VIRY.CZ

ComboFix 11-09-21.01 - Jarka 21.09.2011 10:28:37.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4087.2730 [GMT 2:00]
Spuštěný z: c:\users\Jarka\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-21 do 2011-09-21 )))))))))))))))))))))))))))))))
.
.
2011-09-21 08:13 . 2011-09-21 08:13 -------- d-----w- c:\windows\LastGood.Tmp
2011-09-21 07:39 . 2011-09-21 08:10 -------- d-----w- c:\users\Jarka\AppData\Local\ElevatedDiagnostics
2011-09-21 07:34 . 2011-09-21 07:34 -------- d-----w- c:\program files\ESET
2011-09-20 18:11 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{291924F6-95A6-4D4F-A5DA-6889D1C7EFE3}\mpengine.dll
2011-09-19 18:16 . 2011-09-19 18:16 -------- d-----w- c:\users\Jarka\AppData\Roaming\Malwarebytes
2011-09-19 18:16 . 2011-09-19 18:16 -------- d-----w- c:\programdata\Malwarebytes
2011-09-19 18:16 . 2011-09-19 18:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-19 17:48 . 2011-09-19 17:48 111408 ----a-w- c:\windows\system32\drivers\74291958.sys
2011-09-19 16:51 . 2011-09-19 16:51 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-19 16:49 . 2011-09-19 16:49 -------- d-----w- c:\users\Jarka\AppData\Local\Sunbelt Software
2011-09-19 16:48 . 2011-09-19 17:04 -------- d-----w- c:\programdata\Lavasoft
2011-09-19 08:55 . 2011-09-19 08:55 -------- d-----w- c:\users\Jarka\AppData\Roaming\TeamViewer
2011-09-17 05:09 . 2011-09-19 16:33 -------- d-----w- C:\ESS
2011-09-14 11:37 . 2011-09-14 11:37 -------- d-----w- c:\users\Jarka\AppData\Roaming\Windows Live Writer
2011-09-14 11:34 . 2011-09-14 11:34 -------- d-----w- c:\windows\cs
2011-09-14 11:32 . 2011-09-14 11:32 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-09-14 11:30 . 2011-09-14 11:34 -------- d-----w- c:\program files (x86)\Windows Live
2011-09-14 11:30 . 2011-05-13 13:37 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-09-14 11:29 . 2011-09-14 11:29 -------- d-----w- c:\program files (x86)\Microsoft
2011-09-14 11:29 . 2011-09-14 11:29 7450888 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\91c8ea641cc72d103\bingbarsetup.exe
2011-09-14 11:29 . 2011-09-14 11:29 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\89b1fd361cc72d102\MeshBetaRemover.exe
2011-09-14 11:17 . 2011-09-14 11:17 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-09-14 10:39 . 2011-09-14 10:39 -------- d-----w- c:\users\Jarka\AppData\Roaming\OpenOffice.org
2011-09-14 10:38 . 2011-09-14 10:38 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2011-09-14 10:16 . 2011-09-14 10:19 -------- d-----w- c:\program files (x86)\Skype
2011-09-14 09:44 . 2011-09-14 09:44 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-09-14 09:35 . 2011-09-14 09:44 -------- d-----w- c:\program files (x86)\Java
2011-09-14 07:38 . 2011-09-14 07:38 388096 ----a-r- c:\users\Jarka\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-14 07:38 . 2011-09-14 07:38 -------- d-----w- c:\program files (x86)\Trend Micro
2011-09-14 07:35 . 2011-09-14 07:35 -------- d-----w- C:\Trend Micro
2011-09-14 07:00 . 2011-09-14 07:00 -------- d-----w- c:\programdata\Reflexive
2011-09-13 13:40 . 2011-09-13 13:40 63825 ----a-w- c:\windows\SysWow64\epfwdata.bin
2011-09-10 14:01 . 2011-09-10 14:01 -------- d-----w- c:\users\Jarka\AppData\Roaming\Alawar
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-09-03 13:40 . 2011-09-03 13:40 1409 ----a-w- c:\windows\QTFont.for
2011-08-24 08:04 . 2011-08-24 08:04 -------- d-----w- c:\users\Jarka\AppData\Roaming\SprillEng
2011-08-24 05:27 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 05:27 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-23 07:37 . 2011-08-23 08:44 -------- d-----w- c:\users\Jarka\AppData\Roaming\DeepVoyage
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-21 08:31 . 2011-05-11 12:39 25640 ----a-w- c:\windows\gdrv.sys
2011-09-14 09:44 . 2011-05-11 14:09 544656 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-31 15:00 . 2011-07-11 07:04 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-11 13:19 . 2011-05-13 08:40 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-04 07:20 . 2011-08-04 07:20 38288 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2011-08-03 11:50 . 2011-08-10 08:35 7254632 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-03 11:50 . 2011-08-10 08:35 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:50 . 2011-08-10 08:35 6613096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-08-03 11:50 . 2011-08-10 08:35 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-08-03 11:50 . 2011-08-10 08:35 5404776 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-08-03 11:50 . 2011-08-10 08:35 2532456 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:50 . 2011-08-10 08:35 24692840 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 11:50 . 2011-08-10 08:35 2412136 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-08-03 11:50 . 2011-08-10 08:35 2391656 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-08-03 11:50 . 2011-08-10 08:35 22470248 ----a-w- c:\windows\system32\nvoglv64.dll
2011-08-03 11:50 . 2011-08-10 08:35 2222184 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 11:50 . 2011-08-10 08:35 2090088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-08-03 11:50 . 2011-08-10 08:35 17193576 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-08-03 11:50 . 2011-08-10 08:35 16595560 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-08-03 11:50 . 2011-08-10 08:35 1519720 ----a-w- c:\windows\system32\nvdispco64.dll
2011-08-03 11:50 . 2011-08-10 08:35 15064168 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-08-03 11:50 . 2011-08-10 08:35 1453160 ----a-w- c:\windows\system32\nvgenco64.dll
2011-08-03 11:50 . 2011-08-10 08:35 12909672 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-08-03 11:50 . 2011-08-10 08:35 12636776 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-08-03 11:50 . 2011-07-01 07:18 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-08-03 11:50 . 2011-02-22 23:39 836200 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-08-03 11:50 . 2011-02-22 23:39 6136936 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:50 . 2011-02-22 23:39 3021416 ----a-w- c:\windows\system32\nvsvc64.dll
2011-08-03 11:50 . 2011-02-22 23:38 980072 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-03 11:50 . 2011-02-22 23:38 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 11:50 . 2010-07-10 03:38 2758760 ----a-w- c:\windows\system32\nvapi64.dll
2011-08-03 11:50 . 2010-07-09 14:27 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-08-03 11:50 . 2009-07-13 21:59 8355944 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-08-03 01:31 . 2011-08-03 01:31 311912 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-07-22 05:42 . 2011-08-09 18:31 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 05:36 . 2011-08-09 18:31 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 05:32 . 2011-08-09 18:32 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 02:54 . 2011-08-09 18:31 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-07-22 02:48 . 2011-08-09 18:31 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-22 02:44 . 2011-08-09 18:32 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:41 . 2011-08-09 18:30 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:41 . 2011-08-09 18:30 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:41 . 2011-08-09 18:30 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:39 . 2011-08-09 18:30 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:37 . 2011-08-09 18:30 421888 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:21 . 2011-08-09 18:30 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:29 . 2011-08-09 18:30 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:26 . 2011-08-09 18:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:25 . 2011-08-09 18:30 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:24 . 2011-08-09 18:30 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:24 . 2011-08-09 18:30 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:15 . 2011-08-09 18:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-05-11 30528]
R3 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-07-20 247872]
R3 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-09-07 72280]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656]
R4 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2918656]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Jarka\AppData\Roaming\Mozilla\Firefox\Profiles\hw6zn1q5.default\
FF - prefs.js: browser.startup.homepage - www.centrum.cz
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="E0A97AA61C842A2FBD6C6CBF29F88C8F2DFA869087DA0B378084C6F907EA5E23D46BE0CD710D99C9B15FF22E710DEBDB3B464AB88F2F73DAFA70BE813E0D127BA9A516E2EFC965D9177C7B17471141029C028426CAE53B3E1E31C9A1B8C7CDC39B3D0B31D41F851ED62DE9F1DFFB41F9013B2A1D0AAEF93884988C0A7F1F29504F6A37778382B3073B2EA4A9995BE774FCD7B1D6C1C90ED2AACE31E1C2A783A9C93A12E882026DBBF39116FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E667A2D97226D213B555FEBC9E127BECC74C4DD877A36101643F8644B94A9D4FAC9901D916F2AF1D498F2CE5C12592BFDDC5EDA4B5685329CD6AB19B22F005055DE03E02AEDF0A6D1312E6BD07909E2D723D09ED417947948561D2010B950057B6AFE4E5A8E9C0037299BF414B0C56FE29DD7AB9A84A7F2111B554D4754E6A4FC08A8E5C9D686FAE17B81B5E5AD1AEEE76EB95B28D16EF12C77D161979F7D5565A76C562B8F6E4260408502B955D571AA02F21A527D7428D5753EBF442AC883E347D8B98BA75A1018E22AEE173EDAB8244F555073FD2509D41D29AB40FD1FB38D53052C077065E3A63A8765E7C87C10DD1906269B20A2EB0581F5F46B30CDD5D979F8344D6108434003C5B204D73DF040C53670975C81D1B47DDE7BA16C410A8A763FB2F573EB3B2B707884E18BD02938A177C420E9B18100AB758CB322CA679881688AF06013DDD31B31AB0A136584DBAB82C9895D24AABF05AC65318326C920FD5701C890AA7C2677120B444F045A75A1872303A8414EC21783ECFE9105E1CE5466B6B1A512FD02875A0EA6C4760FA7E99C25440880BB414C7BE645F3C2F21898C23B702923FDC987694089A5376850F2782F2FB7D774B16803958C478C1114C54B94323CBFD1FAC2F69E4E5F50667C5AD0D1DD7C3D4D947E118167743333F54CC4271F1C03F34B060FEFEF5D3C2A7B59B2F085380D4ED1E2CB2ACEBE5CDE29B2746C976780F9C434D2BF68855942FBFE7AA8F7F1EDAFB6126DACEA9699418EF9ABF78CBBD2BBC56BEB791EF2596CA1D0AB6B003C781D8AE99D1D44B9A3D5E71629FCC242085DD327E60388FB5182CD9FEFA8D1870924077D24F37008D301897BC49BA42F2C6AA70DDD5F662B81C68D448186C0D4B114FFEA3FE168B180D0EAC6C96DAFECD47B480AF3EFEF4285C79C16820B5C4533009DFE2FE35C55323694C38D1E8470A966F25CBB226683F42BCA86997F73544D853856A62F9979EF83CE9E93C45994877B4F40DBFE3727EEEF267D7F86568A0A7793116B0F0831B48F7CB5108728CEADFBFD9D3E5565BAAB44229C432D47C2C6C29F749E4C71B307EF48941DE98C69AF9B093849B3E824A1BB376C3263EA371AB"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
.
**************************************************************************
.
Celkový čas: 2011-09-21 10:34:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-09-21 08:34
.
Před spuštěním: Volných bajtů: 951 631 839 232
Po spuštění: Volných bajtů: 951 182 954 496
.
- - End Of File - - ED0277CF7D57BE3F0EF86D7DA1E416C4

Zdravim a pekny den preji

CF se nedoporucuje pouzivat bez doporuceni, vizte nize

Nebezpeci CFka

Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
Maze stopy po haveti, takze v logu z RSIT neni nic videt
Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Firefox::
FF - ProfilePath - c:\users\Jarka\AppData\Roaming\Mozilla\Firefox\Profiles\hw6zn1q5.default\
FF - prefs.js: network.proxy.type - 0

DDS::
Trusted Zone: mojebanka.cz\www

Folder::
c:\program files (x86)\ICQ6Toolbar

Driver::
ICQ Service

Collect::
c:\windows\system32\drivers\74291958.sys

Rootkit::
c:\windows\system32\drivers\74291958.sys

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

..moc Vám děkuji, už 4 den potíže s pc, po instalaci ESS-5 , následné problémy, jak s poskytovatelem internetu, tak poté Esetem, který chtěl pomoct a řekl mě, ať udělám ten Combo fix..Vzhledem k tomu, že jsem stará "bába" a moc se zde neorientuji, dovolila jsem si vložit ten log sama...omlouvám se. Zde požadovaný log:

ComboFix 11-09-21.01 - Jarka 21.09.2011 11:22:38.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4087.2946 [GMT 2:00]
Spuštěný z: c:\users\Jarka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jarka\Desktop\CFScript.txt
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ICQ6Toolbar
c:\program files (x86)\ICQ6Toolbar\config.xml
c:\program files (x86)\ICQ6Toolbar\Icons.bmp
c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe
c:\program files (x86)\ICQ6Toolbar\icq6Toolbar.ico
c:\program files (x86)\ICQ6Toolbar\ICQToolBar.dll
c:\program files (x86)\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files (x86)\ICQ6Toolbar\logo_small.gif
c:\program files (x86)\ICQ6Toolbar\ServiceStarter.exe
c:\program files (x86)\ICQ6Toolbar\short.wav
c:\program files (x86)\ICQ6Toolbar\Version.txt
c:\program files (x86)\ICQ6Toolbar\voucher.bmp
c:\program files (x86)\ICQ6Toolbar\voucher2.bmp
c:\windows\system32\drivers\74291958.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ICQ Service
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-21 do 2011-09-21 )))))))))))))))))))))))))))))))
.
.
2011-09-21 09:25 . 2011-09-21 09:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-09-21 09:25 . 2011-09-21 09:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-21 07:34 . 2011-09-21 07:34 -------- d-----w- c:\program files\ESET
2011-09-20 18:11 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{291924F6-95A6-4D4F-A5DA-6889D1C7EFE3}\mpengine.dll
2011-09-19 18:16 . 2011-09-19 18:16 -------- d-----w- c:\users\Jarka\AppData\Roaming\Malwarebytes
2011-09-19 18:16 . 2011-09-19 18:16 -------- d-----w- c:\programdata\Malwarebytes
2011-09-19 18:16 . 2011-09-19 18:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-19 16:51 . 2011-09-19 16:51 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-19 16:49 . 2011-09-19 16:49 -------- d-----w- c:\users\Jarka\AppData\Local\Sunbelt Software
2011-09-19 16:48 . 2011-09-19 17:04 -------- d-----w- c:\programdata\Lavasoft
2011-09-19 08:55 . 2011-09-19 08:55 -------- d-----w- c:\users\Jarka\AppData\Roaming\TeamViewer
2011-09-17 05:09 . 2011-09-19 16:33 -------- d-----w- C:\ESS
2011-09-14 11:37 . 2011-09-14 11:37 -------- d-----w- c:\users\Jarka\AppData\Roaming\Windows Live Writer
2011-09-14 11:34 . 2011-09-14 11:34 -------- d-----w- c:\windows\cs
2011-09-14 11:32 . 2011-09-14 11:32 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-09-14 11:30 . 2011-09-14 11:34 -------- d-----w- c:\program files (x86)\Windows Live
2011-09-14 11:30 . 2011-05-13 13:37 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-09-14 11:29 . 2011-09-14 11:29 -------- d-----w- c:\program files (x86)\Microsoft
2011-09-14 11:29 . 2011-09-14 11:29 7450888 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\91c8ea641cc72d103\bingbarsetup.exe
2011-09-14 11:29 . 2011-09-14 11:29 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\89b1fd361cc72d102\MeshBetaRemover.exe
2011-09-14 11:17 . 2011-09-14 11:17 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-09-14 10:39 . 2011-09-14 10:39 -------- d-----w- c:\users\Jarka\AppData\Roaming\OpenOffice.org
2011-09-14 10:38 . 2011-09-14 10:38 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2011-09-14 10:16 . 2011-09-14 10:19 -------- d-----w- c:\program files (x86)\Skype
2011-09-14 09:44 . 2011-09-14 09:44 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-09-14 09:35 . 2011-09-14 09:44 -------- d-----w- c:\program files (x86)\Java
2011-09-14 07:38 . 2011-09-14 07:38 388096 ----a-r- c:\users\Jarka\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-14 07:38 . 2011-09-14 07:38 -------- d-----w- c:\program files (x86)\Trend Micro
2011-09-14 07:35 . 2011-09-14 07:35 -------- d-----w- C:\Trend Micro
2011-09-14 07:00 . 2011-09-14 07:00 -------- d-----w- c:\programdata\Reflexive
2011-09-13 13:40 . 2011-09-13 13:40 63825 ----a-w- c:\windows\SysWow64\epfwdata.bin
2011-09-10 14:01 . 2011-09-10 14:01 -------- d-----w- c:\users\Jarka\AppData\Roaming\Alawar
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-09-03 13:40 . 2011-09-03 13:40 1409 ----a-w- c:\windows\QTFont.for
2011-08-24 08:04 . 2011-08-24 08:04 -------- d-----w- c:\users\Jarka\AppData\Roaming\SprillEng
2011-08-24 05:27 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 05:27 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-23 07:37 . 2011-08-23 08:44 -------- d-----w- c:\users\Jarka\AppData\Roaming\DeepVoyage
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-21 09:26 . 2011-05-11 12:39 25640 ----a-w- c:\windows\gdrv.sys
2011-09-14 09:44 . 2011-05-11 14:09 544656 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-31 15:00 . 2011-07-11 07:04 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-11 13:19 . 2011-05-13 08:40 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-04 07:20 . 2011-08-04 07:20 38288 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2011-08-03 11:50 . 2011-08-10 08:35 7254632 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-03 11:50 . 2011-08-10 08:35 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:50 . 2011-08-10 08:35 6613096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-08-03 11:50 . 2011-08-10 08:35 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-08-03 11:50 . 2011-08-10 08:35 5404776 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-08-03 11:50 . 2011-08-10 08:35 2532456 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:50 . 2011-08-10 08:35 24692840 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 11:50 . 2011-08-10 08:35 2412136 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-08-03 11:50 . 2011-08-10 08:35 2391656 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-08-03 11:50 . 2011-08-10 08:35 22470248 ----a-w- c:\windows\system32\nvoglv64.dll
2011-08-03 11:50 . 2011-08-10 08:35 2222184 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 11:50 . 2011-08-10 08:35 2090088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-08-03 11:50 . 2011-08-10 08:35 17193576 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-08-03 11:50 . 2011-08-10 08:35 16595560 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-08-03 11:50 . 2011-08-10 08:35 1519720 ----a-w- c:\windows\system32\nvdispco64.dll
2011-08-03 11:50 . 2011-08-10 08:35 15064168 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-08-03 11:50 . 2011-08-10 08:35 1453160 ----a-w- c:\windows\system32\nvgenco64.dll
2011-08-03 11:50 . 2011-08-10 08:35 12909672 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-08-03 11:50 . 2011-08-10 08:35 12636776 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-08-03 11:50 . 2011-07-01 07:18 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-08-03 11:50 . 2011-02-22 23:39 836200 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-08-03 11:50 . 2011-02-22 23:39 6136936 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:50 . 2011-02-22 23:39 3021416 ----a-w- c:\windows\system32\nvsvc64.dll
2011-08-03 11:50 . 2011-02-22 23:38 980072 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-03 11:50 . 2011-02-22 23:38 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 11:50 . 2010-07-10 03:38 2758760 ----a-w- c:\windows\system32\nvapi64.dll
2011-08-03 11:50 . 2010-07-09 14:27 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-08-03 11:50 . 2009-07-13 21:59 8355944 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-08-03 01:31 . 2011-08-03 01:31 311912 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-07-22 05:42 . 2011-08-09 18:31 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 05:36 . 2011-08-09 18:31 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 05:32 . 2011-08-09 18:32 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 02:54 . 2011-08-09 18:31 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-07-22 02:48 . 2011-08-09 18:31 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-22 02:44 . 2011-08-09 18:32 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:41 . 2011-08-09 18:30 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:41 . 2011-08-09 18:30 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:41 . 2011-08-09 18:30 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:39 . 2011-08-09 18:30 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:37 . 2011-08-09 18:30 421888 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:21 . 2011-08-09 18:30 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:21 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:29 . 2011-08-09 18:30 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:26 . 2011-08-09 18:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:25 . 2011-08-09 18:30 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:24 . 2011-08-09 18:30 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:24 . 2011-08-09 18:30 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:15 . 2011-08-09 18:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 18:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-21_08.32.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-11 13:22 . 2011-09-21 08:33 40000 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-09-21 08:06 31962 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-09-21 09:04 31962 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-11 12:41 . 2011-09-21 09:04 12712 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3058530099-2043524379-2683396900-1000_UserData.bin
+ 2011-05-11 12:24 . 2011-09-21 09:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-11 12:24 . 2011-09-21 04:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-11 12:24 . 2011-09-21 09:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-11 12:24 . 2011-09-21 04:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-21 09:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-09-21 04:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-21 08:31 . 2011-09-21 08:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-21 09:26 . 2011-09-21 09:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-09-21 08:31 . 2011-09-21 08:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-21 09:26 . 2011-09-21 09:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2011-09-21 09:09 615810 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-09-21 08:10 615810 c:\windows\system32\perfh009.dat
+ 2009-07-14 15:18 . 2011-09-21 09:09 631054 c:\windows\system32\perfh005.dat
- 2009-07-14 15:18 . 2011-09-21 08:10 631054 c:\windows\system32\perfh005.dat
- 2009-07-14 02:36 . 2011-09-21 08:10 106190 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-09-21 09:09 106190 c:\windows\system32\perfc009.dat
- 2009-07-14 15:18 . 2011-09-21 08:10 121708 c:\windows\system32\perfc005.dat
+ 2009-07-14 15:18 . 2011-09-21 09:09 121708 c:\windows\system32\perfc005.dat
+ 2009-07-14 05:12 . 2011-09-21 09:07 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-09-21 04:45 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2011-09-21 08:31 276452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-09-21 09:25 276452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-11 13:35 . 2011-09-21 09:25 9673372 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3058530099-2043524379-2683396900-1000-8192.dat
+ 2011-05-11 13:35 . 2011-09-21 09:25 1995092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3058530099-2043524379-2683396900-1000-12288.dat
- 2011-05-11 13:35 . 2011-09-21 08:31 1995092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3058530099-2043524379-2683396900-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-05-11 30528]
R3 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-09-07 72280]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656]
R4 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2918656]
"combofix"="c:\combofix\CF27656.3XE" [2010-11-20 345088]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Jarka\AppData\Roaming\Mozilla\Firefox\Profiles\hw6zn1q5.default\
FF - prefs.js: browser.startup.homepage - www.centrum.cz
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1316584428
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1316584668
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1316584548
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1316593405
FF - user.js: browser.anchor_color - #0000FF
FF - user.js: browser.bookmarks.restore_default_bookmarks - false
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576
FF - user.js: browser.display.background_color - #C0C0C0
FF - user.js: browser.display.use_system_colors - true
FF - user.js: browser.download.dir - c:\\Users\\Jarka\\Desktop
FF - user.js: browser.download.folderList - 0
FF - user.js: browser.formfill.enable - false
FF - user.js: browser.migration.version - 5
FF - user.js: browser.places.smartBookmarksVersion - 2
FF - user.js: browser.preferences.advanced.selectedTabIndex - 1
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.startup.homepage - www.centrum.cz
FF - user.js: browser.startup.homepage_override.buildID - 20110902133214
FF - user.js: browser.startup.homepage_override.mstone - rv:6.0.2
FF - user.js: browser.syncPromoViewsLeft - 3
FF - user.js: browser.taskbar.lastgroupid - Mozilla.Firefox.6.0.2
FF - user.js: browser.visited_color - #800080
FF - user.js: extensions.adblockplus.currentVersion - 1.3.9
FF - user.js: extensions.adblockplus.detachsidebar - true
FF - user.js: extensions.adblockplus.showinstatusbar - true
FF - user.js: extensions.adblockplus.showintoolbar - false
FF - user.js: extensions.blocklist.pingCountTotal - 2
FF - user.js: extensions.blocklist.pingCountVersion - 2
FF - user.js: extensions.bootstrappedAddons - {}
FF - user.js: extensions.databaseSchema - 4
FF - user.js: extensions.enabledAddons - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9,{972ce4c6-7e08-4474-a285-3208198ce6fd}:6.0.2
FF - user.js: extensions.installCache - [{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1316459081279}}},{\name\:\app-profile\,\addons\:{\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\:{\descriptor\:\c:\\\\Users\\\\Jarka\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hw6zn1q5.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\,\mtime\:1316459152579}}}]
FF - user.js: extensions.lastAppVersion - 6.0.2
FF - user.js: extensions.lastPlatformVersion - 6.0.2
FF - user.js: extensions.pendingOperations - false
FF - user.js: idle.lastDailyNotification - 1316501831
FF - user.js: intl.charsetmenu.browser.cache - ISO-8859-2, ISO-8859-1, windows-1250, UTF-8
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: places.database.lastMaintenance - 1316501831
FF - user.js: places.history.expiration.transient_current_max_pages - 128581
FF - user.js: pref.browser.homepage.disable_button.restore_default - false
FF - user.js: privacy.donottrackheader.enabled - true
FF - user.js: privacy.sanitize.didShutdownSanitize - true
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: privacy.sanitize.sanitizeOnShutdown - true
FF - user.js: privacy.sanitize.timeSpan - 4
FF - user.js: security.disable_button.openDeviceManager - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: services.sync.clients.lastSync - 0
FF - user.js: services.sync.clients.lastSyncLocal - 0
FF - user.js: services.sync.migrated - true
FF - user.js: services.sync.tabs.lastSync - 0
FF - user.js: services.sync.tabs.lastSyncLocal - 0
FF - user.js: signon.rememberSignons - false
FF - user.js: storage.vacuum.last.index - 0
FF - user.js: storage.vacuum.last.places.sqlite - 1316501831
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1319187283
FF - user.js: xpinstall.whitelist.add -
FF - user.js: xpinstall.whitelist.add.36 -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-ICQToolbar - c:\program files (x86)\ICQ6Toolbar\ICQUnToolbar.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="E0A97AA61C842A2FBD6C6CBF29F88C8F2DFA869087DA0B378084C6F907EA5E23D46BE0CD710D99C9B15FF22E710DEBDB3B464AB88F2F73DAFA70BE813E0D127BA9A516E2EFC965D9177C7B17471141029C028426CAE53B3E1E31C9A1B8C7CDC39B3D0B31D41F851ED62DE9F1DFFB41F9013B2A1D0AAEF93884988C0A7F1F29504F6A37778382B3073B2EA4A9995BE774FCD7B1D6C1C90ED2AACE31E1C2A783A9C93A12E882026DBBF39116FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E667A2D97226D213B555FEBC9E127BECC74C4DD877A36101643F8644B94A9D4FAC9901D916F2AF1D498F2CE5C12592BFDDC5EDA4B5685329CD6AB19B22F005055DE03E02AEDF0A6D1312E6BD07909E2D723D09ED417947948561D2010B950057B6AFE4E5A8E9C0037299BF414B0C56FE29DD7AB9A84A7F2111B554D4754E6A4FC08A8E5C9D686FAE17B81B5E5AD1AEEE76EB95B28D16EF12C77D161979F7D5565A76C562B8F6E4260408502B955D571AA02F21A527D7428D5753EBF442AC883E347D8B98BA75A1018E22AEE173EDAB8244F555073FD2509D41D29AB40FD1FB38D53052C077065E3A63A8765E7C87C10DD1906269B20A2EB0581F5F46B30CDD5D979F8344D6108434003C5B204D73DF040C53670975C81D1B47DDE7BA16C410A8A763FB2F573EB3B2B707884E18BD02938A177C420E9B18100AB758CB322CA679881688AF06013DDD31B31AB0A136584DBAB82C9895D24AABF05AC65318326C920FD5701C890AA7C2677120B444F045A75A1872303A8414EC21783ECFE9105E1CE5466B6B1A512FD02875A0EA6C4760FA7E99C25440880BB414C7BE645F3C2F21898C23B702923FDC987694089A5376850F2782F2FB7D774B16803958C478C1114C54B94323CBFD1FAC2F69E4E5F50667C5AD0D1DD7C3D4D947E118167743333F54CC4271F1C03F34B060FEFEF5D3C2A7B59B2F085380D4ED1E2CB2ACEBE5CDE29B2746C976780F9C434D2BF68855942FBFE7AA8F7F1EDAFB6126DACEA9699418EF9ABF78CBBD2BBC56BEB791EF2596CA1D0AB6B003C781D8AE99D1D44B9A3D5E71629FCC242085DD327E60388FB5182CD9FEFA8D1870924077D24F37008D301897BC49BA42F2C6AA70DDD5F662B81C68D448186C0D4B114FFEA3FE168B180D0EAC6C96DAFECD47B480AF3EFEF4285C79C16820B5C4533009DFE2FE35C55323694C38D1E8470A966F25CBB226683F42BCA86997F73544D853856A62F9979EF83CE9E93C45994877B4F40DBFE3727EEEF267D7F86568A0A7793116B0F0831B48F7CB5108728CEADFBFD9D3E5565BAAB44229C432D47C2C6C29F749E4C71B307EF48941DE98C69AF9B093849B3E824A1BB376C3263EA371AB"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
.
**************************************************************************
.
Celkový čas: 2011-09-21 11:28:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-09-21 09:28
ComboFix2.txt 2011-09-21 08:34
.
Před spuštěním: Volných bajtů: 951 261 089 792
Po spuštění: Volných bajtů: 950 975 123 456
.
- - End Of File - - DEA9C7DA3B4934BDA80EE2C915D494BA
Nahr nˇ probŘhlo ŁspŘçnŘ

Kdo vam poradil ComboFix, nejaky technik od ESETu ci kdo?

Jak se problemy projevuji? Co poskytovatel internetu napsal, u nej je vse OK? Pripadne pokud jste komunikovala s ESETem, mohl bych dostat tu komunikaci na mail vyosek@forum.viry.cz?

Dekuji za mail, vysvetleno velmi dobre. Jen jestli mi jeste muzete poslat mail toho cloveka, ktery Vam ComboFix poradil - ten z toho ESETu.

Log jiz vypada cisty, jak se chova PC

Moc Vám děkuji za pomoc, můžete mi prosím říct, co tam bylo? aktualisace Eset-4 jdou samy, nebudu raději aktualisovat na tu versi 5, u které to vše začalo.. mail jsem poslala, hledala jsem ho ,příště se budu řídit pravidly fora, přeji krásný zbytek dne

za mail dekuji

mela jste tam nejakou tu breberku

zatim zustante na verzi 4, jeste se musi verzi 5 vychytat nejake mouchy nez bude fungovat jak ma...

Jeste pouklizime

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A napiste jak se chova PC

Hotovooo,dle popisu, CCleaner mám už od jeho vzniku, pc je v oukeji: ještě jednou moc děkuji za Vaši trpělivost a pomoc, zdravím Jarka

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

A na rozloucenou vam zahraje nase kapela :guitar:

...mám ještě jeden dotaz: ESS 4- nestahuje automaticky aktualisace...stejný problém jsem měla v nové pětce, musím růčo a někdy to nejde. Poradíte mi prosím, kde je chyba? děkuji

On by je mel kontrolovat a stahovat parkrat denne....
Havet by jiz nemela v PC byt...Zkuste ESS preinstalovat a pak se pripadne obratit na jejich podporu

přeinstalovala....ok -zase jim písnu, mějte se.

Neni zac, pekny vecer i vam...

VIRY.CZ

Prosím o kontrolu logu Combo fix děkuji pěkně

Prosím o kontrolu logu Combo fix děkuji pěkně

Re: Prosím o kontrolu logu Combo fix děkuji pěkně

Re: Prosím o kontrolu logu Combo fix děkuji pěkně

Re: Prosím o kontrolu logu Combo fix děkuji pěkně

Re: Prosím o kontrolu logu Combo fix děkuji pěkně

Re: Prosím o kontrolu logu Combo fix děkuji pěkně

Re: Prosím o kontrolu logu Combo fix děkuji pěkně

Re: Prosím o kontrolu logu Combo fix děkuji pěkně

Re: Prosím o kontrolu logu Combo fix děkuji pěkně

Re: Prosím o kontrolu logu Combo fix děkuji pěkně

Re: Prosím o kontrolu logu Combo fix děkuji pěkně

Re: Prosím o kontrolu logu Combo fix děkuji pěkně

Re: Prosím o kontrolu logu Combo fix děkuji pěkně