Virus protector Vyřešeno

[vajglik]

ComboFix 10-04-21.01 - Misa 22.04.2010 17:53:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.1838 [GMT 2:00]
Spuštěný z: c:\users\Misa\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Misa\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\msvcr70.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-22 do 2010-04-22 )))))))))))))))))))))))))))))))
.

2010-04-22 15:58 . 2010-04-22 16:01 -------- d-----w- c:\users\Misa\AppData\Local\temp
2010-04-22 15:58 . 2010-04-22 15:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-22 15:58 . 2010-04-22 15:58 -------- d-----w- c:\users\JTSK\AppData\Local\temp
2010-04-22 15:58 . 2010-04-22 15:58 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-04-22 15:58 . 2010-04-22 15:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-22 11:29 . 2010-04-22 11:29 -------- d-----w- C:\_OTM
2010-04-22 11:27 . 2010-04-22 11:27 510464 ----a-w- C:\OTM.exe
2010-04-21 19:35 . 2010-04-21 19:35 -------- d-----w- c:\programdata\WindowsSearch
2010-04-21 18:54 . 2010-04-21 18:54 -------- d-----w- c:\program files\Trend Micro
2010-04-21 17:26 . 2010-04-21 17:26 -------- d-----w- c:\users\Misa\AppData\Roaming\Malwarebytes
2010-04-21 17:26 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-21 17:26 . 2010-04-21 17:26 -------- d-----w- c:\programdata\Malwarebytes
2010-04-21 17:26 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-21 17:26 . 2010-04-21 17:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-21 16:59 . 2010-04-21 17:10 -------- d-----w- c:\users\Guest\AppData\Local\Google
2010-04-21 16:59 . 2010-04-21 16:59 -------- d-----w- c:\users\Guest\AppData\Local\Mozilla
2010-04-21 16:55 . 2010-04-21 16:55 -------- d-----w- c:\users\Guest\AppData\Local\VirtualStore
2010-04-21 14:36 . 2010-04-21 14:53 -------- d-----w- C:\inetpub
2010-04-18 16:24 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-14 07:21 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 07:21 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 07:21 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 07:21 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 07:21 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 07:21 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 07:21 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 07:21 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 07:21 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 07:20 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 07:19 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-05 18:05 . 2010-04-05 18:05 -------- d-----w- c:\program files\DownloadToolz
2010-03-30 23:05 . 2010-03-30 23:09 -------- d-----w- c:\program files\Diablo II Shareware
2010-03-30 17:26 . 2010-03-30 17:26 -------- d-----w- c:\program files\Common Files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-22 16:01 . 2009-02-18 21:08 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-04-22 15:34 . 2008-01-21 06:46 643410 ----a-w- c:\windows\system32\perfh005.dat
2010-04-22 15:34 . 2008-01-21 06:46 137662 ----a-w- c:\windows\system32\perfc005.dat
2010-04-22 15:29 . 2009-02-18 00:55 -------- d-----w- c:\program files\F-Secure
2010-04-22 11:32 . 2010-04-22 11:32 41952 ----a-w- c:\programdata\nvModes.dat
2010-04-21 19:15 . 2010-04-21 19:15 388096 ----a-r- c:\users\Misa\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-21 16:57 . 2009-04-03 07:53 -------- d-----w- c:\programdata\Google Updater
2010-04-18 18:38 . 2009-03-01 20:51 -------- d-----w- c:\users\Misa\AppData\Roaming\uTorrent
2010-04-18 16:24 . 2009-03-04 15:38 -------- d-----w- c:\program files\Java
2010-04-14 08:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-14 07:28 . 2009-02-25 08:41 -------- d-----w- c:\programdata\Microsoft Help
2010-04-13 17:14 . 2009-04-03 07:53 -------- d-----w- c:\program files\Google
2010-04-08 15:49 . 2009-03-04 21:30 -------- d-----w- c:\users\Misa\AppData\Roaming\dvdcss
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\11542\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\11542\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\11542\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\11542\AcrobatUpdater.exe
2010-03-17 08:39 . 2010-03-17 08:39 -------- d-----w- c:\program files\Common Files\StatSoft
2010-03-17 08:39 . 2010-03-17 08:39 -------- d-----w- c:\programdata\StatSoft
2010-03-17 08:34 . 2009-10-01 17:17 -------- d-----w- c:\program files\StatSoft
2010-03-17 08:10 . 2009-10-01 16:42 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-03-17 08:08 . 2009-10-01 16:38 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-17 07:49 . 2009-02-17 22:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-17 07:31 . 2009-10-01 16:42 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-03-11 21:00 . 2010-03-11 20:18 -------- d-----w- c:\program files\Fox
2010-03-11 20:59 . 2010-03-11 20:35 -------- d-----w- c:\program files\GameSpy Arcade
2010-03-11 20:22 . 2010-03-11 20:22 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2010-03-11 20:22 . 2010-03-11 20:22 17212 ----a-w- c:\windows\system32\SIntf32.dll
2010-03-07 21:43 . 2010-02-01 21:23 50354 ----a-w- c:\users\Misa\AppData\Roaming\Facebook\uninstall.exe
2010-03-07 21:43 . 2010-02-01 21:23 -------- d-----w- c:\users\Misa\AppData\Roaming\Facebook
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\users\Misa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-03-01 15:18 . 2010-03-01 15:18 -------- d-----w- c:\program files\DOSBox-0.72
2010-02-25 08:24 . 2009-02-17 21:27 76064 ----a-w- c:\users\Misa\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 09:16 . 2009-10-04 15:49 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 07:44 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 07:44 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 07:44 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 07:44 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-10 23:10 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-10 23:10 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-10 23:10 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-12 10:32 . 2010-03-11 23:46 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-01-27 03:21 . 2010-01-27 03:21 847040 ----a-w- c:\users\Misa\AppData\Roaming\Facebook\axfbootloader.dll
2010-01-27 03:20 . 2010-01-27 03:20 5578752 ----a-w- c:\users\Misa\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
2010-01-25 12:00 . 2010-02-24 08:54 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 08:54 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 08:54 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 08:54 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 08:54 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 08:54 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 08:54 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 08:54 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 08:54 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 08:55 2048 ----a-w- c:\windows\system32\tzres.dll
2008-07-01 18:28 . 2008-07-01 18:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2008-05-22 08:35 . 2008-05-22 08:35 51962 ----a-w- c:\program files\Common Files\banner.jpg
2007-06-12 09:34 . 2007-06-12 09:34 35822 ----a-w- c:\program files\Common Files\ASPG_icon.ico
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-25 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-25 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-16 1029416]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-11 98304]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-07-15 7651328]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-10-09 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-10-09 1182304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):52,0a,67,e5,8c,3c,ca,01

R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
R2 gupdate1c9b43149e53f31;Služba Google Update (gupdate1c9b43149e53f31);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 133104]
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;d:\i386\AsProcOb.sys [x]
R3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;c:\windows\TEMP\F-Secure\Anti-Virus\fsblsrv.exe [x]
R3 fsbl;F-Secure BlackLight Engine Driver;c:\program files\F-Secure\Anti-Virus\fsbldrv.sys [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2008-10-09 39776]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2008-10-09 25184]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-17 691696]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2009-07-22 33920]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2008-10-09 12384]
S3 DCamUSBET;USB2.0 1.3M UVC WebCam;c:\windows\system32\DRIVERS\etDevice.sys [2007-09-06 474624]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2009-10-06 100984]
S3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\DRIVERS\etFilter.sys [2007-10-15 206336]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
S3 NETw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-06-25 43040]
S3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\DRIVERS\etScan.sys [2007-09-06 6656]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-04-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-03 07:53]

2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 07:53]

2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 07:53]

2010-04-22 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\F-Secure\ANTI-V~1\fsav.exe [2009-02-18 10:28]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\nxke1g8s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\nxke1g8s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\Misa\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\Misa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3422845187-1114445632-1184245817-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:39,16,e7,57,58,7c,1c,36,97,f2,8b,6a,46,a1,67,75,53,fa,fa,81,75,2a,2f,
8e,80,20,67,80,51,48,bb,ef,22,34,a3,72,d2,14,d1,0f,4b,2e,6b,64,56,0c,57,1a,\
"??"=hex:0f,17,62,ce,56,48,00,9d,25,60,67,9e,c7,d1,4e,76
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(3716)
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\F-Secure\Anti-Virus\fsgk32st.exe
c:\program files\F-Secure\Common\FSMA32.EXE
c:\program files\F-Secure\Anti-Virus\FSGK32.EXE
c:\program files\F-Secure\Common\FSMB32.EXE
c:\program files\F-Secure\Common\FCH32.EXE
c:\program files\F-Secure\Common\FAMEH32.EXE
c:\program files\F-Secure\Anti-Virus\fsqh.exe
c:\program files\F-Secure\Common\FNRB32.EXE
c:\program files\F-Secure\Anti-Virus\fssm32.exe
c:\program files\F-Secure\FSAUA\program\fsaua.exe
c:\program files\F-Secure\Common\FIH32.EXE
c:\program files\F-Secure\Anti-Virus\fsav32.exe
c:\windows\system32\rundll32.exe
c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\program files\ASUS\Wireless Console 3\wcourier.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\program files\ASUS\Net4Switch\Net4Switch.exe
c:\windows\System32\ACEngSvr.exe
c:\windows\system32\conime.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\windows\System32\rundll32.exe
c:\windows\RtHDVCpl.exe
c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
c:\program files\Synaptics\SynTP\SynAsus.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\program files\F-Secure\FSGUI\fsguidll.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2010-04-22 18:07:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-22 16:07
ComboFix2.txt 2010-04-22 09:58
ComboFix3.txt 2010-04-21 22:05

Před spuštěním: Volných bajtů: 135 723 716 608
Po spuštění: Volných bajtů: 135 681 609 728

- - End Of File - - 32FD134ACA56EC42ABF2EBE3318BD904

[Reklama]

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

Smaž:
C:\_OTM
C:\OTM.exe

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab


Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

[vajglik]

tak po zapnutí počítače mi to vyfluslo tyhle chybové hlášky:
předtí než se načte stránka, kde zadávám heslo tak postupně vypadnou dvě okna pojmenovaná
mpnotify.exe - Součást nejlze najít
LogonUI.exe - Součást nelze najít
v obou je napsáno:
Aplikace nemohla být spuštěna, protože součást MSVCR70.dll nelze najít. Potíže pravděpodobně odstraníte opětovnou instalací aplikace.

a pak když se mi načte plocha, tak ještě naběhne jedno chyb.hlášení, jehož okno se jmenuje RunDLL
a je v něm napsáno
Chyba při spuštění načítání souboru C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll uvedený modul nebyl nalezen.

jinak počítač beží bez problému

[jaro3]

Tak to budeš muset počkat nejspíš do zítřka , někam ty soubory uploadnu..

OS máš tedy Windows Vista SP2 (32bit) ?
máš Office12 ?

[Pic]

Spusť třeba v Ccleaneru kontrolu registrů a pokud to najde chyby, dej to opravit. Povol zálohu registru.

[vajglik]

jojo Visty SP2 (32bit)
a otázce ohledně offisům nerozumím... mám office 2007

[jaro3]

Jo to je ono..


Takže tady si stáhni soubor MSVCR70.dll:

http://www.edisk.cz/stahni/65878/upload ... .26KB.html

Rozbal a otevři složku ,a nakopíruj ten soubor do této složky:
C:\Program Files\Common Files\microsoft shared\OFFICE12\VS Runtime
////////////////////////////////////////////////////////////////////////////////////////////////

Start-spustit-napiš: notepad ,do něho vlož tento celý text:

Kód: Vybrat vše

dir \mpnotify.exe /a h /s > File.txt

uložit na plochu s názvem: find.bat (typ souboru- všechny soubory)
Najdi ho na ploše, poklepej na něj a počkej až se okno zavře a objeví se soubor.txt
Vlož sem potom celý text z tohoto souboru.

Pak to samé s tímto:

Kód: Vybrat vše

dir \LogonUI.exe /a h /s > File.txt

Problém bude s tímto:

C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll
To asi patří k CognizanceTS ?
asi přeinstalovat program.

[vajglik]

jako vůbec netuším k čemu by to mohlo patřit a jak si ho přeinstaluju....

[vajglik]

Svazek v jednotce C nem  § dnou jmenovku.
S‚riov‚ źˇslo svazku je DE06-7027.

Věpis adres ýe C:\Windows\System32

02.11.2006 11:45 14˙336 mpnotify.exe
Soubor…: 1, Bajt…: 14˙336

Věpis adres ýe C:\Windows\winsxs\x86_microsoft-windows-winlogon-tools_31bf3856ad364e35_6.0.6000.16386_none_923cb7d99010c685

02.11.2006 11:45 14˙336 mpnotify.exe
Soubor…: 1, Bajt…: 14˙336

[vajglik]

Svazek v jednotce C nem  § dnou jmenovku.
S‚riov‚ źˇslo svazku je DE06-7027.

Věpis adres ýe C:\Windows\System32

21.01.2008 04:24 9˙216 LogonUI.exe
Soubor…: 1, Bajt…: 9˙216

Věpis adres ýe C:\Windows\winsxs\x86_microsoft-windows-authentication-logonui_31bf3856ad364e35_6.0.6001.18000_none_6593128e7338aab2

21.01.2008 04:24 9˙216 LogonUI.exe
Soubor…: 1, Bajt…: 9˙216

[jaro3]

Ten soubor si tam zkopíroval:
MSVCR70.dll ??

Ještě mi napiš , zda tam máš tuto složku:
C:\Windows\SysWOW , tam by měl být stejný soubor ( LogonUI.exe), ale s jinou velikostí.
to samé s:
mpnotify.exe , má být zde:
C:\Windows\SysWOW\

Budeme pokračovat zítra...

[vajglik]

soubor jsem zkopíroval
a tu složku SysWOW nemám, ale ve složce system32 jsem ten LogonUI.exe i ten mpnotify.exe našel