Kontrola logu Virus protection
Napsal: 27 úno 2010 16:30
Prosím o kontrolu Logu, vyskakoval mi antivirový program virus protection.
ComboFix 10-02-26.03 - uzivatel 27.02.2010 16:06:47.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3071.2330 [GMT 1:00]
Spuštěný z: c:\users\uzivatel\Downloads\ComboFix.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-27 do 2010-02-27 )))))))))))))))))))))))))))))))
.
2010-02-27 15:21 . 2010-02-27 15:21 -------- d-----w- c:\users\uzivatel\AppData\Local\temp
2010-02-27 15:21 . 2010-02-27 15:21 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-27 15:21 . 2010-02-27 15:21 -------- d-----w- c:\users\Driver\AppData\Local\temp
2010-02-27 15:21 . 2010-02-27 15:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-27 01:05 . 2010-02-23 09:06 1421312 ----a-w- c:\windows\system32\drivers\MFnFMN.exe
2010-02-27 01:04 . 2010-02-27 01:04 1678848 ----a-w- c:\windows\system32\axaowBbQR.dll
2010-02-27 01:04 . 2010-02-27 01:04 1678848 ----a-w- c:\windows\system32\atqyl1fjt.exe
2010-02-25 09:12 . 2010-02-25 09:12 -------- d-----w- C:\My Music
2010-02-24 01:59 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-24 01:59 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-24 01:59 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-02-24 01:58 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-22 15:48 . 2010-02-22 15:48 -------- d-----w- c:\program files\VideoLAN
2010-02-09 23:48 . 2010-02-09 23:48 -------- d-----w- c:\program files\Common Files\xing shared
2010-01-30 11:58 . 2010-01-30 11:58 -------- d-----w- c:\program files\Real
2010-01-30 11:58 . 2010-02-09 23:48 -------- d-----w- c:\program files\Common Files\Real
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-27 14:56 . 2009-07-14 08:44 622422 ----a-w- c:\windows\system32\perfh005.dat
2010-02-27 14:56 . 2009-07-14 08:44 118604 ----a-w- c:\windows\system32\perfc005.dat
2010-02-27 14:52 . 2009-12-21 17:34 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-02-27 01:05 . 2009-12-17 16:06 -------- d-----w- c:\users\uzivatel\AppData\Roaming\Skype
2010-02-26 23:13 . 2009-12-21 17:35 -------- d-----w- c:\users\uzivatel\AppData\Roaming\skypePM
2010-02-23 23:11 . 2010-01-02 13:12 -------- d-----w- c:\users\uzivatel\AppData\Roaming\vlc
2010-02-12 04:34 . 2009-12-22 08:27 -------- d-----w- c:\program files\Google
2010-01-30 13:14 . 2010-01-03 12:07 -------- d-----w- c:\users\uzivatel\AppData\Roaming\MxBoost
2010-01-20 11:01 . 2010-01-20 11:01 0 ----a-w- c:\windows\nsreg.dat
2010-01-19 15:25 . 2010-01-19 12:44 -------- d-----w- c:\users\uzivatel\AppData\Roaming\ICQ
2010-01-19 15:25 . 2010-01-19 12:44 -------- d-----w- c:\program files\ICQ7.0
2010-01-19 12:44 . 2010-01-19 12:44 -------- d-----w- c:\program files\ICQ6Toolbar
2010-01-19 12:44 . 2010-01-19 12:44 -------- d-----w- c:\programdata\ICQ
2010-01-19 12:44 . 2010-01-19 12:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-18 23:29 . 2010-02-10 07:46 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 07:46 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 07:46 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 07:46 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 07:46 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 07:46 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 07:46 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 07:46 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-16 10:39 . 2010-01-16 10:39 -------- d-----w- c:\users\uzivatel\AppData\Roaming\U3
2010-01-14 10:12 . 2009-12-17 16:09 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-10 17:49 . 2010-01-10 17:49 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-10 17:10 . 2010-01-10 17:10 -------- d-----w- c:\program files\CCleaner
2010-01-08 03:18 . 2010-02-10 07:46 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-10 07:46 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-01-03 12:07 . 2010-01-03 12:07 -------- d-----w- c:\users\uzivatel\AppData\Roaming\Maxthon2
2010-01-03 11:57 . 2010-01-02 12:44 -------- d-----w- c:\users\uzivatel\AppData\Roaming\LangSoft
2010-01-03 07:01 . 2010-01-03 07:01 -------- d-----w- c:\program files\MSXML 4.0
2010-01-02 17:34 . 2010-01-02 17:34 -------- d-----w- c:\users\uzivatel\AppData\Roaming\Nero
2010-01-02 17:31 . 2010-01-02 17:25 -------- d-----w- c:\program files\Common Files\Nero
2010-01-02 17:31 . 2010-01-02 17:25 -------- d-----w- c:\program files\Nero
2010-01-02 17:27 . 2010-01-02 17:25 -------- d-----w- c:\programdata\Nero
2010-01-02 15:15 . 2010-01-02 15:14 -------- d-----w- c:\users\uzivatel\AppData\Roaming\dvdcss
2010-01-02 12:45 . 2010-01-02 12:45 -------- d-----w- c:\programdata\LangSoft
2010-01-02 12:42 . 2010-01-02 12:42 -------- d-----w- c:\program files\Alwil Software
2010-01-02 12:16 . 2010-01-02 12:16 -------- d-----w- c:\program files\ESET
2009-12-19 09:02 . 2010-01-22 07:38 977920 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 09:02 . 2010-02-10 07:46 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02 . 2010-02-10 07:46 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02 . 2010-02-10 07:46 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02 . 2010-02-10 07:46 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02 . 2010-02-10 07:46 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02 . 2010-02-10 07:46 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02 . 2010-02-10 07:46 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02 . 2010-02-10 07:46 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-12-17 17:20 . 2009-12-17 17:20 62696 ----a-w- c:\users\uzivatel\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-08 11:40 . 2010-02-10 07:46 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 11:40 . 2010-02-10 07:46 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 11:32 . 2010-02-10 07:46 292864 ----a-w- c:\windows\system32\apphelp.dll
2009-12-08 08:05 . 2010-02-10 07:46 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-08 08:05 . 2010-02-10 07:46 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"C-Media Mixer"="Mixer.exe" [2002-07-12 1581056]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-09 198160]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\axaowBbQR.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2.1.2010 13:42 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2.1.2010 13:42 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2.1.2010 13:42 53328]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [19.1.2010 13:44 246520]
R3 3xHybrid;3xHybrid service;c:\windows\System32\drivers\3xHybrid.sys [20.4.2007 13:34 674048]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22.12.2009 9:27 135664]
.
Obsah adresáře 'Naplánované úlohy'
2010-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 08:27]
2010-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 08:27]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\users\uzivatel\AppData\Roaming\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\users\uzivatel\AppData\Roaming\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\users\uzivatel\AppData\Roaming\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\users\uzivatel\AppData\Roaming\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\users\uzivatel\AppData\Roaming\LangSoft\WebIE.dll
FF - ProfilePath - c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\gzx1w0hv.default\
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-02-27 16:27:54
ComboFix-quarantined-files.txt 2010-02-27 15:27
ComboFix2.txt 2010-02-25 08:29
ComboFix3.txt 2010-01-30 11:43
Před spuštěním: Volných bajtů: 717 706 145 792
Po spuštění: Volných bajtů: 717 651 443 712
- - End Of File - - 3035F49473B9CB5F9CB659CC27930F47
ComboFix 10-02-26.03 - uzivatel 27.02.2010 16:06:47.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3071.2330 [GMT 1:00]
Spuštěný z: c:\users\uzivatel\Downloads\ComboFix.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-27 do 2010-02-27 )))))))))))))))))))))))))))))))
.
2010-02-27 15:21 . 2010-02-27 15:21 -------- d-----w- c:\users\uzivatel\AppData\Local\temp
2010-02-27 15:21 . 2010-02-27 15:21 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-27 15:21 . 2010-02-27 15:21 -------- d-----w- c:\users\Driver\AppData\Local\temp
2010-02-27 15:21 . 2010-02-27 15:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-27 01:05 . 2010-02-23 09:06 1421312 ----a-w- c:\windows\system32\drivers\MFnFMN.exe
2010-02-27 01:04 . 2010-02-27 01:04 1678848 ----a-w- c:\windows\system32\axaowBbQR.dll
2010-02-27 01:04 . 2010-02-27 01:04 1678848 ----a-w- c:\windows\system32\atqyl1fjt.exe
2010-02-25 09:12 . 2010-02-25 09:12 -------- d-----w- C:\My Music
2010-02-24 01:59 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-24 01:59 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-24 01:59 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-02-24 01:58 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-22 15:48 . 2010-02-22 15:48 -------- d-----w- c:\program files\VideoLAN
2010-02-09 23:48 . 2010-02-09 23:48 -------- d-----w- c:\program files\Common Files\xing shared
2010-01-30 11:58 . 2010-01-30 11:58 -------- d-----w- c:\program files\Real
2010-01-30 11:58 . 2010-02-09 23:48 -------- d-----w- c:\program files\Common Files\Real
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-27 14:56 . 2009-07-14 08:44 622422 ----a-w- c:\windows\system32\perfh005.dat
2010-02-27 14:56 . 2009-07-14 08:44 118604 ----a-w- c:\windows\system32\perfc005.dat
2010-02-27 14:52 . 2009-12-21 17:34 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-02-27 01:05 . 2009-12-17 16:06 -------- d-----w- c:\users\uzivatel\AppData\Roaming\Skype
2010-02-26 23:13 . 2009-12-21 17:35 -------- d-----w- c:\users\uzivatel\AppData\Roaming\skypePM
2010-02-23 23:11 . 2010-01-02 13:12 -------- d-----w- c:\users\uzivatel\AppData\Roaming\vlc
2010-02-12 04:34 . 2009-12-22 08:27 -------- d-----w- c:\program files\Google
2010-01-30 13:14 . 2010-01-03 12:07 -------- d-----w- c:\users\uzivatel\AppData\Roaming\MxBoost
2010-01-20 11:01 . 2010-01-20 11:01 0 ----a-w- c:\windows\nsreg.dat
2010-01-19 15:25 . 2010-01-19 12:44 -------- d-----w- c:\users\uzivatel\AppData\Roaming\ICQ
2010-01-19 15:25 . 2010-01-19 12:44 -------- d-----w- c:\program files\ICQ7.0
2010-01-19 12:44 . 2010-01-19 12:44 -------- d-----w- c:\program files\ICQ6Toolbar
2010-01-19 12:44 . 2010-01-19 12:44 -------- d-----w- c:\programdata\ICQ
2010-01-19 12:44 . 2010-01-19 12:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-18 23:29 . 2010-02-10 07:46 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 07:46 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 07:46 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 07:46 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 07:46 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 07:46 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 07:46 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 07:46 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-16 10:39 . 2010-01-16 10:39 -------- d-----w- c:\users\uzivatel\AppData\Roaming\U3
2010-01-14 10:12 . 2009-12-17 16:09 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-10 17:49 . 2010-01-10 17:49 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-10 17:10 . 2010-01-10 17:10 -------- d-----w- c:\program files\CCleaner
2010-01-08 03:18 . 2010-02-10 07:46 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-10 07:46 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-01-03 12:07 . 2010-01-03 12:07 -------- d-----w- c:\users\uzivatel\AppData\Roaming\Maxthon2
2010-01-03 11:57 . 2010-01-02 12:44 -------- d-----w- c:\users\uzivatel\AppData\Roaming\LangSoft
2010-01-03 07:01 . 2010-01-03 07:01 -------- d-----w- c:\program files\MSXML 4.0
2010-01-02 17:34 . 2010-01-02 17:34 -------- d-----w- c:\users\uzivatel\AppData\Roaming\Nero
2010-01-02 17:31 . 2010-01-02 17:25 -------- d-----w- c:\program files\Common Files\Nero
2010-01-02 17:31 . 2010-01-02 17:25 -------- d-----w- c:\program files\Nero
2010-01-02 17:27 . 2010-01-02 17:25 -------- d-----w- c:\programdata\Nero
2010-01-02 15:15 . 2010-01-02 15:14 -------- d-----w- c:\users\uzivatel\AppData\Roaming\dvdcss
2010-01-02 12:45 . 2010-01-02 12:45 -------- d-----w- c:\programdata\LangSoft
2010-01-02 12:42 . 2010-01-02 12:42 -------- d-----w- c:\program files\Alwil Software
2010-01-02 12:16 . 2010-01-02 12:16 -------- d-----w- c:\program files\ESET
2009-12-19 09:02 . 2010-01-22 07:38 977920 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 09:02 . 2010-02-10 07:46 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02 . 2010-02-10 07:46 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02 . 2010-02-10 07:46 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02 . 2010-02-10 07:46 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02 . 2010-02-10 07:46 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02 . 2010-02-10 07:46 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02 . 2010-02-10 07:46 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02 . 2010-02-10 07:46 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-12-17 17:20 . 2009-12-17 17:20 62696 ----a-w- c:\users\uzivatel\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-08 11:40 . 2010-02-10 07:46 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 11:40 . 2010-02-10 07:46 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 11:32 . 2010-02-10 07:46 292864 ----a-w- c:\windows\system32\apphelp.dll
2009-12-08 08:05 . 2010-02-10 07:46 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-08 08:05 . 2010-02-10 07:46 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"C-Media Mixer"="Mixer.exe" [2002-07-12 1581056]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-09 198160]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\axaowBbQR.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2.1.2010 13:42 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2.1.2010 13:42 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2.1.2010 13:42 53328]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [19.1.2010 13:44 246520]
R3 3xHybrid;3xHybrid service;c:\windows\System32\drivers\3xHybrid.sys [20.4.2007 13:34 674048]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22.12.2009 9:27 135664]
.
Obsah adresáře 'Naplánované úlohy'
2010-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 08:27]
2010-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 08:27]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\users\uzivatel\AppData\Roaming\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\users\uzivatel\AppData\Roaming\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\users\uzivatel\AppData\Roaming\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\users\uzivatel\AppData\Roaming\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\users\uzivatel\AppData\Roaming\LangSoft\WebIE.dll
FF - ProfilePath - c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\gzx1w0hv.default\
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-02-27 16:27:54
ComboFix-quarantined-files.txt 2010-02-27 15:27
ComboFix2.txt 2010-02-25 08:29
ComboFix3.txt 2010-01-30 11:43
Před spuštěním: Volných bajtů: 717 706 145 792
Po spuštění: Volných bajtů: 717 651 443 712
- - End Of File - - 3035F49473B9CB5F9CB659CC27930F47
