ComboFix 10-06-23.03 - Admin 24.06.2010 12:54:29.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.531 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Kerio Personal Firewall *enabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-24 do 2010-06-24 )))))))))))))))))))))))))))))))
.
2010-06-21 14:46 . 2010-06-21 14:49 -------- d-----w- c:\windows\system32\NtmsData
2010-06-17 17:48 . 2010-06-20 18:18 -------- d-----w- c:\program files\Picasa2
2010-06-17 15:55 . 2010-06-17 16:02 -------- d-----w- c:\program files\Fraps
2010-06-16 15:13 . 2008-11-13 14:20 602624 -c----w- c:\windows\system32\dllcache\crypt32.dll
2010-06-16 15:13 . 2008-11-13 14:20 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2010-06-16 14:30 . 2010-06-16 14:30 -------- d-----w- c:\windows\system32\xlive
2010-06-16 14:30 . 2010-06-16 14:30 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-06-16 13:50 . 2008-04-14 06:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-06-15 02:16 . 2010-06-15 02:16 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-06-14 13:57 . 2010-06-14 13:57 -------- d-----w- c:\program files\TopStyle 4
2010-06-14 13:55 . 2010-06-14 13:55 -------- d-----w- c:\program files\PSPad editor
2010-06-13 11:28 . 2010-06-13 11:28 -------- d-----w- C:\ATI
2010-06-10 22:28 . 2010-06-10 22:28 -------- d-----w- c:\program files\uTorrent
2010-06-09 14:33 . 2010-06-09 14:33 -------- d-----w- c:\program files\Counter-Strike Source
2010-06-08 14:25 . 2010-06-09 12:26 -------- d-----w- c:\program files\Mass Downloader
2010-06-08 14:19 . 2003-12-15 21:16 81920 ----a-w- c:\windows\system32\eSellerateControl350.dll
2010-06-08 14:19 . 2003-12-15 21:16 348160 ----a-w- c:\windows\system32\eSellerateEngine.dll
2010-06-08 14:19 . 2010-06-08 14:21 -------- d-----w- c:\program files\Star Downloader
2010-06-04 18:33 . 2010-06-04 18:33 -------- d-----w- c:\program files\CDBurnerXP
2010-06-01 18:29 . 2008-07-11 00:28 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2010-06-01 18:29 . 2008-07-11 00:28 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2010-06-01 18:28 . 2010-06-01 18:28 -------- d-----w- c:\windows\system32\RsFx
2010-06-01 17:42 . 2010-06-01 18:28 -------- d-----w- c:\program files\Microsoft SQL Server
2010-06-01 17:42 . 2010-06-18 12:45 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-01 17:42 . 2010-06-01 17:42 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-06-01 17:42 . 2010-06-01 17:42 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-06-01 17:37 . 2010-06-01 17:42 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-06-01 17:37 . 2010-06-01 17:37 -------- d-----w- c:\program files\Microsoft SDKs
2010-05-28 16:54 . 2007-10-12 13:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2010-05-28 12:51 . 2010-05-28 12:51 -------- d-----w- c:\program files\Opera
2010-05-27 13:51 . 2010-05-27 13:51 -------- d-sh--w- c:\windows\ftpcache
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-20 11:49 . 2010-05-07 18:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-20 08:05 . 2010-06-06 10:55 7003 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-06-17 12:40 . 2010-05-07 14:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-16 14:02 . 2001-10-25 14:00 497316 ----a-w- c:\windows\system32\perfh005.dat
2010-06-16 14:02 . 2001-10-25 14:00 103464 ----a-w- c:\windows\system32\perfc005.dat
2010-06-16 13:56 . 2010-05-07 14:12 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-06-16 13:56 . 2010-05-07 14:12 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-13 17:24 . 2010-05-07 14:23 -------- d-----w- c:\program files\ATI Technologies
2010-06-13 12:02 . 2010-05-09 09:38 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-06-08 13:04 . 2010-05-07 16:45 -------- d-----w- c:\program files\IrfanView
2010-06-06 11:59 . 2010-05-15 17:00 -------- d-----w- c:\program files\AviSynth 2.5
2010-06-06 11:58 . 2010-05-15 16:59 -------- d-----w- c:\program files\AVI ReComp
2010-06-01 18:26 . 2010-05-07 16:29 -------- d-----w- c:\program files\Microsoft.NET
2010-05-29 10:01 . 2010-05-13 14:10 -------- d-----w- c:\program files\RapidDown
2010-05-21 16:41 . 2010-05-21 16:41 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-05-20 13:25 . 2010-05-20 13:25 -------- d-----w- c:\program files\PDF-Convert
2010-05-20 13:18 . 2010-05-20 13:18 -------- d-----w- c:\program files\Ghostscript
2010-05-19 19:02 . 2010-05-19 18:56 -------- d-----w- c:\program files\Full Tilt Poker
2010-05-19 16:22 . 2010-05-19 16:15 -------- d-----w- c:\program files\Terasoft
2010-05-16 16:29 . 2010-05-11 17:22 -------- d-----w- c:\program files\Guitar Pro 5
2010-05-16 08:06 . 2010-05-09 10:37 -------- d-----w- c:\program files\Avidemux 2.5
2010-05-16 07:58 . 2010-05-16 07:58 -------- d-----w- c:\program files\X2Xsoft
2010-05-15 17:35 . 2010-05-15 17:23 -------- d-----w- c:\program files\BIAS
2010-05-15 17:01 . 2010-05-15 17:01 -------- d-----w- c:\program files\Gabest
2010-05-15 17:00 . 2010-05-15 08:04 -------- d-----w- c:\program files\Xvid
2010-05-15 16:31 . 2010-05-15 16:31 -------- d-----w- c:\program files\COMODO
2010-05-15 11:53 . 2010-05-15 11:47 -------- d-----w- c:\program files\lg_fwupdate
2010-05-15 11:46 . 2010-05-15 11:35 -------- d-----w- c:\program files\CyberLink
2010-05-15 11:43 . 2010-05-15 11:41 -------- d-----w- c:\program files\Common Files\Ahead
2010-05-15 11:41 . 2010-05-15 11:41 -------- d-----w- c:\program files\Nero
2010-05-15 09:07 . 2010-05-15 09:07 -------- d-----w- c:\program files\AGEIA Technologies
2010-05-15 09:07 . 2010-05-15 09:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-15 09:05 . 2010-05-07 16:29 -------- d-----w- c:\program files\MSBuild
2010-05-15 09:05 . 2010-05-15 09:05 -------- d-----w- c:\program files\Reference Assemblies
2010-05-15 09:01 . 2010-05-15 09:01 -------- d-----w- c:\program files\MSXML 6.0
2010-05-15 08:05 . 2010-05-15 08:05 -------- d-----w- c:\program files\FDRLab
2010-05-12 15:59 . 2010-05-12 15:59 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-05-12 15:58 . 2010-05-12 15:58 -------- d-----w- c:\program files\IVT Corporation
2010-05-12 15:12 . 2010-05-12 15:11 -------- d-----w- c:\program files\Google
2010-05-11 14:30 . 2010-05-11 14:30 -------- d-----w- c:\program files\Common Files\Protexis
2010-05-11 14:29 . 2010-05-11 14:29 -------- d-----w- c:\program files\Common Files\Corel
2010-05-11 14:28 . 2010-05-11 14:28 -------- d-----w- c:\program files\Corel
2010-05-09 20:24 . 2010-05-07 18:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-09 15:32 . 2010-05-09 15:12 -------- d-----w- c:\program files\SopCast
2010-05-08 19:06 . 2010-05-07 14:12 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-05-08 16:55 . 2010-05-08 16:53 -------- d-----w- c:\program files\QuickTime
2010-05-08 16:52 . 2010-05-08 16:52 -------- d-----w- c:\program files\Apple Software Update
2010-05-07 18:30 . 2010-05-07 18:30 -------- d-----w- c:\program files\Trend Micro
2010-05-07 18:28 . 2010-05-07 18:28 -------- d-----w- c:\program files\xp-AntiSpy
2010-05-07 18:11 . 2010-05-07 18:11 -------- d-----w- c:\program files\QIP
2010-05-07 17:58 . 2010-05-07 17:58 -------- d-----w- c:\program files\VideoReDoTVSuite
2010-05-07 17:56 . 2010-05-07 17:55 -------- d-----w- c:\program files\JetAudio
2010-05-07 17:56 . 2010-05-07 17:55 -------- d-----w- c:\program files\Common Files\COWON
2010-05-07 17:43 . 2010-05-07 17:43 -------- d-----w- c:\program files\Webteh
2010-05-07 17:25 . 2010-05-07 17:25 -------- d-----w- c:\program files\MuseScore 0.9
2010-05-07 17:00 . 2010-05-07 17:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-05-07 17:00 . 2010-05-07 17:00 -------- d-----w- c:\program files\Java
2010-05-07 16:57 . 2010-05-07 16:57 -------- d-----w- c:\program files\CCleaner
2010-05-07 16:43 . 2010-05-07 16:43 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-07 16:33 . 2010-05-07 16:33 -------- d-----w- c:\program files\Sunbelt Software
2010-05-07 16:29 . 2010-05-07 16:29 -------- d-----w- c:\program files\Microsoft Works
2010-05-07 16:27 . 2010-05-07 16:27 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-05-07 16:23 . 2010-05-07 16:15 127768 ----a-w- c:\windows\hpoins11.dat
2010-05-07 16:22 . 2010-05-07 16:22 -------- d-----w- c:\program files\Common Files\HP
2010-05-07 16:22 . 2010-05-07 16:18 -------- d-----w- c:\program files\HP
2010-05-07 16:21 . 2010-05-07 16:20 -------- d-----w- c:\program files\Hewlett-Packard
2010-05-07 16:20 . 2010-05-07 16:20 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-05-07 16:13 . 2010-05-07 16:13 0 ----a-w- c:\windows\nsreg.dat
2010-05-07 14:33 . 2010-05-07 14:33 -------- d-----w- c:\program files\ESET
2010-05-07 14:27 . 2010-05-07 14:17 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-07 14:26 . 2010-05-07 14:26 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-05-07 14:18 . 2010-05-07 14:18 -------- d-----w- c:\program files\Realtek
2010-05-07 14:12 . 2010-05-07 14:12 -------- d-----w- c:\program files\microsoft frontpage
2010-05-07 14:10 . 2010-05-07 14:10 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-04-29 13:39 . 2010-05-07 18:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-05-07 18:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-06-20_12.03.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-24 10:44 . 2010-06-24 10:44 16384 c:\windows\temp\Perflib_Perfdata_7e0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-09 2140880]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2006-03-15 23:07 421888 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 04:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2008-11-14 12:35 305064 ----a-r- d:\hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-06-28 06:54 16248320 ------r- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\HRY\\Steam\\Steam.exe"=
"d:\\HRY\\EA GAMES\\Battlefield 2\\BF2.exe"=
"d:\\HRY\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\HRY\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"d:\\HRY\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"d:\\HRY\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\HRY\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"d:\\HRY\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\HRY\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"d:\\HRY\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.3.2010 10:13 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9.3.2010 10:13 95872]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [18.7.2006 12:02 284184]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [18.7.2006 12:02 91672]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9.3.2010 10:13 810120]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7.5.2010 20:43 304464]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.10.2009 15:05 1021256]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7.5.2010 20:43 20952]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12.5.2010 17:11 136176]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 2:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 2:28 369688]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-06-24 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 13:12]
2010-06-23 c:\windows\Tasks\COMODO System Cleaner Update.job
- c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-01-26 14:28]
2010-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 15:11]
2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 15:11]
.
.
------- Doplňkový sken -------
.
IE: ????3?? - c:\documents and settings\Admin\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\Admin\Data aplikací\FlashGetBHO\GetAllUrl.htm
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\as9zb8ym.default\
FF - prefs.js: browser.search.selectedEngine - Mapy.cz
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-24 13:03
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*
N}Ź]
@="c:\\Documents and Settings\\Admin\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*
N}ŹhQčţ”Ąc]
@="c:\\Documents and Settings\\Admin\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:12,de,fa,d4,ae,69,fc,e3,6d,68,c9,be,3d,b0,d6,58,9a,37,cd,5d,04,
46,4c,c4,0c,65,df,01,75,c9,6d,2b,0c,75,9f,51,e0,3d,4c,0a,34,00,58,e2,f7,4a,\
"rkeysecu"=hex:e3,b7,9d,79,2e,64,2e,40,a8,c0,f9,7e,53,d8,ac,b8
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1112)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1912)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-06-24 13:07:05
ComboFix-quarantined-files.txt 2010-06-24 11:06
ComboFix2.txt 2010-06-23 15:27
ComboFix3.txt 2010-06-21 17:40
ComboFix4.txt 2010-06-20 12:06
Před spuštěním: 6 046 511 104
Po spuštění: 6 030 893 056
- - End Of File - - D11868D6A13F99D9E1D351A397BA7980
Prosím o kontrolu logu Vyřešeno
Re: Prosím o kontrolu logu
Notebook: Acer Extensa 5230E
Re: Prosím o kontrolu logu
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:10:19, on 24.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
--
End of file - 4535 bytes
Scan saved at 13:10:19, on 24.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
--
End of file - 4535 bytes
Notebook: Acer Extensa 5230E
Re: Prosím o kontrolu logu
Zkus to znovu s tímto skriptem
Co dělá počítač, nezlobí?
Kód: Vybrat vše
KillAll::
Reglock::
[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*
N}Ź]
[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*
N}ŹhQčţ”Ąc]
DDS::
IE: ????3?? - c:\documents and settings\Admin\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\Admin\Data aplikací\FlashGetBHO\GetAllUrl.htmCo dělá počítač, nezlobí?
Re: Prosím o kontrolu logu
Jestli se dá říct nezlobí, tak nezlobí Rychlejší už asi nebude s tou mou sestavou...
Rychlejší už asi nebude s tou mou sestavou... Notebook: Acer Extensa 5230E
Re: Prosím o kontrolu logu
Prosím Tě vlož ještě log z combofixu po aplikaci skriptu.
Re: Prosím o kontrolu logu
ComboFix 10-06-26.02 - Admin 27.06.2010 9:33.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.530 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Kerio Personal Firewall *disabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-27 do 2010-06-27 )))))))))))))))))))))))))))))))
.
2010-06-24 15:56 . 2010-06-24 15:56 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-24 15:56 . 2010-06-24 15:56 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-06-21 14:46 . 2010-06-21 14:49 -------- d-----w- c:\windows\system32\NtmsData
2010-06-17 17:48 . 2010-06-20 18:18 -------- d-----w- c:\program files\Picasa2
2010-06-17 15:55 . 2010-06-17 16:02 -------- d-----w- c:\program files\Fraps
2010-06-16 15:13 . 2008-11-13 14:20 602624 -c----w- c:\windows\system32\dllcache\crypt32.dll
2010-06-16 15:13 . 2008-11-13 14:20 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2010-06-16 14:30 . 2010-06-16 14:30 -------- d-----w- c:\windows\system32\xlive
2010-06-16 14:30 . 2010-06-16 14:30 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-06-16 13:50 . 2008-04-14 06:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-06-15 02:16 . 2010-06-15 02:16 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-06-14 13:57 . 2010-06-14 13:57 -------- d-----w- c:\program files\TopStyle 4
2010-06-14 13:55 . 2010-06-14 13:55 -------- d-----w- c:\program files\PSPad editor
2010-06-10 22:28 . 2010-06-10 22:28 -------- d-----w- c:\program files\uTorrent
2010-06-09 14:33 . 2010-06-09 14:33 -------- d-----w- c:\program files\Counter-Strike Source
2010-06-08 14:25 . 2010-06-09 12:26 -------- d-----w- c:\program files\Mass Downloader
2010-06-08 14:19 . 2003-12-15 21:16 81920 ----a-w- c:\windows\system32\eSellerateControl350.dll
2010-06-08 14:19 . 2003-12-15 21:16 348160 ----a-w- c:\windows\system32\eSellerateEngine.dll
2010-06-08 14:19 . 2010-06-08 14:21 -------- d-----w- c:\program files\Star Downloader
2010-06-04 18:33 . 2010-06-04 18:33 -------- d-----w- c:\program files\CDBurnerXP
2010-06-01 18:29 . 2008-07-11 00:28 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2010-06-01 18:29 . 2008-07-11 00:28 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2010-06-01 18:28 . 2010-06-01 18:28 -------- d-----w- c:\windows\system32\RsFx
2010-06-01 17:42 . 2010-06-01 18:28 -------- d-----w- c:\program files\Microsoft SQL Server
2010-06-01 17:42 . 2010-06-18 12:45 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-01 17:42 . 2010-06-01 17:42 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-06-01 17:42 . 2010-06-01 17:42 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-06-01 17:37 . 2010-06-01 17:42 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-06-01 17:37 . 2010-06-01 17:37 -------- d-----w- c:\program files\Microsoft SDKs
2010-05-28 16:54 . 2007-10-12 13:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2010-05-28 12:51 . 2010-05-28 12:51 -------- d-----w- c:\program files\Opera
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-24 16:00 . 2010-05-07 14:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-20 11:49 . 2010-05-07 18:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-20 08:05 . 2010-06-06 10:55 7003 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-06-16 14:02 . 2001-10-25 14:00 497316 ----a-w- c:\windows\system32\perfh005.dat
2010-06-16 14:02 . 2001-10-25 14:00 103464 ----a-w- c:\windows\system32\perfc005.dat
2010-06-16 13:56 . 2010-05-07 14:12 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-06-16 13:56 . 2010-05-07 14:12 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-13 17:24 . 2010-05-07 14:23 -------- d-----w- c:\program files\ATI Technologies
2010-06-13 12:02 . 2010-05-09 09:38 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-06-08 13:04 . 2010-05-07 16:45 -------- d-----w- c:\program files\IrfanView
2010-06-06 11:59 . 2010-05-15 17:00 -------- d-----w- c:\program files\AviSynth 2.5
2010-06-06 11:58 . 2010-05-15 16:59 -------- d-----w- c:\program files\AVI ReComp
2010-06-01 18:26 . 2010-05-07 16:29 -------- d-----w- c:\program files\Microsoft.NET
2010-05-29 10:01 . 2010-05-13 14:10 -------- d-----w- c:\program files\RapidDown
2010-05-21 16:41 . 2010-05-21 16:41 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-05-20 13:25 . 2010-05-20 13:25 -------- d-----w- c:\program files\PDF-Convert
2010-05-20 13:18 . 2010-05-20 13:18 -------- d-----w- c:\program files\Ghostscript
2010-05-19 19:02 . 2010-05-19 18:56 -------- d-----w- c:\program files\Full Tilt Poker
2010-05-19 16:22 . 2010-05-19 16:15 -------- d-----w- c:\program files\Terasoft
2010-05-16 16:29 . 2010-05-11 17:22 -------- d-----w- c:\program files\Guitar Pro 5
2010-05-16 08:06 . 2010-05-09 10:37 -------- d-----w- c:\program files\Avidemux 2.5
2010-05-16 07:58 . 2010-05-16 07:58 -------- d-----w- c:\program files\X2Xsoft
2010-05-15 17:35 . 2010-05-15 17:23 -------- d-----w- c:\program files\BIAS
2010-05-15 17:01 . 2010-05-15 17:01 -------- d-----w- c:\program files\Gabest
2010-05-15 17:00 . 2010-05-15 08:04 -------- d-----w- c:\program files\Xvid
2010-05-15 16:31 . 2010-05-15 16:31 -------- d-----w- c:\program files\COMODO
2010-05-15 11:53 . 2010-05-15 11:47 -------- d-----w- c:\program files\lg_fwupdate
2010-05-15 11:46 . 2010-05-15 11:35 -------- d-----w- c:\program files\CyberLink
2010-05-15 11:43 . 2010-05-15 11:41 -------- d-----w- c:\program files\Common Files\Ahead
2010-05-15 11:41 . 2010-05-15 11:41 -------- d-----w- c:\program files\Nero
2010-05-15 09:07 . 2010-05-15 09:07 -------- d-----w- c:\program files\AGEIA Technologies
2010-05-15 09:07 . 2010-05-15 09:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-15 09:05 . 2010-05-07 16:29 -------- d-----w- c:\program files\MSBuild
2010-05-15 09:05 . 2010-05-15 09:05 -------- d-----w- c:\program files\Reference Assemblies
2010-05-15 09:01 . 2010-05-15 09:01 -------- d-----w- c:\program files\MSXML 6.0
2010-05-15 08:05 . 2010-05-15 08:05 -------- d-----w- c:\program files\FDRLab
2010-05-12 15:58 . 2010-05-12 15:58 -------- d-----w- c:\program files\IVT Corporation
2010-05-12 15:12 . 2010-05-12 15:11 -------- d-----w- c:\program files\Google
2010-05-11 14:30 . 2010-05-11 14:30 -------- d-----w- c:\program files\Common Files\Protexis
2010-05-11 14:29 . 2010-05-11 14:29 -------- d-----w- c:\program files\Common Files\Corel
2010-05-11 14:28 . 2010-05-11 14:28 -------- d-----w- c:\program files\Corel
2010-05-09 20:24 . 2010-05-07 18:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-09 15:32 . 2010-05-09 15:12 -------- d-----w- c:\program files\SopCast
2010-05-08 19:06 . 2010-05-07 14:12 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-05-08 16:55 . 2010-05-08 16:53 -------- d-----w- c:\program files\QuickTime
2010-05-08 16:52 . 2010-05-08 16:52 -------- d-----w- c:\program files\Apple Software Update
2010-05-07 18:30 . 2010-05-07 18:30 -------- d-----w- c:\program files\Trend Micro
2010-05-07 18:28 . 2010-05-07 18:28 -------- d-----w- c:\program files\xp-AntiSpy
2010-05-07 18:11 . 2010-05-07 18:11 -------- d-----w- c:\program files\QIP
2010-05-07 17:58 . 2010-05-07 17:58 -------- d-----w- c:\program files\VideoReDoTVSuite
2010-05-07 17:56 . 2010-05-07 17:55 -------- d-----w- c:\program files\JetAudio
2010-05-07 17:56 . 2010-05-07 17:55 -------- d-----w- c:\program files\Common Files\COWON
2010-05-07 17:43 . 2010-05-07 17:43 -------- d-----w- c:\program files\Webteh
2010-05-07 17:25 . 2010-05-07 17:25 -------- d-----w- c:\program files\MuseScore 0.9
2010-05-07 17:00 . 2010-05-07 17:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-05-07 17:00 . 2010-05-07 17:00 -------- d-----w- c:\program files\Java
2010-05-07 16:57 . 2010-05-07 16:57 -------- d-----w- c:\program files\CCleaner
2010-05-07 16:43 . 2010-05-07 16:43 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-07 16:33 . 2010-05-07 16:33 -------- d-----w- c:\program files\Sunbelt Software
2010-05-07 16:29 . 2010-05-07 16:29 -------- d-----w- c:\program files\Microsoft Works
2010-05-07 16:27 . 2010-05-07 16:27 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-05-07 16:23 . 2010-05-07 16:15 127768 ----a-w- c:\windows\hpoins11.dat
2010-05-07 16:22 . 2010-05-07 16:22 -------- d-----w- c:\program files\Common Files\HP
2010-05-07 16:22 . 2010-05-07 16:18 -------- d-----w- c:\program files\HP
2010-05-07 16:21 . 2010-05-07 16:20 -------- d-----w- c:\program files\Hewlett-Packard
2010-05-07 16:20 . 2010-05-07 16:20 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-05-07 16:13 . 2010-05-07 16:13 0 ----a-w- c:\windows\nsreg.dat
2010-05-07 14:33 . 2010-05-07 14:33 -------- d-----w- c:\program files\ESET
2010-05-07 14:27 . 2010-05-07 14:17 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-07 14:26 . 2010-05-07 14:26 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-05-07 14:18 . 2010-05-07 14:18 -------- d-----w- c:\program files\Realtek
2010-05-07 14:12 . 2010-05-07 14:12 -------- d-----w- c:\program files\microsoft frontpage
2010-05-07 14:10 . 2010-05-07 14:10 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-04-29 13:39 . 2010-05-07 18:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-05-07 18:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-06-20_12.03.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-27 07:54 . 2010-06-27 07:55 16384 c:\windows\temp\Perflib_Perfdata_2e4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-09 2140880]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2006-03-15 23:07 421888 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 04:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2008-11-14 12:35 305064 ----a-r- d:\hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-06-28 06:54 16248320 ------r- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\HRY\\Steam\\Steam.exe"=
"d:\\HRY\\EA GAMES\\Battlefield 2\\BF2.exe"=
"d:\\HRY\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\HRY\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"d:\\HRY\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"d:\\HRY\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\HRY\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"d:\\HRY\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\HRY\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"d:\\HRY\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.3.2010 10:13 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9.3.2010 10:13 95872]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [18.7.2006 12:02 284184]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [18.7.2006 12:02 91672]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9.3.2010 10:13 810120]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7.5.2010 20:43 304464]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.10.2009 15:05 1021256]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7.5.2010 20:43 20952]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12.5.2010 17:11 136176]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 2:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.6.2010 17:56 691696]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 2:28 369688]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-06-27 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 13:12]
2010-06-26 c:\windows\Tasks\COMODO System Cleaner Update.job
- c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-01-26 14:28]
2010-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 15:11]
2010-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 15:11]
.
.
------- Doplňkový sken -------
.
IE: ????3?? - c:\documents and settings\Admin\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\Admin\Data aplikací\FlashGetBHO\GetAllUrl.htm
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\as9zb8ym.default\
FF - prefs.js: browser.search.selectedEngine - Mapy.cz
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-27 09:55
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\docume~1\Admin\LOCALS~1\Temp\RGI9.tmp 7102 bytes
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3* N}Ź]
@="c:\\Documents and Settings\\Admin\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3* N}ŹhQčţ”Ąc]
@="c:\\Documents and Settings\\Admin\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:12,de,fa,d4,ae,69,fc,e3,6d,68,c9,be,3d,b0,d6,58,9a,37,cd,5d,04,
46,4c,c4,0c,65,df,01,75,c9,6d,2b,0c,75,9f,51,e0,3d,4c,0a,34,00,58,e2,f7,4a,\
"rkeysecu"=hex:e3,b7,9d,79,2e,64,2e,40,a8,c0,f9,7e,53,d8,ac,b8
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1100)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3368)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wscntfy.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
.
**************************************************************************
.
Celkový čas: 2010-06-27 10:00:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-27 08:00
ComboFix2.txt 2010-06-23 15:27
ComboFix3.txt 2010-06-21 17:40
ComboFix4.txt 2010-06-20 12:06
Před spuštěním: Volných bajtů: 18 194 284 544
Po spuštění: Volných bajtů: 18 176 962 560
- - End Of File - - 46503B5EA43C4E39AB447204940B579A
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.530 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Kerio Personal Firewall *disabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-27 do 2010-06-27 )))))))))))))))))))))))))))))))
.
2010-06-24 15:56 . 2010-06-24 15:56 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-24 15:56 . 2010-06-24 15:56 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-06-21 14:46 . 2010-06-21 14:49 -------- d-----w- c:\windows\system32\NtmsData
2010-06-17 17:48 . 2010-06-20 18:18 -------- d-----w- c:\program files\Picasa2
2010-06-17 15:55 . 2010-06-17 16:02 -------- d-----w- c:\program files\Fraps
2010-06-16 15:13 . 2008-11-13 14:20 602624 -c----w- c:\windows\system32\dllcache\crypt32.dll
2010-06-16 15:13 . 2008-11-13 14:20 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2010-06-16 14:30 . 2010-06-16 14:30 -------- d-----w- c:\windows\system32\xlive
2010-06-16 14:30 . 2010-06-16 14:30 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-06-16 13:50 . 2008-04-14 06:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-06-15 02:16 . 2010-06-15 02:16 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-06-14 13:57 . 2010-06-14 13:57 -------- d-----w- c:\program files\TopStyle 4
2010-06-14 13:55 . 2010-06-14 13:55 -------- d-----w- c:\program files\PSPad editor
2010-06-10 22:28 . 2010-06-10 22:28 -------- d-----w- c:\program files\uTorrent
2010-06-09 14:33 . 2010-06-09 14:33 -------- d-----w- c:\program files\Counter-Strike Source
2010-06-08 14:25 . 2010-06-09 12:26 -------- d-----w- c:\program files\Mass Downloader
2010-06-08 14:19 . 2003-12-15 21:16 81920 ----a-w- c:\windows\system32\eSellerateControl350.dll
2010-06-08 14:19 . 2003-12-15 21:16 348160 ----a-w- c:\windows\system32\eSellerateEngine.dll
2010-06-08 14:19 . 2010-06-08 14:21 -------- d-----w- c:\program files\Star Downloader
2010-06-04 18:33 . 2010-06-04 18:33 -------- d-----w- c:\program files\CDBurnerXP
2010-06-01 18:29 . 2008-07-11 00:28 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2010-06-01 18:29 . 2008-07-11 00:28 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2010-06-01 18:28 . 2010-06-01 18:28 -------- d-----w- c:\windows\system32\RsFx
2010-06-01 17:42 . 2010-06-01 18:28 -------- d-----w- c:\program files\Microsoft SQL Server
2010-06-01 17:42 . 2010-06-18 12:45 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-01 17:42 . 2010-06-01 17:42 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-06-01 17:42 . 2010-06-01 17:42 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-06-01 17:37 . 2010-06-01 17:42 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-06-01 17:37 . 2010-06-01 17:37 -------- d-----w- c:\program files\Microsoft SDKs
2010-05-28 16:54 . 2007-10-12 13:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2010-05-28 12:51 . 2010-05-28 12:51 -------- d-----w- c:\program files\Opera
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-24 16:00 . 2010-05-07 14:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-20 11:49 . 2010-05-07 18:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-20 08:05 . 2010-06-06 10:55 7003 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-06-16 14:02 . 2001-10-25 14:00 497316 ----a-w- c:\windows\system32\perfh005.dat
2010-06-16 14:02 . 2001-10-25 14:00 103464 ----a-w- c:\windows\system32\perfc005.dat
2010-06-16 13:56 . 2010-05-07 14:12 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-06-16 13:56 . 2010-05-07 14:12 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-13 17:24 . 2010-05-07 14:23 -------- d-----w- c:\program files\ATI Technologies
2010-06-13 12:02 . 2010-05-09 09:38 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-06-08 13:04 . 2010-05-07 16:45 -------- d-----w- c:\program files\IrfanView
2010-06-06 11:59 . 2010-05-15 17:00 -------- d-----w- c:\program files\AviSynth 2.5
2010-06-06 11:58 . 2010-05-15 16:59 -------- d-----w- c:\program files\AVI ReComp
2010-06-01 18:26 . 2010-05-07 16:29 -------- d-----w- c:\program files\Microsoft.NET
2010-05-29 10:01 . 2010-05-13 14:10 -------- d-----w- c:\program files\RapidDown
2010-05-21 16:41 . 2010-05-21 16:41 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-05-20 13:25 . 2010-05-20 13:25 -------- d-----w- c:\program files\PDF-Convert
2010-05-20 13:18 . 2010-05-20 13:18 -------- d-----w- c:\program files\Ghostscript
2010-05-19 19:02 . 2010-05-19 18:56 -------- d-----w- c:\program files\Full Tilt Poker
2010-05-19 16:22 . 2010-05-19 16:15 -------- d-----w- c:\program files\Terasoft
2010-05-16 16:29 . 2010-05-11 17:22 -------- d-----w- c:\program files\Guitar Pro 5
2010-05-16 08:06 . 2010-05-09 10:37 -------- d-----w- c:\program files\Avidemux 2.5
2010-05-16 07:58 . 2010-05-16 07:58 -------- d-----w- c:\program files\X2Xsoft
2010-05-15 17:35 . 2010-05-15 17:23 -------- d-----w- c:\program files\BIAS
2010-05-15 17:01 . 2010-05-15 17:01 -------- d-----w- c:\program files\Gabest
2010-05-15 17:00 . 2010-05-15 08:04 -------- d-----w- c:\program files\Xvid
2010-05-15 16:31 . 2010-05-15 16:31 -------- d-----w- c:\program files\COMODO
2010-05-15 11:53 . 2010-05-15 11:47 -------- d-----w- c:\program files\lg_fwupdate
2010-05-15 11:46 . 2010-05-15 11:35 -------- d-----w- c:\program files\CyberLink
2010-05-15 11:43 . 2010-05-15 11:41 -------- d-----w- c:\program files\Common Files\Ahead
2010-05-15 11:41 . 2010-05-15 11:41 -------- d-----w- c:\program files\Nero
2010-05-15 09:07 . 2010-05-15 09:07 -------- d-----w- c:\program files\AGEIA Technologies
2010-05-15 09:07 . 2010-05-15 09:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-15 09:05 . 2010-05-07 16:29 -------- d-----w- c:\program files\MSBuild
2010-05-15 09:05 . 2010-05-15 09:05 -------- d-----w- c:\program files\Reference Assemblies
2010-05-15 09:01 . 2010-05-15 09:01 -------- d-----w- c:\program files\MSXML 6.0
2010-05-15 08:05 . 2010-05-15 08:05 -------- d-----w- c:\program files\FDRLab
2010-05-12 15:58 . 2010-05-12 15:58 -------- d-----w- c:\program files\IVT Corporation
2010-05-12 15:12 . 2010-05-12 15:11 -------- d-----w- c:\program files\Google
2010-05-11 14:30 . 2010-05-11 14:30 -------- d-----w- c:\program files\Common Files\Protexis
2010-05-11 14:29 . 2010-05-11 14:29 -------- d-----w- c:\program files\Common Files\Corel
2010-05-11 14:28 . 2010-05-11 14:28 -------- d-----w- c:\program files\Corel
2010-05-09 20:24 . 2010-05-07 18:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-09 15:32 . 2010-05-09 15:12 -------- d-----w- c:\program files\SopCast
2010-05-08 19:06 . 2010-05-07 14:12 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-05-08 16:55 . 2010-05-08 16:53 -------- d-----w- c:\program files\QuickTime
2010-05-08 16:52 . 2010-05-08 16:52 -------- d-----w- c:\program files\Apple Software Update
2010-05-07 18:30 . 2010-05-07 18:30 -------- d-----w- c:\program files\Trend Micro
2010-05-07 18:28 . 2010-05-07 18:28 -------- d-----w- c:\program files\xp-AntiSpy
2010-05-07 18:11 . 2010-05-07 18:11 -------- d-----w- c:\program files\QIP
2010-05-07 17:58 . 2010-05-07 17:58 -------- d-----w- c:\program files\VideoReDoTVSuite
2010-05-07 17:56 . 2010-05-07 17:55 -------- d-----w- c:\program files\JetAudio
2010-05-07 17:56 . 2010-05-07 17:55 -------- d-----w- c:\program files\Common Files\COWON
2010-05-07 17:43 . 2010-05-07 17:43 -------- d-----w- c:\program files\Webteh
2010-05-07 17:25 . 2010-05-07 17:25 -------- d-----w- c:\program files\MuseScore 0.9
2010-05-07 17:00 . 2010-05-07 17:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-05-07 17:00 . 2010-05-07 17:00 -------- d-----w- c:\program files\Java
2010-05-07 16:57 . 2010-05-07 16:57 -------- d-----w- c:\program files\CCleaner
2010-05-07 16:43 . 2010-05-07 16:43 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-07 16:33 . 2010-05-07 16:33 -------- d-----w- c:\program files\Sunbelt Software
2010-05-07 16:29 . 2010-05-07 16:29 -------- d-----w- c:\program files\Microsoft Works
2010-05-07 16:27 . 2010-05-07 16:27 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-05-07 16:23 . 2010-05-07 16:15 127768 ----a-w- c:\windows\hpoins11.dat
2010-05-07 16:22 . 2010-05-07 16:22 -------- d-----w- c:\program files\Common Files\HP
2010-05-07 16:22 . 2010-05-07 16:18 -------- d-----w- c:\program files\HP
2010-05-07 16:21 . 2010-05-07 16:20 -------- d-----w- c:\program files\Hewlett-Packard
2010-05-07 16:20 . 2010-05-07 16:20 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-05-07 16:13 . 2010-05-07 16:13 0 ----a-w- c:\windows\nsreg.dat
2010-05-07 14:33 . 2010-05-07 14:33 -------- d-----w- c:\program files\ESET
2010-05-07 14:27 . 2010-05-07 14:17 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-07 14:26 . 2010-05-07 14:26 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-05-07 14:18 . 2010-05-07 14:18 -------- d-----w- c:\program files\Realtek
2010-05-07 14:12 . 2010-05-07 14:12 -------- d-----w- c:\program files\microsoft frontpage
2010-05-07 14:10 . 2010-05-07 14:10 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-04-29 13:39 . 2010-05-07 18:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-05-07 18:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-06-20_12.03.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-27 07:54 . 2010-06-27 07:55 16384 c:\windows\temp\Perflib_Perfdata_2e4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-09 2140880]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2006-03-15 23:07 421888 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 04:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2008-11-14 12:35 305064 ----a-r- d:\hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-06-28 06:54 16248320 ------r- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\HRY\\Steam\\Steam.exe"=
"d:\\HRY\\EA GAMES\\Battlefield 2\\BF2.exe"=
"d:\\HRY\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\HRY\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"d:\\HRY\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"d:\\HRY\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\HRY\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"d:\\HRY\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\HRY\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"d:\\HRY\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.3.2010 10:13 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9.3.2010 10:13 95872]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [18.7.2006 12:02 284184]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [18.7.2006 12:02 91672]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9.3.2010 10:13 810120]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7.5.2010 20:43 304464]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.10.2009 15:05 1021256]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7.5.2010 20:43 20952]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12.5.2010 17:11 136176]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 2:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.6.2010 17:56 691696]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 2:28 369688]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-06-27 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 13:12]
2010-06-26 c:\windows\Tasks\COMODO System Cleaner Update.job
- c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-01-26 14:28]
2010-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 15:11]
2010-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 15:11]
.
.
------- Doplňkový sken -------
.
IE: ????3?? - c:\documents and settings\Admin\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\Admin\Data aplikací\FlashGetBHO\GetAllUrl.htm
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\as9zb8ym.default\
FF - prefs.js: browser.search.selectedEngine - Mapy.cz
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-27 09:55
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\docume~1\Admin\LOCALS~1\Temp\RGI9.tmp 7102 bytes
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3* N}Ź]
@="c:\\Documents and Settings\\Admin\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3* N}ŹhQčţ”Ąc]
@="c:\\Documents and Settings\\Admin\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:12,de,fa,d4,ae,69,fc,e3,6d,68,c9,be,3d,b0,d6,58,9a,37,cd,5d,04,
46,4c,c4,0c,65,df,01,75,c9,6d,2b,0c,75,9f,51,e0,3d,4c,0a,34,00,58,e2,f7,4a,\
"rkeysecu"=hex:e3,b7,9d,79,2e,64,2e,40,a8,c0,f9,7e,53,d8,ac,b8
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1100)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3368)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wscntfy.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
.
**************************************************************************
.
Celkový čas: 2010-06-27 10:00:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-27 08:00
ComboFix2.txt 2010-06-23 15:27
ComboFix3.txt 2010-06-21 17:40
ComboFix4.txt 2010-06-20 12:06
Před spuštěním: Volných bajtů: 18 194 284 544
Po spuštění: Volných bajtů: 18 176 962 560
- - End Of File - - 46503B5EA43C4E39AB447204940B579A
Notebook: Acer Extensa 5230E
Re: Prosím o kontrolu logu
Ty klíče se prostě nehnou, tak to necháme být.
Odinstaluj combofix přes
Start >> Spustit zkopíruj do okénka:
ComboFix /Uninstall
stiskni Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
Stáhni T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe
-Spusť,pro potvrzení volby mačkej klávesu A, Enter
-po použití prográmek vymaž.Pozor,antiviry ho mohou falešně označit za vir
Stahni CCleaner http://www.filehippo.com/download_cclea ... cbae6b492/
-nainstaluj (neinstaluj Yahoo toolbar)
-zvol záložku Čistič
-nechej v levém sloupečku zatrhnuté vše jak je a zmáčkni tlačítko analyzovat
-pak potvrď tlačítko Spustit Ccleaner
-tím se vyčistí počítač od dočasných soubborů, doporučuji pravidelně používat.
-vyber záložku registry
-klikni na tlačítko hledej problémy
-pak klikni na opravit vybrané problémy, potvrď, že chceš udělat zálohu a nech všechno opravit
Poprosím o nový log z HJT (pokud máš v pc rsit, tak ze Rsitu)
Odinstaluj combofix přes
Start >> Spustit zkopíruj do okénka:
ComboFix /Uninstall
stiskni Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
Stáhni T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe
-Spusť,pro potvrzení volby mačkej klávesu A, Enter
-po použití prográmek vymaž.Pozor,antiviry ho mohou falešně označit za vir
Stahni CCleaner http://www.filehippo.com/download_cclea ... cbae6b492/
-nainstaluj (neinstaluj Yahoo toolbar)
-zvol záložku Čistič
-nechej v levém sloupečku zatrhnuté vše jak je a zmáčkni tlačítko analyzovat
-pak potvrď tlačítko Spustit Ccleaner
-tím se vyčistí počítač od dočasných soubborů, doporučuji pravidelně používat.
-vyber záložku registry
-klikni na tlačítko hledej problémy
-pak klikni na opravit vybrané problémy, potvrď, že chceš udělat zálohu a nech všechno opravit
Poprosím o nový log z HJT (pokud máš v pc rsit, tak ze Rsitu)
Re: Prosím o kontrolu logu
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:15:21, on 27.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
--
End of file - 4598 bytes
Scan saved at 13:15:21, on 27.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
--
End of file - 4598 bytes
Notebook: Acer Extensa 5230E
Re: Prosím o kontrolu logu
Otevři ccleaner - nástroje - po startu a zakaž spouštění mbamu po startu.
Pokud už nemáš žádné problémy, označ topic zelenou fajfkou - vyřešeno.
Kdyby se objevily problémy, ukaž se
Pokud už nemáš žádné problémy, označ topic zelenou fajfkou - vyřešeno.
Kdyby se objevily problémy, ukaž se
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 71 hostů