 11:12 -------- d-----w- c:\program files\SystemRequirementsLab
2010-04-20 11:12 . 2010-04-20 11:12 -------- d-----w- c:\users\Crixus\SystemRequirementsLab
2010-04-20 09:56 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-04-20 09:56 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-04-20 09:55 . 2010-04-20 09:55 -------- d-----w- c:\program files\Microsoft Works
2010-04-20 09:54 . 2010-05-02 17:02 -------- d-----w- c:\program files\Microsoft.NET
2010-04-20 09:54 . 2010-04-20 09:54 -------- d-----w- c:\windows\PCHEALTH
2010-04-20 09:53 . 2010-04-20 09:53 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-04-20 09:52 . 2010-04-20 10:01 -------- d-----w- c:\users\Crixus\AppData\Roaming\Dev-Cpp
2010-04-20 09:52 . 2010-04-20 09:52 -------- d-----w- c:\users\Crixus\AppData\Local\Microsoft Help
2010-04-20 09:52 . 2010-04-20 09:56 -------- d-----w- c:\programdata\Microsoft Help
2010-04-20 09:51 . 2010-04-20 09:51 -------- d-----r- C:\MSOCache
2010-04-20 09:48 . 2010-04-20 10:00 -------- d-----w- c:\program files\Dev-Cpp
2010-04-18 18:25 . 2010-05-02 14:07 -------- d-----w- c:\users\Crixus\AppData\Roaming\skypePM
2010-04-18 18:25 . 2010-04-18 18:25 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-18 18:24 . 2010-05-02 17:24 -------- d-----w- c:\users\Crixus\AppData\Roaming\Skype
2010-04-18 18:24 . 2010-04-19 12:09 -------- d-----r- c:\program files\Skype
2010-04-18 18:24 . 2010-04-18 18:24 -------- d-----w- c:\program files\Common Files\Skype
2010-04-18 18:24 . 2010-04-18 18:24 -------- d-----w- c:\programdata\Skype
2010-04-15 14:23 . 2010-04-15 14:23 -------- d-----w- c:\windows\Sun
2010-04-15 14:23 . 2010-04-15 14:23 -------- d-----w- c:\program files\Common Files\Java
2010-04-15 14:22 . 2010-04-15 14:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-15 14:22 . 2010-05-02 18:21 -------- d-----w- c:\program files\Java
2010-04-14 18:54 . 2010-04-23 15:20 -------- d-----w- c:\users\Crixus\AppData\Roaming\dvdcss
2010-04-14 15:48 . 2010-04-14 15:48 198064 ----a-w- c:\users\Crixus\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2010-04-14 15:48 . 2010-05-02 18:26 -------- d-----w- c:\users\Crixus\AppData\Roaming\DMCache
2010-04-14 15:48 . 2010-04-14 15:48 -------- d-----w- c:\users\Crixus\AppData\Roaming\IDM
2010-04-14 15:48 . 2010-04-14 15:48 -------- d-----w- c:\program files\Internet Download Manager
2010-04-14 14:54 . 2010-04-14 14:54 -------- d-----w- c:\program files\MadOnion.com
2010-04-14 14:44 . 2010-04-14 14:44 10134 ----a-r- c:\users\Crixus\AppData\Roaming\Microsoft\Installer\{535C4DFA-1838-0587-23D4-1D2B4354BF50}\ARPPRODUCTICON.exe
2010-04-14 11:50 . 2010-04-14 11:50 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-04-14 11:49 . 2010-04-23 16:04 -------- d-----w- c:\users\Crixus\AppData\Roaming\gtk-2.0
2010-04-14 11:49 . 2010-04-14 11:49 -------- d-----w- c:\users\Crixus\.thumbnails
2010-04-14 11:46 . 2010-04-28 15:18 -------- d-----w- c:\users\Crixus\.gimp-2.6
2010-04-14 11:46 . 2010-04-14 11:46 -------- d-----w- c:\program files\GIMP-2.0
2010-04-14 10:44 . 2010-04-14 10:51 -------- d-----w- C:\Root
2010-04-14 10:42 . 2010-04-14 10:42 -------- d-sh--w- c:\windows\ftpcache
2010-04-14 08:30 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 08:30 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 08:30 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 08:30 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 08:30 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 08:30 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 08:30 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 08:30 . 2010-04-14 08:30 -------- d-----w- c:\program files\ASUS
2010-04-13 16:01 . 2010-04-13 16:01 -------- d-----w- c:\program files\RocketDock
2010-04-13 15:53 . 2010-04-13 15:53 -------- d-----w- c:\program files\Ask.com
2010-04-13 15:36 . 2010-04-13 15:36 -------- d-----w- c:\users\Crixus\AppData\Local\4A Games
2010-04-13 15:35 . 2010-04-13 15:35 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-13 15:34 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-04-13 15:34 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-04-13 15:34 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-04-13 15:34 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-04-13 14:50 . 2010-04-13 14:50 -------- d-----w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2010-04-13 14:46 . 2010-04-13 14:46 -------- d-----w- c:\program files\Lavalys
2010-04-13 10:51 . 2010-04-14 11:30 -------- d-----w- C:\Fraps
2010-04-13 08:09 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-04-13 08:08 . 2010-04-13 08:08 -------- d-----w- c:\users\Crixus\AppData\Roaming\Trillian
2010-04-13 08:08 . 2010-05-02 17:24 -------- d-----w- c:\program files\Trillian
2010-04-13 08:07 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-12 18:46 . 2010-04-12 18:46 -------- d-----w- c:\windows\system32\Macromed
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-02 19:10 . 2009-07-14 08:44 634308 ----a-w- c:\windows\system32\perfh005.dat
2010-05-02 19:10 . 2009-07-14 08:44 122898 ----a-w- c:\windows\system32\perfc005.dat
2010-04-23 15:54 . 2010-04-23 15:54 -------- d-----w- c:\program files\Common Files\SRC Shared
2010-04-20 09:55 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-04-14 14:54 . 2010-04-14 08:29 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-14 08:29 . 2010-04-14 08:29 14336 ----a-w- c:\windows\system32\drivers\EIO.sys
2010-04-12 15:13 . 2010-04-12 15:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-04-12 15:12 . 2010-04-12 15:12 -------- d-sh--we c:\programdata\Plocha
2010-04-12 15:12 . 2010-04-12 15:12 -------- d-sh--we c:\programdata\Oblíbené položky
2010-04-12 15:12 . 2010-04-12 15:12 -------- d-sh--we c:\programdata\Šablony
2010-04-12 15:12 . 2010-04-12 15:12 -------- d-sh--we c:\programdata\Nabídka Start
2010-04-12 15:12 . 2010-04-12 15:12 -------- d-sh--we c:\programdata\Dokumenty
2010-04-12 15:12 . 2010-04-12 15:12 -------- d-sh--we c:\programdata\Data aplikací
2010-03-29 06:15 . 2010-03-29 06:15 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-03-18 11:16 . 2010-03-18 11:16 771424 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2010-03-04 11:42 . 2010-03-04 11:42 277536 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2010-02-23 07:56 . 2010-04-13 08:01 977920 ----a-w- c:\windows\system32\wininet.dll
2010-02-03 10:24 . 2010-02-03 10:24 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
2010-02-02 07:45 . 2010-04-13 08:00 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 15:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2010-04-13 495616]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-01-29 3179952]
"G6FTP Server Tray Monitor"="c:\program files\Gene6 FTP Server\G6FTPTray.exe" [2006-01-26 77312]
"Google Update"="c:\users\Crixus\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-04-25 136176]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"EVEREST AutoStart"="c:\program files\Lavalys\EVEREST Ultimate Edition\everest.exe" [2008-03-16 2083424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-08-15 614400]
"4600 Scan2PC"="c:\windows\twain_32\Samsung\SCX4600\Scan2Pc.exe" [2009-09-11 1968640]
"PluginDialog"="c:\program files\tc up\plugins\media\artweaver\pluginplugindll0.5.7.exe" [2010-05-02 153600]
"configconfig"="c:\program files\tc up\plugins\wfx\motop2k\configplugin.exe" [2010-05-02 153600]
"Microsofttipresx"="c:\program files\common files\microsoft shared\ink\zh-cn\microsoftsystem.exe" [2010-05-02 153600]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Aktualizovat ESET licenci.lnk - c:\program files\ESET\MiNODLogin\MiNODLogin.exe [2009-12-10 125952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
R3 cpuz130;cpuz130;c:\users\Crixus\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;w:\dragon age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2008-03-16 23152]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-04-12 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 VD_FileDisk;VD_FileDisk; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-25 172032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-11-16 38240]
S2 G6FTPServer;Gene6 FTP Server;c:\program files\Gene6 FTP Server\G6FTPSERVER.EXE [2010-04-23 816640]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-02-20 5120]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
.
Obsah adresáře 'Naplánované úlohy'
2010-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1361383651-616283033-1772872940-1000Core.job
- c:\users\Crixus\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-25 18:45]
2010-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1361383651-616283033-1772872940-1000UA.job
- c:\users\Crixus\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-25 18:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.facebook.com/
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\idmmbc.dll
FF - ProfilePath - c:\users\Crixus\AppData\Roaming\Mozilla\Firefox\Profiles\r5cxzdhh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - component: c:\users\Crixus\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\users\Crixus\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-SecurityCenter - c:\users\Crixus\AppData\Roaming\Desktop Security 2010\securitycenter.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85838EE4]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xe5726854
SecurityProcedure -> 0x1
QueryNameProcedure -> 0x89805e1e
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1361383651-616283033-1772872940-1000\Software\SecuROM\License information*]
"datasecu"=hex:70,4e,38,55,e3,91,ec,f4,04,0d,02,b1,d8,e8,de,13,9e,31,6b,4c,59,
ed,77,3b,e5,a0,58,ce,71,b1,fe,5e,0d,aa,f9,59,05,1f,1e,52,3a,e8,a5,15,ca,4a,\
"rkeysecu"=hex:17,d8,fc,4a,60,91,53,fc,65,6f,30,3d,5a,a5,8d,6e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-05-02 21:15:36
ComboFix-quarantined-files.txt 2010-05-02 19:15
Před spuštěním: Volných bajtů: 21 119 578 112
Po spuštění: Volných bajtů: 21 420 126 208
- - End Of File - - 688F46C4A748AA8112BD002B7BD76F51
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
další s Desktop Security 2010
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119405
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: další s Desktop Security 2010
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Folder::
c:\program files\Ask.com
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?