pro vyosek: prosím o kontrolu logu Combo fix-děkuji
Napsal: 30 pro 2011 21:59
ComboFix 11-12-30.01 - Jarka 30.12.2011 21:46:03.5.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4087.2842 [GMT 1:00]
Spuštěný z: c:\users\Jarka\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\java.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-28 do 2011-12-30 )))))))))))))))))))))))))))))))
.
.
2011-12-30 20:49 . 2011-12-30 20:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-12-30 20:49 . 2011-12-30 20:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-30 20:49 . 2011-12-30 20:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-30 10:49 . 2007-11-20 16:58 55296 ----a-w- c:\windows\SysWow64\Remove.exe
2011-12-30 10:49 . 2011-12-30 10:49 -------- d-----w- c:\program files (x86)\KYE SYSTEMS CORP
2011-12-30 10:49 . 2006-10-12 10:57 14336 ----a-w- c:\windows\SysWow64\P7302USD.dll
2011-12-30 10:36 . 2011-12-30 10:36 -------- d-----w- C:\inetpub
2011-12-30 09:56 . 2011-12-30 10:51 -------- d-----w- c:\program files (x86)\Common Files\PAC7302
2011-12-30 07:53 . 2011-10-19 22:10 22872 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-12-30 06:43 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A4F8204E-2C06-488B-8931-C88EAE919E51}\mpengine.dll
2011-12-29 14:35 . 2011-12-29 14:35 -------- d-----w- c:\program files (x86)\Guard-ICQ
2011-12-29 14:35 . 2011-12-29 14:35 -------- d-----w- c:\program files (x86)\ICQ6Toolbar
2011-12-29 14:34 . 2011-12-29 14:35 -------- d-----w- c:\program files (x86)\ICQ7.7
2011-12-27 10:14 . 2011-12-30 10:49 -------- d-----w- c:\windows\PixArt
2011-12-27 09:31 . 2011-12-27 09:31 -------- d-----w- c:\users\Jarka\AppData\Local\Facebook
2011-12-26 07:35 . 2011-12-26 07:35 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-26 07:35 . 2011-12-26 07:35 -------- d-----w- c:\program files\Java
2011-12-22 07:57 . 2011-12-22 07:57 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2011-12-22 07:57 . 2011-12-22 07:57 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2011-12-22 07:57 . 2011-12-22 07:57 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2011-12-22 07:57 . 2011-12-22 07:57 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2011-12-18 15:11 . 2011-12-30 15:39 -------- d-----w- c:\users\Jarka\AppData\Roaming\Jewel Match 3
2011-12-17 12:02 . 2011-12-17 12:34 -------- d-----w- c:\users\Jarka\AppData\Roaming\IObit
2011-12-14 06:32 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 06:32 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 06:32 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-14 06:32 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 06:32 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-14 06:32 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-12 08:00 . 2011-12-12 08:00 22 --sha-w- c:\users\Jarka\AppData\Roaming\Sys2662.Config.Repository.bin
2011-12-12 07:59 . 2011-12-12 08:35 -------- d-----w- c:\program files (x86)\jv16 PowerTools 2011
2011-12-04 19:01 . 2011-12-04 19:01 -------- d-----w- c:\program files (x86)\Conduit
2011-12-04 19:01 . 2011-12-08 17:05 -------- d-----w- c:\program files (x86)\MyAshampoo
2011-12-04 19:01 . 2011-12-04 19:01 -------- d-----w- c:\users\Jarka\AppData\Local\ashampoo
2011-12-04 19:01 . 2011-12-04 19:01 -------- d-----w- c:\programdata\ashampoo
2011-12-04 19:01 . 2011-12-04 19:01 -------- d-----w- c:\program files (x86)\Ashampoo
2011-12-02 19:50 . 2011-12-12 08:04 -------- d-----w- c:\users\Jarka\Tracing
2011-12-02 07:51 . 2011-12-02 07:51 -------- d-----w- c:\users\Jarka\AppData\Roaming\NVIDIA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-30 15:44 . 2011-05-11 12:39 25640 ----a-w- c:\windows\gdrv.sys
2011-12-04 09:27 . 2011-09-28 18:41 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 12:29 . 2011-10-24 12:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 12:29 . 2011-10-24 12:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-23 07:03 . 2011-10-23 07:03 1409 ----a-w- c:\windows\QTFont.for
2011-10-08 06:02 . 2011-10-08 05:54 181064 ----a-w- c:\windows\PSEXESVC.EXE
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-05-11 30528]
R3 MEMSWEEP2;MEMSWEEP2; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-19 494424]
R4 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R4 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
R4 Guard.Mail.ru;Guard.Mail.ru;c:\program files (x86)\Guard-ICQ\GuardICQ.exe [2011-12-29 1564368]
R4 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-08-17 247872]
R4 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-09-07 72280]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-08 974944]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-12-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3058530099-2043524379-2683396900-1000Core.job
- c:\users\Jarka\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-27 09:31]
.
2011-12-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3058530099-2043524379-2683396900-1000UA.job
- c:\users\Jarka\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-27 09:31]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3058530099-2043524379-2683396900-1000Core.job
- c:\users\Jarka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-23 14:10]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3058530099-2043524379-2683396900-1000UA.job
- c:\users\Jarka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-23 14:10]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-08 4030008]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://startsear.ch/?aff=1
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Jarka\AppData\Roaming\Mozilla\Firefox\Profiles\hw6zn1q5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.centrum.cz
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&src=sp&cf=33cdfb4d-0310-11e1-b21a-1c6f65ad54de&q=
FF - prefs.js: network.proxy.type - 4
*
*
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
* To make a manual change to preferences, you can visit the URL about:config
*/
# Mozilla User Preferences
/* Do not edit this file.
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1316584428
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1316584668
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1316584548
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1316593405
FF - user.js: browser.anchor_color - #0000FF
FF - user.js: browser.bookmarks.restore_default_bookmarks - false
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.background_color - #C0C0C0
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.display.use_system_colors - true
FF - user.js: browser.download.dir - c:\\Users\\Jarka\\Desktop
FF - user.js: browser.download.folderList - 0
FF - user.js: browser.formfill.enable - false
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.migration.version - 5
FF - user.js: browser.places.smartBookmarksVersion - 2
FF - user.js: browser.preferences.advanced.selectedTabIndex - 1
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.startup.homepage - www.centrum.cz
FF - user.js: browser.startup.homepage_override.buildID - 20110902133214
FF - user.js: browser.startup.homepage_override.mstone - rv:6.0.2
FF - user.js: browser.syncPromoViewsLeft - 3
FF - user.js: browser.taskbar.lastgroupid - Mozilla.Firefox.6.0.2
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.visited_color - #800080
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: extensions.adblockplus.currentVersion - 1.3.9
FF - user.js: extensions.adblockplus.detachsidebar - true
FF - user.js: extensions.adblockplus.showinstatusbar - true
FF - user.js: extensions.adblockplus.showintoolbar - false
FF - user.js: extensions.blocklist.pingCountTotal - 2
FF - user.js: extensions.blocklist.pingCountVersion - 2
FF - user.js: extensions.bootstrappedAddons - {}
FF - user.js: extensions.databaseSchema - 4
FF - user.js: extensions.enabledAddons - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9,{972ce4c6-7e08-4474-a285-3208198ce6fd}:6.0.2
FF - user.js: extensions.installCache - [{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1316459081279}}},{\name\:\app-profile\,\addons\:{\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\:{\descriptor\:\c:\\\\Users\\\\Jarka\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hw6zn1q5.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\,\mtime\:1316459152579}}}]
FF - user.js: extensions.lastAppVersion - 6.0.2
FF - user.js: extensions.lastPlatformVersion - 6.0.2
FF - user.js: extensions.pendingOperations - false
FF - user.js: idle.lastDailyNotification - 1316501831
FF - user.js: intl.charsetmenu.browser.cache - ISO-8859-2, ISO-8859-1, windows-1250, UTF-8
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: places.database.lastMaintenance - 1316501831
FF - user.js: places.history.expiration.transient_current_max_pages - 128581
FF - user.js: plugin.expose_full_path - true
FF - user.js: pref.browser.homepage.disable_button.restore_default - false
FF - user.js: privacy.donottrackheader.enabled - true
FF - user.js: privacy.sanitize.didShutdownSanitize - true
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: privacy.sanitize.sanitizeOnShutdown - true
FF - user.js: privacy.sanitize.timeSpan - 4
FF - user.js: security.disable_button.openDeviceManager - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: services.sync.clients.lastSync - 0
FF - user.js: services.sync.clients.lastSyncLocal - 0
FF - user.js: services.sync.migrated - true
FF - user.js: services.sync.tabs.lastSync - 0
FF - user.js: services.sync.tabs.lastSyncLocal - 0
FF - user.js: signon.rememberSignons - false
FF - user.js: storage.vacuum.last.index - 0
FF - user.js: storage.vacuum.last.places.sqlite - 1316501831
FF - user.js: ui.submenuDelay - 0
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1319187283
FF - user.js: xpinstall.whitelist.add -
FF - user.js: xpinstall.whitelist.add.36 -
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="E0A97AA61C842A2FBD6C6CBF29F88C8F2DFA869087DA0B378084C6F907EA5E23D46BE0CD710D99C9B15FF22E710DEBDB3B464AB88F2F73DAFA70BE813E0D127BA9A516E2EFC965D9177C7B17471141029C028426CAE53B3E1E31C9A1B8C7CDC39B3D0B31D41F851ED62DE9F1DFFB41F9013B2A1D0AAEF93884988C0A7F1F29504F6A37778382B3073B2EA4A9995BE774FCD7B1D6C1C90ED2AACE31E1C2A783A9C93A12E882026DBBF39116FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E667A2D97226D213B555FEBC9E127BECC74C4DD877A36101643F8644B94A9D4FAC9901D916F2AF1D498F2CE5C12592BFDDC5EDA4B5685329CD6AB19B22F005055DE03E02AEDF0A6D1312E6BD07909E2D723D09ED417947948561D2010B950057B6AFE4E5A8E9C0037299BF414B0C56FE29DD7AB9A84A7F2111B554D4754E6A4FC08A8E5C9D686FAE17B81B5E5AD1AEEE76EB95B28D16EF12C77D161979F7D5565A76C562B8F6E4260408502B955D571AA02F21A527D7428D5753EBF442AC883E347D8B98BA75A1018E22AEE173EDAB8244F555073FD2509D41D29AB40FD1FB38D53052C077065E3A63A8765E7C87C10DD1906269B20A2EB0581F5F46B30CDD5D979F8344D6108434003C5B204D73DF040C53670975C81D1B47DDE7BA16C410A8A763FB2F573EB3B2B707884E18BD02938A177C420E9B18100AB758CB322CA679881688AF06013DDD31B31AB0A136584DBAB82C9895D24AABF05AC65318326C920FD5701C890AA7C2677120B444F045A75A1872303A8414EC21783ECFE9105E1CE5466B6B1A512FD02875A0EA6C4760FA7E99C25440880BB414C7BE645F3C2F21898C23B702923FDC987694089A5376850F2782F2FB7D774B16803958C478C1114C54B94323CBFD1FAC2F69E4E5F50667C5AD0D1DD7C3D4D947E118167743333F54CC4271F1C03F34B060FEFEF5D3C2A7B59B2F085380D4ED1E2CB2ACEBE5CDE29B2746C976780F9C434D2BF68855942FBFE7AA8F7F1EDAFB6126DACEA9699418EF9ABF78CBBD2BBC56BEB791EF2596CA1D0AB6B003C781D8AE99D1D44B9A3D5E71629FCC242085DD327E60388FB5182CD9FEFA8D1870924077D24F37008D301897BC49BA42F2C6AA70DDD5F662B81C68D448186C0D4B114FFEA3FE168B180D0EAC6C96DAFECD47B480AF3EFEF4285C79C16820B5C4533009DFE2FE35C55323694C38D1E8470A966F25CBB226683F42BCA86997F73544D853856A62F9979EF83CE9E93C45994877B4F40DBFE3727EEEF267D7F86568A0A7793116B0F0831B48F7CB5108728CEADFBFD9D3E5565BAAB44229C432D47C2C6C29F749E4C71B307EF48941DE98C69AF9B093849B3E824A1BB376C3263EA371AB"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antimalwareguard.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\file4exchange.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\folusho.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mediacontent4you.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\regsyonline.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xprstats.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\system\ControlSet007\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
.
**************************************************************************
.
Celkový čas: 2011-12-30 21:54:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-12-30 20:54
.
Před spuštěním: Volných bajtů: 947 933 593 600
Po spuštění: Volných bajtů: 947 501 375 488
.
- - End Of File - - 345F977499CE14F4EB981C1066B322DF
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4087.2842 [GMT 1:00]
Spuštěný z: c:\users\Jarka\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\java.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-28 do 2011-12-30 )))))))))))))))))))))))))))))))
.
.
2011-12-30 20:49 . 2011-12-30 20:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-12-30 20:49 . 2011-12-30 20:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-30 20:49 . 2011-12-30 20:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-30 10:49 . 2007-11-20 16:58 55296 ----a-w- c:\windows\SysWow64\Remove.exe
2011-12-30 10:49 . 2011-12-30 10:49 -------- d-----w- c:\program files (x86)\KYE SYSTEMS CORP
2011-12-30 10:49 . 2006-10-12 10:57 14336 ----a-w- c:\windows\SysWow64\P7302USD.dll
2011-12-30 10:36 . 2011-12-30 10:36 -------- d-----w- C:\inetpub
2011-12-30 09:56 . 2011-12-30 10:51 -------- d-----w- c:\program files (x86)\Common Files\PAC7302
2011-12-30 07:53 . 2011-10-19 22:10 22872 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-12-30 06:43 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A4F8204E-2C06-488B-8931-C88EAE919E51}\mpengine.dll
2011-12-29 14:35 . 2011-12-29 14:35 -------- d-----w- c:\program files (x86)\Guard-ICQ
2011-12-29 14:35 . 2011-12-29 14:35 -------- d-----w- c:\program files (x86)\ICQ6Toolbar
2011-12-29 14:34 . 2011-12-29 14:35 -------- d-----w- c:\program files (x86)\ICQ7.7
2011-12-27 10:14 . 2011-12-30 10:49 -------- d-----w- c:\windows\PixArt
2011-12-27 09:31 . 2011-12-27 09:31 -------- d-----w- c:\users\Jarka\AppData\Local\Facebook
2011-12-26 07:35 . 2011-12-26 07:35 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-26 07:35 . 2011-12-26 07:35 -------- d-----w- c:\program files\Java
2011-12-22 07:57 . 2011-12-22 07:57 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2011-12-22 07:57 . 2011-12-22 07:57 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2011-12-22 07:57 . 2011-12-22 07:57 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2011-12-22 07:57 . 2011-12-22 07:57 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2011-12-18 15:11 . 2011-12-30 15:39 -------- d-----w- c:\users\Jarka\AppData\Roaming\Jewel Match 3
2011-12-17 12:02 . 2011-12-17 12:34 -------- d-----w- c:\users\Jarka\AppData\Roaming\IObit
2011-12-14 06:32 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 06:32 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 06:32 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-14 06:32 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 06:32 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-14 06:32 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-12 08:00 . 2011-12-12 08:00 22 --sha-w- c:\users\Jarka\AppData\Roaming\Sys2662.Config.Repository.bin
2011-12-12 07:59 . 2011-12-12 08:35 -------- d-----w- c:\program files (x86)\jv16 PowerTools 2011
2011-12-04 19:01 . 2011-12-04 19:01 -------- d-----w- c:\program files (x86)\Conduit
2011-12-04 19:01 . 2011-12-08 17:05 -------- d-----w- c:\program files (x86)\MyAshampoo
2011-12-04 19:01 . 2011-12-04 19:01 -------- d-----w- c:\users\Jarka\AppData\Local\ashampoo
2011-12-04 19:01 . 2011-12-04 19:01 -------- d-----w- c:\programdata\ashampoo
2011-12-04 19:01 . 2011-12-04 19:01 -------- d-----w- c:\program files (x86)\Ashampoo
2011-12-02 19:50 . 2011-12-12 08:04 -------- d-----w- c:\users\Jarka\Tracing
2011-12-02 07:51 . 2011-12-02 07:51 -------- d-----w- c:\users\Jarka\AppData\Roaming\NVIDIA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-30 15:44 . 2011-05-11 12:39 25640 ----a-w- c:\windows\gdrv.sys
2011-12-04 09:27 . 2011-09-28 18:41 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 12:29 . 2011-10-24 12:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 12:29 . 2011-10-24 12:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-23 07:03 . 2011-10-23 07:03 1409 ----a-w- c:\windows\QTFont.for
2011-10-08 06:02 . 2011-10-08 05:54 181064 ----a-w- c:\windows\PSEXESVC.EXE
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-05-11 30528]
R3 MEMSWEEP2;MEMSWEEP2; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-19 494424]
R4 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R4 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
R4 Guard.Mail.ru;Guard.Mail.ru;c:\program files (x86)\Guard-ICQ\GuardICQ.exe [2011-12-29 1564368]
R4 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-08-17 247872]
R4 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-09-07 72280]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-08 974944]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-12-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3058530099-2043524379-2683396900-1000Core.job
- c:\users\Jarka\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-27 09:31]
.
2011-12-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3058530099-2043524379-2683396900-1000UA.job
- c:\users\Jarka\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-27 09:31]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3058530099-2043524379-2683396900-1000Core.job
- c:\users\Jarka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-23 14:10]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3058530099-2043524379-2683396900-1000UA.job
- c:\users\Jarka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-23 14:10]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-08 4030008]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://startsear.ch/?aff=1
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Jarka\AppData\Roaming\Mozilla\Firefox\Profiles\hw6zn1q5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.centrum.cz
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&src=sp&cf=33cdfb4d-0310-11e1-b21a-1c6f65ad54de&q=
FF - prefs.js: network.proxy.type - 4
*
*
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
* To make a manual change to preferences, you can visit the URL about:config
*/
# Mozilla User Preferences
/* Do not edit this file.
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1316584428
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1316584668
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1316584548
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1316593405
FF - user.js: browser.anchor_color - #0000FF
FF - user.js: browser.bookmarks.restore_default_bookmarks - false
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.background_color - #C0C0C0
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.display.use_system_colors - true
FF - user.js: browser.download.dir - c:\\Users\\Jarka\\Desktop
FF - user.js: browser.download.folderList - 0
FF - user.js: browser.formfill.enable - false
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.migration.version - 5
FF - user.js: browser.places.smartBookmarksVersion - 2
FF - user.js: browser.preferences.advanced.selectedTabIndex - 1
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.startup.homepage - www.centrum.cz
FF - user.js: browser.startup.homepage_override.buildID - 20110902133214
FF - user.js: browser.startup.homepage_override.mstone - rv:6.0.2
FF - user.js: browser.syncPromoViewsLeft - 3
FF - user.js: browser.taskbar.lastgroupid - Mozilla.Firefox.6.0.2
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.visited_color - #800080
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: extensions.adblockplus.currentVersion - 1.3.9
FF - user.js: extensions.adblockplus.detachsidebar - true
FF - user.js: extensions.adblockplus.showinstatusbar - true
FF - user.js: extensions.adblockplus.showintoolbar - false
FF - user.js: extensions.blocklist.pingCountTotal - 2
FF - user.js: extensions.blocklist.pingCountVersion - 2
FF - user.js: extensions.bootstrappedAddons - {}
FF - user.js: extensions.databaseSchema - 4
FF - user.js: extensions.enabledAddons - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9,{972ce4c6-7e08-4474-a285-3208198ce6fd}:6.0.2
FF - user.js: extensions.installCache - [{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1316459081279}}},{\name\:\app-profile\,\addons\:{\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\:{\descriptor\:\c:\\\\Users\\\\Jarka\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hw6zn1q5.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\,\mtime\:1316459152579}}}]
FF - user.js: extensions.lastAppVersion - 6.0.2
FF - user.js: extensions.lastPlatformVersion - 6.0.2
FF - user.js: extensions.pendingOperations - false
FF - user.js: idle.lastDailyNotification - 1316501831
FF - user.js: intl.charsetmenu.browser.cache - ISO-8859-2, ISO-8859-1, windows-1250, UTF-8
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: places.database.lastMaintenance - 1316501831
FF - user.js: places.history.expiration.transient_current_max_pages - 128581
FF - user.js: plugin.expose_full_path - true
FF - user.js: pref.browser.homepage.disable_button.restore_default - false
FF - user.js: privacy.donottrackheader.enabled - true
FF - user.js: privacy.sanitize.didShutdownSanitize - true
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: privacy.sanitize.sanitizeOnShutdown - true
FF - user.js: privacy.sanitize.timeSpan - 4
FF - user.js: security.disable_button.openDeviceManager - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: services.sync.clients.lastSync - 0
FF - user.js: services.sync.clients.lastSyncLocal - 0
FF - user.js: services.sync.migrated - true
FF - user.js: services.sync.tabs.lastSync - 0
FF - user.js: services.sync.tabs.lastSyncLocal - 0
FF - user.js: signon.rememberSignons - false
FF - user.js: storage.vacuum.last.index - 0
FF - user.js: storage.vacuum.last.places.sqlite - 1316501831
FF - user.js: ui.submenuDelay - 0
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1319187283
FF - user.js: xpinstall.whitelist.add -
FF - user.js: xpinstall.whitelist.add.36 -
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="E0A97AA61C842A2FBD6C6CBF29F88C8F2DFA869087DA0B378084C6F907EA5E23D46BE0CD710D99C9B15FF22E710DEBDB3B464AB88F2F73DAFA70BE813E0D127BA9A516E2EFC965D9177C7B17471141029C028426CAE53B3E1E31C9A1B8C7CDC39B3D0B31D41F851ED62DE9F1DFFB41F9013B2A1D0AAEF93884988C0A7F1F29504F6A37778382B3073B2EA4A9995BE774FCD7B1D6C1C90ED2AACE31E1C2A783A9C93A12E882026DBBF39116FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E667A2D97226D213B555FEBC9E127BECC74C4DD877A36101643F8644B94A9D4FAC9901D916F2AF1D498F2CE5C12592BFDDC5EDA4B5685329CD6AB19B22F005055DE03E02AEDF0A6D1312E6BD07909E2D723D09ED417947948561D2010B950057B6AFE4E5A8E9C0037299BF414B0C56FE29DD7AB9A84A7F2111B554D4754E6A4FC08A8E5C9D686FAE17B81B5E5AD1AEEE76EB95B28D16EF12C77D161979F7D5565A76C562B8F6E4260408502B955D571AA02F21A527D7428D5753EBF442AC883E347D8B98BA75A1018E22AEE173EDAB8244F555073FD2509D41D29AB40FD1FB38D53052C077065E3A63A8765E7C87C10DD1906269B20A2EB0581F5F46B30CDD5D979F8344D6108434003C5B204D73DF040C53670975C81D1B47DDE7BA16C410A8A763FB2F573EB3B2B707884E18BD02938A177C420E9B18100AB758CB322CA679881688AF06013DDD31B31AB0A136584DBAB82C9895D24AABF05AC65318326C920FD5701C890AA7C2677120B444F045A75A1872303A8414EC21783ECFE9105E1CE5466B6B1A512FD02875A0EA6C4760FA7E99C25440880BB414C7BE645F3C2F21898C23B702923FDC987694089A5376850F2782F2FB7D774B16803958C478C1114C54B94323CBFD1FAC2F69E4E5F50667C5AD0D1DD7C3D4D947E118167743333F54CC4271F1C03F34B060FEFEF5D3C2A7B59B2F085380D4ED1E2CB2ACEBE5CDE29B2746C976780F9C434D2BF68855942FBFE7AA8F7F1EDAFB6126DACEA9699418EF9ABF78CBBD2BBC56BEB791EF2596CA1D0AB6B003C781D8AE99D1D44B9A3D5E71629FCC242085DD327E60388FB5182CD9FEFA8D1870924077D24F37008D301897BC49BA42F2C6AA70DDD5F662B81C68D448186C0D4B114FFEA3FE168B180D0EAC6C96DAFECD47B480AF3EFEF4285C79C16820B5C4533009DFE2FE35C55323694C38D1E8470A966F25CBB226683F42BCA86997F73544D853856A62F9979EF83CE9E93C45994877B4F40DBFE3727EEEF267D7F86568A0A7793116B0F0831B48F7CB5108728CEADFBFD9D3E5565BAAB44229C432D47C2C6C29F749E4C71B307EF48941DE98C69AF9B093849B3E824A1BB376C3263EA371AB"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antimalwareguard.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\file4exchange.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\folusho.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mediacontent4you.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\regsyonline.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xprstats.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\system\ControlSet007\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
.
**************************************************************************
.
Celkový čas: 2011-12-30 21:54:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-12-30 20:54
.
Před spuštěním: Volných bajtů: 947 933 593 600
Po spuštění: Volných bajtů: 947 501 375 488
.
- - End Of File - - 345F977499CE14F4EB981C1066B322DF
Za ten ComboFix dostanete za usiska, ten se spousti az na pokyn radce, jinak muze jit system do kytek
