procesy 0921.exe,403935.exe,ngs.exe,hijivaz.exe

Antivirové programy, firewally, viry, spyware, aktuální hrozby

Moderátor: Moderátoři Živě.cz

Odeslat příspěvekod majklb 14. 1. 2011 15:36

Zdravím, nevím jak, ani odkud ale najednou se mi na počítači samy po spuštění zobrazily tyto soubory - bfale, bfwdrv, foobehop, fycoho,JP595IR860, jutouv, kewo a to by snad mělo být vše. I po odškrtnutí v mscofigu se spouští a objeví se tam vždy znova. V procesech po spuštění mám ty vyjmenované v názvu. A koukám, že dost možná to bude MSE Extrim version 2011 Edition vir. Nevíte jak se toho zbavit, zkoušel jsem hledat přímo tady a nic mi to kupodivu nenašlo. Dost mi to zpomaluje celý počítač. Zkoušel jsem hledat tyto názvy procesů a kromě názvu toho viru(který se zobrazuje v procesech po spuštění mi to nic nenašlo. Půjdu hledat, ale kdybyjste náhodou někdo věděl o nějaké stránce kde je 100% návod na odstranění, tak budu moc rád.
majklb
Junior

Odeslat příspěvekod Mike.M 14. 1. 2011 15:54

Nejaky sracky z netu. Stahni si combofix a rid se pokyny. ten to na 99% odstrani. Je česky. Pak dej vedet jak si dopadl, nebo sem postni log soubor
Zivot je kurevsky tezky.
Mike.M
Mírně pokročilý
Uživatelský avatar

Odeslat příspěvekod majklb 14. 1. 2011 16:05

ok, přesně tohle právě dělám :-D jediný co mě napadlo udělat :)
majklb
Junior

Odeslat příspěvekod majklb 14. 1. 2011 17:09

ComboFix 11-01-13.01 - majk 14.01.2011 16:30:53.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.1024.484 [GMT 1:00]
Spuštěný z: c:\users\majk\Downloads\ComboFix.exe
AV: ESET Smart Security 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\majk\AppData\Roaming\Microsoft\gooloupoonni.exe
c:\users\majk\AppData\Roaming\Microsoft\gouvic.exe
c:\users\majk\AppData\Roaming\Microsoft\hijivaz.exe
c:\users\majk\AppData\Roaming\Microsoft\liwouh.exe
c:\users\majk\AppData\Roaming\Microsoft\loufummoo.exe
c:\users\majk\AppData\Roaming\Microsoft\lyrijetos.exe
c:\users\majk\AppData\Roaming\Microsoft\vofupegoos.exe
c:\users\majk\AppData\Roaming\Microsoft\wygaf.exe
c:\windows\system32\Ijl11.dll
c:\windows\system32\vbpng1.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_win32x
-------\Service_ujyvbavboleop
-------\Service_xuyyetxu0y3e


((((((((((((((((((((((((( Soubory vytvořené od 2010-12-14 do 2011-01-14 )))))))))))))))))))))))))))))))
.

2011-01-14 15:45 . 2011-01-14 15:50 -------- d-----w- c:\users\majk\AppData\Local\temp
2011-01-14 15:45 . 2011-01-14 15:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-14 14:42 . 2010-11-16 11:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FE093AD2-D389-4049-A371-439CB394BD7D}\mpengine.dll
2011-01-14 14:41 . 2011-01-14 14:41 301568 ----a-w- c:\windows\system32\cmd.execf
2011-01-10 13:56 . 2011-01-08 17:45 229888 ----a-w- c:\windows\Nxanyf.exe
2011-01-08 12:45 . 2011-01-07 14:55 253952 ----a-w- c:\windows\Nxanye.exe
2011-01-07 14:31 . 2011-01-05 14:38 222208 ----a-w- c:\windows\Nxanyd.exe
2010-12-22 13:35 . 2010-12-13 14:56 194560 ----a-w- c:\windows\Nxanyc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-12 17:31 . 2010-12-13 14:44 378880 ----a-w- c:\windows\Nxanyb.exe
2010-12-12 08:15 . 2010-12-12 08:15 198144 ----a-w- c:\windows\Nxanya.exe
2010-12-11 15:44 . 2010-12-11 15:44 43008 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vrhhdttpfl.exe
2010-12-11 15:44 . 2010-12-11 15:44 43008 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2hcc71e.exe
2010-12-11 15:44 . 2010-12-11 15:44 42496 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gccxoojaav.exe
2010-12-10 06:04 . 2010-12-10 06:04 50688 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aa6mm6it2.exe
2010-12-10 06:04 . 2010-12-10 06:04 50688 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uu6gg6ss6.exe
2010-12-10 06:04 . 2010-12-10 06:04 50688 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aa9g1cyy.exe
2010-12-10 06:04 . 2010-12-10 06:04 42496 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\70vrmm6.exe
2010-12-06 15:25 . 2010-12-06 15:25 42496 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkk6ww6iy6u.exe
2010-12-06 15:25 . 2010-12-06 15:25 50688 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eezqqlcc.exe
2010-12-06 15:25 . 2010-12-06 15:25 50688 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3kkfwwr.exe
2010-12-06 15:25 . 2010-12-06 15:25 50688 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0fbww6i.exe
2010-12-05 14:19 . 2010-12-05 14:19 50688 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\q1miiduulr.exe
2010-12-05 14:19 . 2010-12-05 14:19 42496 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\q70rnii71.exe
2010-12-05 14:19 . 2010-12-05 14:19 50688 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qqlccxooz9.exe
2010-12-05 14:19 . 2010-12-05 14:19 50688 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fvvrhhdt.exe
2010-12-05 07:35 . 2010-12-05 07:35 50688 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\g3iiduuaqmx.exe
2010-12-05 07:35 . 2010-12-05 07:35 42496 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qq6cc6tu7.exe
2010-12-05 07:35 . 2010-12-05 07:35 42496 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vrhhdttpfa.exe
2010-12-05 07:35 . 2010-12-05 07:35 50688 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\i9plbbxnn.exe
2010-12-04 19:16 . 2010-12-04 19:16 50688 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\r112kqwh3o.exe
2010-12-04 19:16 . 2010-12-04 19:16 50688 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fbg75y3aa.exe
2010-12-04 19:16 . 2010-12-04 19:16 50688 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vr112kqwh3o.exe
2010-12-04 19:16 . 2010-12-04 19:16 42496 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\r112kqwh.exe
2010-12-04 13:32 . 2010-12-04 13:32 50688 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rm1ieezqq.exe
2010-12-04 13:32 . 2010-12-04 13:32 42496 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\r2dyy6kk35c.exe
2010-12-04 13:32 . 2010-12-04 13:32 42496 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\w3yytkkfq2h.exe
2010-12-04 13:32 . 2010-12-04 13:32 50688 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uggr2dyy.exe
2010-12-03 17:19 . 2010-12-03 17:19 50688 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zkk6ww6ii6.exe
2010-12-03 17:19 . 2010-12-03 17:19 50688 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6ww6ii6.exe
2010-12-03 17:19 . 2010-12-03 17:19 42496 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3brriid.exe
2010-12-03 17:19 . 2010-12-03 17:19 50688 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eevvrhhd.exe
2010-11-30 15:43 . 2010-11-30 15:43 50688 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d0jfaa6mm.exe
2010-11-30 15:43 . 2010-11-30 15:43 50688 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\brrnddze.exe
2010-11-30 15:43 . 2010-11-30 15:43 50688 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vmmhyytkkq6.exe
2010-11-30 15:43 . 2010-11-30 15:43 42496 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\g1cyytkk.exe
2010-11-26 15:05 . 2010-11-26 15:05 50688 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qlh0ytpuq.exe
2010-11-26 15:05 . 2010-11-26 15:05 50688 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85aaqg7.exe
2010-11-26 15:05 . 2010-11-26 15:05 50688 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qrsye5aaqg.exe
2010-11-22 15:03 . 2010-11-22 15:03 43008 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6yy6kk6.exe
2010-11-22 15:03 . 2010-11-22 15:03 43008 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1okkfww.exe
2010-11-22 15:03 . 2010-11-22 15:03 43008 --sh--r- c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6ss6ee6.exe
2010-10-19 09:41 . 2009-10-02 16:26 222080 ------w- c:\windows\system32\MpSigStub.exe
2006-05-03 10:06 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\System32\nbDX.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864]
"Infium"="c:\program files\QIP 2010\qip.exe" [2010-11-24 5853056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-11-21 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-21 7753728]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-21 81920]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]

c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
0fbww6i.exe [2010-12-6 50688]
1okkfww.exe [2010-11-22 43008]
2hcc71e.exe [2010-12-11 43008]
3brriid.exe [2010-12-3 42496]
3kkfwwr.exe [2010-12-6 50688]
6ss6ee6.exe [2010-11-22 43008]
6ww6ii6.exe [2010-12-3 50688]
6yy6kk6.exe [2010-11-22 43008]
70vrmm6.exe [2010-12-10 42496]
85aaqg7.exe [2010-11-26 50688]
aa6mm6it2.exe [2010-12-10 50688]
aa9g1cyy.exe [2010-12-10 50688]
brrnddze.exe [2010-11-30 50688]
d0jfaa6mm.exe [2010-11-30 50688]
eevvrhhd.exe [2010-12-3 50688]
eezqqlcc.exe [2010-12-6 50688]
fbg75y3aa.exe [2010-12-4 50688]
fvvrhhdt.exe [2010-12-5 50688]
g1cyytkk.exe [2010-11-30 42496]
g3iiduuaqmx.exe [2010-12-5 50688]
gccxoojaav.exe [2010-12-11 42496]
i9plbbxnn.exe [2010-12-5 50688]
pkk6ww6iy6u.exe [2010-12-6 42496]
q1miiduulr.exe [2010-12-5 50688]
q70rnii71.exe [2010-12-5 42496]
qlh0ytpuq.exe [2010-11-26 50688]
qq6cc6tu7.exe [2010-12-5 42496]
qqlccxooz9.exe [2010-12-5 50688]
qrsye5aaqg.exe [2010-11-26 50688]
r112kqwh.exe [2010-12-4 42496]
r112kqwh3o.exe [2010-12-4 50688]
r2dyy6kk35c.exe [2010-12-4 42496]
rm1ieezqq.exe [2010-12-4 50688]
uggr2dyy.exe [2010-12-4 50688]
uu6gg6ss6.exe [2010-12-10 50688]
vmmhyytkkq6.exe [2010-11-30 50688]
vr112kqwh3o.exe [2010-12-4 50688]
vrhhdttpfa.exe [2010-12-5 42496]
vrhhdttpfl.exe [2010-12-11 43008]
w3yytkkfq2h.exe [2010-12-4 42496]
zkk6ww6ii6.exe [2010-12-3 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Miranda IM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Miranda IM.lnk
backup=c:\windows\pss\Miranda IM.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Miranda pack by sssugi.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Miranda pack by sssugi.lnk
backup=c:\windows\pss\Miranda pack by sssugi.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update ESET's licence.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Update ESET's licence.lnk
backup=c:\windows\pss\Update ESET's licence.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update ESET's license.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Update ESET's license.lnk
backup=c:\windows\pss\Update ESET's license.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^majk^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Lingea Update Center.lnk]
path=c:\users\majk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lingea Update Center.lnk
backup=c:\windows\pss\Lingea Update Center.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remove Uninstaller for VMware Workstation]
rmdir [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-10-23 14:10 140568 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-10-23 15:58 906648 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-11-15 09:42 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-10-16 13:50 133104 ----atw- c:\users\majk\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2009-04-14 05:43 604704 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2007-10-23 14:05 2615624 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\majk\AppData\Local\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

R0 PCGenFAM;PCGenFAM;c:\windows\system32\DRIVERS\PCGenFAM.sys [2010-10-12 181704]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-22 1343400]
R3 zsi_fmw;Sansa Connect Firmware Recovery;c:\windows\system32\Drivers\zsi_fmw.sys [x]
R3 zsi_zap;Sansa Connect ZAP Recovery Driver;c:\windows\system32\Drivers\zsi_zap.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-06 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-02-06 38240]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2010-10-12 330784]

.
Obsah adresáře 'Naplánované úlohy'

2011-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2482082325-948204699-1557765571-1001Core.job
- c:\users\majk\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-16 13:50]

2011-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2482082325-948204699-1557765571-1001UA.job
- c:\users\majk\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-16 13:50]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\majk\AppData\Roaming\Mozilla\Firefox\Profiles\ayys8kbp.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Lazarus: Form Recovery: lazarus@interclue.com - %profile%\extensions\lazarus@interclue.com
FF - Ext: FireGestures: firegestures@xuldev.org - %profile%\extensions\firegestures@xuldev.org
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: FoxyTunes: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} - %profile%\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: Tab Scope: tabscope@xuldev.org - %profile%\extensions\tabscope@xuldev.org
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Explorer_Run-nnujufgws - c:\windows\system32\winver6.exe
HKLM-Explorer_Run-Pkugjznjdf - c:\windows\system32\BlbEventsi.exe
HKLM-Explorer_Run-AMPU - c:\windows\system32\COMMANDB.exe
HKLM-Explorer_Run-IERFA - c:\windows\system32\WSDApi1.exe
HKLM-Explorer_Run-Xbdkgnnmko - c:\windows\system32\dnsexty.exe
HKLM-Explorer_Run-KZGR - c:\windows\system32\uniplat9.exe
HKLM-Explorer_Run-QOIE - c:\windows\system32\nvrsit3.exe
MSConfigStartUp-bfale - c:\users\majk\AppData\Local\Temp\0921.exe
MSConfigStartUp-bfwdrv - c:\users\majk\AppData\Local\Temp\403935.exe
MSConfigStartUp-foobehop - c:\users\majk\AppData\Roaming\Microsoft\duvyl.exe
MSConfigStartUp-fycoho - c:\users\majk\AppData\Roaming\Microsoft\gouvic.exe
MSConfigStartUp-JP595IR86O - c:\users\majk\AppData\Local\Temp\Ngh.exe
MSConfigStartUp-jutouv - c:\users\majk\AppData\Roaming\Microsoft\hijivaz.exe
MSConfigStartUp-kewo - c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\lyrijetos.exe
MSConfigStartUp-Miranda IM - c:\program files\Miranda IM KP v5.0.8.5\launcher.exe
MSConfigStartUp-MirandaIM - c:\program files\Miranda IM\miranda32.exe
MSConfigStartUp-RAM Idle Professional - c:\program files\RAM Idle LE\RAM_XP.exe
MSConfigStartUp-SansaDispatch - c:\users\majk\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
AddRemove-Avira NTFS4DOS - f:\ntfs4dos\uninst.exe
AddRemove-{DC04F9F2-B632-4302-AF89-B507CD7DC908}_is1 - c:\program files\Miranda pack\unins000.exe


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(4880)
c:\progra~1\LGPCSU~2\LGPHON~1\Phone.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\Soluto\soluto.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\DllHost.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2011-01-14 17:06:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-14 16:06

Před spuštěním: Volných bajtů: 117 568 884 736
Po spuštění: Volných bajtů: 117 371 912 192

- - End Of File - - 7EBB4120AB5752862D74DCC180B4ACB0

-- 14. 1. 2011 17:13 --

zatím to vypadá, že to pomohlo. Systém je znatelně rychlejší než předtím ;-)
majklb
Junior


Kdo je online

Uživatelé procházející toto fórum: Žádní registrovaní uživatelé a 0 návštevníků