Prosím o kontrolu, zasekává se PC, díky
Napsal: 02 led 2010 13:06
ComboFix 10-01-01.02 - Breta 02.01.2010 12:45:05.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2038.1047 [GMT 1:00]
Spuštěný z: c:\users\Breta\Documents\ComboFix.exe
AV: avast! antivirus 4.7.1296 [VPS 081208-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\LOG.TXT
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-02 do 2010-01-02 )))))))))))))))))))))))))))))))
.
2010-01-02 11:57 . 2010-01-02 11:57 -------- d-----w- c:\users\Breta\AppData\Local\temp
2010-01-02 11:57 . 2010-01-02 11:57 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-02 11:57 . 2010-01-02 11:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-30 00:01 . 2008-01-19 07:33 1143296 -c--a-w- c:\programdata\Microsoft\Windows\WER\ReportQueue\Report13c97732\wercon.exe
2009-12-28 12:27 . 2009-12-28 12:28 -------- d-----w- c:\users\Breta\AppData\Local\HF Designer 1.4
2009-12-28 12:27 . 2009-12-28 12:27 -------- d-----w- c:\programdata\HappyFoto
2009-12-28 12:27 . 2009-12-28 12:27 -------- d-----w- c:\program files\HappyFoto
2009-12-28 11:42 . 2009-12-28 12:23 -------- d-----w- c:\users\Breta\AppData\Roaming\Happy Foto
2009-12-28 11:42 . 2009-12-28 11:42 -------- d-----w- c:\program files\Aberger
2009-12-18 05:11 . 2009-12-18 05:11 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-12 15:14 . 2009-12-29 20:13 -------- d-----w- c:\users\Breta\AppData\Local\FullTiltPoker
2009-12-12 15:13 . 2009-12-29 20:13 -------- d-----w- c:\program files\Full Tilt Poker
2009-12-12 02:04 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-12 02:04 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-12 02:04 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-10 00:51 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2009-12-10 00:08 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2009-12-10 00:08 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2009-12-03 19:17 . 2009-12-03 19:17 -------- d-----w- c:\users\Breta\AppData\Roaming\smc
2009-12-03 19:14 . 2009-12-09 20:14 -------- d-----w- c:\program files\Secret Maryo Chronicles
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-02 11:04 . 2007-11-16 14:40 -------- d-----w- c:\users\Breta\AppData\Roaming\Skype
2009-12-31 14:27 . 2009-10-19 15:37 -------- d-----w- c:\program files\TorrentMan
2009-12-29 17:59 . 2009-01-15 19:12 -------- d-----w- c:\program files\PokerStars
2009-12-29 15:21 . 2009-12-28 13:41 6032 ----a-w- c:\users\Breta\AppData\Roaming\mdbu.bin
2009-12-19 19:29 . 2009-10-28 19:27 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-19 19:28 . 2009-10-28 19:27 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-19 19:28 . 2009-10-28 19:27 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-19 19:28 . 2009-10-28 19:27 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-19 19:28 . 2009-10-28 19:27 370744 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-19 19:28 . 2009-10-28 19:27 194104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-19 19:28 . 2009-10-28 19:26 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-19 19:28 . 2009-10-28 19:26 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-19 19:28 . 2009-10-28 19:25 816272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-19 19:28 . 2009-10-28 19:25 822904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-19 19:28 . 2009-10-28 19:25 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-19 19:28 . 2009-10-28 19:25 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-19 19:28 . 2009-10-28 19:25 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-16 18:24 . 2009-05-21 17:40 -------- d-----w- c:\program files\ParadisePoker
2009-12-12 02:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-02 17:02 . 2009-10-31 19:40 -------- d-----w- c:\programdata\Norton
2009-12-02 17:02 . 2007-08-09 23:44 -------- d-----w- c:\programdata\Symantec
2009-12-02 16:44 . 2009-12-02 16:44 -------- d-----w- c:\programdata\Boss Media
2009-11-29 17:04 . 2007-08-09 23:44 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-25 15:26 . 2009-11-25 15:26 -------- d-----w- c:\program files\softendo.com
2009-11-25 12:32 . 2009-11-25 12:32 -------- d-----w- c:\program files\Mario Forever
2009-11-24 23:54 . 2007-12-31 11:45 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:50 . 2008-12-07 12:26 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-12-07 12:26 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2007-12-31 11:45 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-24 23:49 . 2007-12-31 11:45 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2007-12-31 11:45 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2007-12-31 11:45 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-22 17:17 . 2007-11-23 19:15 -------- d-----w- c:\program files\DAEMON Tools SearchBar
2009-11-21 19:30 . 2009-10-28 19:27 163728 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-11-21 19:30 . 2009-10-28 19:26 327000 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-21 19:30 . 2009-10-28 19:26 87496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-21 19:30 . 2009-10-28 19:26 641632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-02 19:42 . 2009-10-03 04:47 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41 . 2009-11-28 02:02 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-28 19:27 . 2009-10-28 19:27 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-28 19:27 . 2009-10-28 19:27 93360 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-10-28 19:27 . 2009-10-28 19:27 554280 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\sbap.dll
2009-10-28 19:27 . 2009-10-28 19:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-28 19:27 . 2009-10-28 19:27 15880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-10-28 19:27 . 2009-10-28 19:27 212480 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-10-28 19:27 . 2009-10-28 19:27 283944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-10-28 19:27 . 2009-10-28 19:27 1223976 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-10-28 19:27 . 2009-10-28 19:27 242984 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-10-18 12:09 . 2007-12-25 10:11 7154255 ----a-w- c:\users\Breta\AppData\Roaming\Azureus\plugins\azemp\azmplay.exe
2009-10-18 12:08 . 2007-12-13 14:03 175 ----a-w- c:\users\Breta\AppData\Roaming\Azureus\restart.bat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor1.dll" [2009-12-31 2166296]
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
2009-12-31 14:27 2166296 ----a-w- c:\program files\TorrentMan\tbTor1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor1.dll" [2009-12-31 2166296]
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "c:\program files\TorrentMan\tbTor1.dll" [2009-12-31 2166296]
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2007-12-15 253952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-06-14 23233576]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-29 171464]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-30 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-30 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-30 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-26 4489216]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-12 317560]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Skytel"="Skytel.exe" [2007-06-26 1826816]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-25 02:26 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
R0 BsStor;InCD Storage Helper Driver;c:\windows\System32\drivers\bsstor.sys [6.3.2008 17:23 9344]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [28.10.2009 20:27 64288]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [7.12.2008 13:26 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [7.12.2008 13:26 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [31.12.2007 12:45 53328]
R2 BsUDF;InCD UDF Driver;c:\windows\System32\drivers\bsudf.sys [6.3.2008 17:23 434944]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1181328]
R2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [4.2.2008 16:30 204800]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [9.8.2007 20:02 812544]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [23.11.2007 20:10 685816]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\System32\drivers\s1018bus.sys [13.7.2009 19:27 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\System32\drivers\s1018mdfl.sys [13.7.2009 19:27 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\System32\drivers\s1018mdm.sys [13.7.2009 19:27 122024]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [21.8.2007 14:52 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [21.8.2007 14:52 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [21.8.2007 14:52 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [21.8.2007 14:48 292152]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [4.2.2008 16:27 79136]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-02 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:28]
2010-01-02 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:28]
2010-01-02 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:28]
2010-01-02 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:28]
2010-01-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2247187
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
FF - ProfilePath - c:\users\Breta\AppData\Roaming\Mozilla\Firefox\Profiles\imntg4xa.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2247187&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2247187&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\users\Breta\AppData\Roaming\Mozilla\Firefox\Profiles\imntg4xa.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-02 12:57
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-01-02 13:01:33
ComboFix-quarantined-files.txt 2010-01-02 12:01
ComboFix2.txt 2009-10-31 14:52
ComboFix3.txt 2009-10-31 12:03
ComboFix4.txt 2009-08-15 08:25
Před spuštěním: Volných bajtů: 146 646 257 664
Po spuštění: Volných bajtů: 146 636 791 808
- - End Of File - - 9A36441D757D567F70D40CABCA2CBD1B
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2038.1047 [GMT 1:00]
Spuštěný z: c:\users\Breta\Documents\ComboFix.exe
AV: avast! antivirus 4.7.1296 [VPS 081208-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\LOG.TXT
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-02 do 2010-01-02 )))))))))))))))))))))))))))))))
.
2010-01-02 11:57 . 2010-01-02 11:57 -------- d-----w- c:\users\Breta\AppData\Local\temp
2010-01-02 11:57 . 2010-01-02 11:57 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-02 11:57 . 2010-01-02 11:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-30 00:01 . 2008-01-19 07:33 1143296 -c--a-w- c:\programdata\Microsoft\Windows\WER\ReportQueue\Report13c97732\wercon.exe
2009-12-28 12:27 . 2009-12-28 12:28 -------- d-----w- c:\users\Breta\AppData\Local\HF Designer 1.4
2009-12-28 12:27 . 2009-12-28 12:27 -------- d-----w- c:\programdata\HappyFoto
2009-12-28 12:27 . 2009-12-28 12:27 -------- d-----w- c:\program files\HappyFoto
2009-12-28 11:42 . 2009-12-28 12:23 -------- d-----w- c:\users\Breta\AppData\Roaming\Happy Foto
2009-12-28 11:42 . 2009-12-28 11:42 -------- d-----w- c:\program files\Aberger
2009-12-18 05:11 . 2009-12-18 05:11 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-12 15:14 . 2009-12-29 20:13 -------- d-----w- c:\users\Breta\AppData\Local\FullTiltPoker
2009-12-12 15:13 . 2009-12-29 20:13 -------- d-----w- c:\program files\Full Tilt Poker
2009-12-12 02:04 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-12 02:04 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-12 02:04 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-10 00:51 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2009-12-10 00:08 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2009-12-10 00:08 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2009-12-03 19:17 . 2009-12-03 19:17 -------- d-----w- c:\users\Breta\AppData\Roaming\smc
2009-12-03 19:14 . 2009-12-09 20:14 -------- d-----w- c:\program files\Secret Maryo Chronicles
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-02 11:04 . 2007-11-16 14:40 -------- d-----w- c:\users\Breta\AppData\Roaming\Skype
2009-12-31 14:27 . 2009-10-19 15:37 -------- d-----w- c:\program files\TorrentMan
2009-12-29 17:59 . 2009-01-15 19:12 -------- d-----w- c:\program files\PokerStars
2009-12-29 15:21 . 2009-12-28 13:41 6032 ----a-w- c:\users\Breta\AppData\Roaming\mdbu.bin
2009-12-19 19:29 . 2009-10-28 19:27 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-19 19:28 . 2009-10-28 19:27 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-19 19:28 . 2009-10-28 19:27 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-19 19:28 . 2009-10-28 19:27 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-19 19:28 . 2009-10-28 19:27 370744 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-19 19:28 . 2009-10-28 19:27 194104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-19 19:28 . 2009-10-28 19:26 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-19 19:28 . 2009-10-28 19:26 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-19 19:28 . 2009-10-28 19:25 816272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-19 19:28 . 2009-10-28 19:25 822904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-19 19:28 . 2009-10-28 19:25 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-19 19:28 . 2009-10-28 19:25 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-19 19:28 . 2009-10-28 19:25 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-16 18:24 . 2009-05-21 17:40 -------- d-----w- c:\program files\ParadisePoker
2009-12-12 02:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-02 17:02 . 2009-10-31 19:40 -------- d-----w- c:\programdata\Norton
2009-12-02 17:02 . 2007-08-09 23:44 -------- d-----w- c:\programdata\Symantec
2009-12-02 16:44 . 2009-12-02 16:44 -------- d-----w- c:\programdata\Boss Media
2009-11-29 17:04 . 2007-08-09 23:44 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-25 15:26 . 2009-11-25 15:26 -------- d-----w- c:\program files\softendo.com
2009-11-25 12:32 . 2009-11-25 12:32 -------- d-----w- c:\program files\Mario Forever
2009-11-24 23:54 . 2007-12-31 11:45 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:50 . 2008-12-07 12:26 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-12-07 12:26 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2007-12-31 11:45 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-24 23:49 . 2007-12-31 11:45 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2007-12-31 11:45 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2007-12-31 11:45 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-22 17:17 . 2007-11-23 19:15 -------- d-----w- c:\program files\DAEMON Tools SearchBar
2009-11-21 19:30 . 2009-10-28 19:27 163728 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-11-21 19:30 . 2009-10-28 19:26 327000 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-21 19:30 . 2009-10-28 19:26 87496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-21 19:30 . 2009-10-28 19:26 641632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-02 19:42 . 2009-10-03 04:47 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41 . 2009-11-28 02:02 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-28 19:27 . 2009-10-28 19:27 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-28 19:27 . 2009-10-28 19:27 93360 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-10-28 19:27 . 2009-10-28 19:27 554280 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\sbap.dll
2009-10-28 19:27 . 2009-10-28 19:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-28 19:27 . 2009-10-28 19:27 15880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-10-28 19:27 . 2009-10-28 19:27 212480 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-10-28 19:27 . 2009-10-28 19:27 283944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-10-28 19:27 . 2009-10-28 19:27 1223976 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-10-28 19:27 . 2009-10-28 19:27 242984 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-10-18 12:09 . 2007-12-25 10:11 7154255 ----a-w- c:\users\Breta\AppData\Roaming\Azureus\plugins\azemp\azmplay.exe
2009-10-18 12:08 . 2007-12-13 14:03 175 ----a-w- c:\users\Breta\AppData\Roaming\Azureus\restart.bat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor1.dll" [2009-12-31 2166296]
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
2009-12-31 14:27 2166296 ----a-w- c:\program files\TorrentMan\tbTor1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor1.dll" [2009-12-31 2166296]
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "c:\program files\TorrentMan\tbTor1.dll" [2009-12-31 2166296]
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2007-12-15 253952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-06-14 23233576]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-29 171464]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-30 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-30 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-30 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-26 4489216]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-12 317560]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Skytel"="Skytel.exe" [2007-06-26 1826816]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-25 02:26 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
R0 BsStor;InCD Storage Helper Driver;c:\windows\System32\drivers\bsstor.sys [6.3.2008 17:23 9344]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [28.10.2009 20:27 64288]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [7.12.2008 13:26 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [7.12.2008 13:26 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [31.12.2007 12:45 53328]
R2 BsUDF;InCD UDF Driver;c:\windows\System32\drivers\bsudf.sys [6.3.2008 17:23 434944]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1181328]
R2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [4.2.2008 16:30 204800]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [9.8.2007 20:02 812544]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [23.11.2007 20:10 685816]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\System32\drivers\s1018bus.sys [13.7.2009 19:27 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\System32\drivers\s1018mdfl.sys [13.7.2009 19:27 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\System32\drivers\s1018mdm.sys [13.7.2009 19:27 122024]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [21.8.2007 14:52 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [21.8.2007 14:52 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [21.8.2007 14:52 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [21.8.2007 14:48 292152]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [4.2.2008 16:27 79136]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-02 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:28]
2010-01-02 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:28]
2010-01-02 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:28]
2010-01-02 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:28]
2010-01-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2247187
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
FF - ProfilePath - c:\users\Breta\AppData\Roaming\Mozilla\Firefox\Profiles\imntg4xa.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2247187&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2247187&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\users\Breta\AppData\Roaming\Mozilla\Firefox\Profiles\imntg4xa.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-02 12:57
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-01-02 13:01:33
ComboFix-quarantined-files.txt 2010-01-02 12:01
ComboFix2.txt 2009-10-31 14:52
ComboFix3.txt 2009-10-31 12:03
ComboFix4.txt 2009-08-15 08:25
Před spuštěním: Volných bajtů: 146 646 257 664
Po spuštění: Volných bajtů: 146 636 791 808
- - End Of File - - 9A36441D757D567F70D40CABCA2CBD1B