Prosím o kontrolu logu.Díky
Napsal: 25 črc 2010 20:59
ComboFix 10-06-27.06 - petr 28.06.2010 23:12:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.1013.219 [GMT 2:00]
Spuštěný z: c:\users\petr\Downloads\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\petr\AppData\Roaming\inst.exe
c:\users\petr\Documents\cc_20100622_212701.reg
c:\windows\desktop
c:\windows\system32\%appdata%
c:\windows\system32\AutoRun.inf
c:\windows\system32\%appdata%\Microsoft\Windows\IETldCache\index.dat . . . . nemohl být smazán
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-28 do 2010-06-28 )))))))))))))))))))))))))))))))
.
2010-06-28 21:22 . 2010-06-28 21:28 -------- d-----w- c:\users\petr\AppData\Local\temp
2010-06-28 21:22 . 2010-06-28 21:22 -------- d-----w- c:\users\volny 2\AppData\Local\temp
2010-06-28 21:22 . 2010-06-28 21:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-28 21:04 . 2010-06-28 21:04 -------- d-----w- C:\%APPDATA%
2010-06-28 19:38 . 2010-06-28 19:38 -------- d-----w- c:\users\volny 2\AppData\Local\Mozilla
2010-06-28 19:00 . 2010-06-28 19:00 95 ----a-w- c:\users\volny 2\AppData\Local\fusioncache.dat
2010-06-28 19:00 . 2010-06-28 19:02 -------- d-----w- c:\users\volny 2\AppData\Local\ApplicationHistory
2010-06-28 18:59 . 2010-06-28 19:00 -------- d--h--w- c:\users\volny 2\AppData\Local\acer eNM
2010-06-28 18:59 . 2010-06-28 18:59 -------- d-----w- c:\users\volny 2\AppData\Local\ESET
2010-06-28 18:59 . 2010-06-28 18:59 72664 ----a-w- c:\users\volny 2\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-28 18:59 . 2010-06-28 18:59 -------- d-----w- c:\users\volny 2\AppData\Local\PlayMovie
2010-06-28 18:58 . 2010-06-28 18:58 -------- d-----w- c:\users\volny 2\AppData\Roaming\Happy Foto
2010-06-22 20:43 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-22 20:43 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-22 20:43 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-22 20:43 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-22 20:43 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-22 20:41 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-22 20:41 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-22 19:22 . 2010-06-22 19:22 -------- d-----w- c:\program files\CCleaner
2010-06-21 20:58 . 2010-06-21 20:58 -------- d-----w- c:\windows\Mozilla
2010-06-20 15:42 . 2010-06-20 15:42 -------- d-----w- c:\users\petr\AppData\Local\Mozilla
2010-06-20 13:37 . 2010-06-20 13:37 8206464 ----a-w- c:\users\petr\Firefox Setup 3.6.3.exe
2010-06-20 13:25 . 2010-06-20 13:26 13019656 ----a-w- c:\users\petr\Opera_1053_int_Setup.exe
2010-06-19 12:32 . 2010-06-19 12:32 -------- d-----w- c:\windows\Happy Foto
2010-06-16 21:03 . 2010-06-16 21:03 26665984 ----a-w- c:\users\petr\AdbeRdr930_cs_CZ.exe
2010-06-16 13:50 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-16 13:46 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-16 13:46 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-21 22:01 . 2008-01-04 14:52 72664 ----a-w- c:\users\petr\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-21 21:33 . 2007-06-20 10:05 -------- d-----w- c:\programdata\Microsoft Help
2010-06-21 19:59 . 2007-01-08 21:09 607150 ----a-w- c:\windows\system32\perfh005.dat
2010-06-21 19:59 . 2007-01-08 21:09 119604 ----a-w- c:\windows\system32\perfc005.dat
2010-06-16 18:25 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-04 12:28 . 2010-02-22 21:04 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-26 04:55 . 2008-03-01 17:33 -------- d-----w- c:\programdata\HP Product Assistant
2010-05-21 12:14 . 2009-10-02 18:44 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-10 18:14 . 2008-01-05 10:20 -------- d-----w- c:\programdata\Yahoo! Companion
2010-05-06 15:40 . 2009-10-29 20:36 -------- d-----w- c:\program files\ICQ6.5
2010-05-06 13:11 . 2010-05-06 11:57 -------- d-----w- c:\programdata\Pure Networks
2010-05-06 13:08 . 2010-05-06 13:08 -------- d-----w- c:\programdata\Yahoo!
2010-05-06 13:08 . 2008-01-04 14:50 -------- d-----w- c:\program files\Yahoo!
2010-05-06 13:08 . 2010-05-06 11:57 -------- d-----w- c:\program files\Linksys
2010-05-06 13:02 . 2010-05-06 13:02 -------- d-----w- c:\program files\Pure Networks
2010-05-06 13:01 . 2010-05-06 11:59 8892928 ----a-w- c:\programdata\atscie.msi
2010-05-06 11:57 . 2010-05-06 11:57 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2010-05-04 05:59 . 2010-06-16 13:45 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-16 13:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-16 13:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-16 13:45 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-16 13:45 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 14:13 . 2010-05-25 19:54 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-07 19:08 . 2010-04-07 19:08 41312 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2010-04-07 19:08 . 2010-04-07 19:08 32584 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-04-07 19:08 . 2010-04-07 19:08 134488 ----a-w- c:\windows\system32\drivers\epfw.sys
2010-04-07 19:07 . 2010-04-07 19:07 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-04-07 19:03 . 2010-04-07 19:03 133512 ----a-w- c:\windows\system32\drivers\eamonm.sys
2008-01-24 16:48 . 2008-01-24 16:47 23898768 ----a-r- c:\program files\AdbeRdr80_cs_CZ.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 4435968]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-04-10 678672]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-12 457728]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-05-09 1286144]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-03 206952]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-04-07 2145000]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2010-6-20 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2010-6-20 734872]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-6-20 535336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):aa,6c,2d,11,28,0a,ca,01
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-07 114984]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 13560]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-04-07 133512]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-04-07 810120]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-04-07 41312]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-08-16 222968]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://cs.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
TCP: {0AA100B6-2EF4-4779-816A-AB0087E22460} = 160.218.10.200 160.218.43.200
Name-Space Handler: ftp\FD - {3BF4771A-18F5-4EAB-80B7-AC254D3C7503} - c:\progra~1\FRESHD~1\FRESHD~1\fdcatch.dll
Name-Space Handler: http\FD - {3BF4771A-18F5-4EAB-80B7-AC254D3C7503} - c:\progra~1\FRESHD~1\FRESHD~1\fdcatch.dll
FF - ProfilePath - c:\users\petr\AppData\Roaming\Mozilla\Firefox\Profiles\yb768xc7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-Acer Tour Reminder - (no file)
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(5996)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\program files\Aberger\HfAsistent\FotoSync.dll
c:\program files\Aberger\HfAsistent\xerc2701.dll
c:\program files\Aberger\HfAsistent\fotosynr.dll
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\acer\Empowering Technology\ENET\ENMTRAY.EXE
c:\users\petr\AppData\Local\Temp\RtkBtMnt.exe
c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2010-06-28 23:42:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-28 21:42
Před spuštěním: 8 563 470 336
Po spuštění: Volných bajtů: 33 323 585 536
- - End Of File - - E6B076FD2F9962E92AE2C099E0BEAD7A
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.1013.219 [GMT 2:00]
Spuštěný z: c:\users\petr\Downloads\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\petr\AppData\Roaming\inst.exe
c:\users\petr\Documents\cc_20100622_212701.reg
c:\windows\desktop
c:\windows\system32\%appdata%
c:\windows\system32\AutoRun.inf
c:\windows\system32\%appdata%\Microsoft\Windows\IETldCache\index.dat . . . . nemohl být smazán
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-28 do 2010-06-28 )))))))))))))))))))))))))))))))
.
2010-06-28 21:22 . 2010-06-28 21:28 -------- d-----w- c:\users\petr\AppData\Local\temp
2010-06-28 21:22 . 2010-06-28 21:22 -------- d-----w- c:\users\volny 2\AppData\Local\temp
2010-06-28 21:22 . 2010-06-28 21:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-28 21:04 . 2010-06-28 21:04 -------- d-----w- C:\%APPDATA%
2010-06-28 19:38 . 2010-06-28 19:38 -------- d-----w- c:\users\volny 2\AppData\Local\Mozilla
2010-06-28 19:00 . 2010-06-28 19:00 95 ----a-w- c:\users\volny 2\AppData\Local\fusioncache.dat
2010-06-28 19:00 . 2010-06-28 19:02 -------- d-----w- c:\users\volny 2\AppData\Local\ApplicationHistory
2010-06-28 18:59 . 2010-06-28 19:00 -------- d--h--w- c:\users\volny 2\AppData\Local\acer eNM
2010-06-28 18:59 . 2010-06-28 18:59 -------- d-----w- c:\users\volny 2\AppData\Local\ESET
2010-06-28 18:59 . 2010-06-28 18:59 72664 ----a-w- c:\users\volny 2\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-28 18:59 . 2010-06-28 18:59 -------- d-----w- c:\users\volny 2\AppData\Local\PlayMovie
2010-06-28 18:58 . 2010-06-28 18:58 -------- d-----w- c:\users\volny 2\AppData\Roaming\Happy Foto
2010-06-22 20:43 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-22 20:43 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-22 20:43 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-22 20:43 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-22 20:43 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-22 20:41 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-22 20:41 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-22 19:22 . 2010-06-22 19:22 -------- d-----w- c:\program files\CCleaner
2010-06-21 20:58 . 2010-06-21 20:58 -------- d-----w- c:\windows\Mozilla
2010-06-20 15:42 . 2010-06-20 15:42 -------- d-----w- c:\users\petr\AppData\Local\Mozilla
2010-06-20 13:37 . 2010-06-20 13:37 8206464 ----a-w- c:\users\petr\Firefox Setup 3.6.3.exe
2010-06-20 13:25 . 2010-06-20 13:26 13019656 ----a-w- c:\users\petr\Opera_1053_int_Setup.exe
2010-06-19 12:32 . 2010-06-19 12:32 -------- d-----w- c:\windows\Happy Foto
2010-06-16 21:03 . 2010-06-16 21:03 26665984 ----a-w- c:\users\petr\AdbeRdr930_cs_CZ.exe
2010-06-16 13:50 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-16 13:46 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-16 13:46 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-21 22:01 . 2008-01-04 14:52 72664 ----a-w- c:\users\petr\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-21 21:33 . 2007-06-20 10:05 -------- d-----w- c:\programdata\Microsoft Help
2010-06-21 19:59 . 2007-01-08 21:09 607150 ----a-w- c:\windows\system32\perfh005.dat
2010-06-21 19:59 . 2007-01-08 21:09 119604 ----a-w- c:\windows\system32\perfc005.dat
2010-06-16 18:25 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-04 12:28 . 2010-02-22 21:04 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-26 04:55 . 2008-03-01 17:33 -------- d-----w- c:\programdata\HP Product Assistant
2010-05-21 12:14 . 2009-10-02 18:44 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-10 18:14 . 2008-01-05 10:20 -------- d-----w- c:\programdata\Yahoo! Companion
2010-05-06 15:40 . 2009-10-29 20:36 -------- d-----w- c:\program files\ICQ6.5
2010-05-06 13:11 . 2010-05-06 11:57 -------- d-----w- c:\programdata\Pure Networks
2010-05-06 13:08 . 2010-05-06 13:08 -------- d-----w- c:\programdata\Yahoo!
2010-05-06 13:08 . 2008-01-04 14:50 -------- d-----w- c:\program files\Yahoo!
2010-05-06 13:08 . 2010-05-06 11:57 -------- d-----w- c:\program files\Linksys
2010-05-06 13:02 . 2010-05-06 13:02 -------- d-----w- c:\program files\Pure Networks
2010-05-06 13:01 . 2010-05-06 11:59 8892928 ----a-w- c:\programdata\atscie.msi
2010-05-06 11:57 . 2010-05-06 11:57 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2010-05-04 05:59 . 2010-06-16 13:45 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-16 13:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-16 13:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-16 13:45 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-16 13:45 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 14:13 . 2010-05-25 19:54 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-07 19:08 . 2010-04-07 19:08 41312 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2010-04-07 19:08 . 2010-04-07 19:08 32584 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-04-07 19:08 . 2010-04-07 19:08 134488 ----a-w- c:\windows\system32\drivers\epfw.sys
2010-04-07 19:07 . 2010-04-07 19:07 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-04-07 19:03 . 2010-04-07 19:03 133512 ----a-w- c:\windows\system32\drivers\eamonm.sys
2008-01-24 16:48 . 2008-01-24 16:47 23898768 ----a-r- c:\program files\AdbeRdr80_cs_CZ.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 4435968]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-04-10 678672]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-12 457728]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-05-09 1286144]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-03 206952]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-04-07 2145000]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2010-6-20 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2010-6-20 734872]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-6-20 535336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):aa,6c,2d,11,28,0a,ca,01
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-07 114984]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 13560]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-04-07 133512]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-04-07 810120]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-04-07 41312]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-08-16 222968]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://cs.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
TCP: {0AA100B6-2EF4-4779-816A-AB0087E22460} = 160.218.10.200 160.218.43.200
Name-Space Handler: ftp\FD - {3BF4771A-18F5-4EAB-80B7-AC254D3C7503} - c:\progra~1\FRESHD~1\FRESHD~1\fdcatch.dll
Name-Space Handler: http\FD - {3BF4771A-18F5-4EAB-80B7-AC254D3C7503} - c:\progra~1\FRESHD~1\FRESHD~1\fdcatch.dll
FF - ProfilePath - c:\users\petr\AppData\Roaming\Mozilla\Firefox\Profiles\yb768xc7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-Acer Tour Reminder - (no file)
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(5996)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\program files\Aberger\HfAsistent\FotoSync.dll
c:\program files\Aberger\HfAsistent\xerc2701.dll
c:\program files\Aberger\HfAsistent\fotosynr.dll
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\acer\Empowering Technology\ENET\ENMTRAY.EXE
c:\users\petr\AppData\Local\Temp\RtkBtMnt.exe
c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2010-06-28 23:42:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-28 21:42
Před spuštěním: 8 563 470 336
Po spuštění: Volných bajtů: 33 323 585 536
- - End Of File - - E6B076FD2F9962E92AE2C099E0BEAD7A