další s Desktop Security 2010
Napsal: 02 kvě 2010 20:23
Ahoj, furt mi tu vyskakovali okna a kecala nějaká ženská... po spuštění ComboFIX už snad ok... zde prosím o kontrolu logu. Děkuji
ComboFix 10-05-02.01 - Crixus 02.05.2010 21:06:20.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.2046.1290 [GMT 2:00]
Spuštěný z: c:\users\Crixus\Desktop\ComboFix.exe
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Crixus\AppData\Roaming\Desktop Security 2010
c:\users\Crixus\AppData\Roaming\Desktop Security 2010\Desktop Security 2010.exe
c:\users\Crixus\AppData\Roaming\Desktop Security 2010\mfc71.dll
c:\users\Crixus\AppData\Roaming\Desktop Security 2010\MFC71ENU.DLL
c:\users\Crixus\AppData\Roaming\Desktop Security 2010\msvcp71.dll
c:\users\Crixus\AppData\Roaming\Desktop Security 2010\msvcr71.dll
c:\users\Crixus\AppData\Roaming\Desktop Security 2010\securitycenter.exe
c:\users\Crixus\AppData\Roaming\Desktop Security 2010\taskmgr.dll
c:\users\Crixus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Desktop Security 2010.lnk
c:\users\Crixus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010
c:\users\Crixus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010.lnk
c:\users\Crixus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010\Activate Desktop Security 2010.lnk
c:\users\Crixus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010\Desktop Security 2010.lnk
c:\users\Crixus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010\Help Desktop Security 2010.lnk
c:\users\Crixus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010\How to Activate Desktop Security 2010.lnk
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-02 do 2010-05-02 )))))))))))))))))))))))))))))))
.
2010-05-02 19:12 . 2010-05-02 19:13 -------- d-----w- c:\users\Crixus\AppData\Local\temp
2010-05-02 19:12 . 2010-05-02 19:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-02 19:06 . 2010-05-02 19:06 -------- d-----w- c:\users\Crixus\AppData\Local\ESET
2010-05-02 18:22 . 2010-05-02 18:23 -------- d-----w- c:\program files\ESET
2010-05-02 17:01 . 2009-11-25 19:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-05-02 17:01 . 2009-11-25 19:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-05-02 17:01 . 2009-11-25 19:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-05-02 17:01 . 2009-11-25 19:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-05-02 17:01 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-05-02 17:00 . 2010-05-02 17:00 -------- d-----w- c:\users\Crixus\AppData\Local\Deployment
2010-05-02 17:00 . 2010-05-02 17:00 -------- d-----w- c:\users\Crixus\AppData\Local\Apps
2010-05-02 15:12 . 2010-05-02 15:12 -------- d-----w- c:\users\Crixus\AppData\Roaming\HEXelon
2010-05-02 15:12 . 2010-05-02 15:18 -------- d-----w- c:\program files\TC UP
2010-05-02 13:54 . 2010-05-02 13:54 -------- d-----w- c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2010-05-02 13:53 . 2010-05-02 13:53 -------- d-----w- c:\users\Crixus\AppData\Roaming\InstallShield Installation Information
2010-05-02 13:53 . 2010-05-02 13:47 331776 ----a-w- c:\users\Crixus\AppData\Roaming\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\SetupUT3.exe
2010-05-02 13:53 . 2007-11-27 13:31 1998686 ------w- c:\users\Crixus\AppData\Roaming\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\ISSetup.dll
2010-04-29 08:20 . 2010-04-29 08:20 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-04-29 08:18 . 2010-04-29 08:18 -------- d-----w- c:\programdata\Blizzard
2010-04-28 15:56 . 2010-04-28 15:56 -------- d-----w- c:\programdata\BioWare
2010-04-28 15:43 . 2010-04-28 15:43 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2010-04-28 15:42 . 2010-04-28 15:42 -------- d-----w- c:\programdata\Media Center Programs
2010-04-28 14:24 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-04-28 11:43 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-28 11:43 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-28 11:43 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-25 18:55 . 2009-09-09 14:13 210352 ----a-w- c:\windows\system32\idmmbc.dll
2010-04-25 18:45 . 2010-04-25 18:45 -------- d-----w- c:\users\Crixus\AppData\Local\Google
2010-04-25 15:03 . 2010-04-25 15:03 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2010-04-25 14:49 . 2010-04-28 15:42 -------- d-----w- c:\program files\Common Files\BioWare
2010-04-24 17:30 . 2010-04-24 17:30 -------- d-----w- c:\program files\MSXML 4.0
2010-04-23 16:46 . 2010-04-23 16:47 -------- d-----w- c:\program files\Gene6 FTP Server
2010-04-23 15:53 . 1997-05-26 12:55 23040 ----a-w- c:\windows\system32\irisco32.dll
2010-04-23 15:53 . 2010-04-23 15:53 -------- d-----w- c:\program files\Readiris10
2010-04-23 15:53 . 2010-04-23 15:54 -------- d-----w- c:\program files\SmarThru 4
2010-04-23 15:53 . 2010-04-23 15:53 -------- d-----w- c:\temp\SmarThru_4
2010-04-23 15:42 . 2010-04-23 15:42 -------- d-----w- c:\users\Crixus\AppData\Roaming\Foxit
2010-04-23 15:42 . 2010-04-23 15:42 -------- d-----w- c:\program files\Foxit Software
2010-04-23 15:27 . 2010-04-23 15:27 -------- d-----w- c:\users\Crixus\AppData\Local\PSU
2010-04-23 15:27 . 2010-04-23 15:27 -------- d-----w- c:\users\Crixus\AppData\Local\S2PC
2010-04-23 15:26 . 2009-09-08 20:09 113768 ----a-w- c:\windows\Wiainst.exe
2010-04-23 15:26 . 2010-04-23 15:26 -------- d-----w- c:\temp\SCX-4600 Series_Scan_32bit
2010-04-23 15:26 . 2010-04-30 07:24 -------- d-----w- c:\program files\SamsungPrinterLiveUpdate
2010-04-23 15:26 . 2010-04-23 15:26 -------- d-----w- c:\windows\Samsung
2010-04-23 15:26 . 2009-09-08 20:09 482408 ----a-w- c:\windows\ssndii.exe
2010-04-23 15:26 . 2009-02-19 06:22 82432 ----a-w- c:\windows\system32\msxml4r.dll
2010-04-23 15:26 . 2009-02-19 06:22 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-04-23 15:26 . 2009-02-19 06:22 38160 ----a-w- c:\windows\system32\msxml2r.dll
2010-04-23 15:26 . 2009-02-19 06:22 21776 ----a-w- c:\windows\system32\msxml2a.dll
2010-04-23 15:26 . 2009-02-19 06:22 701440 ----a-w- c:\windows\system32\msxml2.dll
2010-04-23 15:25 . 2010-04-23 15:26 -------- d-----w- c:\temp\SCX-4600Series_SP
2010-04-23 15:25 . 2009-02-19 04:41 19968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\sso1mpc.dll
2010-04-23 15:25 . 2009-02-19 04:44 26624 ----a-w- c:\windows\system32\sso1ml3.dll
2010-04-23 15:25 . 2009-02-19 04:37 151552 ----a-w- c:\windows\system32\sso1mci.exe
2010-04-23 15:25 . 2009-02-19 04:36 65536 ----a-w- c:\windows\system32\sso1mci.dll
2010-04-23 15:25 . 2010-04-23 15:25 -------- d-----w- c:\program files\Samsung
2010-04-23 15:23 . 2009-02-20 01:09 5120 ------w- c:\windows\system32\drivers\SSPORT.SYS
2010-04-23 15:23 . 2010-04-23 15:53 -------- d-----w- C:\Temp
2010-04-23 15:23 . 2010-04-23 15:23 -------- d-----w- c:\temp\SCX-4600 Series_Print_32bit
2010-04-20 12:08 . 2010-04-20 12:08 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-20 12:08 . 2010-04-20 12:08 22328 ----a-w- c:\users\Crixus\AppData\Roaming\PnkBstrK.sys
2010-04-20 12:07 . 2010-04-20 12:07 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-20 12:07 . 2010-04-20 12:07 669184 ----a-w- c:\windows\system32\pbsvc.exe
2010-04-20 12:07 . 2010-04-20 12:07 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-04-20 11:12 . 2010-04-20 11:12 -------- d-----w- c:\program files\SystemRequirementsLab
2010-04-20 11:12 . 2010-04-20 11:12 -------- d-----w- c:\users\Crixus\SystemRequirementsLab
2010-04-20 09:56 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-04-20 09:56 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-04-20 09:55 . 2010-04-20 09:55 -------- d-----w- c:\program files\Microsoft Works
2010-04-20 09:54 . 2010-05-02 17:02 -------- d-----w- c:\program files\Microsoft.NET
2010-04-20 09:54 . 2010-04-20 09:54 -------- d-----w- c:\windows\PCHEALTH
2010-04-20 09:53 . 2010-04-20 09:53 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-04-20 09:52 . 2010-04-20 10:01 -------- d-----w- c:\users\Crixus\AppData\Roaming\Dev-Cpp
2010-04-20 09:52 . 2010-04-20 09:52 -------- d-----w- c:\users\Crixus\AppData\Local\Microsoft Help
2010-04-20 09:52 . 2010-04-20 09:56 -------- d-----w- c:\programdata\Microsoft Help
2010-04-20 09:51 . 2010-04-20 09:51 -------- d-----r- C:\MSOCache
2010-04-20 09:48 . 2010-04-20 10:00 -------- d-----w- c:\program files\Dev-Cpp
2010-04-18 18:25 . 2010-05-02 14:07 -------- d-----w- c:\users\Crixus\AppData\Roaming\skypePM
2010-04-18 18:25 . 2010-04-18 18:25 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-18 18:24 . 2010-05-02 17:24 -------- d-----w- c:\users\Crixus\AppData\Roaming\Skype
2010-04-18 18:24 . 2010-04-19 12:09 -------- d-----r- c:\program files\Skype
2010-04-18 18:24 . 2010-04-18 18:24 -------- d-----w- c:\program files\Common Files\Skype
2010-04-18 18:24 . 2010-04-18 18:24 -------- d-----w- c:\programdata\Skype
2010-04-15 14:23 . 2010-04-15 14:23 -------- d-----w- c:\windows\Sun
2010-04-15 14:23 . 2010-04-15 14:23 -------- d-----w- c:\program files\Common Files\Java
2010-04-15 14:22 . 2010-04-15 14:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-15 14:22 . 2010-05-02 18:21 -------- d-----w- c:\program files\Java
2010-04-14 18:54 . 2010-04-23 15:20 -------- d-----w- c:\users\Crixus\AppData\Roaming\dvdcss
2010-04-14 15:48 . 2010-04-14 15:48 198064 ----a-w- c:\users\Crixus\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2010-04-14 15:48 . 2010-05-02 18:26 -------- d-----w- c:\users\Crixus\AppData\Roaming\DMCache
2010-04-14 15:48 . 2010-04-14 15:48 -------- d-----w- c:\users\Crixus\AppData\Roaming\IDM
2010-04-14 15:48 . 2010-04-14 15:48 -------- d-----w- c:\program files\Internet Download Manager
2010-04-14 14:54 . 2010-04-14 14:54 -------- d-----w- c:\program files\MadOnion.com
2010-04-14 14:44 . 2010-04-14 14:44 10134 ----a-r- c:\users\Crixus\AppData\Roaming\Microsoft\Installer\{535C4DFA-1838-0587-23D4-1D2B4354BF50}\ARPPRODUCTICON.exe
2010-04-14 11:50 . 2010-04-14 11:50 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-04-14 11:49 . 2010-04-23 16:04 -------- d-----w- c:\users\Crixus\AppData\Roaming\gtk-2.0
2010-04-14 11:49 . 2010-04-14 11:49 -------- d-----w- c:\users\Crixus\.thumbnails
2010-04-14 11:46 . 2010-04-28 15:18 -------- d-----w- c:\users\Crixus\.gimp-2.6
2010-04-14 11:46 . 2010-04-14 11:46 -------- d-----w- c:\program files\GIMP-2.0
2010-04-14 10:44 . 2010-04-14 10:51 -------- d-----w- C:\Root
2010-04-14 10:42 . 2010-04-14 10:42 -------- d-sh--w- c:\windows\ftpcache
2010-04-14 08:30 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 08:30 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 08:30 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 08:30 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 08:30 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 08:30 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 08:30 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 08:30 . 2010-04-14 08:30 -------- d-----w- c:\program files\ASUS
2010-04-13 16:01 . 2010-04-13 16:01 -------- d-----w- c:\program files\RocketDock
2010-04-13 15:53 . 2010-04-13 15:53 -------- d-----w- c:\program files\Ask.com
2010-04-13 15:36 . 2010-04-13 15:36 -------- d-----w- c:\users\Crixus\AppData\Local\4A Games
2010-04-13 15:35 . 2010-04-13 15:35 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-13 15:34 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-04-13 15:34 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-04-13 15:34 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-04-13 15:34 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-04-13 14:50 . 2010-04-13 14:50 -------- d-----w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2010-04-13 14:46 . 2010-04-13 14:46 -------- d-----w- c:\program files\Lavalys
2010-04-13 10:51 . 2010-04-14 11:30 -------- d-----w- C:\Fraps
2010-04-13 08:09 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-04-13 08:08 . 2010-04-13 08:08 -------- d-----w- c:\users\Crixus\AppData\Roaming\Trillian
2010-04-13 08:08 . 2010-05-02 17:24 -------- d-----w- c:\program files\Trillian
2010-04-13 08:07 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-12 18:46 . 2010-04-12 18:46 -------- d-----w- c:\windows\system32\Macromed
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-02 19:10 . 2009-07-14 08:44 634308 ----a-w- c:\windows\system32\perfh005.dat
2010-05-02 19:10 . 2009-07-14 08:44 122898 ----a-w- c:\windows\system32\perfc005.dat
2010-04-23 15:54 . 2010-04-23 15:54 -------- d-----w- c:\program files\Common Files\SRC Shared
2010-04-20 09:55 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-04-14 14:54 . 2010-04-14 08:29 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-14 08:29 . 2010-04-14 08:29 14336 ----a-w- c:\windows\system32\drivers\EIO.sys
2010-04-12 15:13 . 2010-04-12 15:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-04-12 15:12 . 2010-04-12 15:12 -------- d-sh--we c:\programdata\Plocha
2010-04-12 15:12 . 2010-04-12 15:12 -------- d-sh--we c:\programdata\Oblíbené položky
2010-04-12 15:12 . 2010-04-12 15:12 -------- d-sh--we c:\programdata\Šablony
2010-04-12 15:12 . 2010-04-12 15:12 -------- d-sh--we c:\programdata\Nabídka Start
2010-04-12 15:12 . 2010-04-12 15:12 -------- d-sh--we c:\programdata\Dokumenty
2010-04-12 15:12 . 2010-04-12 15:12 -------- d-sh--we c:\programdata\Data aplikací
2010-03-29 06:15 . 2010-03-29 06:15 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-03-18 11:16 . 2010-03-18 11:16 771424 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2010-03-04 11:42 . 2010-03-04 11:42 277536 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2010-02-23 07:56 . 2010-04-13 08:01 977920 ----a-w- c:\windows\system32\wininet.dll
2010-02-03 10:24 . 2010-02-03 10:24 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
2010-02-02 07:45 . 2010-04-13 08:00 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 15:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2010-04-13 495616]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-01-29 3179952]
"G6FTP Server Tray Monitor"="c:\program files\Gene6 FTP Server\G6FTPTray.exe" [2006-01-26 77312]
"Google Update"="c:\users\Crixus\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-04-25 136176]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"EVEREST AutoStart"="c:\program files\Lavalys\EVEREST Ultimate Edition\everest.exe" [2008-03-16 2083424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-08-15 614400]
"4600 Scan2PC"="c:\windows\twain_32\Samsung\SCX4600\Scan2Pc.exe" [2009-09-11 1968640]
"PluginDialog"="c:\program files\tc up\plugins\media\artweaver\pluginplugindll0.5.7.exe" [2010-05-02 153600]
"configconfig"="c:\program files\tc up\plugins\wfx\motop2k\configplugin.exe" [2010-05-02 153600]
"Microsofttipresx"="c:\program files\common files\microsoft shared\ink\zh-cn\microsoftsystem.exe" [2010-05-02 153600]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Aktualizovat ESET licenci.lnk - c:\program files\ESET\MiNODLogin\MiNODLogin.exe [2009-12-10 125952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
R3 cpuz130;cpuz130;c:\users\Crixus\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;w:\dragon age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2008-03-16 23152]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-04-12 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 VD_FileDisk;VD_FileDisk; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-25 172032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-11-16 38240]
S2 G6FTPServer;Gene6 FTP Server;c:\program files\Gene6 FTP Server\G6FTPSERVER.EXE [2010-04-23 816640]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-02-20 5120]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
.
Obsah adresáře 'Naplánované úlohy'
2010-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1361383651-616283033-1772872940-1000Core.job
- c:\users\Crixus\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-25 18:45]
2010-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1361383651-616283033-1772872940-1000UA.job
- c:\users\Crixus\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-25 18:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.facebook.com/
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\idmmbc.dll
FF - ProfilePath - c:\users\Crixus\AppData\Roaming\Mozilla\Firefox\Profiles\r5cxzdhh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - component: c:\users\Crixus\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\users\Crixus\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-SecurityCenter - c:\users\Crixus\AppData\Roaming\Desktop Security 2010\securitycenter.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85838EE4]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xe5726854
SecurityProcedure -> 0x1
QueryNameProcedure -> 0x89805e1e
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1361383651-616283033-1772872940-1000\Software\SecuROM\License information*]
"datasecu"=hex:70,4e,38,55,e3,91,ec,f4,04,0d,02,b1,d8,e8,de,13,9e,31,6b,4c,59,
ed,77,3b,e5,a0,58,ce,71,b1,fe,5e,0d,aa,f9,59,05,1f,1e,52,3a,e8,a5,15,ca,4a,\
"rkeysecu"=hex:17,d8,fc,4a,60,91,53,fc,65,6f,30,3d,5a,a5,8d,6e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-05-02 21:15:36
ComboFix-quarantined-files.txt 2010-05-02 19:15
Před spuštěním: Volných bajtů: 21 119 578 112
Po spuštění: Volných bajtů: 21 420 126 208
- - End Of File - - 688F46C4A748AA8112BD002B7BD76F51
ComboFix 10-05-02.01 - Crixus 02.05.2010 21:06:20.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.2046.1290 [GMT 2:00]
Spuštěný z: c:\users\Crixus\Desktop\ComboFix.exe
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Crixus\AppData\Roaming\Desktop Security 2010
c:\users\Crixus\AppData\Roaming\Desktop Security 2010\Desktop Security 2010.exe
c:\users\Crixus\AppData\Roaming\Desktop Security 2010\mfc71.dll
c:\users\Crixus\AppData\Roaming\Desktop Security 2010\MFC71ENU.DLL
c:\users\Crixus\AppData\Roaming\Desktop Security 2010\msvcp71.dll
c:\users\Crixus\AppData\Roaming\Desktop Security 2010\msvcr71.dll
c:\users\Crixus\AppData\Roaming\Desktop Security 2010\securitycenter.exe
c:\users\Crixus\AppData\Roaming\Desktop Security 2010\taskmgr.dll
c:\users\Crixus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Desktop Security 2010.lnk
c:\users\Crixus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010
c:\users\Crixus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010.lnk
c:\users\Crixus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010\Activate Desktop Security 2010.lnk
c:\users\Crixus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010\Desktop Security 2010.lnk
c:\users\Crixus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010\Help Desktop Security 2010.lnk
c:\users\Crixus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Security 2010\How to Activate Desktop Security 2010.lnk
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-02 do 2010-05-02 )))))))))))))))))))))))))))))))
.
2010-05-02 19:12 . 2010-05-02 19:13 -------- d-----w- c:\users\Crixus\AppData\Local\temp
2010-05-02 19:12 . 2010-05-02 19:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-02 19:06 . 2010-05-02 19:06 -------- d-----w- c:\users\Crixus\AppData\Local\ESET
2010-05-02 18:22 . 2010-05-02 18:23 -------- d-----w- c:\program files\ESET
2010-05-02 17:01 . 2009-11-25 19:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-05-02 17:01 . 2009-11-25 19:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-05-02 17:01 . 2009-11-25 19:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-05-02 17:01 . 2009-11-25 19:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-05-02 17:01 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-05-02 17:00 . 2010-05-02 17:00 -------- d-----w- c:\users\Crixus\AppData\Local\Deployment
2010-05-02 17:00 . 2010-05-02 17:00 -------- d-----w- c:\users\Crixus\AppData\Local\Apps
2010-05-02 15:12 . 2010-05-02 15:12 -------- d-----w- c:\users\Crixus\AppData\Roaming\HEXelon
2010-05-02 15:12 . 2010-05-02 15:18 -------- d-----w- c:\program files\TC UP
2010-05-02 13:54 . 2010-05-02 13:54 -------- d-----w- c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2010-05-02 13:53 . 2010-05-02 13:53 -------- d-----w- c:\users\Crixus\AppData\Roaming\InstallShield Installation Information
2010-05-02 13:53 . 2010-05-02 13:47 331776 ----a-w- c:\users\Crixus\AppData\Roaming\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\SetupUT3.exe
2010-05-02 13:53 . 2007-11-27 13:31 1998686 ------w- c:\users\Crixus\AppData\Roaming\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\ISSetup.dll
2010-04-29 08:20 . 2010-04-29 08:20 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-04-29 08:18 . 2010-04-29 08:18 -------- d-----w- c:\programdata\Blizzard
2010-04-28 15:56 . 2010-04-28 15:56 -------- d-----w- c:\programdata\BioWare
2010-04-28 15:43 . 2010-04-28 15:43 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2010-04-28 15:42 . 2010-04-28 15:42 -------- d-----w- c:\programdata\Media Center Programs
2010-04-28 14:24 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-04-28 11:43 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-28 11:43 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-28 11:43 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-25 18:55 . 2009-09-09 14:13 210352 ----a-w- c:\windows\system32\idmmbc.dll
2010-04-25 18:45 . 2010-04-25 18:45 -------- d-----w- c:\users\Crixus\AppData\Local\Google
2010-04-25 15:03 . 2010-04-25 15:03 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2010-04-25 14:49 . 2010-04-28 15:42 -------- d-----w- c:\program files\Common Files\BioWare
2010-04-24 17:30 . 2010-04-24 17:30 -------- d-----w- c:\program files\MSXML 4.0
2010-04-23 16:46 . 2010-04-23 16:47 -------- d-----w- c:\program files\Gene6 FTP Server
2010-04-23 15:53 . 1997-05-26 12:55 23040 ----a-w- c:\windows\system32\irisco32.dll
2010-04-23 15:53 . 2010-04-23 15:53 -------- d-----w- c:\program files\Readiris10
2010-04-23 15:53 . 2010-04-23 15:54 -------- d-----w- c:\program files\SmarThru 4
2010-04-23 15:53 . 2010-04-23 15:53 -------- d-----w- c:\temp\SmarThru_4
2010-04-23 15:42 . 2010-04-23 15:42 -------- d-----w- c:\users\Crixus\AppData\Roaming\Foxit
2010-04-23 15:42 . 2010-04-23 15:42 -------- d-----w- c:\program files\Foxit Software
2010-04-23 15:27 . 2010-04-23 15:27 -------- d-----w- c:\users\Crixus\AppData\Local\PSU
2010-04-23 15:27 . 2010-04-23 15:27 -------- d-----w- c:\users\Crixus\AppData\Local\S2PC
2010-04-23 15:26 . 2009-09-08 20:09 113768 ----a-w- c:\windows\Wiainst.exe
2010-04-23 15:26 . 2010-04-23 15:26 -------- d-----w- c:\temp\SCX-4600 Series_Scan_32bit
2010-04-23 15:26 . 2010-04-30 07:24 -------- d-----w- c:\program files\SamsungPrinterLiveUpdate
2010-04-23 15:26 . 2010-04-23 15:26 -------- d-----w- c:\windows\Samsung
2010-04-23 15:26 . 2009-09-08 20:09 482408 ----a-w- c:\windows\ssndii.exe
2010-04-23 15:26 . 2009-02-19 06:22 82432 ----a-w- c:\windows\system32\msxml4r.dll
2010-04-23 15:26 . 2009-02-19 06:22 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-04-23 15:26 . 2009-02-19 06:22 38160 ----a-w- c:\windows\system32\msxml2r.dll
2010-04-23 15:26 . 2009-02-19 06:22 21776 ----a-w- c:\windows\system32\msxml2a.dll
2010-04-23 15:26 . 2009-02-19 06:22 701440 ----a-w- c:\windows\system32\msxml2.dll
2010-04-23 15:25 . 2010-04-23 15:26 -------- d-----w- c:\temp\SCX-4600Series_SP
2010-04-23 15:25 . 2009-02-19 04:41 19968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\sso1mpc.dll
2010-04-23 15:25 . 2009-02-19 04:44 26624 ----a-w- c:\windows\system32\sso1ml3.dll
2010-04-23 15:25 . 2009-02-19 04:37 151552 ----a-w- c:\windows\system32\sso1mci.exe
2010-04-23 15:25 . 2009-02-19 04:36 65536 ----a-w- c:\windows\system32\sso1mci.dll
2010-04-23 15:25 . 2010-04-23 15:25 -------- d-----w- c:\program files\Samsung
2010-04-23 15:23 . 2009-02-20 01:09 5120 ------w- c:\windows\system32\drivers\SSPORT.SYS
2010-04-23 15:23 . 2010-04-23 15:53 -------- d-----w- C:\Temp
2010-04-23 15:23 . 2010-04-23 15:23 -------- d-----w- c:\temp\SCX-4600 Series_Print_32bit
2010-04-20 12:08 . 2010-04-20 12:08 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-20 12:08 . 2010-04-20 12:08 22328 ----a-w- c:\users\Crixus\AppData\Roaming\PnkBstrK.sys
2010-04-20 12:07 . 2010-04-20 12:07 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-20 12:07 . 2010-04-20 12:07 669184 ----a-w- c:\windows\system32\pbsvc.exe
2010-04-20 12:07 . 2010-04-20 12:07 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-04-20 11:12 . 2010-04-20 11:12 -------- d-----w- c:\program files\SystemRequirementsLab
2010-04-20 11:12 . 2010-04-20 11:12 -------- d-----w- c:\users\Crixus\SystemRequirementsLab
2010-04-20 09:56 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-04-20 09:56 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-04-20 09:55 . 2010-04-20 09:55 -------- d-----w- c:\program files\Microsoft Works
2010-04-20 09:54 . 2010-05-02 17:02 -------- d-----w- c:\program files\Microsoft.NET
2010-04-20 09:54 . 2010-04-20 09:54 -------- d-----w- c:\windows\PCHEALTH
2010-04-20 09:53 . 2010-04-20 09:53 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-04-20 09:52 . 2010-04-20 10:01 -------- d-----w- c:\users\Crixus\AppData\Roaming\Dev-Cpp
2010-04-20 09:52 . 2010-04-20 09:52 -------- d-----w- c:\users\Crixus\AppData\Local\Microsoft Help
2010-04-20 09:52 . 2010-04-20 09:56 -------- d-----w- c:\programdata\Microsoft Help
2010-04-20 09:51 . 2010-04-20 09:51 -------- d-----r- C:\MSOCache
2010-04-20 09:48 . 2010-04-20 10:00 -------- d-----w- c:\program files\Dev-Cpp
2010-04-18 18:25 . 2010-05-02 14:07 -------- d-----w- c:\users\Crixus\AppData\Roaming\skypePM
2010-04-18 18:25 . 2010-04-18 18:25 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-18 18:24 . 2010-05-02 17:24 -------- d-----w- c:\users\Crixus\AppData\Roaming\Skype
2010-04-18 18:24 . 2010-04-19 12:09 -------- d-----r- c:\program files\Skype
2010-04-18 18:24 . 2010-04-18 18:24 -------- d-----w- c:\program files\Common Files\Skype
2010-04-18 18:24 . 2010-04-18 18:24 -------- d-----w- c:\programdata\Skype
2010-04-15 14:23 . 2010-04-15 14:23 -------- d-----w- c:\windows\Sun
2010-04-15 14:23 . 2010-04-15 14:23 -------- d-----w- c:\program files\Common Files\Java
2010-04-15 14:22 . 2010-04-15 14:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-15 14:22 . 2010-05-02 18:21 -------- d-----w- c:\program files\Java
2010-04-14 18:54 . 2010-04-23 15:20 -------- d-----w- c:\users\Crixus\AppData\Roaming\dvdcss
2010-04-14 15:48 . 2010-04-14 15:48 198064 ----a-w- c:\users\Crixus\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2010-04-14 15:48 . 2010-05-02 18:26 -------- d-----w- c:\users\Crixus\AppData\Roaming\DMCache
2010-04-14 15:48 . 2010-04-14 15:48 -------- d-----w- c:\users\Crixus\AppData\Roaming\IDM
2010-04-14 15:48 . 2010-04-14 15:48 -------- d-----w- c:\program files\Internet Download Manager
2010-04-14 14:54 . 2010-04-14 14:54 -------- d-----w- c:\program files\MadOnion.com
2010-04-14 14:44 . 2010-04-14 14:44 10134 ----a-r- c:\users\Crixus\AppData\Roaming\Microsoft\Installer\{535C4DFA-1838-0587-23D4-1D2B4354BF50}\ARPPRODUCTICON.exe
2010-04-14 11:50 . 2010-04-14 11:50 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-04-14 11:49 . 2010-04-23 16:04 -------- d-----w- c:\users\Crixus\AppData\Roaming\gtk-2.0
2010-04-14 11:49 . 2010-04-14 11:49 -------- d-----w- c:\users\Crixus\.thumbnails
2010-04-14 11:46 . 2010-04-28 15:18 -------- d-----w- c:\users\Crixus\.gimp-2.6
2010-04-14 11:46 . 2010-04-14 11:46 -------- d-----w- c:\program files\GIMP-2.0
2010-04-14 10:44 . 2010-04-14 10:51 -------- d-----w- C:\Root
2010-04-14 10:42 . 2010-04-14 10:42 -------- d-sh--w- c:\windows\ftpcache
2010-04-14 08:30 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 08:30 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 08:30 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 08:30 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 08:30 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 08:30 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 08:30 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 08:30 . 2010-04-14 08:30 -------- d-----w- c:\program files\ASUS
2010-04-13 16:01 . 2010-04-13 16:01 -------- d-----w- c:\program files\RocketDock
2010-04-13 15:53 . 2010-04-13 15:53 -------- d-----w- c:\program files\Ask.com
2010-04-13 15:36 . 2010-04-13 15:36 -------- d-----w- c:\users\Crixus\AppData\Local\4A Games
2010-04-13 15:35 . 2010-04-13 15:35 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-13 15:34 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-04-13 15:34 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-04-13 15:34 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-04-13 15:34 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-04-13 14:50 . 2010-04-13 14:50 -------- d-----w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2010-04-13 14:46 . 2010-04-13 14:46 -------- d-----w- c:\program files\Lavalys
2010-04-13 10:51 . 2010-04-14 11:30 -------- d-----w- C:\Fraps
2010-04-13 08:09 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-04-13 08:08 . 2010-04-13 08:08 -------- d-----w- c:\users\Crixus\AppData\Roaming\Trillian
2010-04-13 08:08 . 2010-05-02 17:24 -------- d-----w- c:\program files\Trillian
2010-04-13 08:07 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-12 18:46 . 2010-04-12 18:46 -------- d-----w- c:\windows\system32\Macromed
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-02 19:10 . 2009-07-14 08:44 634308 ----a-w- c:\windows\system32\perfh005.dat
2010-05-02 19:10 . 2009-07-14 08:44 122898 ----a-w- c:\windows\system32\perfc005.dat
2010-04-23 15:54 . 2010-04-23 15:54 -------- d-----w- c:\program files\Common Files\SRC Shared
2010-04-20 09:55 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-04-14 14:54 . 2010-04-14 08:29 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-14 08:29 . 2010-04-14 08:29 14336 ----a-w- c:\windows\system32\drivers\EIO.sys
2010-04-12 15:13 . 2010-04-12 15:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-04-12 15:12 . 2010-04-12 15:12 -------- d-sh--we c:\programdata\Plocha
2010-04-12 15:12 . 2010-04-12 15:12 -------- d-sh--we c:\programdata\Oblíbené položky
2010-04-12 15:12 . 2010-04-12 15:12 -------- d-sh--we c:\programdata\Šablony
2010-04-12 15:12 . 2010-04-12 15:12 -------- d-sh--we c:\programdata\Nabídka Start
2010-04-12 15:12 . 2010-04-12 15:12 -------- d-sh--we c:\programdata\Dokumenty
2010-04-12 15:12 . 2010-04-12 15:12 -------- d-sh--we c:\programdata\Data aplikací
2010-03-29 06:15 . 2010-03-29 06:15 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-03-18 11:16 . 2010-03-18 11:16 771424 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2010-03-04 11:42 . 2010-03-04 11:42 277536 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2010-02-23 07:56 . 2010-04-13 08:01 977920 ----a-w- c:\windows\system32\wininet.dll
2010-02-03 10:24 . 2010-02-03 10:24 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
2010-02-02 07:45 . 2010-04-13 08:00 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 15:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2010-04-13 495616]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-01-29 3179952]
"G6FTP Server Tray Monitor"="c:\program files\Gene6 FTP Server\G6FTPTray.exe" [2006-01-26 77312]
"Google Update"="c:\users\Crixus\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-04-25 136176]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"EVEREST AutoStart"="c:\program files\Lavalys\EVEREST Ultimate Edition\everest.exe" [2008-03-16 2083424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-08-15 614400]
"4600 Scan2PC"="c:\windows\twain_32\Samsung\SCX4600\Scan2Pc.exe" [2009-09-11 1968640]
"PluginDialog"="c:\program files\tc up\plugins\media\artweaver\pluginplugindll0.5.7.exe" [2010-05-02 153600]
"configconfig"="c:\program files\tc up\plugins\wfx\motop2k\configplugin.exe" [2010-05-02 153600]
"Microsofttipresx"="c:\program files\common files\microsoft shared\ink\zh-cn\microsoftsystem.exe" [2010-05-02 153600]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Aktualizovat ESET licenci.lnk - c:\program files\ESET\MiNODLogin\MiNODLogin.exe [2009-12-10 125952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
R3 cpuz130;cpuz130;c:\users\Crixus\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;w:\dragon age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2008-03-16 23152]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-04-12 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 VD_FileDisk;VD_FileDisk; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-25 172032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-11-16 38240]
S2 G6FTPServer;Gene6 FTP Server;c:\program files\Gene6 FTP Server\G6FTPSERVER.EXE [2010-04-23 816640]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-02-20 5120]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
.
Obsah adresáře 'Naplánované úlohy'
2010-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1361383651-616283033-1772872940-1000Core.job
- c:\users\Crixus\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-25 18:45]
2010-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1361383651-616283033-1772872940-1000UA.job
- c:\users\Crixus\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-25 18:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.facebook.com/
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\idmmbc.dll
FF - ProfilePath - c:\users\Crixus\AppData\Roaming\Mozilla\Firefox\Profiles\r5cxzdhh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - component: c:\users\Crixus\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\users\Crixus\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-SecurityCenter - c:\users\Crixus\AppData\Roaming\Desktop Security 2010\securitycenter.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85838EE4]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xe5726854
SecurityProcedure -> 0x1
QueryNameProcedure -> 0x89805e1e
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1361383651-616283033-1772872940-1000\Software\SecuROM\License information*]
"datasecu"=hex:70,4e,38,55,e3,91,ec,f4,04,0d,02,b1,d8,e8,de,13,9e,31,6b,4c,59,
ed,77,3b,e5,a0,58,ce,71,b1,fe,5e,0d,aa,f9,59,05,1f,1e,52,3a,e8,a5,15,ca,4a,\
"rkeysecu"=hex:17,d8,fc,4a,60,91,53,fc,65,6f,30,3d,5a,a5,8d,6e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-05-02 21:15:36
ComboFix-quarantined-files.txt 2010-05-02 19:15
Před spuštěním: Volných bajtů: 21 119 578 112
Po spuštění: Volných bajtů: 21 420 126 208
- - End Of File - - 688F46C4A748AA8112BD002B7BD76F51
