ComboFix 11-07-19.03 - Michal 21.07.2011 9:08.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.420.1029.18.959.313 [GMT 2:00]
Spuštěný z: c:\users\Michal\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Michal\AppData\Roaming\inst.exe
c:\users\Michal\AppData\Roaming\Local
c:\users\Michal\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\Michal\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Michal\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Michal\AppData\Roaming\Local\Temp\DDM\Settings\273478.avi.ddr
c:\users\Michal\AppData\Roaming\Local\Temp\DDM\Settings\cvkzobjnbtbc.avi.ddr
c:\users\Michal\AppData\Roaming\Local\Temp\DDM\Settings\dhrckiqualck.avi.ddr
c:\users\Michal\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\users\Michal\AppData\Roaming\Local\Temp\DDM\Settings\kjcjdifmuxoj.avi.ddr
c:\users\Michal\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Michal\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2)
c:\users\Michal\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\users\Michal\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\273478.avi
c:\users\Michal\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\cvkzobjnbtbc(2).avi
c:\users\Michal\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\cvkzobjnbtbc.avi
c:\users\Michal\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\dhrckiqualck.avi
c:\users\Michal\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\users\Michal\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\kjcjdifmuxoj.avi
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\HKExt3.exe
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\IsUn0405.exe
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix.rar
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\services32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\system32\Thumbs.db
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.tray-12-0\svchost.exe
c:\windows\update.tray-15-0\svchost.exe
c:\windows\update.tray-7-0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
-------\Service_srvbtcclient
-------\Service_srvbtcclient
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-21 do 2011-07-21 )))))))))))))))))))))))))))))))
.
.
2011-07-21 07:27 . 2011-07-21 07:32 -------- d-----w- c:\users\Michal\AppData\Local\temp
2011-07-21 07:27 . 2011-07-21 07:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-21 07:03 . 2011-07-21 07:04 -------- d-----w- C:\32788R22FWJFW
2011-07-20 19:06 . 2011-07-20 19:07 -------- d-----w- c:\program files\Crawler
2011-07-20 19:06 . 2011-07-20 19:06 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-07-20 19:06 . 2011-07-21 06:30 -------- d-----w- c:\users\Michal\AppData\Roaming\Spyware Terminator
2011-07-20 19:06 . 2011-07-21 06:40 -------- d-----w- c:\programdata\Spyware Terminator
2011-07-20 19:06 . 2011-07-21 06:39 -------- d-----w- c:\program files\Spyware Terminator
2011-07-20 18:56 . 2011-07-20 18:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-07-20 18:56 . 2011-07-20 18:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-20 18:02 . 2011-07-20 18:02 -------- d-----w- c:\users\Michal\AppData\Roaming\ScanSpyware
2011-07-20 18:02 . 2008-09-07 15:22 8704 ----a-w- c:\windows\system32\ssbtsr.exe
2011-07-20 18:02 . 2011-07-20 18:02 -------- d-----w- c:\program files\ScanSpyware
2011-07-20 13:35 . 2011-07-20 13:35 388096 ----a-r- c:\users\Michal\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-20 13:35 . 2011-07-20 13:35 -------- d-----w- c:\program files\Trend Micro
2011-07-20 11:52 . 2011-07-04 11:32 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-20 11:31 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2011-07-20 11:31 . 2004-01-09 09:13 380928 ----a-w- c:\windows\system32\actskin4.ocx
2011-07-20 09:18 . 2011-07-21 07:26 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-20 09:18 . 2011-07-20 09:18 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-20 08:14 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-20 08:14 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-20 08:14 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-20 08:14 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-20 08:14 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-20 08:10 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-20 08:10 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-20 07:18 . 2011-07-20 07:18 -------- d--h--w- c:\programdata\Common Files
2011-07-20 07:14 . 2011-07-20 10:00 -------- d-----w- c:\programdata\MFAData
2011-07-20 07:09 . 2011-07-20 07:09 -------- d-----w- c:\windows\rpcminer
2011-07-20 07:09 . 2011-07-20 07:09 -------- d-----w- c:\windows\ufa
2011-07-20 07:09 . 2011-07-20 07:09 -------- d-----w- c:\windows\phoenix
2011-07-20 07:05 . 2011-07-20 07:09 246272 ----a-w- c:\windows\unrar.exe
2011-07-20 06:58 . 2011-07-21 07:26 -------- d--h--w- c:\windows\update.tray-15-0
2011-07-20 06:58 . 2011-07-20 06:58 -------- d--h--w- c:\windows\update.tray-15-0-lnk
2011-07-20 06:58 . 2011-07-21 07:26 -------- d--h--w- c:\windows\update.tray-12-0
2011-07-20 06:58 . 2011-07-20 06:58 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-07-20 06:48 . 2011-07-20 06:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 11:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-07-20 3318784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-14 4399104]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-02-12 69632]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-12 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-12 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"ScanSoft OmniPage SE 4.0-reminder"="c:\program files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" [2005-06-03 729088]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LchDrvKey]
2007-03-28 15:55 36864 ----a-w- c:\windows\LchDrvKey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2339924593-1978834510-2909242303-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-10-28 13224]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 SE1008mdm;Sony Ericsson SE1008 Mobile Device Full USB Driver;c:\windows\system32\DRIVERS\SE1008mdm.sys [2009-01-13 58536]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 9446]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-02-13 717296]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-12 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-08-12 108552]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-07-20 142592]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;c:\program files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [2007-09-24 566560]
S2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [2006-04-20 59776]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [2006-04-20 19456]
S2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kxbar.sys [2006-04-20 9600]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-10-26 27632]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-15 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 14:17]
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 15:33]
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 15:33]
.
2011-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2339924593-1978834510-2909242303-1000Core.job
- c:\users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-25 09:33]
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2339924593-1978834510-2909242303-1000UA.job
- c:\users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-25 09:33]
.
2011-07-21 c:\windows\Tasks\User_Feed_Synchronization-{D8B4D3AB-5E15-425D-B886-00EB60E81610}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: Interfaces\{823464FC-299A-4527-A3E4-3C6A3835ED71}: NameServer = 194.228.41.65,194.228.41.113
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\683gyk47.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\lukáš\Programy\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\lukáš\Programy\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\lukáš\Programy\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - c:\program files\AVAST Software\Avast\ashShell.dll
HKLM-Run-wxpdrv - c:\windows\services32.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-sysdriver32_.exe - c:\windows\sysdriver32_.exe
HKLM-Run-l1rezerv.exe - c:\windows\l1rezerv.exe
HKLM-Run-tray_ico0 - c:\windows\update.tray-7-0\svchost.exe
HKLM-Run-tray_ico1 - c:\windows\update.tray-12-0\svchost.exe
HKLM-Run-tray_ico2 - c:\windows\update.tray-15-0\svchost.exe
MSConfigStartUp-1552741 - c:\windows\TEMP\1552741.exe
MSConfigStartUp-2488763 - c:\windows\TEMP\2488763.exe
MSConfigStartUp-6891982 - c:\windows\TEMP\6891982.exe
MSConfigStartUp-HKExt3 - HKExt3.exe
AddRemove-avast - c:\program files\AVAST Software\Avast\aswRunDll.exe
AddRemove-Easy-WebPrint - c:\windows\IsUn0405.exe
AddRemove-WinRAR archiver - c:\lukáš\Programy\uninstall.exe
AddRemove-Čeština - c:\lukáš\Hry\BattleField2\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-21 09:33
Windows 6.0.6001 Service Pack 1 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3528)
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\MHotKey.exe
c:\windows\system32\conime.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\rundll32.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\WerCon.exe
.
**************************************************************************
.
Celkový čas: 2011-07-21 09:44:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-21 07:43
.
Před spuštěním: Volných bajtů: 43 738 062 848
Po spuštění: Volných bajtů: 43 315 138 560
.
- - End Of File - - 4B355031699D0EE78E2D6B3C17D2A5B4
Prosím o kontrolu logu
Re: Prosím o kontrolu logu
Fuj, to mám jako ten binec uklízet? 
Combofix přesuň na plochu
-otevři si Poznámkový blok
-Do něj zkopíruj text z tohoto okénka
-vytvořený TXT soubor ulož jako CFScript.txt na plochu a levým myšítkem přesuň nad ikonu Combofixu, kde ho upustíš
-Po proběhnutí skenu a ukončení combofixu by se měl objevit log, vlož ho zde.
Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.
Combofix přesuň na plochu
-otevři si Poznámkový blok
-Do něj zkopíruj text z tohoto okénka
Kód: Vybrat vše
KillAll::
Folder::
c:\windows\update.tray-7-0
c:\windows\update.tray-7-0-lnk
c:\programdata\Common Files
c:\programdata\MFAData
c:\windows\rpcminer
c:\windows\ufa
c:\windows\phoenix
c:\windows\update.tray-15-0
c:\windows\update.tray-15-0-lnk
c:\windows\update.tray-12-0
c:\windows\update.tray-12-0-lnk
c:\program files\Ask.com
File::
c:\windows\system32\FlashPlayerCPLApp.cpl
c:\windows\unrar.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= -
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
DDS::
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
Firefox::
FF - ProfilePath - c:\users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\683gyk47.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.7&q=
-vytvořený TXT soubor ulož jako CFScript.txt na plochu a levým myšítkem přesuň nad ikonu Combofixu, kde ho upustíš
-Po proběhnutí skenu a ukončení combofixu by se měl objevit log, vlož ho zde.
Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 17 hostů