ComboFix 10-02-21.02 - Rygol 22.02.2010 19:53:30.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.3036.1766 [GMT 1:00]
Spuštěný z: c:\users\Rygol\Desktop\ComboFix.exe
* Rezidentní štít AV je zapnutý
.
ADS - Windows: deleted 24 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
c:\windows\system32\pthreadVC.dll
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
----- BITS: Možné infikované stránky -----
hxxp://armmf.adobe.com.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-22 do 2010-02-22 )))))))))))))))))))))))))))))))
.
2010-02-22 19:01 . 2010-02-22 19:01 -------- d-----w- c:\users\Rygol\AppData\Local\temp
2010-02-22 19:01 . 2010-02-22 19:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-22 10:56 . 2010-02-22 10:35 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-22 10:33 . 2010-02-22 10:33 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-22 10:33 . 2010-02-04 15:53 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-22 10:33 . 2010-02-22 10:35 -------- d-----w- c:\programdata\Lavasoft
2010-02-22 10:33 . 2010-02-22 10:33 -------- d-----w- c:\program files\Lavasoft
2010-02-21 07:27 . 2010-02-21 07:36 -------- d-----w- c:\program files\Vision Objects
2010-02-18 20:26 . 2010-02-18 20:26 -------- d-----w- c:\windows\system32\js
2010-02-18 20:26 . 2010-02-18 20:26 -------- d-----w- c:\windows\system32\html
2010-02-18 20:26 . 2010-02-18 20:26 -------- d-----w- c:\windows\system32\css
2010-02-18 20:26 . 2010-02-18 20:26 -------- d-----w- c:\program files\Business Objects
2010-02-18 20:26 . 2010-02-18 20:26 -------- d-----w- c:\program files\Microsoft Device Emulator
2010-02-18 20:25 . 2010-02-18 20:26 -------- d-----w- c:\program files\Windows Mobile 5.0 SDK R2
2010-02-18 20:24 . 2010-02-18 20:24 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-02-18 20:24 . 2010-02-18 20:24 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-18 20:16 . 2010-02-18 20:16 -------- d-----w- c:\programdata\PreEmptive Solutions
2010-02-18 20:11 . 2010-02-18 20:11 -------- d-----w- c:\windows\symbols
2010-02-18 20:09 . 2010-02-18 20:12 -------- d-----w- c:\program files\HTML Help Workshop
2010-02-18 20:09 . 2010-02-18 20:09 -------- d-----w- c:\program files\CE Remote Tools
2010-02-18 06:55 . 2010-02-18 06:55 -------- d-----w- c:\program files\Microsoft Web Designer Tools
2010-02-09 13:37 . 2010-02-09 13:38 -------- d-----w- c:\users\Rygol\AppData\Roaming\Zoner
2010-02-09 13:37 . 2010-02-09 13:37 -------- d-----w- c:\users\Rygol\AppData\Local\Zoner
2010-02-09 13:36 . 2010-02-09 13:36 -------- d-----w- c:\program files\Zoner
2010-02-03 10:59 . 2009-06-02 14:39 737152 ----a-w- c:\windows\system32\drivers\A885VCap.sys
2010-02-03 10:22 . 2010-02-07 19:06 -------- d-----w- c:\users\Rygol\AppData\Local\AVer MediaCenter
2010-02-03 10:21 . 2010-02-03 10:21 -------- d-----w- c:\programdata\AVer MediaCenter
2010-02-03 09:37 . 2010-02-03 11:05 -------- d-----w- c:\programdata\AVerTV
2010-02-03 09:36 . 2010-02-03 09:36 -------- d-----w- c:\users\Rygol\AppData\Local\AVerMedia
2010-02-03 09:36 . 2009-08-18 21:25 102400 ----a-w- c:\windows\system32\CardID.dll
2010-02-03 09:36 . 2007-02-08 20:09 49152 ----a-w- c:\windows\system32\AVerIO.dll
2010-02-03 09:36 . 2005-04-29 02:08 3456 ----a-w- c:\windows\system32\AVerIO.sys
2010-02-03 09:36 . 2009-08-13 23:23 307200 ----a-w- c:\windows\system32\sptlib01.dll
2010-02-03 09:36 . 2009-08-07 00:22 598016 ----a-w- c:\windows\system32\sptlib21.dll
2010-02-03 09:36 . 2009-07-03 02:38 294912 ----a-w- c:\windows\system32\sptlib11.dll
2010-02-03 09:36 . 2009-05-25 21:56 249856 ----a-w- c:\windows\system32\sptlib03.dll
2010-02-03 09:36 . 2009-03-23 20:59 225280 ----a-w- c:\windows\system32\sptlib02.dll
2010-02-03 09:36 . 2008-12-02 23:03 135168 ----a-w- c:\windows\system32\sptlib12.dll
2010-02-03 09:36 . 2008-10-08 00:31 290816 ----a-w- c:\windows\system32\sptlib22.dll
2010-02-03 09:31 . 2010-02-03 10:19 -------- d-----w- c:\program files\Common Files\AVerMedia
2010-02-03 09:31 . 2010-02-03 09:31 -------- d-----w- c:\programdata\AVerMedia
2010-02-03 08:57 . 2010-02-03 08:57 -------- d-----w- c:\users\user\LOCALS~1
2010-02-03 08:57 . 2010-02-03 08:57 -------- d-----w- c:\users\user
2010-02-03 08:29 . 2010-02-03 08:29 -------- d-----w- c:\program files\PlayReady
2010-02-03 08:27 . 2010-02-03 08:27 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-02-03 07:59 . 2010-02-03 11:01 -------- d-----w- c:\windows\Driver Cache
2010-02-03 07:57 . 2010-02-03 10:19 -------- d-----w- c:\program files\AVerMedia
2010-01-27 10:59 . 2010-01-27 10:59 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-26 22:00 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-01-26 22:00 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-21 20:14 . 2009-10-13 21:11 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-21 19:17 . 2009-10-28 11:29 -------- d-----w- c:\program files\Garena
2010-02-21 19:08 . 2009-09-25 08:45 687972 ----a-w- c:\windows\system32\perfh005.dat
2010-02-21 19:08 . 2009-09-25 08:45 143212 ----a-w- c:\windows\system32\perfc005.dat
2010-02-21 07:36 . 2009-11-07 11:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-18 20:42 . 2009-09-25 09:09 -------- d-----w- c:\programdata\Microsoft Help
2010-02-18 20:42 . 2009-09-25 09:54 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-02-18 20:33 . 2009-09-25 10:01 111256 ----a-w- c:\users\Rygol\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-18 20:23 . 2009-09-25 09:11 -------- d-----w- c:\program files\Microsoft.NET
2010-02-18 20:16 . 2009-09-25 09:54 -------- d-----w- c:\program files\Common Files\Merge Modules
2010-02-18 20:11 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-02-04 15:53 . 2010-02-22 10:35 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-27 11:10 . 2009-09-26 07:47 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-18 23:29 . 2010-02-10 06:18 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 06:18 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 06:18 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 06:18 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 06:18 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 06:18 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 06:18 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 06:18 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-14 10:12 . 2009-10-02 19:15 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 21:42 . 2008-08-14 05:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2010-01-12 16:04 . 2010-01-12 14:29 -------- d-----w- c:\users\Rygol\AppData\Roaming\Hamachi
2010-01-08 03:18 . 2010-02-10 06:18 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-10 06:18 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-01-06 14:55 . 2010-01-06 14:55 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-12-20 20:59 . 2009-10-13 20:23 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-19 09:02 . 2010-01-21 19:15 977920 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 09:02 . 2010-02-10 06:18 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02 . 2010-02-10 06:18 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02 . 2010-02-10 06:18 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02 . 2010-02-10 06:18 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02 . 2010-02-10 06:18 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02 . 2010-02-10 06:18 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02 . 2010-02-10 06:18 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02 . 2010-02-10 06:18 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-12-08 11:40 . 2010-02-10 06:18 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 11:40 . 2010-02-10 06:18 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 11:32 . 2010-02-10 06:18 292864 ----a-w- c:\windows\system32\apphelp.dll
2009-12-08 08:05 . 2010-02-10 06:18 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-08 08:05 . 2010-02-10 06:18 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}"= "c:\users\Rygol\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll" [2009-07-14 150768]
[HKEY_CLASSES_ROOT\clsid\{a55f9c95-2bb1-4ea2-bc77-dfaab78832ce}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{45FF696B-5284-4781-B2CA-ECF3A742A17B}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
2009-07-14 15:14 150768 ----a-w- c:\users\Rygol\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-04-13 2387968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"CAP3ON"="c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2007-01-19 28288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-12-18 39424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
c:\users\Rygol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Aktualizovat ESET licenci.lnk - c:\program files\ESET\MiNODLogin\MiNODLogin.exe [2009-10-24 125952]
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2010-2-3 155648]
Canon LASER SHOT LBP-1120 Status Window.LNK - c:\windows\System32\spool\drivers\w32x86\3\CAP3LAK.EXE [2007-1-9 38976]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2010-01-13 21:42 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [22.2.2010 11:35 64288]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14.5.2009 14:47 107256]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [14.7.2009 0:52 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [18.8.2009 1:36 176128]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [3.2.2010 10:36 344064]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 14:47 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [14.5.2009 14:49 93312]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4.2.2010 16:52 1229232]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [9.10.2009 16:07 493248]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\System32\drivers\vwifimp.sys [14.7.2009 0:52 14336]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\System32\drivers\yk62x86.sys [28.9.2009 8:22 315392]
S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [3.2.2010 10:36 405504]
S3 CXSONORA;AVerMedia 23885 AvStream Video Capture;c:\windows\System32\drivers\A885VCap.sys [3.2.2010 11:59 737152]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 1:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\System32\drivers\RsFx0102.sys [10.7.2008 1:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 1:28 369688]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-04-13 13:08 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL =
hxxp://search.qip.ruuSearchAssistant =
hxxp://search.qip.ru/ieuSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Rygol\AppData\Roaming\Mozilla\Firefox\Profiles\o3s28o0e.default\
FF - prefs.js: keyword.URL -
hxxp://search.qip.ru/search?from=FF&query=FF - component: c:\users\Rygol\AppData\Roaming\Mozilla\Firefox\Profiles\o3s28o0e.default\extensions\coc@ble.pl\components\dwmxpcom.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-AdobeBridge - (no file)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GarenaPEngine]
"ImagePath"="\??\c:\users\Rygol\AppData\Local\Temp\GIK82D7.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-02-22 20:04:00
ComboFix-quarantined-files.txt 2010-02-22 19:03
Před spuštěním: Volných bajtů: 443 814 526 976
Po spuštění: Volných bajtů: 444 346 556 416
- - End Of File - - 19FFC4577EF114E3D035DF8C97534570
