Problém s Hijack Vyřešeno

[hawks86]

A poslední soubor

EMCRI.dll
Submission date:
2010-09-16 15:31:20 (UTC)
Current status:
queued queued analysing finished
Result:
0/ 43 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.09.16.01 2010.09.16 -
AntiVir 8.2.4.52 2010.09.16 -
Antiy-AVL 2.0.3.7 2010.09.16 -
Authentium 5.2.0.5 2010.09.16 -
Avast 4.8.1351.0 2010.09.16 -
Avast5 5.0.594.0 2010.09.16 -
AVG 9.0.0.851 2010.09.16 -
BitDefender 7.2 2010.09.16 -
CAT-QuickHeal 11.00 2010.09.16 -
ClamAV 0.96.2.0-git 2010.09.16 -
Comodo 6099 2010.09.16 -
DrWeb 5.0.2.03300 2010.09.16 -
Emsisoft 5.0.0.37 2010.09.16 -
eSafe 7.0.17.0 2010.09.15 -
eTrust-Vet 36.1.7859 2010.09.16 -
F-Prot 4.6.1.107 2010.09.16 -
F-Secure 9.0.15370.0 2010.09.16 -
Fortinet 4.1.143.0 2010.09.16 -
GData 21 2010.09.16 -
Ikarus T3.1.1.88.0 2010.09.16 -
Jiangmin 13.0.900 2010.09.16 -
K7AntiVirus 9.63.2522 2010.09.15 -
Kaspersky 7.0.0.125 2010.09.16 -
McAfee 5.400.0.1158 2010.09.16 -
McAfee-GW-Edition 2010.1C 2010.09.16 -
Microsoft 1.6103 2010.09.16 -
NOD32 5455 2010.09.16 -
Norman 6.06.06 2010.09.16 -
nProtect 2010-09-16.02 2010.09.16 -
Panda 10.0.2.7 2010.09.16 -
PCTools 7.0.3.5 2010.09.16 -
Prevx 3.0 2010.09.16 -
Rising 22.65.03.04 2010.09.16 -
Sophos 4.57.0 2010.09.16 -
Sunbelt 6877 2010.09.16 -
SUPERAntiSpyware 4.40.0.1006 2010.09.16 -
Symantec 20101.1.1.7 2010.09.16 -
TheHacker 6.7.0.0.020 2010.09.16 -
TrendMicro 9.120.0.1004 2010.09.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.16 -
VBA32 3.12.14.0 2010.09.16 -
ViRobot 2010.8.25.4006 2010.09.16 -
VirusBuster 12.65.9.0 2010.09.16 -
Additional information
Show all
MD5 : 13042baf118817dce360790db93fbe6e
SHA1 : b5d2f9f078f2ba492b5b5abd153c763043fd5db8
SHA256: b4d3664b2f04db5551487e9f66c9b322273530d3ff611945d1856c51bfafa36e

[Reklama]

[bledulka]

Co počítač?

[hawks86]

No musím říct, že se práce s počítačem určitě zlepšila, hlavně internet. Ale stejně i starší hry, která vyšly i v roce 2002 se mi třeba 1x za 2 minuty na 20 sekund seknou a pak zase jdou, nevím, čím to může být, ale štve mě to

[bledulka]

Stáhni na plochu ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Před použitím vypni všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
-Zavři všechna aktivní okna a spusť ho pod učtem s právy administrátora
- Po spuštění se zobrazí podmínky použití, potvrď je stiskem tlačítka Ano

- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna

- Po dokončení skenování, se vytvoří log C:\ComboFix.txt, zkopíruj celý jeho obsah sem.

[hawks86]

Tady je ten log

ComboFix 10-09-17.04 - Misa 19.09.2010 10:39:08.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.420.1029.18.1022.338 [GMT 2:00]
Spuštěný z: c:\users\Misa\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 4.2 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\FF\components\config.ini
c:\program files\Dealio Toolbar\FF\components\dealioToolbarFF.dll
c:\program files\Dealio Toolbar\FF\components\IFBHOHelperWidgiToolbar.xpt
c:\program files\Dealio Toolbar\FF\components\IFBHOWidgiToolbar.xpt
c:\program files\Dealio Toolbar\FF\chrome.manifest
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.xul
c:\program files\Dealio Toolbar\FF\chrome\content\login.js
c:\program files\Dealio Toolbar\FF\chrome\content\login.xul
c:\program files\Dealio Toolbar\FF\chrome\content\parser.js
c:\program files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.xul
c:\program files\Dealio Toolbar\FF\chrome\content\widgicomm.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgihandling.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgichevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgilisteners.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files\Dealio Toolbar\FF\chrome\content\widgiui.js
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\apple.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\barnes.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\macys.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\newegg.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\overstock.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\searchbox.css
c:\program files\Dealio Toolbar\FF\chrome\skin\separator.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\target.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\walmart.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files\Dealio Toolbar\FF\install.rdf
c:\program files\Dealio Toolbar\IE\4.0.2\config.ini
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\SearchSettingsKit.exe
c:\program files\Search Settings
c:\program files\Search Settings\kb127\SearchSettings.dll
c:\program files\Search Settings\kb127\SearchSettingsRes409.dll
c:\programdata\MPK
c:\programdata\MPK\3\D0000
c:\programdata\MPK\3\S0000
c:\programdata\MPK\Free KGB Keylogger.lnk
c:\programdata\MPK\Free KGB Keylogger\Free KGB Keylogger on the Web.lnk
c:\programdata\MPK\Free KGB Keylogger\Free KGB Keylogger.lnk
c:\programdata\MPK\Free KGB Keylogger\Get discount!.lnk
c:\programdata\MPK\Free KGB Keylogger\Help topics.lnk
c:\programdata\MPK\Free KGB Keylogger\Order now!.lnk
c:\programdata\MPK\Free KGB Keylogger\Uninstall Free KGB Keylogger.lnk
c:\programdata\MPK\M0000
c:\programdata\MPK\S0000
c:\users\Misa\AppData\Roaming\avdrn.dat
c:\users\Misa\AppData\Roaming\Desktopicon
c:\users\Misa\AppData\Roaming\Desktopicon\config.ini
c:\users\Misa\AppData\Roaming\Desktopicon\eBayShortcuts.exe
c:\users\Misa\AppData\Roaming\Microsoft\Windows\Recent\Pat a Mat opet radi, tentokrat v realu - Fun Cafe Time - Vtipna videa, srandicky.url
c:\users\Misa\AppData\Roaming\Microsoft\Windows\Recent\Uvod PRAHA STOVEZATA.url
c:\windows\system32\vbzlib1.dll
c:\windows\VM305Cap.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-19 do 2010-09-19 )))))))))))))))))))))))))))))))
.

2010-09-19 08:51 . 2010-09-19 08:51 -------- d-----w- c:\users\Misa\AppData\Local\temp
2010-09-19 08:51 . 2010-09-19 08:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-15 14:41 . 2010-09-15 14:41 -------- d-----w- C:\_OTL
2010-09-13 18:56 . 2010-09-13 18:56 -------- d-----w- c:\program files\Trend Micro
2010-08-22 14:12 . 2010-09-18 12:31 -------- d-----w- c:\program files\Common Files\Steam
2010-08-22 14:12 . 2010-09-19 07:24 -------- d-----w- c:\program files\Steam
2010-08-22 07:57 . 2010-08-22 07:58 -------- d-----w- c:\program files\Application Updater

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-17 20:05 . 2010-05-25 16:35 -------- d-----w- c:\programdata\PC Suite
2010-09-17 20:04 . 2007-08-23 15:25 -------- d-----w- c:\users\Misa\AppData\Roaming\ICQ
2010-09-15 14:42 . 2009-10-05 07:55 -------- d-----w- c:\program files\Ask.com
2010-09-13 18:56 . 2010-09-13 18:56 388096 ----a-r- c:\users\Misa\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-13 16:59 . 2008-11-18 16:49 -------- d-----w- c:\programdata\Spyware Terminator
2010-09-13 16:58 . 2008-11-18 16:49 -------- d-----w- c:\program files\Spyware Terminator
2010-09-13 15:51 . 2008-11-18 16:50 -------- d-----w- c:\users\Misa\AppData\Roaming\Spyware Terminator
2010-09-13 07:11 . 2007-08-21 12:54 8224 ----a-w- c:\users\Misa\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-12 09:52 . 2009-09-25 12:27 -------- d-----w- c:\program files\Czech Soccer Manager 2002 FE
2010-09-04 07:51 . 2008-10-28 17:59 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-02 10:55 . 2007-01-08 21:09 481910 ----a-w- c:\windows\system32\perfh005.dat
2010-09-02 10:55 . 2007-01-08 21:09 85994 ----a-w- c:\windows\system32\perfc005.dat
2010-08-22 07:56 . 2010-08-04 17:06 -------- d-----w- c:\users\Misa\AppData\Roaming\FreeVideoConverter
2010-08-22 07:51 . 2010-08-04 17:06 -------- d-----w- c:\program files\Free Video Converter
2010-08-21 08:33 . 2007-09-19 07:33 -------- d-----w- c:\program files\Common Files\Java
2010-08-21 08:32 . 2007-09-19 07:33 -------- d-----w- c:\program files\Java
2010-08-16 14:35 . 2007-09-10 12:45 -------- d-----w- c:\program files\GameSpy Arcade
2010-08-03 11:59 . 2008-11-15 20:47 -------- d-----w- c:\users\Misa\AppData\Roaming\dvdcss
2010-08-02 17:27 . 2010-05-25 16:35 -------- d-----w- c:\users\Misa\AppData\Roaming\Nokia
2010-08-02 17:07 . 2010-08-02 17:07 -------- d-----w- c:\program files\WinPcap
2010-08-02 17:06 . 2009-12-01 09:18 -------- d-----w- c:\program files\DsNET Corp
2010-07-28 16:57 . 2010-05-25 16:35 -------- d-----w- c:\users\Misa\AppData\Roaming\PC Suite
2010-07-17 03:00 . 2010-05-20 08:13 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-27 13:39 . 2007-12-28 14:09 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-06-27 13:39 . 2007-12-28 14:09 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-06-27 13:39 . 2007-12-28 14:09 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-06-23 14:24 . 2010-06-23 14:24 2944904 ----a-w- c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\i8eorezm.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2009-05-21 13:17 . 2009-05-21 13:17 23 --sha-w- c:\windows\System32\edacded0_x.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"Steam"="c:\program files\Steam\Steam.exe" [2010-08-24 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 4186112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"eDSMSNfix"="c:\acer\Empowering Technology\eDSMSNfix.exe" [2007-02-09 13312]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-01-17 151552]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-4-24 528384]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3673696946-49459437-4126574629-1000]
"EnableNotificationsRef"=dword:00000002

R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
R3 TVICHW32;TVICHW32;c:\windows\system32\DRIVERS\TVICHW32.SYS [2008-12-16 23600]
R3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\Drivers\usbVM305.sys [2006-05-08 391688]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2007-12-27 715248]
S0 SI3112r;ATI-4379 Serial ATA Controller;c:\windows\system32\DRIVERS\SI3112r.sys [2007-08-29 116264]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-07 114984]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2010-04-07 95872]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-11-18 141312]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-04-07 133512]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-04-07 810120]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-11-16 50704]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys [2007-03-20 16384]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys [2007-03-13 9856]

.
Obsah adresáře 'Naplánované úlohy'

2010-09-19 c:\windows\Tasks\User_Feed_Synchronization-{50EAEB3D-984B-4306-89B6-72E53F724792}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Doplňkový sken -------
.
uStart Page =
uSearchMigratedDefaultURL =
mStart Page =
mLocal Page =
uInternet Settings,ProxyOverride = *.local
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download web site with Free Download Manager - file://c:\program files\Free Download Manager\dlpage.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
FF - ProfilePath - c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\i8eorezm.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\i8eorezm.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\Misa\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Acer Tour Reminder - (no file)
AddRemove-Football Manager 5.02 - d:\program files\JM\Football Manager 5.02\DeIsL1.isu
AddRemove-Spyware Terminator_is1 - c:\program files\Spyware Terminator\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-19 10:51
Windows 6.0.6000 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????@?@??????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3673696946-49459437-4126574629-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:be,dd,b1,05,cb,d9,2a,2e,ab,4b,38,14,3f,9f,a2,a1,c7,f6,f2,3c,c5,82,fc,
aa,e9,26,6e,b8,06,17,fa,c2,96,c6,5d,9c,a6,9d,0f,95,73,87,32,03,6b,3b,c8,b4,\
"??"=hex:80,e5,f9,e9,c1,b0,32,ad,6a,18,0a,35,e0,c5,18,0b

[HKEY_USERS\S-1-5-21-3673696946-49459437-4126574629-1000\Software\SecuROM\License information*]
"datasecu"=hex:a7,51,25,56,17,4b,27,d7,68,f0,17,eb,a5,e0,24,61,47,5c,6d,6f,20,
9b,45,e9,9f,d1,06,86,22,c5,56,25,a5,74,c7,af,89,7a,c2,34,47,c6,2a,a0,ea,fb,\
"rkeysecu"=hex:99,72,ce,f3,0a,9e,09,43,53,5c,42,7c,3b,26,9d,80

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(588)
c:\windows\system32\eNetHook.dll

- - - - - - - > 'lsass.exe'(620)
c:\windows\system32\eNetHook.dll
.
Celkový čas: 2010-09-19 10:57:13
ComboFix-quarantined-files.txt 2010-09-19 08:57

Před spuštěním: 4 223 164 416
Po spuštění: 3 832 287 232

- - End Of File - - 2D673F7E6CE0B43CCA984F1EA524CC57

[bledulka]

Jestli sis tento program instaloval sám, mám ho vytáhnout z karanteny combofixu nebo ho přeinstaluješ?
c:\programdata\MPK

[hawks86]

Vůbec nevím, co je to za soubor, to této složky nic neinstaluju

[bledulka]

http://download.cnet.com/Free-KGB-Key-L ... 49857.html
Asi sis ho sám neinstaloval, tkaže ho můžu nechat smazaný?

[hawks86]

Jo jasný

[bledulka]

Combofix přesuň na plochu
-otevři si Poznámkový blok
-Do něj zkopíruj text z tohoto okénka

Kód: Vybrat vše

Reglock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)

 File::
c:\windows\System32\edacded0_x.dat
c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\i8eorezm.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe


-vytvořený TXT soubor ulož jako CFScript.txt na plochu a levým myšítkem přesuň nad ikonu Combofixu, kde ho upustíš

-Po proběhnutí skenu a ukončení combofixu by se měl objevit log, vlož ho zde.

Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

[hawks86]

Tady je ten log:

ComboFix 10-09-17.04 - Misa 21.09.2010 18:23:25.2.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.420.1029.18.1022.357 [GMT 2:00]
Spuštěný z: c:\users\Misa\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Misa\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 4.2 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení

FILE ::
"c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\i8eorezm.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe"
"c:\windows\System32\edacded0_x.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\i8eorezm.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
c:\windows\System32\edacded0_x.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-21 do 2010-09-21 )))))))))))))))))))))))))))))))
.

2010-09-21 16:40 . 2010-09-21 16:40 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-21 16:40 . 2010-09-21 16:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-19 08:57 . 2010-09-21 16:40 -------- d-----w- c:\users\Misa\AppData\Local\temp
2010-09-15 14:41 . 2010-09-15 14:41 -------- d-----w- C:\_OTL
2010-09-13 18:56 . 2010-09-13 18:56 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-21 07:32 . 2010-08-22 14:12 -------- d-----w- c:\program files\Steam
2010-09-19 08:58 . 2007-08-21 12:54 92248 ----a-w- c:\users\Misa\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-19 08:58 . 2009-11-08 19:44 8224 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-09-18 12:31 . 2010-08-22 14:12 -------- d-----w- c:\program files\Common Files\Steam
2010-09-17 20:05 . 2010-05-25 16:35 -------- d-----w- c:\programdata\PC Suite
2010-09-17 20:04 . 2007-08-23 15:25 -------- d-----w- c:\users\Misa\AppData\Roaming\ICQ
2010-09-15 14:42 . 2009-10-05 07:55 -------- d-----w- c:\program files\Ask.com
2010-09-13 18:56 . 2010-09-13 18:56 388096 ----a-r- c:\users\Misa\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-13 16:59 . 2008-11-18 16:49 -------- d-----w- c:\programdata\Spyware Terminator
2010-09-13 16:58 . 2008-11-18 16:49 -------- d-----w- c:\program files\Spyware Terminator
2010-09-13 15:51 . 2008-11-18 16:50 -------- d-----w- c:\users\Misa\AppData\Roaming\Spyware Terminator
2010-09-12 09:52 . 2009-09-25 12:27 -------- d-----w- c:\program files\Czech Soccer Manager 2002 FE
2010-09-04 07:51 . 2008-10-28 17:59 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-02 10:55 . 2007-01-08 21:09 481910 ----a-w- c:\windows\system32\perfh005.dat
2010-09-02 10:55 . 2007-01-08 21:09 85994 ----a-w- c:\windows\system32\perfc005.dat
2010-08-22 07:58 . 2010-08-22 07:57 -------- d-----w- c:\program files\Application Updater
2010-08-22 07:56 . 2010-08-04 17:06 -------- d-----w- c:\users\Misa\AppData\Roaming\FreeVideoConverter
2010-08-22 07:51 . 2010-08-04 17:06 -------- d-----w- c:\program files\Free Video Converter
2010-08-21 08:33 . 2007-09-19 07:33 -------- d-----w- c:\program files\Common Files\Java
2010-08-21 08:32 . 2007-09-19 07:33 -------- d-----w- c:\program files\Java
2010-08-16 14:35 . 2007-09-10 12:45 -------- d-----w- c:\program files\GameSpy Arcade
2010-08-03 11:59 . 2008-11-15 20:47 -------- d-----w- c:\users\Misa\AppData\Roaming\dvdcss
2010-08-02 17:27 . 2010-05-25 16:35 -------- d-----w- c:\users\Misa\AppData\Roaming\Nokia
2010-08-02 17:07 . 2010-08-02 17:07 -------- d-----w- c:\program files\WinPcap
2010-08-02 17:06 . 2009-12-01 09:18 -------- d-----w- c:\program files\DsNET Corp
2010-07-28 16:57 . 2010-05-25 16:35 -------- d-----w- c:\users\Misa\AppData\Roaming\PC Suite
2010-07-17 03:00 . 2010-05-20 08:13 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-27 13:39 . 2007-12-28 14:09 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-06-27 13:39 . 2007-12-28 14:09 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-06-27 13:39 . 2007-12-28 14:09 12067 ----atw- c:\windows\system32\SIntf16.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"Steam"="c:\program files\Steam\Steam.exe" [2010-08-24 1242448]
"Acer Tour Reminder"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 4186112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"eDSMSNfix"="c:\acer\Empowering Technology\eDSMSNfix.exe" [2007-02-09 13312]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-01-17 151552]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-4-24 528384]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3673696946-49459437-4126574629-1000]
"EnableNotificationsRef"=dword:00000002

R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
R3 TVICHW32;TVICHW32;c:\windows\system32\DRIVERS\TVICHW32.SYS [2008-12-16 23600]
R3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\Drivers\usbVM305.sys [2006-05-08 391688]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2007-12-27 715248]
S0 SI3112r;ATI-4379 Serial ATA Controller;c:\windows\system32\DRIVERS\SI3112r.sys [2007-08-29 116264]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-07 114984]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2010-04-07 95872]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-11-18 141312]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-04-07 133512]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-04-07 810120]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-11-16 50704]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys [2007-03-20 16384]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys [2007-03-13 9856]

.
Obsah adresáře 'Naplánované úlohy'

2010-09-21 c:\windows\Tasks\User_Feed_Synchronization-{50EAEB3D-984B-4306-89B6-72E53F724792}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Doplňkový sken -------
.
uStart Page =
uSearchMigratedDefaultURL =
mStart Page =
mLocal Page =
uInternet Settings,ProxyOverride = *.local
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download web site with Free Download Manager - file://c:\program files\Free Download Manager\dlpage.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
FF - ProfilePath - c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\i8eorezm.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\i8eorezm.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\Misa\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-21 18:40
Windows 6.0.6000 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????@?@??????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3673696946-49459437-4126574629-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:be,dd,b1,05,cb,d9,2a,2e,ab,4b,38,14,3f,9f,a2,a1,c7,f6,f2,3c,c5,82,fc,
aa,e9,26,6e,b8,06,17,fa,c2,96,c6,5d,9c,a6,9d,0f,95,73,87,32,03,6b,3b,c8,b4,\
"??"=hex:80,e5,f9,e9,c1,b0,32,ad,6a,18,0a,35,e0,c5,18,0b

[HKEY_USERS\S-1-5-21-3673696946-49459437-4126574629-1000\Software\SecuROM\License information*]
"datasecu"=hex:a7,51,25,56,17,4b,27,d7,68,f0,17,eb,a5,e0,24,61,47,5c,6d,6f,20,
9b,45,e9,9f,d1,06,86,22,c5,56,25,a5,74,c7,af,89,7a,c2,34,47,c6,2a,a0,ea,fb,\
"rkeysecu"=hex:99,72,ce,f3,0a,9e,09,43,53,5c,42,7c,3b,26,9d,80
.
Celkový čas: 2010-09-21 18:49:25
ComboFix-quarantined-files.txt 2010-09-21 16:49
ComboFix2.txt 2010-09-19 08:57

Před spuštěním: 2 960 449 536
Po spuštění: 2 462 289 920

- - End Of File - - 039584427D63CBB75C583DC90968202E

[bledulka]

Ještě smaž složku c:\program files\Ask.com

Co počítač?