Zdravim.
ComboFix 10-02-21.02 - Shrek 22.02.2010 18:43:57.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.1023.210 [GMT 1:00]
Spuštěný z: c:\users\Shrek\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500
c:\program files\Search Settings
c:\program files\Search Settings\kb127\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\users\Shrek\AppData\Roaming\inst.exe
c:\windows\hklmSW.reg
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-22 do 2010-02-22 )))))))))))))))))))))))))))))))
.
2010-02-21 21:17 . 2010-02-21 21:18 -------- d-----w- C:\rsit
2010-02-21 18:33 . 2010-02-21 18:37 4832654 ----a-w- c:\windows\REGBK11.ZIP
2010-02-20 16:25 . 2010-01-11 08:08 2644135 -c--a-w- c:\programdata\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}\Uniblue DiskRescue.exe
2010-02-20 16:25 . 2008-09-10 15:22 836880 -c--a-w- c:\programdata\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}\UniblueDiskRescue\B4B74A3\3826204\UBDefrag.DLL
2010-02-20 16:25 . 2008-09-10 15:22 419088 -c--a-w- c:\programdata\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}\UniblueDiskRescue\F02A138C\3826204\update.dll
2010-02-20 16:25 . 2008-09-10 15:22 229648 -c--a-w- c:\programdata\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}\UniblueDiskRescue\C_\build\AutoBuilds\DR\Installer\Raw\UBDiskRescueSrv.exe
2010-02-20 16:25 . 2008-09-10 15:22 229648 -c--a-w- c:\programdata\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}\UniblueDiskRescue\49994FF1\3826204\UBDiskRescueSrv.exe
2010-02-20 16:25 . 2008-09-10 15:22 1996048 -c--a-w- c:\programdata\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}\UniblueDiskRescue\9C335CDE\3826204\UBResdll.dll
2010-02-20 16:25 . 2008-09-10 15:22 3211536 -c--a-w- c:\programdata\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}\UniblueDiskRescue\1FDE702B\3826204\UBDiskRescue.exe
2010-02-20 16:25 . 2010-02-20 16:25 -------- dc-h--w- c:\programdata\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}
2010-02-20 15:59 . 2010-01-11 07:05 2653050 -c--a-w- c:\programdata\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.exe
2010-02-20 15:59 . 2010-02-20 16:08 -------- d-----w- c:\programdata\DriverScanner
2010-02-20 15:55 . 2010-02-20 15:59 -------- dc-h--w- c:\programdata\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2010-02-20 15:47 . 2010-02-20 15:47 -------- d-----w- c:\windows\system32\ErrorLogs
2010-02-20 14:21 . 2008-08-27 10:05 2567183 -c--a-w- c:\programdata\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}\Uniblue RegistryBooster.exe
2010-02-20 14:21 . 2010-02-20 16:25 -------- d-----w- c:\program files\Uniblue
2010-02-20 14:20 . 2008-08-26 16:48 757760 -c--a-w- c:\programdata\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}\registrybooster2\2B86F085\6383BC9B\UBVarRB.dll
2010-02-20 14:20 . 2008-08-26 16:48 6676480 -c--a-w- c:\programdata\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}\registrybooster2\4E45A1A4\6383BC9B\RegistryBooster.dll
2010-02-20 14:20 . 2008-08-26 16:48 497496 -c--a-w- c:\programdata\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}\registrybooster2\AF01B0B\6383BC9B\XceedZip.dll
2010-02-20 14:20 . 2008-08-26 16:48 413696 -c--a-w- c:\programdata\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}\registrybooster2\52CD59C9\6383BC9B\update.dll
2010-02-20 14:20 . 2008-08-26 16:48 99624 -c--a-w- c:\programdata\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}\registrybooster2\7390E4F0\6383BC9B\StartRegistryBooster.exe
2010-02-20 14:20 . 2008-08-26 16:48 2019624 -c--a-w- c:\programdata\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}\registrybooster2\7CE1607E\6383BC9B\RegistryBooster.exe
2010-02-20 14:20 . 2008-08-26 16:48 111912 -c--a-w- c:\programdata\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}\registrybooster2\65B92A91\6383BC9B\KillRBProcess.exe
2010-02-20 14:20 . 2010-02-20 14:21 -------- dc-h--w- c:\programdata\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2010-02-20 13:37 . 2010-02-20 13:36 57344 ---h--w- c:\users\Shrek\gyiop.exe
2010-02-20 12:55 . 2010-02-20 16:29 -------- d-----w- c:\users\Shrek\AppData\Roaming\Uniblue
2010-02-20 12:47 . 2010-02-20 12:47 -------- d-----w- c:\users\Shrek\AppData\Roaming\Malwarebytes
2010-02-20 12:47 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-20 12:47 . 2010-02-20 12:47 -------- d-----w- c:\programdata\Malwarebytes
2010-02-20 12:47 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-20 12:47 . 2010-02-20 12:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-13 22:50 . 2007-12-25 10:06 11776 ----a-w- c:\windows\system32\drivers\ateksoftaudio.sys
2010-02-13 22:50 . 2010-02-13 22:50 -------- d-----w- c:\program files\Ateksoft
2010-02-13 07:20 . 2010-02-13 07:20 -------- d-----w- c:\program files\Trend Micro
2010-02-12 19:44 . 2010-02-12 19:47 13774194 ----a-w- c:\windows\REGBK10.ZIP
2010-02-11 20:17 . 2009-10-25 07:14 73728 ----a-w- c:\windows\system\vdremote.dll
2010-02-11 20:17 . 2009-10-25 07:13 61440 ----a-w- c:\windows\system\vdsvrlnk.dll
2010-02-09 21:18 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-09 21:18 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-04 22:54 . 2010-02-04 22:54 -------- d-----w- c:\programdata\SweetIM
2010-02-04 18:43 . 2010-02-04 18:43 -------- d-----w- c:\users\Shrek\dwhelper
2010-02-04 17:12 . 2010-02-04 17:12 -------- d-----w- c:\users\Shrek\AppData\Roaming\DivX
2010-02-04 17:03 . 2007-04-24 06:15 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-02-04 17:03 . 2010-02-04 17:03 -------- d-----w- c:\program files\ffdshow
2010-02-04 16:51 . 2010-02-04 16:51 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-02-04 15:58 . 2010-02-04 15:58 -------- d-----w- c:\users\Shrek\AppData\Local\Scansoft
2010-02-04 12:14 . 2010-02-04 12:14 -------- d-----w- c:\program files\Free Windows Registry Cleaner
2010-02-04 12:13 . 2006-11-14 10:14 954184 ----a-w- c:\users\Shrek\AppData\Roaming\IDM\DwnlData\Shrek\rc-setup_4539\FREE-WRC.exe
2010-02-04 12:12 . 2007-02-14 16:01 1335224 ----a-w- c:\users\Shrek\AppData\Roaming\IDM\DwnlData\Shrek\rc-setup_4539\PRO-setup.exe
2010-02-04 12:07 . 2010-02-04 12:07 -------- d-----w- c:\program files\NirSoft
2010-02-04 11:16 . 2006-09-05 10:28 38480 ------w- c:\windows\system32\IJRMF.exe
2010-02-04 11:15 . 2010-02-04 11:15 -------- d-----w- c:\users\Shrek\AppData\Roaming\ScanSoft
2010-02-04 11:15 . 2010-02-04 11:15 -------- d-----w- c:\programdata\ScanSoft
2010-02-04 11:15 . 2010-02-04 11:15 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-02-04 11:14 . 2010-02-04 11:14 -------- d-----w- c:\program files\ScanSoft
2010-02-04 11:11 . 2010-02-04 11:11 -------- d-----w- c:\program files\ArcSoft
2010-02-04 11:11 . 1995-07-31 12:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2010-02-04 10:18 . 2010-02-04 10:18 -------- d--h--w- c:\programdata\CanonBJ
2010-02-03 17:26 . 2010-02-03 17:26 -------- d-----w- c:\program files\Free PDF to Word Doc Converter
2010-01-31 16:47 . 2010-01-31 16:47 -------- d-----w- c:\users\Shrek\AppData\Roaming\Pathcz
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-22 17:39 . 2009-01-06 18:12 12 ----a-w- c:\windows\bthservsdp.dat
2010-02-22 17:35 . 2009-01-07 20:27 -------- d-----w- c:\users\Shrek\AppData\Roaming\DMCache
2010-02-22 05:57 . 2009-01-06 19:49 -------- d-----w- c:\users\Shrek\AppData\Roaming\ICQ
2010-02-21 07:25 . 2010-01-07 08:35 680 ----a-w- c:\users\Shrek\AppData\Local\d3d9caps.dat
2010-02-20 14:58 . 2010-02-20 14:57 -------- dc-h--w- c:\programdata\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
2010-02-19 21:35 . 2009-01-07 22:00 -------- d-----w- c:\program files\rajce
2010-02-19 17:34 . 2007-01-08 21:10 598600 ----a-w- c:\windows\system32\perfh005.dat
2010-02-19 17:34 . 2007-01-08 21:10 114808 ----a-w- c:\windows\system32\perfc005.dat
2010-02-16 07:00 . 2010-02-20 14:58 2838478 -c--a-w- c:\programdata\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\speedupmypc2009.exe
2010-02-09 22:38 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-04 22:54 . 2010-01-22 22:51 -------- d-----w- c:\program files\SweetIM
2010-02-04 17:43 . 2009-01-16 21:19 -------- d-----w- c:\users\Shrek\AppData\Roaming\uTorrent
2010-02-04 17:19 . 2009-01-16 21:20 -------- d-----w- c:\program files\uTorrent
2010-02-04 12:16 . 2009-01-07 17:16 -------- d-----w- c:\program files\Canon
2010-02-04 12:15 . 2009-01-21 19:50 -------- d-----w- c:\users\Shrek\AppData\Roaming\Canon
2010-02-04 11:11 . 2009-01-06 20:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-27 18:26 . 2009-01-19 22:38 -------- d-----w- c:\users\Shrek\AppData\Roaming\Skype
2010-01-27 17:33 . 2009-01-19 22:41 -------- d-----w- c:\users\Shrek\AppData\Roaming\skypePM
2010-01-21 08:10 . 2009-09-14 17:26 -------- d-----w- c:\program files\Seznam.cz
2010-01-18 18:02 . 2010-01-11 20:00 -------- d-----w- c:\program files\Astro Avenger 2
2010-01-17 18:43 . 2009-03-30 19:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-17 18:06 . 2010-01-17 18:06 -------- d-----w- c:\program files\Buka
2010-01-14 10:12 . 2009-10-03 07:33 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-12 09:12 . 2009-01-23 22:03 -------- d-----w- c:\users\Shrek\AppData\Roaming\Thinstall
2010-01-11 20:07 . 2010-01-08 15:34 -------- d-----w- c:\users\Shrek\AppData\Roaming\Sahmon Games
2010-01-11 20:00 . 2010-01-11 20:00 -------- d-----w- c:\program files\ReflexiveArcade
2010-01-09 11:06 . 2010-01-09 11:03 13588483 ----a-w- c:\windows\REGBK09.ZIP
2010-01-07 22:04 . 2010-01-07 21:51 -------- d-----w- c:\program files\PDFCreator
2010-01-04 17:58 . 2009-10-27 14:10 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-04 17:58 . 2009-10-27 13:43 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-03 15:51 . 2009-12-29 19:41 -------- d-----w- c:\users\Shrek\AppData\Roaming\Winamp
2010-01-03 15:48 . 2009-09-08 12:50 -------- d-----w- c:\program files\Winamp
2010-01-03 15:47 . 2009-12-29 19:41 -------- d-----w- c:\program files\Winamp Detect
2010-01-02 06:38 . 2010-01-22 07:52 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 07:52 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 07:52 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 07:52 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-31 17:52 . 2009-10-08 08:22 -------- d-----w- c:\users\Shrek\AppData\Roaming\MOBILedit
2009-12-30 19:51 . 2009-01-06 19:48 -------- d-----w- c:\program files\ICQ6.5
2009-12-11 11:43 . 2010-02-09 21:19 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-09 21:19 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:01 . 2010-02-09 21:19 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-09 21:19 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01 . 2010-02-09 21:19 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:26 . 2010-02-09 21:19 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-04 18:30 . 2010-02-09 21:19 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-09 21:19 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-09 21:19 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-09 21:19 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-09 21:19 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-09 21:19 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-09 21:19 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-09 21:19 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-09 21:19 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-02-02 2745776]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-01-18 448664]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2009-03-11 2912256]
"Google Update"="c:\users\Shrek\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-05-11 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-09-11 2054360]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2009-10-02 90112]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Aktualizovat ESET licenci.lnk - c:\program files\ESET\MiNODLogin\MiNODLogin.exe [2009-12-10 125952]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ OODBS\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):f2,5c,9c,5d,10,fe,c9,01
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\drivers\BtHidBus.sys [31.7.2008 20:45 20616]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [11.9.2009 6:23 108792]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [1.8.2008 15:55 143467]
R2 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [8.9.2009 15:42 410976]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [11.9.2009 7:24 735960]
R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [11.9.2009 6:26 38240]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\System32\drivers\wfcxvcap.sys [25.10.2009 20:54 167424]
R3 AteksoftAudio;WebCamera Plus Audio;c:\windows\System32\drivers\ateksoftaudio.sys [13.2.2010 23:50 11776]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\System32\drivers\IvtBtBus.sys [2.7.2008 14:58 26248]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\System32\drivers\wfcxdtun.sys [25.10.2009 20:54 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\System32\drivers\wfcxtcap.sys [25.10.2009 20:54 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\System32\drivers\wfcxxbar.sys [25.10.2009 20:54 10496]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [27.10.2009 14:43 691696]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4.9.2009 21:35 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2009-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ca5a76c95a800.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-04 20:34]
2009-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-04 20:34]
2009-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2964015881-2797028174-321826089-1000Core1ca5a765c0195de.job
- c:\users\Shrek\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-11 13:36]
2009-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2964015881-2797028174-321826089-1000UA.job
- c:\users\Shrek\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-11 13:36]
2010-01-31 c:\windows\Tasks\Launch 10118.job
- c:\garmin\MapSource.exe [2009-09-21 14:47]
2010-01-31 c:\windows\Tasks\Launch 14699.job
- c:\garmin\MapSource.exe [2009-09-21 14:47]
2009-12-14 c:\windows\Tasks\Launch 23009.job
- c:\garmin\WebUpdater\WebUpdater.exe [2009-04-14 07:31]
2009-12-14 c:\windows\Tasks\Launch 25318.job
- c:\garmin\WebUpdater\WebUpdater.exe [2009-04-14 07:31]
2009-12-14 c:\windows\Tasks\Launch 25409.job
- c:\garmin\WebUpdater\WebUpdater.exe [2009-04-14 07:31]
2010-02-20 c:\windows\Tasks\Uniblue DiskRescue 2009.job
- c:\program files\Uniblue\DiskRescue\UBDiskRescue.exe [2008-09-10 15:22]
2009-12-21 c:\windows\Tasks\{D09084D1-0ECD-4EB0-B0A9-62828E47FF97}.job
- c:\program files\Skype\Phone\Skype.exe [2009-10-09 12:11]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Send by Bluetooth
IE: Send via &Message...
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: {579AF2F3-A3F3-433F-8CF1-FD5039655866} = 213.235.188.145,77.48.100.254
DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} - hxxp://213.211.35.82/img/NetCamPlayerWeb11g.ocx
FF - ProfilePath - c:\users\Shrek\AppData\Roaming\Mozilla\Firefox\Profiles\4tdpjwdm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://
www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\users\Shrek\AppData\Roaming\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\users\Shrek\AppData\Roaming\Mozilla\Firefox\Profiles\4tdpjwdm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\users\Shrek\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "
http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-02-22 18:52
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2964015881-2797028174-321826089-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):c6,07,8f,8c,3a,97,40,e5,07,b0,fe,40,9b,b3,b5,c6,1a,ca,1c,ea,68,
5a,e3,4d,15,7c,c9,ee,f2,35,02,b0,09,4c,7e,8e,c1,72,23,70,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-2964015881-2797028174-321826089-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8d,dc,fd,f1,a2,44,0f,c8,e3,0b,88,f3,a1,b8,5f,79,f5,e0,a0,df,df,
97,c4,7c,48,ef,69,48,54,7c,f1,5c,5b,c0,94,d0,0b,fb,79,8e,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-2964015881-2797028174-321826089-1000_Classes\CLSID\{d974af8a-313e-4f53-b77a-ca0a64e91058}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000020
"Therad"=dword:0000001b
[HKEY_USERS\S-1-5-21-2964015881-2797028174-321826089-1000_Classes\CLSID\{e02fcf24-f5b1-4142-8eef-5e8dad1d1501}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000060
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-02-22 18:55:38
ComboFix-quarantined-files.txt 2010-02-22 17:55
Před spuštěním: Volných bajtů: 37 775 622 144
Po spuštění: Volných bajtů: 37 871 304 704
- - End Of File - - F20CE5E4F6C7497A52DA58931BD848C2
Firewall uz jsem stahnul instaloval,ale zatim jsem se nejak nepopral s nastavenim,takze jsem ho prozatim odebral,byl jsem neviditelny pro P2P ,musim najit neco v CZ pro Vistu.Takze jestli se toho nekdo ujme budu rad. Logfile of Trend Micro HijackThis v2.0.2
Přispějete na provoz fóra?