Prosím o kontrolu logu Combo fix děkuji pěkně

[jaruneczka]

ComboFix 11-09-21.01 - Jarka 21.09.2011 10:28:37.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4087.2730 [GMT 2:00]
Spuštěný z: c:\users\Jarka\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-21 do 2011-09-21 )))))))))))))))))))))))))))))))
.
.
2011-09-21 08:13 . 2011-09-21 08:13 -------- d-----w- c:\windows\LastGood.Tmp
2011-09-21 07:39 . 2011-09-21 08:10 -------- d-----w- c:\users\Jarka\AppData\Local\ElevatedDiagnostics
2011-09-21 07:34 . 2011-09-21 07:34 -------- d-----w- c:\program files\ESET
2011-09-20 18:11 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{291924F6-95A6-4D4F-A5DA-6889D1C7EFE3}\mpengine.dll
2011-09-19 18:16 . 2011-09-19 18:16 -------- d-----w- c:\users\Jarka\AppData\Roaming\Malwarebytes
2011-09-19 18:16 . 2011-09-19 18:16 -------- d-----w- c:\programdata\Malwarebytes
2011-09-19 18:16 . 2011-09-19 18:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-19 17:48 . 2011-09-19 17:48 111408 ----a-w- c:\windows\system32\drivers\74291958.sys
2011-09-19 16:51 . 2011-09-19 16:51 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-19 16:49 . 2011-09-19 16:49 -------- d-----w- c:\users\Jarka\AppData\Local\Sunbelt Software
2011-09-19 16:48 . 2011-09-19 17:04 -------- d-----w- c:\programdata\Lavasoft
2011-09-19 08:55 . 2011-09-19 08:55 -------- d-----w- c:\users\Jarka\AppData\Roaming\TeamViewer
2011-09-17 05:09 . 2011-09-19 16:33 -------- d-----w- C:\ESS
2011-09-14 11:37 . 2011-09-14 11:37 -------- d-----w- c:\users\Jarka\AppData\Roaming\Windows Live Writer
2011-09-14 11:34 . 2011-09-14 11:34 -------- d-----w- c:\windows\cs
2011-09-14 11:32 . 2011-09-14 11:32 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-09-14 11:30 . 2011-09-14 11:34 -------- d-----w- c:\program files (x86)\Windows Live
2011-09-14 11:30 . 2011-05-13 13:37 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-09-14 11:29 . 2011-09-14 11:29 -------- d-----w- c:\program files (x86)\Microsoft
2011-09-14 11:29 . 2011-09-14 11:29 7450888 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\91c8ea641cc72d103\bingbarsetup.exe
2011-09-14 11:29 . 2011-09-14 11:29 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\89b1fd361cc72d102\MeshBetaRemover.exe
2011-09-14 11:17 . 2011-09-14 11:17 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-09-14 10:39 . 2011-09-14 10:39 -------- d-----w- c:\users\Jarka\AppData\Roaming\OpenOffice.org
2011-09-14 10:38 . 2011-09-14 10:38 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2011-09-14 10:16 . 2011-09-14 10:19 -------- d-----w- c:\program files (x86)\Skype
2011-09-14 09:44 . 2011-09-14 09:44 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-09-14 09:35 . 2011-09-14 09:44 -------- d-----w- c:\program files (x86)\Java
2011-09-14 07:38 . 2011-09-14 07:38 388096 ----a-r- c:\users\Jarka\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-14 07:38 . 2011-09-14 07:38 -------- d-----w- c:\program files (x86)\Trend Micro
2011-09-14 07:35 . 2011-09-14 07:35 -------- d-----w- C:\Trend Micro
2011-09-14 07:00 . 2011-09-14 07:00 -------- d-----w- c:\programdata\Reflexive
2011-09-13 13:40 . 2011-09-13 13:40 63825 ----a-w- c:\windows\SysWow64\epfwdata.bin
2011-09-10 14:01 . 2011-09-10 14:01 -------- d-----w- c:\users\Jarka\AppData\Roaming\Alawar
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-09-03 13:40 . 2011-09-03 13:40 1409 ----a-w- c:\windows\QTFont.for
2011-08-24 08:04 . 2011-08-24 08:04 -------- d-----w- c:\users\Jarka\AppData\Roaming\SprillEng
2011-08-24 05:27 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 05:27 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-23 07:37 . 2011-08-23 08:44 -------- d-----w- c:\users\Jarka\AppData\Roaming\DeepVoyage
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-21 08:31 . 2011-05-11 12:39 25640 ----a-w- c:\windows\gdrv.sys
2011-09-14 09:44 . 2011-05-11 14:09 544656 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-31 15:00 . 2011-07-11 07:04 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-11 13:19 . 2011-05-13 08:40 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-04 07:20 . 2011-08-04 07:20 38288 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2011-08-03 11:50 . 2011-08-10 08:35 7254632 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-03 11:50 . 2011-08-10 08:35 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:50 . 2011-08-10 08:35 6613096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-08-03 11:50 . 2011-08-10 08:35 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-08-03 11:50 . 2011-08-10 08:35 5404776 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-08-03 11:50 . 2011-08-10 08:35 2532456 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:50 . 2011-08-10 08:35 24692840 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 11:50 . 2011-08-10 08:35 2412136 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-08-03 11:50 . 2011-08-10 08:35 2391656 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-08-03 11:50 . 2011-08-10 08:35 22470248 ----a-w- c:\windows\system32\nvoglv64.dll
2011-08-03 11:50 . 2011-08-10 08:35 2222184 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 11:50 . 2011-08-10 08:35 2090088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-08-03 11:50 . 2011-08-10 08:35 17193576 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-08-03 11:50 . 2011-08-10 08:35 16595560 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-08-03 11:50 . 2011-08-10 08:35 1519720 ----a-w- c:\windows\system32\nvdispco64.dll
2011-08-03 11:50 . 2011-08-10 08:35 15064168 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-08-03 11:50 . 2011-08-10 08:35 1453160 ----a-w- c:\windows\system32\nvgenco64.dll
2011-08-03 11:50 . 2011-08-10 08:35 12909672 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-08-03 11:50 . 2011-08-10 08:35 12636776 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-08-03 11:50 . 2011-07-01 07:18 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-08-03 11:50 . 2011-02-22 23:39 836200 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-08-03 11:50 . 2011-02-22 23:39 6136936 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:50 . 2011-02-22 23:39 3021416 ----a-w- c:\windows\system32\nvsvc64.dll
2011-08-03 11:50 . 2011-02-22 23:38 980072 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-03 11:50 . 2011-02-22 23:38 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 11:50 . 2010-07-10 03:38 2758760 ----a-w- c:\windows\system32\nvapi64.dll
2011-08-03 11:50 . 2010-07-09 14:27 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-08-03 11:50 . 2009-07-13 21:59 8355944 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-08-03 01:31 . 2011-08-03 01:31 311912 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-07-22 05:42 . 2011-08-09 18:31 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 05:36 . 2011-08-09 18:31 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 05:32 . 2011-08-09 18:32 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 02:54 . 2011-08-09 18:31 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-07-22 02:48 . 2011-08-09 18:31 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-22 02:44 . 2011-08-09 18:32 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:41 . 2011-08-09 18:30 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:41 . 2011-08-09 18:30 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:41 . 2011-08-09 18:30 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:39 . 2011-08-09 18:30 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:37 . 2011-08-09 18:30 421888 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:21 . 2011-08-09 18:30 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:29 . 2011-08-09 18:30 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:26 . 2011-08-09 18:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:25 . 2011-08-09 18:30 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:24 . 2011-08-09 18:30 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:24 . 2011-08-09 18:30 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:15 . 2011-08-09 18:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-05-11 30528]
R3 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-07-20 247872]
R3 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-09-07 72280]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656]
R4 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2918656]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Jarka\AppData\Roaming\Mozilla\Firefox\Profiles\hw6zn1q5.default\
FF - prefs.js: browser.startup.homepage - www.centrum.cz
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="E0A97AA61C842A2FBD6C6CBF29F88C8F2DFA869087DA0B378084C6F907EA5E23D46BE0CD710D99C9B15FF22E710DEBDB3B464AB88F2F73DAFA70BE813E0D127BA9A516E2EFC965D9177C7B17471141029C028426CAE53B3E1E31C9A1B8C7CDC39B3D0B31D41F851ED62DE9F1DFFB41F9013B2A1D0AAEF93884988C0A7F1F29504F6A37778382B3073B2EA4A9995BE774FCD7B1D6C1C90ED2AACE31E1C2A783A9C93A12E882026DBBF39116FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E667A2D97226D213B555FEBC9E127BECC74C4DD877A36101643F8644B94A9D4FAC9901D916F2AF1D498F2CE5C12592BFDDC5EDA4B5685329CD6AB19B22F005055DE03E02AEDF0A6D1312E6BD07909E2D723D09ED417947948561D2010B950057B6AFE4E5A8E9C0037299BF414B0C56FE29DD7AB9A84A7F2111B554D4754E6A4FC08A8E5C9D686FAE17B81B5E5AD1AEEE76EB95B28D16EF12C77D161979F7D5565A76C562B8F6E4260408502B955D571AA02F21A527D7428D5753EBF442AC883E347D8B98BA75A1018E22AEE173EDAB8244F555073FD2509D41D29AB40FD1FB38D53052C077065E3A63A8765E7C87C10DD1906269B20A2EB0581F5F46B30CDD5D979F8344D6108434003C5B204D73DF040C53670975C81D1B47DDE7BA16C410A8A763FB2F573EB3B2B707884E18BD02938A177C420E9B18100AB758CB322CA679881688AF06013DDD31B31AB0A136584DBAB82C9895D24AABF05AC65318326C920FD5701C890AA7C2677120B444F045A75A1872303A8414EC21783ECFE9105E1CE5466B6B1A512FD02875A0EA6C4760FA7E99C25440880BB414C7BE645F3C2F21898C23B702923FDC987694089A5376850F2782F2FB7D774B16803958C478C1114C54B94323CBFD1FAC2F69E4E5F50667C5AD0D1DD7C3D4D947E118167743333F54CC4271F1C03F34B060FEFEF5D3C2A7B59B2F085380D4ED1E2CB2ACEBE5CDE29B2746C976780F9C434D2BF68855942FBFE7AA8F7F1EDAFB6126DACEA9699418EF9ABF78CBBD2BBC56BEB791EF2596CA1D0AB6B003C781D8AE99D1D44B9A3D5E71629FCC242085DD327E60388FB5182CD9FEFA8D1870924077D24F37008D301897BC49BA42F2C6AA70DDD5F662B81C68D448186C0D4B114FFEA3FE168B180D0EAC6C96DAFECD47B480AF3EFEF4285C79C16820B5C4533009DFE2FE35C55323694C38D1E8470A966F25CBB226683F42BCA86997F73544D853856A62F9979EF83CE9E93C45994877B4F40DBFE3727EEEF267D7F86568A0A7793116B0F0831B48F7CB5108728CEADFBFD9D3E5565BAAB44229C432D47C2C6C29F749E4C71B307EF48941DE98C69AF9B093849B3E824A1BB376C3263EA371AB"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
.
**************************************************************************
.
Celkový čas: 2011-09-21 10:34:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-09-21 08:34
.
Před spuštěním: Volných bajtů: 951 631 839 232
Po spuštění: Volných bajtů: 951 182 954 496
.
- - End Of File - - ED0277CF7D57BE3F0EF86D7DA1E416C4

[vyosek]

Zdravim a pekny den preji

CF se nedoporucuje pouzivat bez doporuceni, vizte nize

Nebezpeci CFka

• Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
• Maze stopy po haveti, takze v logu z RSIT neni nic videt
• Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
• CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
• CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  RegLock::
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
  [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
  
  Firefox::
  FF - ProfilePath - c:\users\Jarka\AppData\Roaming\Mozilla\Firefox\Profiles\hw6zn1q5.default\
  FF - prefs.js: network.proxy.type - 0
  
  DDS::
  Trusted Zone: mojebanka.cz\www
  
  Folder::
  c:\program files (x86)\ICQ6Toolbar
  
  Driver::
  ICQ Service
  
  Collect::
  c:\windows\system32\drivers\74291958.sys
  
  Rootkit::
  c:\windows\system32\drivers\74291958.sys
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[jaruneczka]

..moc Vám děkuji, už 4 den potíže s pc, po instalaci ESS-5 , následné problémy, jak s poskytovatelem internetu, tak poté Esetem, který chtěl pomoct a řekl mě, ať udělám ten Combo fix..Vzhledem k tomu, že jsem stará "bába" a moc se zde neorientuji, dovolila jsem si vložit ten log sama...omlouvám se. Zde požadovaný log:

ComboFix 11-09-21.01 - Jarka 21.09.2011 11:22:38.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4087.2946 [GMT 2:00]
Spuštěný z: c:\users\Jarka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jarka\Desktop\CFScript.txt
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ICQ6Toolbar
c:\program files (x86)\ICQ6Toolbar\config.xml
c:\program files (x86)\ICQ6Toolbar\Icons.bmp
c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe
c:\program files (x86)\ICQ6Toolbar\icq6Toolbar.ico
c:\program files (x86)\ICQ6Toolbar\ICQToolBar.dll
c:\program files (x86)\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files (x86)\ICQ6Toolbar\logo_small.gif
c:\program files (x86)\ICQ6Toolbar\ServiceStarter.exe
c:\program files (x86)\ICQ6Toolbar\short.wav
c:\program files (x86)\ICQ6Toolbar\Version.txt
c:\program files (x86)\ICQ6Toolbar\voucher.bmp
c:\program files (x86)\ICQ6Toolbar\voucher2.bmp
c:\windows\system32\drivers\74291958.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ICQ Service
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-21 do 2011-09-21 )))))))))))))))))))))))))))))))
.
.
2011-09-21 09:25 . 2011-09-21 09:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-09-21 09:25 . 2011-09-21 09:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-21 07:34 . 2011-09-21 07:34 -------- d-----w- c:\program files\ESET
2011-09-20 18:11 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{291924F6-95A6-4D4F-A5DA-6889D1C7EFE3}\mpengine.dll
2011-09-19 18:16 . 2011-09-19 18:16 -------- d-----w- c:\users\Jarka\AppData\Roaming\Malwarebytes
2011-09-19 18:16 . 2011-09-19 18:16 -------- d-----w- c:\programdata\Malwarebytes
2011-09-19 18:16 . 2011-09-19 18:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-19 16:51 . 2011-09-19 16:51 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-19 16:49 . 2011-09-19 16:49 -------- d-----w- c:\users\Jarka\AppData\Local\Sunbelt Software
2011-09-19 16:48 . 2011-09-19 17:04 -------- d-----w- c:\programdata\Lavasoft
2011-09-19 08:55 . 2011-09-19 08:55 -------- d-----w- c:\users\Jarka\AppData\Roaming\TeamViewer
2011-09-17 05:09 . 2011-09-19 16:33 -------- d-----w- C:\ESS
2011-09-14 11:37 . 2011-09-14 11:37 -------- d-----w- c:\users\Jarka\AppData\Roaming\Windows Live Writer
2011-09-14 11:34 . 2011-09-14 11:34 -------- d-----w- c:\windows\cs
2011-09-14 11:32 . 2011-09-14 11:32 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-09-14 11:30 . 2011-09-14 11:34 -------- d-----w- c:\program files (x86)\Windows Live
2011-09-14 11:30 . 2011-05-13 13:37 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-09-14 11:29 . 2011-09-14 11:29 -------- d-----w- c:\program files (x86)\Microsoft
2011-09-14 11:29 . 2011-09-14 11:29 7450888 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\91c8ea641cc72d103\bingbarsetup.exe
2011-09-14 11:29 . 2011-09-14 11:29 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\89b1fd361cc72d102\MeshBetaRemover.exe
2011-09-14 11:17 . 2011-09-14 11:17 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-09-14 10:39 . 2011-09-14 10:39 -------- d-----w- c:\users\Jarka\AppData\Roaming\OpenOffice.org
2011-09-14 10:38 . 2011-09-14 10:38 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2011-09-14 10:16 . 2011-09-14 10:19 -------- d-----w- c:\program files (x86)\Skype
2011-09-14 09:44 . 2011-09-14 09:44 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-09-14 09:35 . 2011-09-14 09:44 -------- d-----w- c:\program files (x86)\Java
2011-09-14 07:38 . 2011-09-14 07:38 388096 ----a-r- c:\users\Jarka\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-14 07:38 . 2011-09-14 07:38 -------- d-----w- c:\program files (x86)\Trend Micro
2011-09-14 07:35 . 2011-09-14 07:35 -------- d-----w- C:\Trend Micro
2011-09-14 07:00 . 2011-09-14 07:00 -------- d-----w- c:\programdata\Reflexive
2011-09-13 13:40 . 2011-09-13 13:40 63825 ----a-w- c:\windows\SysWow64\epfwdata.bin
2011-09-10 14:01 . 2011-09-10 14:01 -------- d-----w- c:\users\Jarka\AppData\Roaming\Alawar
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-09-03 13:40 . 2011-09-03 13:40 1409 ----a-w- c:\windows\QTFont.for
2011-08-24 08:04 . 2011-08-24 08:04 -------- d-----w- c:\users\Jarka\AppData\Roaming\SprillEng
2011-08-24 05:27 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 05:27 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-23 07:37 . 2011-08-23 08:44 -------- d-----w- c:\users\Jarka\AppData\Roaming\DeepVoyage
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-21 09:26 . 2011-05-11 12:39 25640 ----a-w- c:\windows\gdrv.sys
2011-09-14 09:44 . 2011-05-11 14:09 544656 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-31 15:00 . 2011-07-11 07:04 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-11 13:19 . 2011-05-13 08:40 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-04 07:20 . 2011-08-04 07:20 38288 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2011-08-03 11:50 . 2011-08-10 08:35 7254632 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-03 11:50 . 2011-08-10 08:35 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:50 . 2011-08-10 08:35 6613096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-08-03 11:50 . 2011-08-10 08:35 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-08-03 11:50 . 2011-08-10 08:35 5404776 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-08-03 11:50 . 2011-08-10 08:35 2532456 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:50 . 2011-08-10 08:35 24692840 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 11:50 . 2011-08-10 08:35 2412136 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-08-03 11:50 . 2011-08-10 08:35 2391656 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-08-03 11:50 . 2011-08-10 08:35 22470248 ----a-w- c:\windows\system32\nvoglv64.dll
2011-08-03 11:50 . 2011-08-10 08:35 2222184 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 11:50 . 2011-08-10 08:35 2090088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-08-03 11:50 . 2011-08-10 08:35 17193576 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-08-03 11:50 . 2011-08-10 08:35 16595560 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-08-03 11:50 . 2011-08-10 08:35 1519720 ----a-w- c:\windows\system32\nvdispco64.dll
2011-08-03 11:50 . 2011-08-10 08:35 15064168 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-08-03 11:50 . 2011-08-10 08:35 1453160 ----a-w- c:\windows\system32\nvgenco64.dll
2011-08-03 11:50 . 2011-08-10 08:35 12909672 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-08-03 11:50 . 2011-08-10 08:35 12636776 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-08-03 11:50 . 2011-07-01 07:18 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-08-03 11:50 . 2011-02-22 23:39 836200 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-08-03 11:50 . 2011-02-22 23:39 6136936 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:50 . 2011-02-22 23:39 3021416 ----a-w- c:\windows\system32\nvsvc64.dll
2011-08-03 11:50 . 2011-02-22 23:38 980072 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-03 11:50 . 2011-02-22 23:38 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 11:50 . 2010-07-10 03:38 2758760 ----a-w- c:\windows\system32\nvapi64.dll
2011-08-03 11:50 . 2010-07-09 14:27 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-08-03 11:50 . 2009-07-13 21:59 8355944 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-08-03 01:31 . 2011-08-03 01:31 311912 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-07-22 05:42 . 2011-08-09 18:31 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 05:36 . 2011-08-09 18:31 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 05:32 . 2011-08-09 18:32 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 02:54 . 2011-08-09 18:31 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-07-22 02:48 . 2011-08-09 18:31 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-22 02:44 . 2011-08-09 18:32 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:41 . 2011-08-09 18:30 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:41 . 2011-08-09 18:30 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:41 . 2011-08-09 18:30 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:39 . 2011-08-09 18:30 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:37 . 2011-08-09 18:30 421888 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:21 . 2011-08-09 18:30 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:29 . 2011-08-09 18:30 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:26 . 2011-08-09 18:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:25 . 2011-08-09 18:30 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:24 . 2011-08-09 18:30 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:24 . 2011-08-09 18:30 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:15 . 2011-08-09 18:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-21_08.32.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-11 13:22 . 2011-09-21 08:33 40000 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-09-21 08:06 31962 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-09-21 09:04 31962 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-11 12:41 . 2011-09-21 09:04 12712 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3058530099-2043524379-2683396900-1000_UserData.bin
+ 2011-05-11 12:24 . 2011-09-21 09:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-11 12:24 . 2011-09-21 04:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-11 12:24 . 2011-09-21 09:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-11 12:24 . 2011-09-21 04:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-21 09:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-09-21 04:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-21 08:31 . 2011-09-21 08:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-21 09:26 . 2011-09-21 09:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-09-21 08:31 . 2011-09-21 08:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-21 09:26 . 2011-09-21 09:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2011-09-21 09:09 615810 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-09-21 08:10 615810 c:\windows\system32\perfh009.dat
+ 2009-07-14 15:18 . 2011-09-21 09:09 631054 c:\windows\system32\perfh005.dat
- 2009-07-14 15:18 . 2011-09-21 08:10 631054 c:\windows\system32\perfh005.dat
- 2009-07-14 02:36 . 2011-09-21 08:10 106190 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-09-21 09:09 106190 c:\windows\system32\perfc009.dat
- 2009-07-14 15:18 . 2011-09-21 08:10 121708 c:\windows\system32\perfc005.dat
+ 2009-07-14 15:18 . 2011-09-21 09:09 121708 c:\windows\system32\perfc005.dat
+ 2009-07-14 05:12 . 2011-09-21 09:07 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-09-21 04:45 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2011-09-21 08:31 276452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-09-21 09:25 276452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-11 13:35 . 2011-09-21 09:25 9673372 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3058530099-2043524379-2683396900-1000-8192.dat
+ 2011-05-11 13:35 . 2011-09-21 09:25 1995092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3058530099-2043524379-2683396900-1000-12288.dat
- 2011-05-11 13:35 . 2011-09-21 08:31 1995092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3058530099-2043524379-2683396900-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-05-11 30528]
R3 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-09-07 72280]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656]
R4 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2918656]
"combofix"="c:\combofix\CF27656.3XE" [2010-11-20 345088]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Jarka\AppData\Roaming\Mozilla\Firefox\Profiles\hw6zn1q5.default\
FF - prefs.js: browser.startup.homepage - www.centrum.cz
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1316584428
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1316584668
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1316584548
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1316593405
FF - user.js: browser.anchor_color - #0000FF
FF - user.js: browser.bookmarks.restore_default_bookmarks - false
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576
FF - user.js: browser.display.background_color - #C0C0C0
FF - user.js: browser.display.use_system_colors - true
FF - user.js: browser.download.dir - c:\\Users\\Jarka\\Desktop
FF - user.js: browser.download.folderList - 0
FF - user.js: browser.formfill.enable - false
FF - user.js: browser.migration.version - 5
FF - user.js: browser.places.smartBookmarksVersion - 2
FF - user.js: browser.preferences.advanced.selectedTabIndex - 1
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.startup.homepage - www.centrum.cz
FF - user.js: browser.startup.homepage_override.buildID - 20110902133214
FF - user.js: browser.startup.homepage_override.mstone - rv:6.0.2
FF - user.js: browser.syncPromoViewsLeft - 3
FF - user.js: browser.taskbar.lastgroupid - Mozilla.Firefox.6.0.2
FF - user.js: browser.visited_color - #800080
FF - user.js: extensions.adblockplus.currentVersion - 1.3.9
FF - user.js: extensions.adblockplus.detachsidebar - true
FF - user.js: extensions.adblockplus.showinstatusbar - true
FF - user.js: extensions.adblockplus.showintoolbar - false
FF - user.js: extensions.blocklist.pingCountTotal - 2
FF - user.js: extensions.blocklist.pingCountVersion - 2
FF - user.js: extensions.bootstrappedAddons - {}
FF - user.js: extensions.databaseSchema - 4
FF - user.js: extensions.enabledAddons - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9,{972ce4c6-7e08-4474-a285-3208198ce6fd}:6.0.2
FF - user.js: extensions.installCache - [{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1316459081279}}},{\name\:\app-profile\,\addons\:{\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\:{\descriptor\:\c:\\\\Users\\\\Jarka\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hw6zn1q5.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\,\mtime\:1316459152579}}}]
FF - user.js: extensions.lastAppVersion - 6.0.2
FF - user.js: extensions.lastPlatformVersion - 6.0.2
FF - user.js: extensions.pendingOperations - false
FF - user.js: idle.lastDailyNotification - 1316501831
FF - user.js: intl.charsetmenu.browser.cache - ISO-8859-2, ISO-8859-1, windows-1250, UTF-8
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: places.database.lastMaintenance - 1316501831
FF - user.js: places.history.expiration.transient_current_max_pages - 128581
FF - user.js: pref.browser.homepage.disable_button.restore_default - false
FF - user.js: privacy.donottrackheader.enabled - true
FF - user.js: privacy.sanitize.didShutdownSanitize - true
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: privacy.sanitize.sanitizeOnShutdown - true
FF - user.js: privacy.sanitize.timeSpan - 4
FF - user.js: security.disable_button.openDeviceManager - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: services.sync.clients.lastSync - 0
FF - user.js: services.sync.clients.lastSyncLocal - 0
FF - user.js: services.sync.migrated - true
FF - user.js: services.sync.tabs.lastSync - 0
FF - user.js: services.sync.tabs.lastSyncLocal - 0
FF - user.js: signon.rememberSignons - false
FF - user.js: storage.vacuum.last.index - 0
FF - user.js: storage.vacuum.last.places.sqlite - 1316501831
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1319187283
FF - user.js: xpinstall.whitelist.add -
FF - user.js: xpinstall.whitelist.add.36 -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-ICQToolbar - c:\program files (x86)\ICQ6Toolbar\ICQUnToolbar.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="E0A97AA61C842A2FBD6C6CBF29F88C8F2DFA869087DA0B378084C6F907EA5E23D46BE0CD710D99C9B15FF22E710DEBDB3B464AB88F2F73DAFA70BE813E0D127BA9A516E2EFC965D9177C7B17471141029C028426CAE53B3E1E31C9A1B8C7CDC39B3D0B31D41F851ED62DE9F1DFFB41F9013B2A1D0AAEF93884988C0A7F1F29504F6A37778382B3073B2EA4A9995BE774FCD7B1D6C1C90ED2AACE31E1C2A783A9C93A12E882026DBBF39116FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E667A2D97226D213B555FEBC9E127BECC74C4DD877A36101643F8644B94A9D4FAC9901D916F2AF1D498F2CE5C12592BFDDC5EDA4B5685329CD6AB19B22F005055DE03E02AEDF0A6D1312E6BD07909E2D723D09ED417947948561D2010B950057B6AFE4E5A8E9C0037299BF414B0C56FE29DD7AB9A84A7F2111B554D4754E6A4FC08A8E5C9D686FAE17B81B5E5AD1AEEE76EB95B28D16EF12C77D161979F7D5565A76C562B8F6E4260408502B955D571AA02F21A527D7428D5753EBF442AC883E347D8B98BA75A1018E22AEE173EDAB8244F555073FD2509D41D29AB40FD1FB38D53052C077065E3A63A8765E7C87C10DD1906269B20A2EB0581F5F46B30CDD5D979F8344D6108434003C5B204D73DF040C53670975C81D1B47DDE7BA16C410A8A763FB2F573EB3B2B707884E18BD02938A177C420E9B18100AB758CB322CA679881688AF06013DDD31B31AB0A136584DBAB82C9895D24AABF05AC65318326C920FD5701C890AA7C2677120B444F045A75A1872303A8414EC21783ECFE9105E1CE5466B6B1A512FD02875A0EA6C4760FA7E99C25440880BB414C7BE645F3C2F21898C23B702923FDC987694089A5376850F2782F2FB7D774B16803958C478C1114C54B94323CBFD1FAC2F69E4E5F50667C5AD0D1DD7C3D4D947E118167743333F54CC4271F1C03F34B060FEFEF5D3C2A7B59B2F085380D4ED1E2CB2ACEBE5CDE29B2746C976780F9C434D2BF68855942FBFE7AA8F7F1EDAFB6126DACEA9699418EF9ABF78CBBD2BBC56BEB791EF2596CA1D0AB6B003C781D8AE99D1D44B9A3D5E71629FCC242085DD327E60388FB5182CD9FEFA8D1870924077D24F37008D301897BC49BA42F2C6AA70DDD5F662B81C68D448186C0D4B114FFEA3FE168B180D0EAC6C96DAFECD47B480AF3EFEF4285C79C16820B5C4533009DFE2FE35C55323694C38D1E8470A966F25CBB226683F42BCA86997F73544D853856A62F9979EF83CE9E93C45994877B4F40DBFE3727EEEF267D7F86568A0A7793116B0F0831B48F7CB5108728CEADFBFD9D3E5565BAAB44229C432D47C2C6C29F749E4C71B307EF48941DE98C69AF9B093849B3E824A1BB376C3263EA371AB"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
.
**************************************************************************
.
Celkový čas: 2011-09-21 11:28:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-09-21 09:28
ComboFix2.txt 2011-09-21 08:34
.
Před spuštěním: Volných bajtů: 951 261 089 792
Po spuštění: Volných bajtů: 950 975 123 456
.
- - End Of File - - DEA9C7DA3B4934BDA80EE2C915D494BA
Nahr nˇ probŘhlo ŁspŘçnŘ

[vyosek]

Kdo vam poradil ComboFix, nejaky technik od ESETu ci kdo?

Jak se problemy projevuji? Co poskytovatel internetu napsal, u nej je vse OK? Pripadne pokud jste komunikovala s ESETem, mohl bych dostat tu komunikaci na mail vyosek@forum.viry.cz?

[vyosek]

Dekuji za mail, vysvetleno velmi dobre. Jen jestli mi jeste muzete poslat mail toho cloveka, ktery Vam ComboFix poradil - ten z toho ESETu.

Log jiz vypada cisty, jak se chova PC

[jaruneczka]

Moc Vám děkuji za pomoc, můžete mi prosím říct, co tam bylo? aktualisace Eset-4 jdou samy, nebudu raději aktualisovat na tu versi 5, u které to vše začalo.. mail jsem poslala, hledala jsem ho ,příště se budu řídit pravidly fora, přeji krásný zbytek dne

[vyosek]

za mail dekuji

mela jste tam nejakou tu breberku

zatim zustante na verzi 4, jeste se musi verzi 5 vychytat nejake mouchy nez bude fungovat jak ma...

Jeste pouklizime

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A napiste jak se chova PC

[jaruneczka]

Hotovooo,dle popisu, CCleaner mám už od jeho vzniku, pc je v oukeji: ještě jednou moc děkuji za Vaši trpělivost a pomoc, zdravím Jarka

[vyosek]

Nemate zac, rad jsem pomohl Zase nekdy


A na rozloucenou vam zahraje nase kapela

[jaruneczka]

...mám ještě jeden dotaz: ESS 4- nestahuje automaticky aktualisace...stejný problém jsem měla v nové pětce, musím růčo a někdy to nejde. Poradíte mi prosím, kde je chyba? děkuji

[vyosek]

On by je mel kontrolovat a stahovat parkrat denne....
Havet by jiz nemela v PC byt...Zkuste ESS preinstalovat a pak se pripadne obratit na jejich podporu

[jaruneczka]

přeinstalovala....ok -zase jim písnu, mějte se.

[vyosek]

Neni zac, pekny vecer i vam...