a 2.půlka:
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-21 do 2010-04-21 )))))))))))))))))))))))))))))))
.
2010-04-21 21:56 . 2010-04-21 21:58 -------- d-----w- c:\users\Misa\AppData\Local\temp
2010-04-21 21:56 . 2010-04-21 21:56 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-04-21 21:56 . 2010-04-21 21:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-21 19:35 . 2010-04-21 19:35 -------- d-----w- c:\programdata\WindowsSearch
2010-04-21 18:54 . 2010-04-21 18:54 -------- d-----w- c:\program files\Trend Micro
2010-04-21 17:26 . 2010-04-21 17:26 -------- d-----w- c:\users\Misa\AppData\Roaming\Malwarebytes
2010-04-21 17:26 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-21 17:26 . 2010-04-21 17:26 -------- d-----w- c:\programdata\Malwarebytes
2010-04-21 17:26 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-21 17:26 . 2010-04-21 17:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-21 16:59 . 2010-04-21 17:10 -------- d-----w- c:\users\Guest\AppData\Local\Google
2010-04-21 16:59 . 2010-04-21 16:59 -------- d-----w- c:\users\Guest\AppData\Local\Mozilla
2010-04-21 16:55 . 2010-04-21 16:55 -------- d-----w- c:\users\Guest\AppData\Local\VirtualStore
2010-04-21 14:36 . 2010-04-21 14:53 -------- d-----w- C:\inetpub
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\YTnoNSAr.dll
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\XPxxLQ.exe
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\xivbr.dll
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\tUAMwsYIl.exe
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\SSAYcL.exe
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\rGIkntUl.dll
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\onYpf.dll
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\gdFNGDCb.exe
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\FnYbFyi.dll
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\DeNlfATL.exe
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\DAxJlEe.exe
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\BQWfgSeM.dll
2010-04-18 16:24 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-14 07:21 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 07:21 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 07:21 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 07:21 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 07:21 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 07:21 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 07:21 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 07:21 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 07:21 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 07:20 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 07:19 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-05 18:05 . 2010-04-05 18:05 -------- d-----w- c:\program files\DownloadToolz
2010-03-30 23:05 . 2010-03-30 23:09 -------- d-----w- c:\program files\Diablo II Shareware
2010-03-30 17:26 . 2010-03-30 17:26 -------- d-----w- c:\program files\Common Files\Java
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 21:58 . 2009-02-18 21:08 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-04-21 21:08 . 2008-01-21 06:46 642424 ----a-w- c:\windows\system32\perfh005.dat
2010-04-21 21:08 . 2008-01-21 06:46 137078 ----a-w- c:\windows\system32\perfc005.dat
2010-04-21 20:59 . 2009-02-17 22:53 12 ----a-w- c:\windows\bthservsdp.dat
2010-04-21 20:48 . 2009-02-18 00:55 -------- d-----w- c:\program files\F-Secure
2010-04-21 20:41 . 2009-10-01 16:42 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-04-21 19:15 . 2010-04-21 19:15 388096 ----a-r- c:\users\Misa\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-21 17:25 . 2009-02-28 19:42 41952 ----a-w- c:\programdata\nvModes.dat
2010-04-21 16:57 . 2009-04-03 07:53 -------- d-----w- c:\programdata\Google Updater
2010-04-21 15:18 . 2009-02-17 21:26 1356 ----a-w- c:\users\Misa\AppData\Local\d3d9caps.dat
2010-04-18 18:38 . 2009-03-01 20:51 -------- d-----w- c:\users\Misa\AppData\Roaming\uTorrent
2010-04-18 16:24 . 2009-03-04 15:38 -------- d-----w- c:\program files\Java
2010-04-14 08:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-14 07:28 . 2009-02-25 08:41 -------- d-----w- c:\programdata\Microsoft Help
2010-04-13 17:14 . 2009-04-03 07:53 -------- d-----w- c:\program files\Google
2010-04-08 15:49 . 2009-03-04 21:30 -------- d-----w- c:\users\Misa\AppData\Roaming\dvdcss
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\11542\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\11542\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\11542\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\11542\AcrobatUpdater.exe
2010-03-17 08:39 . 2010-03-17 08:39 -------- d-----w- c:\program files\Common Files\StatSoft
2010-03-17 08:39 . 2010-03-17 08:39 -------- d-----w- c:\programdata\StatSoft
2010-03-17 08:34 . 2009-10-01 17:17 -------- d-----w- c:\program files\StatSoft
2010-03-17 08:10 . 2009-10-01 16:42 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-03-17 08:08 . 2009-10-01 16:38 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-17 07:49 . 2009-02-17 22:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-17 07:31 . 2009-10-01 16:42 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-03-11 21:00 . 2010-03-11 20:18 -------- d-----w- c:\program files\Fox
2010-03-11 20:59 . 2010-03-11 20:35 -------- d-----w- c:\program files\GameSpy Arcade
2010-03-11 20:22 . 2010-03-11 20:22 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2010-03-11 20:22 . 2010-03-11 20:22 17212 ----a-w- c:\windows\system32\SIntf32.dll
2010-03-11 20:22 . 2010-03-11 20:22 12067 ----a-w- c:\windows\system32\SIntf16.dll
2010-03-07 21:43 . 2010-02-01 21:23 50354 ----a-w- c:\users\Misa\AppData\Roaming\Facebook\uninstall.exe
2010-03-07 21:43 . 2010-02-01 21:23 -------- d-----w- c:\users\Misa\AppData\Roaming\Facebook
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\users\Misa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-03-01 15:18 . 2010-03-01 15:18 -------- d-----w- c:\program files\DOSBox-0.72
2010-02-25 08:24 . 2009-02-17 21:27 76064 ----a-w- c:\users\Misa\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 09:16 . 2009-10-04 15:49 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 07:44 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 07:44 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 07:44 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 07:44 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-10 23:10 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-10 23:10 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-10 23:10 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-12 10:32 . 2010-03-11 23:46 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-01-27 03:21 . 2010-01-27 03:21 847040 ----a-w- c:\users\Misa\AppData\Roaming\Facebook\axfbootloader.dll
2010-01-27 03:20 . 2010-01-27 03:20 5578752 ----a-w- c:\users\Misa\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
2010-01-25 12:00 . 2010-02-24 08:54 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 08:54 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 08:54 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 08:54 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 08:54 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 08:54 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 08:54 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 08:54 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 08:54 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 08:55 2048 ----a-w- c:\windows\system32\tzres.dll
2008-07-01 18:28 . 2008-07-01 18:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2008-05-22 08:35 . 2008-05-22 08:35 51962 ----a-w- c:\program files\Common Files\banner.jpg
2007-06-12 09:34 . 2007-06-12 09:34 35822 ----a-w- c:\program files\Common Files\ASPG_icon.ico
.
------- Sigcheck -------
[-] 2008-01-21 . 53B202ABEE6455406254444303E87BE1 . 17408 . . [6.0.6001.18000] . . c:\windows\System32\drivers\asyncmac.sys
[-] 2008-01-21 . C5DBBCDA07D780BDA9B685DF333BB41E . 4608 . . [6.0.6001.18000] . . c:\windows\System32\drivers\null.sys
[-] 2008-01-21 . A3629A0C4226F9E9C72FAAEEBC3AD33C . 81920 . . [6.0.6000.16386] . . c:\windows\System32\browser.dll
[-] 2009-06-15 . 3978F3540329E16C0AC3BCF677E5669F . 9728 . . [6.0.6000.16386] . . c:\windows\System32\lsass.exe
[-] 2008-01-21 . C8052711DAECC48B982434C5116CA401 . 274432 . . [6.0.6000.16386] . . c:\windows\System32\netman.dll
[-] 2009-04-11 . 93952506C6D67330367F7E7934B6A02F . 758784 . . [7.0.6001.18000] . . c:\windows\System32\qmgr.dll
[-] 2009-04-11 . 3B5B4D53FEC14F7476CA29A20CC31AC9 . 550400 . . [6.0.6000.16386] . . c:\windows\System32\rpcss.dll
[-] 2009-04-11 . D4E6D91C1349B7BFB3599A6ADA56851B . 279552 . . [6.0.6000.16386] . . c:\windows\System32\services.exe
[-] 2009-04-11 . 524BFBEA40E6E404737CCBC754647A2E . 127488 . . [6.0.6000.16386] . . c:\windows\System32\spoolsv.exe
[-] 2009-04-11 . 898E7C06A350D4A1A64A9EA264D55452 . 314368 . . [6.0.6001.18000] . . c:\windows\System32\winlogon.exe
[-] 2008-01-21 . 50CDFD99E606D172875E73B87C64053D . 531968 . . [5.82] . . c:\windows\System32\comctl32.dll
[-] 2009-04-11 . FB27772BEAF8E1D28CCD825C09DA939B . 129024 . . [6.0.6000.16386] . . c:\windows\System32\cryptsvc.dll
[-] 2009-04-11 . 67058C46504BC12D821F38CF99B7B28F . 268800 . . [2001.12.6932.18005] . . c:\windows\System32\es.dll
[-] 2009-04-11 . C8BDCECEE082B54F0BAC838BF0A34597 . 114688 . . [6.0.6002.18005] . . c:\windows\System32\imm32.dll
[-] 2009-04-11 . BB8509089E7DF514310814E1B2593FFC . 891392 . . [6.0.6001.18000] . . c:\windows\System32\kernel32.dll
[-] 2006-11-02 . 24F90AEFEBE601D427CB4511E74CDCB6 . 22016 . . [6.0.6000.16386] . . c:\windows\System32\linkinfo.dll
[-] 2009-06-15 . EB0E02749CE5C488741C9A0ABEAB5DEC . 23552 . . [6.0.6002.18051] . . c:\windows\System32\lpk.dll
[-] 2010-02-23 . 8D5FB97AE3D30CCDD8C9D8AF447C7D09 . 5944832 . . [8.00.6001.18702] . . c:\windows\System32\mshtml.dll
[-] 2009-04-11 . F5E991236960137B1F5449C5E5DF4656 . 679936 . . [7.0.6002.18005] . . c:\windows\System32\msvcrt.dll
[-] 2009-04-11 . 8617350C9B590B63E620881092751BCB . 223232 . . [6.0.6000.16386] . . c:\windows\System32\mswsock.dll
[-] 2009-04-11 . 95DAECF0FB120A7B5DA679CC54E37DDE . 592896 . . [6.0.6001.18000] . . c:\windows\System32\netlogon.dll
[-] 2009-04-11 . 9A7F4B2EDACD11444D048AA19CBB26AF . 98816 . . [6.0.6001.18000] . . c:\windows\System32\powrprof.dll
[-] 2009-04-11 . 8FC182167381E9915651267044105EE1 . 177152 . . [6.0.6000.16386] . . c:\windows\System32\scecli.dll
[-] 2006-11-02 . F4E1AA5D59C849A4AB47E895DC76B9C8 . 4608 . . [6.0.6000.16386] . . c:\windows\System32\sfc.dll
[-] 2008-01-21 . 3794B461C45882E06856F282EEF025AF . 21504 . . [6.0.6000.16386] . . c:\windows\System32\svchost.exe
[-] 2009-04-11 . D7673E4B38CE21EE54C59EEEB65E2483 . 242688 . . [6.0.6001.18000] . . c:\windows\System32\tapisrv.dll
[-] 2009-04-11 . 75510147B94598407666F4802797C75A . 627712 . . [6.0.6001.18000] . . c:\windows\System32\user32.dll
[-] 2008-01-21 . 0E135526E9785D085BCD9AEDE6FBCBF9 . 25088 . . [6.0.6000.16386] . . c:\windows\System32\userinit.exe
[-] 2010-02-23 . EC3B3E6071E3FCD4290BFD42676EE064 . 916480 . . [8.00.6001.18702] . . c:\windows\System32\wininet.dll
[-] 2008-01-21 . B304D47D5744BA20FCB99FB8B2C07B0B . 179200 . . [6.0.6000.16386] . . c:\windows\System32\ws2_32.dll
[-] 2009-04-11 . D07D4C3038F3578FFCE1C0237F2A1253 . 2926592 . . [6.0.6000.16386] . . c:\windows\explorer.exe
[-] 2006-11-02 . 7F15B4953378C8B5161D65C26D5FED4D . 11776 . . [6.0.6000.16386] . . c:\windows\System32\cngaudit.dll
[-] 2006-11-02 . 22BFD03DF51065A9ED8D17F8FB72296B . 8704 . . [6.0.6000.16386] . . c:\windows\System32\ctfmon.exe
[-] 2009-04-11 . C818C44C201898399BF999BB6B35D4E3 . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
[-] 2009-04-11 . 9E6894EA18DAFF37B63E1005F83AE4AB . 107008 . . [6.0.6000.16386] . . c:\windows\System32\regsvc.dll
[-] 2009-04-11 . 323AE0BDFD2EB15B668DDA50CC597329 . 595456 . . [6.0.6001.18000] . . c:\windows\System32\schedsvc.dll
[-] 2008-01-21 . 03D50B37234967433A5EA5BA72BC0B62 . 155648 . . [6.0.6000.16386] . . c:\windows\System32\ssdpsrv.dll
[-] 2009-04-11 . BB95DA09BEF6E7A131BFF3BA5032090D . 449024 . . [6.0.6001.18000] . . c:\windows\System32\termsrv.dll
[-] 2008-01-21 . 7A5F8218325F00396DAEA2F985FA0ECB . 18944 . . [6.0.6001.18000] . . c:\windows\System32\ias.dll
[-] 2006-11-02 09:46 . BA8639F9EB0F74F2946DE6DE1AF4691F . 924944 . . [4.1.6140] . . c:\windows\System32\mfc40u.dll
[-] 2008-01-21 . 68308183F4AE0BE7BF8ECD07CB297999 . 259072 . . [6.0.6000.16386] . . c:\windows\System32\upnphost.dll
[-] 2009-04-11 . 84B8827562B005C118CADBA0F25DB2C6 . 444416 . . [6.0.6000.16386] . . c:\windows\System32\dsound.dll
c:\windows\System32\drivers\beep.sys ... chybí !!
c:\windows\System32\srsvc.dll ... chybí !!
c:\windows\System32\wscntfy.exe ... chybí !!
c:\windows\System32\xmlprov.dll ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-25 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-25 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-16 1029416]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-11 98304]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-07-15 7651328]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-10-09 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-10-09 1182304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):52,0a,67,e5,8c,3c,ca,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Logging]
"LogFileSize"= 4096 (0x1000)
"LogFilePath"= %systemroot%\system32\LogFiles\Firewall\pfirewall.log
R2 gupdate1c9b43149e53f31;Služba Google Update (gupdate1c9b43149e53f31);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 133104]
R2 TBS;Služba TPM Base Services;c:\windows\System32\svchost.exe [2008-01-21 21504]
R2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2008-01-21 21504]
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;d:\i386\AsProcOb.sys [x]
R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\drivers\brfiltlo.sys [2006-11-02 13568]
R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\drivers\brfiltup.sys [2006-11-02 5248]
R3 CertPropSvc;Šíření certifikátů;c:\windows\system32\svchost.exe [2008-01-21 21504]
R3 DFSR;Replikace distribuovaného systému souborů (DFSR);c:\windows\system32\DFSR.exe [2009-04-11 2092544]
R3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver;c:\windows\system32\DRIVERS\E1G60I32.sys [2008-01-21 118784]
R3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;c:\windows\TEMP\F-Secure\Anti-Virus\fsblsrv.exe [x]
R3 fdPHost;Hostitel poskytovatele rozpoznávání funkce;c:\windows\system32\svchost.exe [2008-01-21 21504]
R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2008-01-21 27648]
R3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
R3 fsbl;F-Secure BlackLight Engine Driver;c:\program files\F-Secure\Anti-Virus\fsbldrv.sys [x]
R3 IPBusEnum;Rozpoznávací modul sběrnice PnP-X IP;c:\windows\system32\svchost.exe [2008-01-21 21504]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R3 lltdsvc;Mapovač zjišťování topologie linkové vrstvy;c:\windows\System32\svchost.exe [2008-01-21 21504]
R3 MsRPC;MsRPC; [x]
R3 pla;Výstrahy a protokolování výkonu;c:\windows\System32\svchost.exe [2008-01-21 21504]
R3 PNRPAutoReg;Služba publikování názvu počítače pomocí protokolu PNRP;c:\windows\System32\svchost.exe [2008-01-21 21504]
R3 SCPolicySvc;Zásady odebrání čipové karty;c:\windows\system32\svchost.exe [2008-01-21 21504]
R3 SDRSVC;Zálohování systému Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
R3 SessionEnv;Konfigurace Terminálové služby;c:\windows\System32\svchost.exe [2008-01-21 21504]
R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [2008-01-21 12288]
R3 SLUINotify;Služba SL UI Notification Service;c:\windows\system32\svchost.exe [2008-01-21 21504]
R3 THREADORDER;Server pro řazení podprocesů;c:\windows\system32\svchost.exe [2008-01-21 21504]
R3 TrustedInstaller;Instalace modulů systému Windows;c:\windows\servicing\TrustedInstaller.exe [2009-04-11 39424]
R3 tssecsrv;Terminal Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2008-01-21 23552]
R3 UI0Detect;Zjišťování interaktivních služeb;c:\windows\system32\UI0Detect.exe [2008-01-21 35840]
R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [2008-01-21 60984]
R3 wcncsvc;Technologie Windows Connect Now – Registrátor konfigurací;c:\windows\System32\svchost.exe [2008-01-21 21504]
R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2008-01-21 21504]
R3 WdiServiceHost;Hostitel diagnostické služby;c:\windows\System32\svchost.exe [2008-01-21 21504]
R3 Wecsvc;Sběr událostí systému Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
R3 wercplsupport;Podpora ovládacího panelu Hlášení a řešení problémů;c:\windows\System32\svchost.exe [2008-01-21 21504]
R3 WinRM;Vzdálená správa systému Windows (WS-Management);c:\windows\System32\svchost.exe [2008-01-21 21504]
R3 WPCSvc;Rodičovská kontrola;c:\windows\system32\svchost.exe [2008-01-21 21504]
R4 adp94xx;adp94xx;c:\windows\system32\drivers\adp94xx.sys [2008-01-21 422968]
R4 adpahci;adpahci;c:\windows\system32\drivers\adpahci.sys [2008-01-21 300600]
R4 arcsas;arcsas;c:\windows\system32\drivers\arcsas.sys [2008-01-21 79928]
R4 blbdrive;blbdrive;c:\windows\system32\drivers\blbdrive.sys [2008-01-21 45568]
R4 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\system32\drivers\brserid.sys [2006-11-02 71808]
R4 BrSerWdm;Brother WDM Serial driver;c:\windows\system32\drivers\brserwdm.sys [2006-11-02 62336]
R4 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\brusbmdm.sys [2006-11-02 12160]
R4 Crusoe;Transmeta Crusoe Processor Driver;c:\windows\system32\drivers\crusoe.sys [2008-01-21 40960]
R4 elxstor;elxstor;c:\windows\system32\drivers\elxstor.sys [2008-01-21 342584]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2008-10-09 39776]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2008-10-09 25184]
R4 HpCISSs;HpCISSs;c:\windows\system32\drivers\hpcisss.sys [2008-01-21 40504]
R4 iaStorV;Intel RAID Controller Vista;c:\windows\system32\drivers\iastorv.sys [2008-01-21 235064]
R4 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\ipmidrv.sys [2008-01-21 64512]
R4 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2006-11-02 35944]
R4 LSI_FC;LSI_FC;c:\windows\system32\drivers\lsi_fc.sys [2008-01-21 96312]
R4 LSI_SAS;LSI_SAS;c:\windows\system32\drivers\lsi_sas.sys [2008-01-21 89656]
R4 LSI_SCSI;LSI_SCSI;c:\windows\system32\drivers\lsi_scsi.sys [2008-01-21 96312]
R4 Mcx2Svc;Služba zařízení Windows Media Center Extender;c:\windows\system32\svchost.exe [2008-01-21 21504]
R4 megasas;megasas;c:\windows\system32\drivers\megasas.sys [2008-01-21 31288]
R4 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [2008-01-21 105016]
R4 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [2008-01-21 94776]
R4 nfrd960;nfrd960;c:\windows\system32\drivers\nfrd960.sys [2006-11-02 45160]
R4 ntrigdigi;N-trig HID Tablet Driver;c:\windows\system32\drivers\ntrigdigi.sys [2006-11-02 20608]
R4 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2008-01-21 45112]
R4 ql2300;QLogic Fibre Channel Miniport Driver;c:\windows\system32\drivers\ql2300.sys [2008-01-21 1122360]
R4 ql40xx;QLogic iSCSI Miniport Driver;c:\windows\system32\drivers\ql40xx.sys [2006-11-02 106088]
R4 SiSRaid4;SiSRaid4;c:\windows\system32\drivers\sisraid4.sys [2008-01-21 74808]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-17 691696]
R4 uliahci;uliahci;c:\windows\system32\drivers\uliahci.sys [2008-01-21 238648]
R4 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [2008-01-21 115816]
R4 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [2006-11-02 68608]
R4 ViaC7;VIA C7 Processor Driver;c:\windows\system32\drivers\viac7.sys [2008-01-21 41472]
R4 vsmraid;vsmraid;c:\windows\system32\drivers\vsmraid.sys [2008-01-21 130616]
R4 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2006-11-02 20608]
R4 Wd;Microsoft Watchdog Timer Driver;c:\windows\system32\drivers\wd.sys [2008-01-21 22072]
S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [2009-04-11 245736]
S0 Ecache;ReadyBoost Caching Driver;c:\windows\System32\drivers\ecache.sys [2009-04-11 141288]
S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2008-01-21 58936]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2009-07-22 33920]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S0 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2008-01-21 28728]
S0 msisadrv;Ovladač třídy ISA/EISA;c:\windows\system32\drivers\msisadrv.sys [2008-01-21 16440]
S0 spldr;Security Processor Loader Driver; [x]
S0 volmgr;Ovladač správce svazků;c:\windows\system32\drivers\volmgr.sys [2008-01-21 52792]
S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [2009-04-11 292840]
S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2009-04-11 75264]
S1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2008-10-09 12384]
S1 nsiproxy;NSI proxy service;c:\windows\system32\drivers\nsiproxy.sys [2008-01-21 16384]
S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2008-01-21 6144]
S1 Smb;Protokol TCP/IP a TCP/IPv6 orientovaný na zprávy (relace SMB);c:\windows\system32\DRIVERS\smb.sys [2009-04-11 66560]
S1 tdx;Ovladač pro podporu zastaralého rozhraní TDI NetIO;c:\windows\system32\DRIVERS\tdx.sys [2009-04-11 72192]
S1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [2008-01-21 62464]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 AudioEndpointBuilder;Koncové vytváření služby Windows Audio;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 BFE;Služba BFE;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 DPS;Služba DPS (Diagnostic Policy Service);c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 EMDMgmt;ReadyBoost;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 FDResPub;Publikování prostředků rozpoznávání funkcí;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 gpsvc;Klient zásad skupiny;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 IKEEXT;Služba IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 iphlpsvc;Pomocník IP;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 KtmRm;Služba KTMRM pro koordinátor DTC;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2008-01-21 47104]
S2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [2008-01-21 84480]
S2 MMCSS;Služba Plánovač multimédií;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 MpsSvc;Brána firewall systému Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 MSiSCSI;Služba iniciátoru iSCSI společnosti Microsoft;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 netprofm;Služba seznamu sítí;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 NlaSvc;Sledování umístění v síti (NLA);c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 nsi;Služba rozhraní síťového úložiště;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2006-11-02 878080]
S2 ProfSvc;Služba Profil uživatele;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 slsvc;Licencování softwaru;c:\windows\system32\SLsvc.exe [2009-04-11 3408896]
S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 TabletInputService;Služba Vstupní panel počítače Tablet PC;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2009-12-08 30720]
S2 UxSms;Správce relací správce oken plochy;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 WerSvc;Služba Zasílání zpráv o chybách systému Windows;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 Wlansvc;Automatická konfigurace sítě WLAN;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 WPDBusEnum;Služba Výčet přenosných zařízení;c:\windows\system32\svchost.exe [2008-01-21 21504]
S3 Appinfo;Informace o aplikaci;c:\windows\system32\svchost.exe [2008-01-21 21504]
S3 bowser;bowser;c:\windows\system32\DRIVERS\bowser.sys [2008-01-21 69632]
S3 circlass;Uživatelská infračervená zařízení;c:\windows\system32\DRIVERS\circlass.sys [2008-01-21 35328]
S3 DCamUSBET;USB2.0 1.3M UVC WebCam;c:\windows\system32\DRIVERS\etDevice.sys [2007-09-06 474624]
S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2009-09-25 634880]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2009-10-06 100984]
S3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\DRIVERS\etFilter.sys [2007-10-15 206336]
S3 iScsiPrt;Ovladač iScsiPort;c:\windows\system32\DRIVERS\msiscsi.sys [2009-04-11 180712]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
S3 KeyIso;Izolace klíče CNG;c:\windows\system32\lsass.exe [2009-06-15 9728]
S3 monitor;Služba ovladače funkce třídy monitorů Microsoft;c:\windows\system32\DRIVERS\monitor.sys [2008-01-21 41984]
S3 mpsdrv;Ovladač ověření brány firewall systému Windows;c:\windows\system32\drivers\mpsdrv.sys [2008-01-21 64000]
S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [2010-02-23 212992]
S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [2010-02-23 79360]
S3 NativeWifiP;Filtr NativeWiFi;c:\windows\system32\DRIVERS\nwifi.sys [2009-04-11 148480]
S3 NETw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-06-25 43040]
S3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\DRIVERS\etScan.sys [2007-09-06 6656]
S3 srv2;srv2;c:\windows\system32\DRIVERS\srv2.sys [2009-09-14 144896]
S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2009-12-11 98816]
S3 tunnel;Microsoft IPv6 Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [2010-02-18 25088]
S3 umbus;Ovladač sběrnice UMBus Enumerator;c:\windows\system32\DRIVERS\umbus.sys [2008-01-21 34816]
S3 WdiSystemHost;Hostitel diagnostického systému;c:\windows\System32\svchost.exe [2008-01-21 21504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc ehstart
WerSvcGroup REG_MULTI_SZ wersvc
swprv REG_MULTI_SZ swprv
regsvc REG_MULTI_SZ RemoteRegistry
wcssvc REG_MULTI_SZ WcsPlugInService
DcomLaunch REG_MULTI_SZ PlugPlay DcomLaunch
wdisvc REG_MULTI_SZ WdiServiceHost
sdrsvc REG_MULTI_SZ sdrsvc
secsvcs REG_MULTI_SZ WinDefend
Cognizance REG_MULTI_SZ ASBroker ASChannel
GPSvcGroup REG_MULTI_SZ GPSvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
wercplsupport
CertPropSvc
SCPolicySvc
gpsvc
IKEEXT
LogonHours
PCAudit
iphlpsvc
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
SessionEnv
.
Obsah adresáře 'Naplánované úlohy'
2010-04-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-03 07:53]
2010-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 07:53]
2010-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 07:53]
2010-02-03 c:\windows\Tasks\Install_NSS.job
- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2010-02-02 21:50]
2010-04-21 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\F-Secure\ANTI-V~1\fsav.exe [2009-02-18 10:28]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\nxke1g8s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\nxke1g8s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\Misa\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\Misa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
SafeBoot-sacsvr
AddRemove-WWII: Rescue - c:\progra~1\WWIIRE~1\UNWISE.EXE
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-3422845187-1114445632-1184245817-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:39,16,e7,57,58,7c,1c,36,97,f2,8b,6a,46,a1,67,75,53,fa,fa,81,75,2a,2f,
8e,80,20,67,80,51,48,bb,ef,22,34,a3,72,d2,14,d1,0f,4b,2e,6b,64,56,0c,57,1a,\
"??"=hex:0f,17,62,ce,56,48,00,9d,25,60,67,9e,c7,d1,4e,76
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(752)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll
- - - - - - - > 'Explorer.exe'(3784)
c:\windows\system32\APSHook.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\F-Secure\Anti-Virus\fsgk32st.exe
c:\program files\F-Secure\Common\FSMA32.EXE
c:\program files\F-Secure\Anti-Virus\FSGK32.EXE
c:\program files\F-Secure\Common\FSMB32.EXE
c:\windows\system32\rundll32.exe
c:\program files\F-Secure\Common\FCH32.EXE
c:\program files\F-Secure\Anti-Virus\fsqh.exe
c:\program files\F-Secure\Common\FAMEH32.EXE
c:\program files\F-Secure\Anti-Virus\fssm32.exe
c:\program files\F-Secure\Common\FNRB32.EXE
c:\program files\F-Secure\FSAUA\program\fsaua.exe
c:\program files\F-Secure\Common\FIH32.EXE
c:\program files\F-Secure\Anti-Virus\fsav32.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
c:\program files\ASUS\Net4Switch\Net4Switch.exe
c:\windows\system32\conime.exe
c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\program files\ASUS\Wireless Console 3\wcourier.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
.
**************************************************************************
.
Celkový čas: 2010-04-22 00:05:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-21 22:05
Před spuštěním: Volných bajtů: 138 435 125 248
Po spuštění: Volných bajtů: 135 908 171 776
- - End Of File - - B72764B79196F4FCF9F16E262DB9C0A1
Virus protector Vyřešeno
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Virus protector
No to je pěkná sbírka havěti..
Ty soubory nahradíme až potom...
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
c:\windows\system32\deployJava1.dll
c:\windows\system32\acovcnt.exe
c:\users\Misa\AppData\Roaming\Facebook\uninstall.exe
Pokud už byl soubor testován-klikni na otestovat znovu.
Až skončí test všech antivirů, vlož sem pak odkazy na stránky s výsledky.
Ty soubory nahradíme až potom...
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
Mia::
c:\windows\system32\drivers\beep.sys
c:\windows\system32\srsvc.dll
c:\windows\System32\wscntfy.exe
c:\windows\System32\xmlprov.dll
File::
c:\windows\system32\drivers\YTnoNSAr.dll
c:\windows\system32\drivers\XPxxLQ.exe
c:\windows\system32\drivers\xivbr.dll
c:\windows\system32\drivers\tUAMwsYIl.exe
c:\windows\system32\drivers\SSAYcL.exe
c:\windows\system32\drivers\rGIkntUl.dll
c:\windows\system32\drivers\onYpf.dll
c:\windows\system32\drivers\gdFNGDCb.exe
c:\windows\system32\drivers\FnYbFyi.dll
c:\windows\system32\drivers\DeNlfATL.exe
c:\windows\system32\drivers\DAxJlEe.exe
c:\windows\system32\drivers\BQWfgSeM.dll
c:\windows\bthservsdp.dat
c:\programdata\nvModes.dat
c:\users\Misa\AppData\Local\d3d9caps.dat
c:\windows\system32\SIntf16.dll
c:\windows\Tasks\Install_NSS.job
c:\windows\System32\Adobe\Shockwave 11\nssstub.exe
Folder::
c:\program files\DAEMON Tools Toolbar
Driver::
MsRPC
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
c:\windows\system32\deployJava1.dll
c:\windows\system32\acovcnt.exe
c:\users\Misa\AppData\Roaming\Facebook\uninstall.exe
Pokud už byl soubor testován-klikni na otestovat znovu.
Až skončí test všech antivirů, vlož sem pak odkazy na stránky s výsledky.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Virus protector
log z ComboFixu:
ComboFix 10-04-21.01 - Misa 22.04.2010 10:30:20.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.1842 [GMT 2:00]
Spuštěný z: c:\users\Misa\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Misa\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\beep.sys . . . chybí !!
c:\windows\system32\srsvc.dll . . . chybí !!
c:\windows\System32\wscntfy.exe . . . chybí !!
c:\windows\System32\xmlprov.dll . . . chybí !!
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_MsRPC
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-22 do 2010-04-22 )))))))))))))))))))))))))))))))
.
2010-04-22 09:48 . 2010-04-22 09:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-22 09:48 . 2010-04-22 09:48 -------- d-----w- c:\users\JTSK\AppData\Local\temp
2010-04-22 09:48 . 2010-04-22 09:51 -------- d-----w- c:\users\Misa\AppData\Local\temp
2010-04-22 09:48 . 2010-04-22 09:48 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-04-22 09:48 . 2010-04-22 09:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-21 19:35 . 2010-04-21 19:35 -------- d-----w- c:\programdata\WindowsSearch
2010-04-21 18:54 . 2010-04-21 18:54 -------- d-----w- c:\program files\Trend Micro
2010-04-21 17:26 . 2010-04-21 17:26 -------- d-----w- c:\users\Misa\AppData\Roaming\Malwarebytes
2010-04-21 17:26 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-21 17:26 . 2010-04-21 17:26 -------- d-----w- c:\programdata\Malwarebytes
2010-04-21 17:26 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-21 17:26 . 2010-04-21 17:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-21 16:59 . 2010-04-21 17:10 -------- d-----w- c:\users\Guest\AppData\Local\Google
2010-04-21 16:59 . 2010-04-21 16:59 -------- d-----w- c:\users\Guest\AppData\Local\Mozilla
2010-04-21 16:55 . 2010-04-21 16:55 -------- d-----w- c:\users\Guest\AppData\Local\VirtualStore
2010-04-21 14:36 . 2010-04-21 14:53 -------- d-----w- C:\inetpub
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\YTnoNSAr.dll
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\XPxxLQ.exe
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\xivbr.dll
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\tUAMwsYIl.exe
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\SSAYcL.exe
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\rGIkntUl.dll
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\onYpf.dll
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\gdFNGDCb.exe
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\FnYbFyi.dll
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\DeNlfATL.exe
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\DAxJlEe.exe
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\BQWfgSeM.dll
2010-04-18 16:24 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-14 07:21 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 07:21 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 07:21 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 07:21 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 07:21 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 07:21 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 07:21 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 07:21 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 07:21 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 07:20 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 07:19 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-05 18:05 . 2010-04-05 18:05 -------- d-----w- c:\program files\DownloadToolz
2010-03-30 23:05 . 2010-03-30 23:09 -------- d-----w- c:\program files\Diablo II Shareware
2010-03-30 17:26 . 2010-03-30 17:26 -------- d-----w- c:\program files\Common Files\Java
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-22 09:50 . 2009-02-18 21:08 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-04-22 09:48 . 2009-02-17 22:53 12 ----a-w- c:\windows\bthservsdp.dat
2010-04-22 08:16 . 2008-01-21 06:46 643410 ----a-w- c:\windows\system32\perfh005.dat
2010-04-22 08:16 . 2008-01-21 06:46 137662 ----a-w- c:\windows\system32\perfc005.dat
2010-04-22 05:28 . 2009-02-18 00:55 -------- d-----w- c:\program files\F-Secure
2010-04-21 20:41 . 2009-10-01 16:42 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-04-21 19:15 . 2010-04-21 19:15 388096 ----a-r- c:\users\Misa\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-21 17:25 . 2009-02-28 19:42 41952 ----a-w- c:\programdata\nvModes.dat
2010-04-21 16:57 . 2009-04-03 07:53 -------- d-----w- c:\programdata\Google Updater
2010-04-21 15:18 . 2009-02-17 21:26 1356 ----a-w- c:\users\Misa\AppData\Local\d3d9caps.dat
2010-04-18 18:38 . 2009-03-01 20:51 -------- d-----w- c:\users\Misa\AppData\Roaming\uTorrent
2010-04-18 16:24 . 2009-03-04 15:38 -------- d-----w- c:\program files\Java
2010-04-14 08:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-14 07:28 . 2009-02-25 08:41 -------- d-----w- c:\programdata\Microsoft Help
2010-04-13 17:14 . 2009-04-03 07:53 -------- d-----w- c:\program files\Google
2010-04-08 15:49 . 2009-03-04 21:30 -------- d-----w- c:\users\Misa\AppData\Roaming\dvdcss
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\11542\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\11542\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\11542\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\11542\AcrobatUpdater.exe
2010-03-17 08:39 . 2010-03-17 08:39 -------- d-----w- c:\program files\Common Files\StatSoft
2010-03-17 08:39 . 2010-03-17 08:39 -------- d-----w- c:\programdata\StatSoft
2010-03-17 08:34 . 2009-10-01 17:17 -------- d-----w- c:\program files\StatSoft
2010-03-17 08:10 . 2009-10-01 16:42 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-03-17 08:08 . 2009-10-01 16:38 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-17 07:49 . 2009-02-17 22:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-17 07:31 . 2009-10-01 16:42 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-03-11 21:00 . 2010-03-11 20:18 -------- d-----w- c:\program files\Fox
2010-03-11 20:59 . 2010-03-11 20:35 -------- d-----w- c:\program files\GameSpy Arcade
2010-03-11 20:22 . 2010-03-11 20:22 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2010-03-11 20:22 . 2010-03-11 20:22 17212 ----a-w- c:\windows\system32\SIntf32.dll
2010-03-11 20:22 . 2010-03-11 20:22 12067 ----a-w- c:\windows\system32\SIntf16.dll
2010-03-07 21:43 . 2010-02-01 21:23 50354 ----a-w- c:\users\Misa\AppData\Roaming\Facebook\uninstall.exe
2010-03-07 21:43 . 2010-02-01 21:23 -------- d-----w- c:\users\Misa\AppData\Roaming\Facebook
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\users\Misa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-03-01 15:18 . 2010-03-01 15:18 -------- d-----w- c:\program files\DOSBox-0.72
2010-02-25 08:24 . 2009-02-17 21:27 76064 ----a-w- c:\users\Misa\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 09:16 . 2009-10-04 15:49 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 07:44 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 07:44 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 07:44 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 07:44 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-10 23:10 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-10 23:10 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-10 23:10 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-12 10:32 . 2010-03-11 23:46 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-01-27 03:21 . 2010-01-27 03:21 847040 ----a-w- c:\users\Misa\AppData\Roaming\Facebook\axfbootloader.dll
2010-01-27 03:20 . 2010-01-27 03:20 5578752 ----a-w- c:\users\Misa\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
2010-01-25 12:00 . 2010-02-24 08:54 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 08:54 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 08:54 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 08:54 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 08:54 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 08:54 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 08:54 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 08:54 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 08:54 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 08:55 2048 ----a-w- c:\windows\system32\tzres.dll
2008-07-01 18:28 . 2008-07-01 18:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2008-05-22 08:35 . 2008-05-22 08:35 51962 ----a-w- c:\program files\Common Files\banner.jpg
2007-06-12 09:34 . 2007-06-12 09:34 35822 ----a-w- c:\program files\Common Files\ASPG_icon.ico
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-25 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-25 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-16 1029416]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-11 98304]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-07-15 7651328]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-10-09 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-10-09 1182304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):52,0a,67,e5,8c,3c,ca,01
R2 gupdate1c9b43149e53f31;Služba Google Update (gupdate1c9b43149e53f31);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 133104]
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;d:\i386\AsProcOb.sys [x]
R3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;c:\windows\TEMP\F-Secure\Anti-Virus\fsblsrv.exe [x]
R3 fsbl;F-Secure BlackLight Engine Driver;c:\program files\F-Secure\Anti-Virus\fsbldrv.sys [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2008-10-09 39776]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2008-10-09 25184]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-17 691696]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2009-07-22 33920]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2008-10-09 12384]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S3 DCamUSBET;USB2.0 1.3M UVC WebCam;c:\windows\system32\DRIVERS\etDevice.sys [2007-09-06 474624]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2009-10-06 100984]
S3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\DRIVERS\etFilter.sys [2007-10-15 206336]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
S3 NETw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-06-25 43040]
S3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\DRIVERS\etScan.sys [2007-09-06 6656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2010-04-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-03 07:53]
2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 07:53]
2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 07:53]
2010-02-03 c:\windows\Tasks\Install_NSS.job
- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2010-02-02 21:50]
2010-04-22 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\F-Secure\ANTI-V~1\fsav.exe [2009-02-18 10:28]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\nxke1g8s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\nxke1g8s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\Misa\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\Misa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-3422845187-1114445632-1184245817-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:39,16,e7,57,58,7c,1c,36,97,f2,8b,6a,46,a1,67,75,53,fa,fa,81,75,2a,2f,
8e,80,20,67,80,51,48,bb,ef,22,34,a3,72,d2,14,d1,0f,4b,2e,6b,64,56,0c,57,1a,\
"??"=hex:0f,17,62,ce,56,48,00,9d,25,60,67,9e,c7,d1,4e,76
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(752)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll
- - - - - - - > 'Explorer.exe'(3952)
c:\windows\system32\APSHook.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\F-Secure\Anti-Virus\fsgk32st.exe
c:\program files\F-Secure\Common\FSMA32.EXE
c:\program files\F-Secure\Anti-Virus\FSGK32.EXE
c:\program files\F-Secure\Common\FSMB32.EXE
c:\windows\system32\rundll32.exe
c:\program files\F-Secure\Common\FCH32.EXE
c:\program files\F-Secure\Common\FAMEH32.EXE
c:\program files\F-Secure\Anti-Virus\fsqh.exe
c:\program files\F-Secure\Anti-Virus\fssm32.exe
c:\program files\F-Secure\Common\FNRB32.EXE
c:\program files\F-Secure\FSAUA\program\fsaua.exe
c:\program files\F-Secure\Common\FIH32.EXE
c:\program files\F-Secure\Anti-Virus\fsav32.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
c:\program files\ASUS\Net4Switch\Net4Switch.exe
c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\program files\ASUS\Wireless Console 3\wcourier.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\windows\system32\conime.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2010-04-22 11:58:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-22 09:58
ComboFix2.txt 2010-04-21 22:05
Před spuštěním: Volných bajtů: 135 785 099 264
Po spuštění: Volných bajtů: 135 656 681 472
- - End Of File - - 3686765AF6287F025FBE425085B0A9A4
ComboFix 10-04-21.01 - Misa 22.04.2010 10:30:20.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.1842 [GMT 2:00]
Spuštěný z: c:\users\Misa\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Misa\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\beep.sys . . . chybí !!
c:\windows\system32\srsvc.dll . . . chybí !!
c:\windows\System32\wscntfy.exe . . . chybí !!
c:\windows\System32\xmlprov.dll . . . chybí !!
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_MsRPC
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-22 do 2010-04-22 )))))))))))))))))))))))))))))))
.
2010-04-22 09:48 . 2010-04-22 09:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-22 09:48 . 2010-04-22 09:48 -------- d-----w- c:\users\JTSK\AppData\Local\temp
2010-04-22 09:48 . 2010-04-22 09:51 -------- d-----w- c:\users\Misa\AppData\Local\temp
2010-04-22 09:48 . 2010-04-22 09:48 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-04-22 09:48 . 2010-04-22 09:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-21 19:35 . 2010-04-21 19:35 -------- d-----w- c:\programdata\WindowsSearch
2010-04-21 18:54 . 2010-04-21 18:54 -------- d-----w- c:\program files\Trend Micro
2010-04-21 17:26 . 2010-04-21 17:26 -------- d-----w- c:\users\Misa\AppData\Roaming\Malwarebytes
2010-04-21 17:26 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-21 17:26 . 2010-04-21 17:26 -------- d-----w- c:\programdata\Malwarebytes
2010-04-21 17:26 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-21 17:26 . 2010-04-21 17:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-21 16:59 . 2010-04-21 17:10 -------- d-----w- c:\users\Guest\AppData\Local\Google
2010-04-21 16:59 . 2010-04-21 16:59 -------- d-----w- c:\users\Guest\AppData\Local\Mozilla
2010-04-21 16:55 . 2010-04-21 16:55 -------- d-----w- c:\users\Guest\AppData\Local\VirtualStore
2010-04-21 14:36 . 2010-04-21 14:53 -------- d-----w- C:\inetpub
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\YTnoNSAr.dll
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\XPxxLQ.exe
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\xivbr.dll
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\tUAMwsYIl.exe
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\SSAYcL.exe
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\rGIkntUl.dll
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\onYpf.dll
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\gdFNGDCb.exe
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\FnYbFyi.dll
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\DeNlfATL.exe
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\DAxJlEe.exe
2010-04-19 13:27 . 2010-04-19 13:27 1459311 ------w- c:\windows\system32\drivers\BQWfgSeM.dll
2010-04-18 16:24 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-14 07:21 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 07:21 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 07:21 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 07:21 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 07:21 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 07:21 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 07:21 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 07:21 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 07:21 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 07:20 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 07:19 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-05 18:05 . 2010-04-05 18:05 -------- d-----w- c:\program files\DownloadToolz
2010-03-30 23:05 . 2010-03-30 23:09 -------- d-----w- c:\program files\Diablo II Shareware
2010-03-30 17:26 . 2010-03-30 17:26 -------- d-----w- c:\program files\Common Files\Java
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-22 09:50 . 2009-02-18 21:08 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-04-22 09:48 . 2009-02-17 22:53 12 ----a-w- c:\windows\bthservsdp.dat
2010-04-22 08:16 . 2008-01-21 06:46 643410 ----a-w- c:\windows\system32\perfh005.dat
2010-04-22 08:16 . 2008-01-21 06:46 137662 ----a-w- c:\windows\system32\perfc005.dat
2010-04-22 05:28 . 2009-02-18 00:55 -------- d-----w- c:\program files\F-Secure
2010-04-21 20:41 . 2009-10-01 16:42 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-04-21 19:15 . 2010-04-21 19:15 388096 ----a-r- c:\users\Misa\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-21 17:25 . 2009-02-28 19:42 41952 ----a-w- c:\programdata\nvModes.dat
2010-04-21 16:57 . 2009-04-03 07:53 -------- d-----w- c:\programdata\Google Updater
2010-04-21 15:18 . 2009-02-17 21:26 1356 ----a-w- c:\users\Misa\AppData\Local\d3d9caps.dat
2010-04-18 18:38 . 2009-03-01 20:51 -------- d-----w- c:\users\Misa\AppData\Roaming\uTorrent
2010-04-18 16:24 . 2009-03-04 15:38 -------- d-----w- c:\program files\Java
2010-04-14 08:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-14 07:28 . 2009-02-25 08:41 -------- d-----w- c:\programdata\Microsoft Help
2010-04-13 17:14 . 2009-04-03 07:53 -------- d-----w- c:\program files\Google
2010-04-08 15:49 . 2009-03-04 21:30 -------- d-----w- c:\users\Misa\AppData\Roaming\dvdcss
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\11542\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\11542\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\11542\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\11542\AcrobatUpdater.exe
2010-03-17 08:39 . 2010-03-17 08:39 -------- d-----w- c:\program files\Common Files\StatSoft
2010-03-17 08:39 . 2010-03-17 08:39 -------- d-----w- c:\programdata\StatSoft
2010-03-17 08:34 . 2009-10-01 17:17 -------- d-----w- c:\program files\StatSoft
2010-03-17 08:10 . 2009-10-01 16:42 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-03-17 08:08 . 2009-10-01 16:38 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-17 07:49 . 2009-02-17 22:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-17 07:31 . 2009-10-01 16:42 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-03-11 21:00 . 2010-03-11 20:18 -------- d-----w- c:\program files\Fox
2010-03-11 20:59 . 2010-03-11 20:35 -------- d-----w- c:\program files\GameSpy Arcade
2010-03-11 20:22 . 2010-03-11 20:22 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2010-03-11 20:22 . 2010-03-11 20:22 17212 ----a-w- c:\windows\system32\SIntf32.dll
2010-03-11 20:22 . 2010-03-11 20:22 12067 ----a-w- c:\windows\system32\SIntf16.dll
2010-03-07 21:43 . 2010-02-01 21:23 50354 ----a-w- c:\users\Misa\AppData\Roaming\Facebook\uninstall.exe
2010-03-07 21:43 . 2010-02-01 21:23 -------- d-----w- c:\users\Misa\AppData\Roaming\Facebook
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\users\Misa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-03-01 15:18 . 2010-03-01 15:18 -------- d-----w- c:\program files\DOSBox-0.72
2010-02-25 08:24 . 2009-02-17 21:27 76064 ----a-w- c:\users\Misa\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 09:16 . 2009-10-04 15:49 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 07:44 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 07:44 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 07:44 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 07:44 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-10 23:10 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-10 23:10 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-10 23:10 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-12 10:32 . 2010-03-11 23:46 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-01-27 03:21 . 2010-01-27 03:21 847040 ----a-w- c:\users\Misa\AppData\Roaming\Facebook\axfbootloader.dll
2010-01-27 03:20 . 2010-01-27 03:20 5578752 ----a-w- c:\users\Misa\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
2010-01-25 12:00 . 2010-02-24 08:54 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 08:54 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 08:54 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 08:54 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 08:54 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 08:54 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 08:54 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 08:54 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 08:54 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 08:55 2048 ----a-w- c:\windows\system32\tzres.dll
2008-07-01 18:28 . 2008-07-01 18:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2008-05-22 08:35 . 2008-05-22 08:35 51962 ----a-w- c:\program files\Common Files\banner.jpg
2007-06-12 09:34 . 2007-06-12 09:34 35822 ----a-w- c:\program files\Common Files\ASPG_icon.ico
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-25 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-25 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-16 1029416]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-11 98304]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-07-15 7651328]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-10-09 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-10-09 1182304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):52,0a,67,e5,8c,3c,ca,01
R2 gupdate1c9b43149e53f31;Služba Google Update (gupdate1c9b43149e53f31);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 133104]
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;d:\i386\AsProcOb.sys [x]
R3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;c:\windows\TEMP\F-Secure\Anti-Virus\fsblsrv.exe [x]
R3 fsbl;F-Secure BlackLight Engine Driver;c:\program files\F-Secure\Anti-Virus\fsbldrv.sys [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2008-10-09 39776]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2008-10-09 25184]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-17 691696]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2009-07-22 33920]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2008-10-09 12384]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S3 DCamUSBET;USB2.0 1.3M UVC WebCam;c:\windows\system32\DRIVERS\etDevice.sys [2007-09-06 474624]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2009-10-06 100984]
S3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\DRIVERS\etFilter.sys [2007-10-15 206336]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
S3 NETw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-06-25 43040]
S3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\DRIVERS\etScan.sys [2007-09-06 6656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2010-04-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-03 07:53]
2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 07:53]
2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 07:53]
2010-02-03 c:\windows\Tasks\Install_NSS.job
- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2010-02-02 21:50]
2010-04-22 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\F-Secure\ANTI-V~1\fsav.exe [2009-02-18 10:28]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\nxke1g8s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\nxke1g8s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\Misa\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\Misa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-3422845187-1114445632-1184245817-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:39,16,e7,57,58,7c,1c,36,97,f2,8b,6a,46,a1,67,75,53,fa,fa,81,75,2a,2f,
8e,80,20,67,80,51,48,bb,ef,22,34,a3,72,d2,14,d1,0f,4b,2e,6b,64,56,0c,57,1a,\
"??"=hex:0f,17,62,ce,56,48,00,9d,25,60,67,9e,c7,d1,4e,76
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(752)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll
- - - - - - - > 'Explorer.exe'(3952)
c:\windows\system32\APSHook.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\F-Secure\Anti-Virus\fsgk32st.exe
c:\program files\F-Secure\Common\FSMA32.EXE
c:\program files\F-Secure\Anti-Virus\FSGK32.EXE
c:\program files\F-Secure\Common\FSMB32.EXE
c:\windows\system32\rundll32.exe
c:\program files\F-Secure\Common\FCH32.EXE
c:\program files\F-Secure\Common\FAMEH32.EXE
c:\program files\F-Secure\Anti-Virus\fsqh.exe
c:\program files\F-Secure\Anti-Virus\fssm32.exe
c:\program files\F-Secure\Common\FNRB32.EXE
c:\program files\F-Secure\FSAUA\program\fsaua.exe
c:\program files\F-Secure\Common\FIH32.EXE
c:\program files\F-Secure\Anti-Virus\fsav32.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
c:\program files\ASUS\Net4Switch\Net4Switch.exe
c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\program files\ASUS\Wireless Console 3\wcourier.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\windows\system32\conime.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2010-04-22 11:58:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-22 09:58
ComboFix2.txt 2010-04-21 22:05
Před spuštěním: Volných bajtů: 135 785 099 264
Po spuštění: Volných bajtů: 135 656 681 472
- - End Of File - - 3686765AF6287F025FBE425085B0A9A4
Re: Virus protector
z HJt.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:11:08, on 22.4.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\F-Secure\common\FSM32.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynAsus.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\F-Secure\FSGUI\scanwizard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: CiSvc - Unknown owner - C:\Windows\system32\cisvc.exe (file missing)
O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\Windows\TEMP\F-Secure\Anti-Virus\fsblsrv.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: Služba F-Secure Network Request Broker (F-Secure Network Request Broker) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Služba Google Update (gupdate1c9b43149e53f31) (gupdate1c9b43149e53f31) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: UPS - Unknown owner - C:\Windows\System32\ups.exe (file missing)
--
End of file - 6813 bytes
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:11:08, on 22.4.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\F-Secure\common\FSM32.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynAsus.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\F-Secure\FSGUI\scanwizard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: CiSvc - Unknown owner - C:\Windows\system32\cisvc.exe (file missing)
O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\Windows\TEMP\F-Secure\Anti-Virus\fsblsrv.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: Služba F-Secure Network Request Broker (F-Secure Network Request Broker) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Služba Google Update (gupdate1c9b43149e53f31) (gupdate1c9b43149e53f31) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: UPS - Unknown owner - C:\Windows\System32\ups.exe (file missing)
--
End of file - 6813 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Virus protector
Stáhni si program OTM (by OldTimer)
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE
- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE
Kód: Vybrat vše
:Processes
explorer.exe
:Services
:Reg
:Files
c:\windows\system32\drivers\YTnoNSAr.dll
c:\windows\system32\drivers\XPxxLQ.exe
c:\windows\system32\drivers\xivbr.dll
c:\windows\system32\drivers\tUAMwsYIl.exe
c:\windows\system32\drivers\SSAYcL.exe
c:\windows\system32\drivers\rGIkntUl.dll
c:\windows\system32\drivers\onYpf.dll
c:\windows\system32\drivers\gdFNGDCb.exe
c:\windows\system32\drivers\FnYbFyi.dll
c:\windows\system32\drivers\DeNlfATL.exe
c:\windows\system32\drivers\DAxJlEe.exe
c:\windows\system32\drivers\BQWfgSeM.dll
c:\windows\bthservsdp.dat
c:\programdata\nvModes.dat
c:\users\Misa\AppData\Local\d3d9caps.dat
c:\windows\system32\SIntf16.dll
c:\windows\Tasks\Install_NSS.job
c:\windows\System32\Adobe\Shockwave 11\nssstub.exe
c:\program files\DAEMON Tools Toolbar
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]
- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Virus protector
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
LoadLibrary failed for c:\windows\system32\drivers\YTnoNSAr.dll
File move failed. c:\windows\system32\drivers\YTnoNSAr.dll scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\XPxxLQ.exe scheduled to be moved on reboot.
LoadLibrary failed for c:\windows\system32\drivers\xivbr.dll
File move failed. c:\windows\system32\drivers\xivbr.dll scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\tUAMwsYIl.exe scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\SSAYcL.exe scheduled to be moved on reboot.
LoadLibrary failed for c:\windows\system32\drivers\rGIkntUl.dll
File move failed. c:\windows\system32\drivers\rGIkntUl.dll scheduled to be moved on reboot.
LoadLibrary failed for c:\windows\system32\drivers\onYpf.dll
File move failed. c:\windows\system32\drivers\onYpf.dll scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\gdFNGDCb.exe scheduled to be moved on reboot.
LoadLibrary failed for c:\windows\system32\drivers\FnYbFyi.dll
File move failed. c:\windows\system32\drivers\FnYbFyi.dll scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\DeNlfATL.exe scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\DAxJlEe.exe scheduled to be moved on reboot.
LoadLibrary failed for c:\windows\system32\drivers\BQWfgSeM.dll
File move failed. c:\windows\system32\drivers\BQWfgSeM.dll scheduled to be moved on reboot.
c:\windows\bthservsdp.dat moved successfully.
c:\programdata\nvModes.dat moved successfully.
c:\users\Misa\AppData\Local\d3d9caps.dat moved successfully.
LoadLibrary failed for c:\windows\system32\SIntf16.dll
c:\windows\system32\SIntf16.dll moved successfully.
c:\windows\Tasks\Install_NSS.job moved successfully.
c:\windows\System32\Adobe\Shockwave 11\nssstub.exe moved successfully.
File/Folder c:\program files\DAEMON Tools Toolbar not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 118885 bytes
->FireFox cache emptied: 3923915 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 41 bytes
User: JTSK
->Temp folder emptied: 0 bytes
User: Misa
->Temp folder emptied: 33260 bytes
->Temporary Internet Files folder emptied: 24030751 bytes
->Java cache emptied: 63226398 bytes
->FireFox cache emptied: 82580859 bytes
->Google Chrome cache emptied: 7213704 bytes
->Flash cache emptied: 158744 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 320 bytes
RecycleBin emptied: 24723 bytes
Total Files Cleaned = 174,00 mb
OTM by OldTimer - Version 3.1.10.2 log created on 04222010_132953
Files moved on Reboot...
File move failed. c:\windows\system32\drivers\YTnoNSAr.dll scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\XPxxLQ.exe scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\xivbr.dll scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\tUAMwsYIl.exe scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\SSAYcL.exe scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\rGIkntUl.dll scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\onYpf.dll scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\gdFNGDCb.exe scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\FnYbFyi.dll scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\DeNlfATL.exe scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\DAxJlEe.exe scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\BQWfgSeM.dll scheduled to be moved on reboot.
Registry entries deleted on Reboot...
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
LoadLibrary failed for c:\windows\system32\drivers\YTnoNSAr.dll
File move failed. c:\windows\system32\drivers\YTnoNSAr.dll scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\XPxxLQ.exe scheduled to be moved on reboot.
LoadLibrary failed for c:\windows\system32\drivers\xivbr.dll
File move failed. c:\windows\system32\drivers\xivbr.dll scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\tUAMwsYIl.exe scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\SSAYcL.exe scheduled to be moved on reboot.
LoadLibrary failed for c:\windows\system32\drivers\rGIkntUl.dll
File move failed. c:\windows\system32\drivers\rGIkntUl.dll scheduled to be moved on reboot.
LoadLibrary failed for c:\windows\system32\drivers\onYpf.dll
File move failed. c:\windows\system32\drivers\onYpf.dll scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\gdFNGDCb.exe scheduled to be moved on reboot.
LoadLibrary failed for c:\windows\system32\drivers\FnYbFyi.dll
File move failed. c:\windows\system32\drivers\FnYbFyi.dll scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\DeNlfATL.exe scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\DAxJlEe.exe scheduled to be moved on reboot.
LoadLibrary failed for c:\windows\system32\drivers\BQWfgSeM.dll
File move failed. c:\windows\system32\drivers\BQWfgSeM.dll scheduled to be moved on reboot.
c:\windows\bthservsdp.dat moved successfully.
c:\programdata\nvModes.dat moved successfully.
c:\users\Misa\AppData\Local\d3d9caps.dat moved successfully.
LoadLibrary failed for c:\windows\system32\SIntf16.dll
c:\windows\system32\SIntf16.dll moved successfully.
c:\windows\Tasks\Install_NSS.job moved successfully.
c:\windows\System32\Adobe\Shockwave 11\nssstub.exe moved successfully.
File/Folder c:\program files\DAEMON Tools Toolbar not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 118885 bytes
->FireFox cache emptied: 3923915 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 41 bytes
User: JTSK
->Temp folder emptied: 0 bytes
User: Misa
->Temp folder emptied: 33260 bytes
->Temporary Internet Files folder emptied: 24030751 bytes
->Java cache emptied: 63226398 bytes
->FireFox cache emptied: 82580859 bytes
->Google Chrome cache emptied: 7213704 bytes
->Flash cache emptied: 158744 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 320 bytes
RecycleBin emptied: 24723 bytes
Total Files Cleaned = 174,00 mb
OTM by OldTimer - Version 3.1.10.2 log created on 04222010_132953
Files moved on Reboot...
File move failed. c:\windows\system32\drivers\YTnoNSAr.dll scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\XPxxLQ.exe scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\xivbr.dll scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\tUAMwsYIl.exe scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\SSAYcL.exe scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\rGIkntUl.dll scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\onYpf.dll scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\gdFNGDCb.exe scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\FnYbFyi.dll scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\DeNlfATL.exe scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\DAxJlEe.exe scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\BQWfgSeM.dll scheduled to be moved on reboot.
Registry entries deleted on Reboot...
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Virus protector
Start-spustit-napiš: notepad
do něho vlož tento celý text:
uložit na plochu s názvem: find.bat (typ souboru- všechny soubory)
Najdi ho na ploše, poklepej na něj a počkej až se okno zavře a objeví se soubor.txt
Vlož sem potom celý text z tohoto souboru.
Potom opakuj s tímto:
//////////////////////////////////////////////////////////////////////////////////////////////
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
do něho vlož tento celý text:
Kód: Vybrat vše
dir \beep.sys /a h /s > File.txt uložit na plochu s názvem: find.bat (typ souboru- všechny soubory)
Najdi ho na ploše, poklepej na něj a počkej až se okno zavře a objeví se soubor.txt
Vlož sem potom celý text z tohoto souboru.
Potom opakuj s tímto:
Kód: Vybrat vše
dir \srsvc.dll /a h /s > File.txt Kód: Vybrat vše
dir \wscntfy.exe /a h /s > File.txt Kód: Vybrat vše
dir \xmlprov.dll /a h /s > File.txt //////////////////////////////////////////////////////////////////////////////////////////////
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
SRPeek::
c:\windows\system32\drivers\beep.sys
c:\windows\system32\srsvc.dll
c:\windows\System32\wscntfy.exe
c:\windows\System32\xmlprov.dll
Reboot::Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Virus protector
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je DE06-7027.
Věpis adres ýe C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b
21.01.2008 04:23 6˙144 beep.sys
Soubor…: 1, Bajt…: 6˙144
S‚riov‚ źˇslo svazku je DE06-7027.
Věpis adres ýe C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b
21.01.2008 04:23 6˙144 beep.sys
Soubor…: 1, Bajt…: 6˙144
Re: Virus protector
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je DE06-7027.
S‚riov‚ źˇslo svazku je DE06-7027.
Re: Virus protector
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je DE06-7027.
S‚riov‚ źˇslo svazku je DE06-7027.
Re: Virus protector
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je DE06-7027.
to byly texty s těch prvních souborů, jak jsou za sebou
S‚riov‚ źˇslo svazku je DE06-7027.
to byly texty s těch prvních souborů, jak jsou za sebou
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 3 hosti