Log z Combofixu:
ComboFix 09-06-04.01 - Milan 05.06.2009 15:29.4 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.511.330 [GMT 2:00]
Spuštěný z: c:\documents and settings\Milan\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Milan\Plocha\CFScript.txt
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
FILE ::
"C:\FOUND.009"
"C:\FOUND.010"
"C:\FOUND.011"
"c:\program files\Cisco Systems\VPN Client\cvpnd.exe"
"c:\windows\hklmSW.reg"
"c:\windows\REGBK00.ZIP"
"c:\windows\system32\eEmpty.exe"
"c:\windows\system32\runouce.exe"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\FOUND.009
c:\found.009\FILE0000.CHK
c:\found.009\FILE0001.CHK
C:\FOUND.010
c:\found.010\FILE0000.CHK
c:\found.010\FILE0001.CHK
C:\FOUND.011
c:\found.011\FILE0000.CHK
c:\found.011\FILE0001.CHK
c:\program files\ESET
c:\program files\ESET\cache\FND0.NFI
c:\program files\ESET\ESET Smart Security\em006_32.dat
c:\program files\ESET\ESET Smart Security\em009_32.dat
c:\program files\ESET\ESET Smart Security\unins000.dat
c:\program files\ESET\ESET Smart Security\unins000.exe
c:\program files\ESET\Install\advheur.nup
c:\program files\ESET\Install\archs.nup
c:\program files\ESET\Install\engine.nup
c:\program files\ESET\Install\charon.nup
c:\program files\ESET\Install\main.dll
c:\program files\ESET\Install\mainlang.dll
c:\program files\ESET\Install\mfc42.dll
c:\program files\ESET\Install\mfc42u.dll
c:\program files\ESET\Install\msvcrt.dll
c:\program files\ESET\Install\ntbasecz.nup
c:\program files\ESET\Install\ntinetcz.nup
c:\program files\ESET\Install\ntstdcz.nup
c:\program files\ESET\Install\pwscan.nup
c:\program files\ESET\Install\readme.txt
c:\program files\ESET\Install\setup.exe
c:\program files\ESET\Install\setup.xml
c:\program files\ESET\Install\utilmod.nup
c:\program files\ESET\nod32.007
c:\windows\hklmSW.reg
c:\windows\REGBK00.ZIP
c:\windows\regedit.com
c:\windows\system32\eEmpty.exe
c:\windows\system32\runouce.exe
c:\windows\system32\taskmgr.com
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NOD32FiXTemDono
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-05 do 2009-06-05 )))))))))))))))))))))))))))))))
.
2009-06-05 12:45 . 2009-06-05 12:45 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-05 12:45 . 2009-04-27 12:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-06-05 12:45 . 2009-06-05 12:45 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-05 12:42 . 2009-06-05 12:42 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-06-04 20:23 . 2009-06-04 20:23 -------- d-----w- c:\program files\Total Uninstall 5
2009-06-04 18:34 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-04 18:34 . 2009-06-04 18:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-04 18:34 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-04 15:55 . 2009-06-04 15:55 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-06-04 15:55 . 2009-06-04 15:55 548864 ----a-w- c:\windows\system32\msvcp80.dll
2009-06-04 15:55 . 2009-06-04 15:55 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-06-04 15:53 . 2009-06-04 15:53 -------- d-----w- c:\program files\Trend Micro
2009-05-30 16:12 . 2003-08-11 06:44 77824 ----a-r- c:\windows\system32\hpovst08.dll
2009-05-30 16:12 . 2003-08-11 06:44 565248 ----a-r- c:\windows\system32\hpotscl.dll
2009-05-30 15:19 . 2009-05-30 16:16 28960 ----a-w- c:\windows\hpoins03.dat
2009-05-30 15:19 . 2003-08-11 06:44 34480 ------w- c:\windows\hpomdl03.dat
2009-05-29 18:40 . 2009-05-29 18:40 -------- d-----w- c:\program files\DVD Shrink
2009-05-16 10:38 . 2009-05-16 10:38 -------- d-----w- c:\program files\TI Education
2009-05-16 10:28 . 2009-05-16 10:28 -------- d-----w- c:\program files\Graphmatica
2009-05-09 18:11 . 2009-05-09 18:11 -------- d-----w- c:\program files\Common Files\HP
2009-05-09 18:10 . 2009-05-09 18:10 43488 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
2009-05-09 16:12 . 2009-05-09 16:12 -------- d-----w- c:\program files\HP
2009-05-09 16:11 . 2009-05-09 16:11 -------- d-----w- c:\program files\util
2009-05-09 16:10 . 2009-05-09 16:10 -------- d-----w- c:\program files\Setup
2009-05-09 16:10 . 2009-05-09 16:10 -------- d-----w- c:\program files\enu
2009-05-09 16:10 . 2009-05-09 16:10 -------- d-----w- c:\program files\Drivers
2009-05-09 16:10 . 2009-05-09 16:10 -------- d-----w- c:\program files\common
2009-05-09 15:41 . 2009-05-09 15:41 -------- d-----w- c:\temp\HP_WebRelease
2009-05-07 20:59 . 2009-05-07 20:59 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-05-07 20:34 . 2009-05-07 20:34 -------- d-----w- c:\documents and settings\Milan\TopconTools
2009-05-07 20:22 . 2009-05-07 20:22 -------- d-----w- C:\Binaries
2009-05-07 20:22 . 2009-05-07 20:22 -------- d-----w- c:\program files\Topcon
2009-05-07 20:22 . 2009-05-07 20:22 -------- d-----w- c:\program files\Common Files\Topcon
2009-05-07 19:32 . 2006-11-06 16:04 28672 ----a-w- c:\windows\system32\drivers\wceusbsh.sys
2009-05-07 19:32 . 2006-11-06 16:04 28672 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-08 08:44 . 1979-12-31 22:00 70764 ----a-w- c:\windows\system32\perfc005.dat
2009-05-08 08:44 . 1979-12-31 22:00 400378 ----a-w- c:\windows\system32\perfh005.dat
2009-04-26 18:49 . 2009-04-26 18:49 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-24 07:48 . 2009-04-24 07:48 -------- d-----w- c:\program files\iPod
2009-04-24 07:45 . 2009-04-24 07:45 -------- d-----w- c:\program files\iTunes
2009-04-14 18:57 . 2009-04-14 18:57 -------- d-----w- c:\program files\Common Files\Skype
2009-03-19 14:32 . 2006-09-19 12:44 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2007-09-11 14:59 . 2007-09-11 14:59 3297799 ----a-w- c:\program files\openofficeorg4.cab
2007-09-11 14:59 . 2007-09-11 14:59 66392154 ----a-w- c:\program files\openofficeorg3.cab
2007-09-11 14:55 . 2007-09-11 14:55 17356442 ----a-w- c:\program files\openofficeorg2.cab
2007-09-11 14:55 . 2007-09-11 14:55 18970031 ----a-w- c:\program files\openofficeorg1.cab
2007-09-11 14:54 . 2007-09-11 14:54 1821008 ----a-w- c:\program files\instmsiw.exe
2007-09-11 14:54 . 2007-09-11 14:54 1707856 ----a-w- c:\program files\instmsia.exe
2007-09-11 14:54 . 2007-09-11 14:54 4358656 ----a-w- c:\program files\openofficeorg23.msi
2007-06-04 18:55 . 2007-06-04 18:55 376 ----a-w- c:\program files\Zástupce - Geus140.lnk
.
((((((((((((((((((((((((((((( SnapShot@2009-06-04_18.59.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-05 13:39 . 2009-06-05 13:39 16384 c:\windows\Temp\Perflib_Perfdata_7c8.dat
+ 2009-06-05 13:39 . 2009-06-05 13:39 16384 c:\windows\Temp\Perflib_Perfdata_7bc.dat
+ 2009-06-05 13:40 . 2009-06-05 13:40 49152 c:\windows\Temp\CompiledAdapter.dll
- 2009-06-04 18:59 . 2009-06-04 18:59 49152 c:\windows\Temp\CompiledAdapter.dll
+ 1979-12-31 22:00 . 2009-06-05 13:39 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.ie5\index.dat
- 1979-12-31 22:00 . 2009-03-24 15:25 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.ie5\index.dat
- 1979-12-31 22:00 . 2009-03-24 15:25 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.ie5\index.dat
+ 1979-12-31 22:00 . 2009-06-05 13:39 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.ie5\index.dat
+ 1979-12-31 22:00 . 2009-06-05 13:39 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 1979-12-31 22:00 . 2009-03-24 15:25 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-11 11:31 . 2008-12-11 11:31 27904 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\uxtuneupx86.dll
+ 2008-12-11 19:36 . 2008-12-11 19:36 11008 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\tux64thk.exe
+ 2008-12-11 19:36 . 2008-12-11 19:36 15104 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\TUMessages.exe
+ 2008-12-11 19:36 . 2008-12-11 19:36 68352 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\TUInstallHelper.exe
+ 2008-12-11 11:32 . 2008-12-11 11:32 27392 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\SDShelEx86.dll
+ 2008-12-11 19:36 . 2008-12-11 19:36 85248 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\RegWiz.exe
+ 2008-12-11 19:36 . 2008-12-11 19:36 16640 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\RegistryDefragHelper.exe
+ 2008-12-11 19:36 . 2008-12-11 19:36 37632 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\PMLauncher.exe
+ 2008-12-11 11:31 . 2008-12-11 11:31 25856 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\DseShExtx86.dll
+ 2008-12-11 11:31 . 2008-12-11 11:31 17152 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\authuitu_x86.dll
+ 2008-12-11 19:36 . 2008-12-11 19:36 915712 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\WinStyler.exe
+ 2008-12-11 19:36 . 2008-12-11 19:36 218880 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\UpdateWizard.exe
+ 2008-12-11 19:36 . 2008-12-11 19:36 280320 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\UninstallManager.exe
+ 2008-12-11 19:36 . 2008-12-11 19:36 237824 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\Undelete.exe
+ 2008-12-11 11:33 . 2008-12-11 11:33 884992 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\TUDefragService.dll
+ 2008-12-11 19:36 . 2008-12-11 19:36 341760 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\SystemInformation.exe
+ 2008-12-11 19:36 . 2008-12-11 19:36 129280 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\SystemControl.exe
+ 2008-12-11 19:36 . 2008-12-11 19:36 352512 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\StartUpManager.exe
+ 2008-12-11 19:36 . 2008-12-11 19:36 921856 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\SilentUpdater.exe
+ 2008-12-11 19:36 . 2008-12-11 19:36 173312 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\Shredder.exe
+ 2008-12-11 19:36 . 2008-12-11 19:36 229120 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\ShortcutCleaner.exe
+ 2008-12-11 19:36 . 2008-12-11 19:36 197376 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\RescueCenter.exe
+ 2008-12-11 19:36 . 2008-12-11 19:36 166144 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\RepairWizard.exe
+ 2008-12-11 19:36 . 2008-12-11 19:36 327424 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\RegistryEditor.exe
+ 2008-12-11 19:36 . 2008-12-11 19:36 160512 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\RegistryDefrag.exe
+ 2008-12-11 19:36 . 2008-12-11 19:36 505088 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\RegistryCleaner.exe
+ 2008-12-11 19:36 . 2008-12-11 19:36 397056 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\ProcessManager.exe
+ 2008-12-11 19:36 . 2008-12-11 19:36 980224 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\OneClickStarter.exe
+ 2008-12-11 19:36 . 2008-12-11 19:36 596224 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\OneClick.exe
+ 2008-12-11 19:36 . 2008-12-11 19:36 155904 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\MemOptimizer.exe
+ 2008-12-11 19:36 . 2008-12-11 19:36 221440 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\DriveDefrag.exe
+ 2008-12-11 19:36 . 2008-12-11 19:36 460032 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\DiskExplorer.exe
+ 2008-12-11 19:36 . 2008-12-11 19:36 163584 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\DiskDoctor.exe
+ 2008-12-11 19:36 . 2008-12-11 19:36 1201408 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.2000\SpeedOptimizer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2006-10-22 86016]
c:\documents and settings\Milan\Nabˇdka Start\Programy\Po spuçtŘnˇ\
TurboLaunch.lnk - c:\program files\TurboLaunch\TurboLaunch.exe [2006-3-20 1588736]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave2"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\
0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Windows\\system32\\usmt\\migwiz.exe"=
"c:\\Windows\\system32\\mshta.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Common Files\\GeusISKN\\GeusISKN.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\ASUS\\WL-520GC Wireless Router Utilities\\Discovery.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [14.8.2004 15:11 9344]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 16:11 35328]
R2 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [14.8.2004 15:11 390400]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [5.6.2009 14:45 604416]
R3 PhTVTune;MuchTV Plus TVTuner;c:\windows\system32\drivers\PhTVTune.sys [1.1.1980 24000]
S3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [24.11.2007 13:39 16269]
S4 Rdgosk;Rdgosk;c:\windows\system32\drivers\wmilib.sys [1.1.1980 4352]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BAFB867B-0BA0-4B37-A370-E4B4A02EC792}]
c:\windows\system32\msiexec.exe /qn /fpu {BAFB867B-0BA0-4B37-A370-E4B4A02EC792}
.
Obsah adresáře 'Naplánované úlohy'
2009-03-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-06-05 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-egui - (no file)
Notify-= - (no file)
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uDefault_Search_URL =
hxxp://www.google.commStart Page = about:blank
mSearch Bar =
hxxp://www.google.com/ieuInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Edit with Altova X&MLSpy - c:\program files\Altova\XMLSpy2008\spy.htm
FF - ProfilePath - c:\documents and settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\292t6lfa.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
http://www.google.comFF - prefs.js: keyword.URL -
hxxp://search.icq.com/search/afe_result ... id=afex&q=FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-05 15:40
Windows 5.1.2600 Service Pack 2 FAT NTAPI
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,c4,23,28,6e,0a,
21,e4,fc,e2,63,26,f1,3f,c8,ff,68,0c,06,54,21,1f,72,30,d1,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,ec,19,b8,20,e5,
c8,75,7b,6a,9c,d6,61,af,45,84,18,8b,31,da,5a,d1,6c,5f,e4,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,7c,41,d5,ca,ec,
c2,ac,b7,ff,7c,85,e0,43,d4,0e,fe,d0,bf,d8,96,37,7f,ef,30,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,02,af,7e,2b,0d,
57,dc,32,86,8c,21,01,be,91,eb,e7,e2,ec,15,a3,16,e9,12,47,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,82,b0,85,49,df,
f8,c6,aa,f5,1d,4d,73,a8,13,5c,05,db,8c,cb,e6,39,45,20,a9,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,30,e9,9b,7e,56,
c9,12,01,df,20,58,62,78,6b,cf,c8,65,41,17,dd,fa,37,14,59,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,d6,2c,dc,78,22,
4c,98,54,fb,a7,78,e6,12,2f,9a,ea,c5,e1,7c,8f,6d,83,fe,8a,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,b8,0b,62,0a,0e,
5e,af,b4,01,3a,48,fc,e8,04,4a,f1,25,3f,07,d5,68,e9,14,b0,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,4d,2e,53,3a,35,
9c,a5,73,f6,0f,4e,58,98,5b,89,c9,c3,7f,7c,cb,83,22,fa,cf,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,b6,74,61,47,8d,
e9,8a,66,3d,ce,ea,26,2d,45,aa,78,1a,32,36,42,5e,cf,8e,94,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,5a,fd,26,5b,6c,
a6,fd,15,2a,b7,cc,b5,b9,7f,41,e7,7b,02,49,5d,70,e0,6f,ac,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,35,85,bf,5e,dd,
7e,72,ba,6c,43,2d,1e,aa,22,2f,9c,d8,34,c3,7a,35,75,d4,78,6c,43,2d,1e,aa,22,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3828)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
c:\program files\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
c:\program files\PORTRAIT DISPLAYS\FORTEMANAGER\DTSSLSRV.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\program files\PORTRAIT DISPLAYS\FORTEMANAGER\DTSRVC.EXE
c:\windows\SYSTEM32\DVDRAMSV.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\program files\PINNACLE\MEDIASERVER\MICROSOFT SQL SERVER\MSSQL$PINNACLESYS\BINN\SQLSERVR.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\windows\SYSTEM32\OODAG.EXE
c:\program files\PINNACLE\SHARED FILES\PROGRAMS\MEDIASERVER\PMSHOST.EXE
.
**************************************************************************
.
Celkový čas: 2009-06-05 15:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-06-05 13:43
ComboFix2.txt 2009-06-05 12:16
ComboFix3.txt 2009-06-04 21:08
ComboFix4.txt 2009-06-04 19:02
Před spuštěním: Volných bajtů: 23 997 775 872
Po spuštění: Volných bajtů: 24 054 202 368
352 --- E O F --- 2009-05-31 08:10
Log z HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:44:40, on 5.6.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TurboLaunch\TurboLaunch.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Portrait Displays\forteManager\DTSRVC.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: TurboLaunch.lnk = C:\Program Files\TurboLaunch\TurboLaunch.exe
O8 - Extra context menu item: &ICQ Toolbar Search -
res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 3709067593O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\forteManager\DTSRVC.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 6922 bytes
Velice Vám děkuju...
