Zdravím a prosím o kontrolu logu. Po přihlášení počítač pomalu nabíhá, měl jsem nainstalovány Fences a nedaří se mi odinstalovat, z plochy nelze mazat soubory ani složky. Díky moc!
Logfile of random's system information tool 1.06 (written by random/random)
Run by Photon at 2010-01-18 17:49:57
Microsoft® Windows Vista™ Business Service Pack 2, v.113
System drive C: has 29 GB (27%) free of 106 GB
Total RAM: 3326 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:51, on 18.1.2010
Platform: Windows Vista SP2, v.113 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\EPU-WS Engine\SixEngine.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Windows\mHotkey.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\QuickGamma\QuickGammaResume.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Photon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Photon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Photon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Photon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Photon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Photon\AppData\Local\Google\Chrome\Application\chrome.exe
D:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Photon.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [RtHDVCpl] "C:\Windows\RtHDVCpl.exe"
O4 - HKLM\..\Run: [Skytel] "C:\Windows\Skytel.exe"
O4 - HKLM\..\Run: [WheelMouse] "C:\Program Files\A4Tech\Mouse\Amoumain.exe"
O4 - HKLM\..\Run: [CHotkey] "C:\Windows\mHotkey.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [FontExpertType1Loader] "C:\Program Files\FontExpert\Type1Loader.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [Google Update] "C:\Users\Photon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [QuickGammaLoader] C:\Program Files\QuickGamma\QuickGammaLoader.exe
O4 - HKCU\..\Run: [QuickGammaResume] C:\Program Files\QuickGamma\QuickGammaResume.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll C:\Windows\system32\guard32.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\SYSTEM32\astsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IPCLAMP by cebas Computer GmbH (IPClampService) - Unknown owner - C:\PROGRA~1\cebas\ip-clamp\ipclamp.exe
O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe (file missing)
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 10389 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2330161282-2524942542-2077496310-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2330161282-2524942542-2077496310-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{39C786C8-8DA4-4132-8487-F8F9BE873AF3}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{601ED020-FB6C-11D3-87D8-0050DA59922B}]
WsftpBrowserHelper Class - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll [2004-08-18 118830]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-05-20 6144000]
"Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816]
"WheelMouse"=C:\Program Files\A4Tech\Mouse\Amoumain.exe [2007-05-15 204800]
"CHotkey"=C:\Windows\mHotkey.exe [2002-07-05 491008]
"COMODO Firewall Pro"=C:\Program Files\COMODO\Firewall\cfp.exe [2010-01-18 1800464]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2009-02-27 38768]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2009-02-27 640376]
"FontExpertType1Loader"=C:\Program Files\FontExpert\Type1Loader.exe [2009-03-03 294152]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Adobe_ID0ENQBO"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE [2008-08-15 378224]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-14 98304]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"COMODO Internet Security"=C:\Program Files\COMODO\Firewall\cfp.exe [2010-01-18 1800464]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Photon\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-09 133104]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2008-06-10 2645528]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-09-04 25623336]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"QuickGammaLoader"=C:\Program Files\QuickGamma\QuickGammaLoader.exe [2009-08-14 98816]
"QuickGammaResume"=C:\Program Files\QuickGamma\QuickGammaResume.exe [2009-08-14 98816]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
?????? []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" acaptuser32.dll C:\Windows\system32\guard32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll [2009-10-02 128360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{806aec2c-a15a-11de-944b-002215531446}]
shell\AutoRun\command - I:\AutoTransfer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0e0f60b-fce6-11dd-9361-002215531318}]
shell\AutoRun\command - H:\Donald_Duck.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbe2cb10-2840-11de-bd74-002215531446}]
shell\AutoRun\command - I:\LaunchU3.exe -a
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - %SystemRoot%\System32\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-01-18 17:13:09 ----A---- C:\Windows\ntbtlog.txt
2010-01-18 16:00:43 ----D---- C:\rsit
2010-01-18 15:28:35 ----HDC---- C:\ProgramData\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2010-01-18 14:43:41 ----HDC---- C:\ProgramData\{5F45A6CC-3DA5-4253-9769-87318172490F}
2010-01-16 12:08:38 ----D---- C:\Windows\Sun
2010-01-04 16:47:21 ----A---- C:\Windows\system32\ASTSRV.EXE
2010-01-04 16:46:33 ----D---- C:\ProgramData\onOne Software
2010-01-04 00:19:56 ----D---- C:\Program Files\WIBU-SYSTEMS
2010-01-04 00:19:56 ----D---- C:\Program Files\WIBUKEY
2010-01-04 00:18:06 ----D---- C:\Program Files\Chaos Group
2010-01-03 23:19:29 ----D---- C:\Program Files\Common Files\Autodesk Shared
2010-01-03 23:17:41 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2010-01-03 23:17:40 ----A---- C:\Windows\system32\XAudio2_2.dll
2010-01-03 23:17:39 ----A---- C:\Windows\system32\xactengine3_2.dll
2010-01-03 23:17:39 ----A---- C:\Windows\system32\D3DX9_39.dll
2010-01-03 23:17:39 ----A---- C:\Windows\system32\d3dx10_39.dll
2010-01-03 23:17:39 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2010-01-03 23:17:37 ----A---- C:\Windows\system32\d3dx9_34.dll
2009-12-24 23:04:23 ----D---- C:\Program Files\TopCD
2009-12-20 02:04:30 ----D---- C:\Program Files\AviFixJoiner
2009-12-20 01:59:46 ----D---- C:\Users\Photon\AppData\Roaming\DivX
======List of files/folders modified in the last 1 months======
2010-01-18 17:50:02 ----D---- C:\Windows\temp
2010-01-18 17:28:49 ----D---- C:\Users\Photon\AppData\Roaming\Skype
2010-01-18 17:13:09 ----AD---- C:\Windows
2010-01-18 16:29:04 ----D---- C:\Windows\System32
2010-01-18 16:09:09 ----RD---- C:\Program Files
2010-01-18 16:07:03 ----D---- C:\Windows\system32\drivers
2010-01-18 15:56:16 ----A---- C:\Windows\system32\guard32.dll
2010-01-18 15:28:42 ----RSD---- C:\Windows\assembly
2010-01-18 15:28:35 ----SHD---- C:\Windows\Installer
2010-01-18 15:28:35 ----SHD---- C:\Config.Msi
2010-01-18 15:28:35 ----HD---- C:\ProgramData
2010-01-18 15:28:34 ----D---- C:\Program Files\Stardock
2010-01-18 14:44:36 ----D---- C:\Windows\Microsoft.NET
2010-01-18 14:44:22 ----D---- C:\Windows\Prefetch
2010-01-18 14:19:55 ----D---- C:\Users\Photon\AppData\Roaming\skypePM
2010-01-17 14:40:55 ----SHD---- C:\System Volume Information
2010-01-16 14:27:10 ----D---- C:\Users\Photon\AppData\Roaming\uTorrent
2010-01-13 19:01:57 ----D---- C:\Windows\inf
2010-01-13 19:01:57 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-07 19:35:44 ----D---- C:\Windows\system32\catroot2
2010-01-04 16:46:31 ----D---- C:\Users\Photon\AppData\Roaming\Adobe
2010-01-04 16:46:27 ----D---- C:\Program Files\onOne Software
2010-01-04 16:46:26 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-04 00:18:09 ----D---- C:\Program Files\Common Files\ChaosGroup
2010-01-03 23:48:33 ----D---- C:\Program Files\Google
2010-01-03 23:47:36 ----D---- C:\Windows\Tasks
2010-01-03 23:47:36 ----D---- C:\Windows\system32\Tasks
2010-01-03 23:31:10 ----D---- C:\ProgramData\FLEXnet
2010-01-03 23:19:29 ----D---- C:\Program Files\Common Files
2010-01-03 23:18:32 ----D---- C:\ProgramData\Autodesk
2010-01-03 23:18:32 ----D---- C:\Program Files\Autodesk
2010-01-03 23:16:58 ----D---- C:\Windows\Logs
2010-01-03 23:16:46 ----D---- C:\Windows\winsxs
2010-01-02 15:35:18 ----D---- C:\ProgramData\TrackMania
2009-12-30 09:54:25 ----D---- C:\Windows\system32\WDI
2009-12-29 23:42:43 ----D---- C:\Windows\Minidump
2009-12-24 10:27:43 ----D---- C:\Downloads
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Amfilter;A4Tech Mouse Filter Driver; C:\Windows\system32\DRIVERS\Amfilter.sys [2007-05-15 9216]
R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2010-01-18 128376]
R1 cmdHlp;COMODO Firewall Pro Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2010-01-18 29520]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-10-17 351744]
R1 Inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2010-01-18 74328]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-06-12 28520]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-08 56816]
R2 Hardlock;Hardlock; C:\Windows\system32\drivers\hardlock.sys [2006-11-22 693760]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2006-11-10 18688]
R3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\Windows\system32\DRIVERS\Amusbprt.sys [2007-05-15 14336]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-06-29 100368]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-15 5068800]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-05-20 2143136]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-18 7680]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-01-20 142848]
R3 ULCDRHlp;ULCDRHlp; C:\Windows\System32\Drivers\ULCDRHlp.sys [2004-12-23 27392]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2008-01-24 19336]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2008-01-24 48904]
S1 ATITool;ATITool Overclocking Utility; C:\Windows\system32\DRIVERS\ATITool.sys [2005-09-26 24064]
S3 AF15BDA;AF9015 BDA Filter; C:\Windows\system32\DRIVERS\AF15BDA.sys [2007-12-06 327296]
S3 aw9ycp7k;aw9ycp7k; C:\Windows\system32\drivers\aw9ycp7k.sys []
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\Windows\system32\drivers\BVRPMPR5.SYS [2008-06-18 49904]
S3 catchme;catchme; \??\C:\Combo-Fix\catchme.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2008-04-22 27672]
S3 epmntdrv;epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [2008-11-25 9728]
S3 EuGdiDrv;EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [2008-11-25 3072]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2009-01-03 10976]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2009-01-03 22368]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2008-10-17 236544]
S3 MA-620;Mobile Action MA-660 USB Infrared Adapter; C:\Windows\system32\DRIVERS\MA-620.sys [2006-04-08 27136]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0); C:\Windows\system32\DRIVERS\RtTeam60.sys [2007-12-04 33792]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0); C:\Windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 19968]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\Windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\Windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\Windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM); C:\Windows\system32\DRIVERS\s0017bus.sys [2008-05-27 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s0017mdfl.sys [2008-05-27 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s0017mdm.sys [2008-05-27 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s0017mgmt.sys [2008-05-27 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS); C:\Windows\system32\DRIVERS\s0017nd5.sys [2008-05-27 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s0017obex.sys [2008-05-27 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM); C:\Windows\system32\DRIVERS\s0017unic.sys [2008-05-27 117672]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0); C:\Windows\system32\DRIVERS\RtTeam60.sys [2007-12-04 33792]
S3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2008-01-24 28168]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\Windows\system32\drivers\WmHidLo.sys [2008-01-24 29192]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2008-01-24 14728]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-07-15 172032]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-12 108289]
R2 astcc;AST Service; C:\Windows\SYSTEM32\astsrv.exe [2008-11-26 57344]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\Firewall\cmdagent.exe [2010-01-18 723632]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2007-10-16 1094936]
R2 DUMeterSvc;DU Meter Service; C:\Program Files\DU Meter\DUMeterSvc.exe [2008-06-08 1386008]
R2 IPClampService;IPCLAMP by cebas Computer GmbH; C:\PROGRA~1\cebas\ip-clamp\ipclamp.exe [2007-11-20 45700]
R2 iprip;@%Systemroot%\system32\iprip.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Marvell RAID;Marvell RAID Event Agent; C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe [2007-09-06 57344]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit; C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-12 86016]
R2 MRUWebService;MRU Web Service; C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe [2007-06-18 20539]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2009-05-22 241734]
R2 SNMP;@%SystemRoot%\system32\snmp.exe,-3; C:\Windows\System32\snmp.exe [2008-01-21 47616]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-02-22 2217416]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-03 135664]
S2 mi-raysat_3dsMax2008_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit; C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe []
S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-09-24 34312]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-21 523776]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-29 655624]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-10-17 918016]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S4 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118251
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
Díky. ComboFix sem spustil, ale měl jsem instalovanej Comodo firewall a Aviru antivir, takže se do toho asi vkládaly. Takže sem dávám log, kterej mi to hodilo a jdu spustit ComboFix znovu, teď už s odinstalovaným firewallem i antivirem.
ComboFix 10-01-17.04 - Photon 18.01.2010 18:24:41.3.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.420.1029.18.3326.2410 [GMT 1:00]
Spuštěný z: c:\users\Photon\Desktop\ComboFix.exe
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\twain_32.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_iprip
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-18 do 2010-01-18 )))))))))))))))))))))))))))))))
.
V tomto časovém úseku nebyly vytvořeny žádné nové soubory.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-18 17:52 . 2008-09-22 23:48 8 ----a-w- c:\windows\mvraidver.dat
2010-01-18 16:28 . 2008-09-28 15:58 -------- d-----w- c:\users\Photon\AppData\Roaming\Skype
2010-01-18 14:56 . 2008-10-03 07:49 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-01-18 14:56 . 2008-10-03 07:49 171552 ----a-w- c:\windows\system32\guard32.dll
2010-01-18 14:56 . 2008-10-03 07:49 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-01-18 14:56 . 2008-10-03 07:49 128376 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-01-18 14:28 . 2010-01-18 14:28 -------- dc-h--w- c:\programdata\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2010-01-18 14:28 . 2009-09-22 20:50 -------- d-----w- c:\program files\Stardock
2010-01-18 13:44 . 2010-01-18 13:43 -------- dc-h--w- c:\programdata\{5F45A6CC-3DA5-4253-9769-87318172490F}
2010-01-18 13:19 . 2008-09-28 16:03 -------- d-----w- c:\users\Photon\AppData\Roaming\skypePM
2010-01-16 13:27 . 2008-09-26 14:54 -------- d-----w- c:\users\Photon\AppData\Roaming\uTorrent
2010-01-14 13:14 . 2009-12-24 22:04 -------- d-----w- c:\program files\TopCD
2010-01-14 12:04 . 2008-09-23 13:35 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2010-01-13 18:01 . 2008-01-21 06:01 639010 ----a-w- c:\windows\system32\perfh005.dat
2010-01-13 18:01 . 2008-01-21 06:01 135772 ----a-w- c:\windows\system32\perfc005.dat
2010-01-10 13:38 . 2008-09-22 23:26 156072 ----a-w- c:\users\Photon\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-04 15:46 . 2010-01-04 15:46 -------- d-----w- c:\programdata\onOne Software
2010-01-04 15:46 . 2008-10-29 15:44 -------- d-----w- c:\program files\onOne Software
2010-01-04 15:46 . 2008-09-22 23:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-03 23:19 . 2010-01-03 23:19 -------- d-----w- c:\program files\WIBUKEY
2010-01-03 23:19 . 2010-01-03 23:19 -------- d-----w- c:\program files\WIBU-SYSTEMS
2010-01-03 23:18 . 2008-11-12 22:28 -------- d-----w- c:\program files\Common Files\ChaosGroup
2010-01-03 23:18 . 2010-01-03 23:18 -------- d-----w- c:\program files\Chaos Group
2010-01-03 22:48 . 2008-09-24 11:52 -------- d-----w- c:\program files\Google
2010-01-03 22:31 . 2008-09-24 13:14 -------- d-----w- c:\programdata\FLEXnet
2010-01-03 22:20 . 2010-01-03 22:19 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-01-03 22:18 . 2008-09-23 15:20 -------- d-----w- c:\programdata\Autodesk
2010-01-03 22:18 . 2008-09-23 15:19 -------- d-----w- c:\program files\Autodesk
2010-01-02 14:35 . 2008-09-23 10:06 -------- d-----w- c:\programdata\TrackMania
2009-12-27 13:19 . 2009-12-20 00:59 -------- d-----w- c:\users\Photon\AppData\Roaming\DivX
2009-12-20 01:04 . 2009-12-20 01:04 -------- d-----w- c:\program files\AviFixJoiner
2009-12-08 09:17 . 2009-05-28 13:57 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-28 22:14 . 2009-11-28 22:12 -------- d-----w- c:\program files\DivX
2009-11-28 22:13 . 2009-08-06 13:29 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-11-28 22:13 . 2009-11-28 22:12 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-22 13:47 . 2009-11-22 13:47 -------- d-----w- c:\users\Photon\AppData\Roaming\ColorSchemer
2009-11-22 13:46 . 2009-11-22 13:46 -------- d-----w- c:\program files\ColorSchemer Studio 2
2009-11-14 00:49 . 2009-02-24 12:53 129784 ------w- c:\windows\system32\pxafs.dll
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-02 19:42 . 2009-10-04 12:47 195456 ------w- c:\windows\system32\MpSigStub.exe
2007-03-09 07:12 . 2007-03-09 07:12 27648 --sha-w- c:\windows\System32\AVSredirect.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Photon\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-10-09 133104]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2008-06-10 2645528]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-04 25623336]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"QuickGammaLoader"="c:\program files\QuickGamma\QuickGammaLoader.exe" [2009-08-14 98816]
"QuickGammaResume"="c:\program files\QuickGamma\QuickGammaResume.exe" [2009-08-14 98816]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\windows\RtHDVCpl.exe" [2008-05-20 6144000]
"Skytel"="c:\windows\Skytel.exe" [2007-11-20 1826816]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"CHotkey"="c:\windows\mHotkey.exe" [2002-07-05 491008]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2010-01-18 1800464]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"FontExpertType1Loader"="c:\program files\FontExpert\Type1Loader.exe" [2009-03-03 294152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-14 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"COMODO Internet Security"="c:\program files\COMODO\Firewall\cfp.exe" [2010-01-18 1800464]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll c:\windows\System32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
R0 mv61xx;mv61xx;c:\windows\System32\drivers\mv61xx.sys [23.9.2008 0:46 143360]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [3.10.2008 8:49 128376]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [3.10.2008 8:49 29520]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [15.7.2009 3:14 172032]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [28.5.2009 14:54 108289]
R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [5.7.2009 13:16 1386008]
R2 IPClampService;IPCLAMP by cebas Computer GmbH;c:\progra~1\cebas\ip-clamp\ipclamp.exe [7.9.2009 13:05 45700]
R2 Marvell RAID;Marvell RAID Event Agent;c:\program files\Marvell\61xx\svc\mvraidsvc.exe [6.9.2007 0:15 57344]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [12.3.2009 17:36 86016]
R2 MRUWebService;MRU Web Service;c:\program files\Marvell\61xx\Apache2\bin\Apache.exe [18.6.2007 21:33 20539]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3.1.2010 23:47 135664]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15.8.2008 4:46 284016]
S3 epmntdrv;epmntdrv;c:\windows\System32\epmntdrv.sys [4.2.2009 1:33 9728]
S3 EuGdiDrv;EuGdiDrv;c:\windows\System32\EuGdiDrv.sys [4.2.2009 1:33 3072]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [3.1.2009 1:41 10976]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\System32\drivers\RtTeam60.sys [23.9.2008 0:44 33792]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0);c:\windows\System32\drivers\RtVlan60.sys [23.9.2008 0:45 19968]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\System32\drivers\s0016bus.sys [3.1.2009 1:15 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\System32\drivers\s0016mdfl.sys [3.1.2009 1:15 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\System32\drivers\s0016mdm.sys [3.1.2009 1:15 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0016mgmt.sys [3.1.2009 1:15 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\System32\drivers\s0016nd5.sys [3.1.2009 1:15 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\System32\drivers\s0016obex.sys [3.1.2009 1:15 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\System32\drivers\s0016unic.sys [3.1.2009 1:15 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\System32\drivers\s0017bus.sys [3.1.2009 1:15 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\System32\drivers\s0017mdfl.sys [3.1.2009 1:15 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\System32\drivers\s0017mdm.sys [3.1.2009 1:15 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0017mgmt.sys [3.1.2009 1:15 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\System32\drivers\s0017nd5.sys [3.1.2009 1:15 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\System32\drivers\s0017obex.sys [3.1.2009 1:15 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\System32\drivers\s0017unic.sys [3.1.2009 1:15 117672]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\System32\drivers\RtTeam60.sys [23.9.2008 0:44 33792]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\System32\drivers\teamviewervpn.sys [25.1.2008 10:12 25088]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [6.8.2009 12:44 721904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
ipripsvc REG_MULTI_SZ iprip
.
Obsah adresáře 'Naplánované úlohy'
2010-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 22:47]
2010-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 22:47]
2010-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2330161282-2524942542-2077496310-1000Core.job
- c:\users\Photon\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-09 14:00]
2010-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2330161282-2524942542-2077496310-1000UA.job
- c:\users\Photon\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-09 14:00]
2010-01-18 c:\windows\Tasks\User_Feed_Synchronization-{39C786C8-8DA4-4132-8487-F8F9BE873AF3}.job
- c:\windows\system32\msfeedssync.exe [2009-03-29 11:31]
.
.
------- Doplňkový sken -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: gemoney.cz\www
Trusted Zone: internetbanka.cz\ibs
Trusted Zone: internetbanka.cz\ra
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-V-Ray for 3dsmax 2010 for x86 - c:\program files\Chaos Group\V-Ray\3dsmax 2010 for x86\uninstall\wininstaller.exe-uninstall=c:\program files\Chaos Group\V-Ray\3dsmax 2010 for x86\uninstall\install.log
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-18 18:53
Windows 6.0.6002 Service Pack 2, v.113 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2330161282-2524942542-2077496310-1000\Software\SecuROM\License information*]
"datasecu"=hex:4b,9f,5d,8f,fb,9b,5f,41,98,ba,b5,67,f7,f8,09,66,9b,3c,55,93,05,
e2,ff,02,b4,f1,8f,01,61,25,28,0c,0b,9e,64,aa,f8,60,d1,96,c1,73,4b,00,54,61,\
"rkeysecu"=hex:b6,95,46,f9,7c,52,23,65,6f,15,47,f1,22,33,84,b7
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(352)
c:\program files\Common Files\onOne Software Shared\lt_lib_gf_iconShellEx.dll
c:\program files\Common Files\onOne Software Shared\lt_lib_gf_thumbShellEx.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\ASUS\EPU-WS Engine\SixEngine.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\SYSTEM32\astsrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\snmp.exe
c:\program files\Secunia\PSI\psi.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Celkový čas: 2010-01-18 19:06:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-18 18:06
ComboFix2.txt 2009-02-03 21:37
ComboFix3.txt 2009-02-03 20:27
Před spuštěním: Volných bajtů: 32 557 326 336
Po spuštění: Volných bajtů: 32 902 610 944
- - End Of File - - 1F24696300FE02C4570AA7E57F2D0BC8
ComboFix 10-01-17.04 - Photon 18.01.2010 18:24:41.3.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.420.1029.18.3326.2410 [GMT 1:00]
Spuštěný z: c:\users\Photon\Desktop\ComboFix.exe
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\twain_32.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_iprip
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-18 do 2010-01-18 )))))))))))))))))))))))))))))))
.
V tomto časovém úseku nebyly vytvořeny žádné nové soubory.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-18 17:52 . 2008-09-22 23:48 8 ----a-w- c:\windows\mvraidver.dat
2010-01-18 16:28 . 2008-09-28 15:58 -------- d-----w- c:\users\Photon\AppData\Roaming\Skype
2010-01-18 14:56 . 2008-10-03 07:49 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-01-18 14:56 . 2008-10-03 07:49 171552 ----a-w- c:\windows\system32\guard32.dll
2010-01-18 14:56 . 2008-10-03 07:49 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-01-18 14:56 . 2008-10-03 07:49 128376 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-01-18 14:28 . 2010-01-18 14:28 -------- dc-h--w- c:\programdata\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2010-01-18 14:28 . 2009-09-22 20:50 -------- d-----w- c:\program files\Stardock
2010-01-18 13:44 . 2010-01-18 13:43 -------- dc-h--w- c:\programdata\{5F45A6CC-3DA5-4253-9769-87318172490F}
2010-01-18 13:19 . 2008-09-28 16:03 -------- d-----w- c:\users\Photon\AppData\Roaming\skypePM
2010-01-16 13:27 . 2008-09-26 14:54 -------- d-----w- c:\users\Photon\AppData\Roaming\uTorrent
2010-01-14 13:14 . 2009-12-24 22:04 -------- d-----w- c:\program files\TopCD
2010-01-14 12:04 . 2008-09-23 13:35 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2010-01-13 18:01 . 2008-01-21 06:01 639010 ----a-w- c:\windows\system32\perfh005.dat
2010-01-13 18:01 . 2008-01-21 06:01 135772 ----a-w- c:\windows\system32\perfc005.dat
2010-01-10 13:38 . 2008-09-22 23:26 156072 ----a-w- c:\users\Photon\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-04 15:46 . 2010-01-04 15:46 -------- d-----w- c:\programdata\onOne Software
2010-01-04 15:46 . 2008-10-29 15:44 -------- d-----w- c:\program files\onOne Software
2010-01-04 15:46 . 2008-09-22 23:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-03 23:19 . 2010-01-03 23:19 -------- d-----w- c:\program files\WIBUKEY
2010-01-03 23:19 . 2010-01-03 23:19 -------- d-----w- c:\program files\WIBU-SYSTEMS
2010-01-03 23:18 . 2008-11-12 22:28 -------- d-----w- c:\program files\Common Files\ChaosGroup
2010-01-03 23:18 . 2010-01-03 23:18 -------- d-----w- c:\program files\Chaos Group
2010-01-03 22:48 . 2008-09-24 11:52 -------- d-----w- c:\program files\Google
2010-01-03 22:31 . 2008-09-24 13:14 -------- d-----w- c:\programdata\FLEXnet
2010-01-03 22:20 . 2010-01-03 22:19 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-01-03 22:18 . 2008-09-23 15:20 -------- d-----w- c:\programdata\Autodesk
2010-01-03 22:18 . 2008-09-23 15:19 -------- d-----w- c:\program files\Autodesk
2010-01-02 14:35 . 2008-09-23 10:06 -------- d-----w- c:\programdata\TrackMania
2009-12-27 13:19 . 2009-12-20 00:59 -------- d-----w- c:\users\Photon\AppData\Roaming\DivX
2009-12-20 01:04 . 2009-12-20 01:04 -------- d-----w- c:\program files\AviFixJoiner
2009-12-08 09:17 . 2009-05-28 13:57 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-28 22:14 . 2009-11-28 22:12 -------- d-----w- c:\program files\DivX
2009-11-28 22:13 . 2009-08-06 13:29 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-11-28 22:13 . 2009-11-28 22:12 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-22 13:47 . 2009-11-22 13:47 -------- d-----w- c:\users\Photon\AppData\Roaming\ColorSchemer
2009-11-22 13:46 . 2009-11-22 13:46 -------- d-----w- c:\program files\ColorSchemer Studio 2
2009-11-14 00:49 . 2009-02-24 12:53 129784 ------w- c:\windows\system32\pxafs.dll
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-02 19:42 . 2009-10-04 12:47 195456 ------w- c:\windows\system32\MpSigStub.exe
2007-03-09 07:12 . 2007-03-09 07:12 27648 --sha-w- c:\windows\System32\AVSredirect.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Photon\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-10-09 133104]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2008-06-10 2645528]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-04 25623336]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"QuickGammaLoader"="c:\program files\QuickGamma\QuickGammaLoader.exe" [2009-08-14 98816]
"QuickGammaResume"="c:\program files\QuickGamma\QuickGammaResume.exe" [2009-08-14 98816]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\windows\RtHDVCpl.exe" [2008-05-20 6144000]
"Skytel"="c:\windows\Skytel.exe" [2007-11-20 1826816]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"CHotkey"="c:\windows\mHotkey.exe" [2002-07-05 491008]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2010-01-18 1800464]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"FontExpertType1Loader"="c:\program files\FontExpert\Type1Loader.exe" [2009-03-03 294152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-14 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"COMODO Internet Security"="c:\program files\COMODO\Firewall\cfp.exe" [2010-01-18 1800464]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll c:\windows\System32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
R0 mv61xx;mv61xx;c:\windows\System32\drivers\mv61xx.sys [23.9.2008 0:46 143360]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [3.10.2008 8:49 128376]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [3.10.2008 8:49 29520]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [15.7.2009 3:14 172032]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [28.5.2009 14:54 108289]
R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [5.7.2009 13:16 1386008]
R2 IPClampService;IPCLAMP by cebas Computer GmbH;c:\progra~1\cebas\ip-clamp\ipclamp.exe [7.9.2009 13:05 45700]
R2 Marvell RAID;Marvell RAID Event Agent;c:\program files\Marvell\61xx\svc\mvraidsvc.exe [6.9.2007 0:15 57344]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [12.3.2009 17:36 86016]
R2 MRUWebService;MRU Web Service;c:\program files\Marvell\61xx\Apache2\bin\Apache.exe [18.6.2007 21:33 20539]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3.1.2010 23:47 135664]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15.8.2008 4:46 284016]
S3 epmntdrv;epmntdrv;c:\windows\System32\epmntdrv.sys [4.2.2009 1:33 9728]
S3 EuGdiDrv;EuGdiDrv;c:\windows\System32\EuGdiDrv.sys [4.2.2009 1:33 3072]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [3.1.2009 1:41 10976]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\System32\drivers\RtTeam60.sys [23.9.2008 0:44 33792]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0);c:\windows\System32\drivers\RtVlan60.sys [23.9.2008 0:45 19968]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\System32\drivers\s0016bus.sys [3.1.2009 1:15 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\System32\drivers\s0016mdfl.sys [3.1.2009 1:15 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\System32\drivers\s0016mdm.sys [3.1.2009 1:15 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0016mgmt.sys [3.1.2009 1:15 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\System32\drivers\s0016nd5.sys [3.1.2009 1:15 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\System32\drivers\s0016obex.sys [3.1.2009 1:15 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\System32\drivers\s0016unic.sys [3.1.2009 1:15 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\System32\drivers\s0017bus.sys [3.1.2009 1:15 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\System32\drivers\s0017mdfl.sys [3.1.2009 1:15 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\System32\drivers\s0017mdm.sys [3.1.2009 1:15 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0017mgmt.sys [3.1.2009 1:15 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\System32\drivers\s0017nd5.sys [3.1.2009 1:15 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\System32\drivers\s0017obex.sys [3.1.2009 1:15 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\System32\drivers\s0017unic.sys [3.1.2009 1:15 117672]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\System32\drivers\RtTeam60.sys [23.9.2008 0:44 33792]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\System32\drivers\teamviewervpn.sys [25.1.2008 10:12 25088]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [6.8.2009 12:44 721904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
ipripsvc REG_MULTI_SZ iprip
.
Obsah adresáře 'Naplánované úlohy'
2010-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 22:47]
2010-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 22:47]
2010-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2330161282-2524942542-2077496310-1000Core.job
- c:\users\Photon\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-09 14:00]
2010-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2330161282-2524942542-2077496310-1000UA.job
- c:\users\Photon\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-09 14:00]
2010-01-18 c:\windows\Tasks\User_Feed_Synchronization-{39C786C8-8DA4-4132-8487-F8F9BE873AF3}.job
- c:\windows\system32\msfeedssync.exe [2009-03-29 11:31]
.
.
------- Doplňkový sken -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: gemoney.cz\www
Trusted Zone: internetbanka.cz\ibs
Trusted Zone: internetbanka.cz\ra
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-V-Ray for 3dsmax 2010 for x86 - c:\program files\Chaos Group\V-Ray\3dsmax 2010 for x86\uninstall\wininstaller.exe-uninstall=c:\program files\Chaos Group\V-Ray\3dsmax 2010 for x86\uninstall\install.log
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-18 18:53
Windows 6.0.6002 Service Pack 2, v.113 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2330161282-2524942542-2077496310-1000\Software\SecuROM\License information*]
"datasecu"=hex:4b,9f,5d,8f,fb,9b,5f,41,98,ba,b5,67,f7,f8,09,66,9b,3c,55,93,05,
e2,ff,02,b4,f1,8f,01,61,25,28,0c,0b,9e,64,aa,f8,60,d1,96,c1,73,4b,00,54,61,\
"rkeysecu"=hex:b6,95,46,f9,7c,52,23,65,6f,15,47,f1,22,33,84,b7
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(352)
c:\program files\Common Files\onOne Software Shared\lt_lib_gf_iconShellEx.dll
c:\program files\Common Files\onOne Software Shared\lt_lib_gf_thumbShellEx.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\ASUS\EPU-WS Engine\SixEngine.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\SYSTEM32\astsrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\snmp.exe
c:\program files\Secunia\PSI\psi.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Celkový čas: 2010-01-18 19:06:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-18 18:06
ComboFix2.txt 2009-02-03 21:37
ComboFix3.txt 2009-02-03 20:27
Před spuštěním: Volných bajtů: 32 557 326 336
Po spuštění: Volných bajtů: 32 902 610 944
- - End Of File - - 1F24696300FE02C4570AA7E57F2D0BC8
Re: Prosím o kontrolu logu
Tak ten první Combofix trval asi hodinu, teď to bylo za pár minut. Tady je:
ComboFix 10-01-17.04 - Photon 18.01.2010 19:24:21.4.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.420.1029.18.3326.2197 [GMT 1:00]
Spuštěný z: c:\users\Photon\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-18 do 2010-01-18 )))))))))))))))))))))))))))))))
.
2010-01-18 18:30 . 2010-01-18 18:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-18 18:30 . 2010-01-18 18:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-18 17:50 . 2010-01-18 18:30 -------- d-----w- c:\users\Photon\AppData\Local\temp
2010-01-18 15:00 . 2010-01-18 15:00 -------- d-----w- C:\rsit
2010-01-18 14:28 . 2010-01-18 14:28 -------- dc-h--w- c:\programdata\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2010-01-18 14:28 . 2009-10-02 17:59 3254528 -c--a-w- c:\programdata\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}\Fences.exe
2010-01-18 13:44 . 2010-01-13 18:55 3143696 -c--a-w- c:\programdata\{5F45A6CC-3DA5-4253-9769-87318172490F}\Impulse_setup.exe
2010-01-16 11:08 . 2010-01-16 11:08 -------- d-----w- c:\windows\Sun
2010-01-04 15:47 . 2008-11-26 11:12 399114 ----a-w- c:\users\Photon\AppData\Roaming\Adobe\Lightroom\Modules\GenuineFractals6.lrplugin\win32\LaunchGF6.exe
2010-01-04 15:47 . 2008-11-26 11:12 393216 ----a-w- c:\users\Photon\AppData\Roaming\Adobe\Lightroom\Modules\GenuineFractals6.lrplugin\win32\GFPalette.exe
2010-01-04 15:47 . 2008-11-26 11:12 159744 ----a-w- c:\users\Photon\AppData\Roaming\Adobe\Lightroom\Modules\GenuineFractals6.lrplugin\win32\OnOneWidgets.dll
2010-01-04 15:47 . 2008-11-26 11:12 57344 ----a-w- c:\windows\system32\ASTSRV.EXE
2010-01-04 15:46 . 2010-01-04 15:46 -------- d-----w- c:\programdata\onOne Software
2010-01-04 15:46 . 2008-11-26 11:12 454656 ----a-w- c:\users\Photon\AppData\Roaming\Adobe\Lightroom\Modules\GenuineFractals6.lrplugin\win32\CoreFoundation.dll
2010-01-03 23:19 . 2010-01-03 23:19 -------- d-----w- c:\program files\WIBUKEY
2010-01-03 23:19 . 2010-01-03 23:19 -------- d-----w- c:\program files\WIBU-SYSTEMS
2010-01-03 23:18 . 2010-01-03 23:18 -------- d-----w- c:\program files\Chaos Group
2010-01-03 22:19 . 2010-01-03 22:20 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-01-03 22:17 . 2008-07-31 09:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-01-03 22:17 . 2008-07-31 09:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-01-03 22:17 . 2008-07-31 09:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-01-03 22:17 . 2008-07-12 07:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-01-03 22:17 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-01-03 22:17 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-01-03 22:17 . 2007-05-16 15:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2009-12-24 22:04 . 2010-01-14 13:14 -------- d-----w- c:\program files\TopCD
2009-12-20 01:04 . 2009-12-20 01:04 -------- d-----w- c:\program files\AviFixJoiner
2009-12-20 00:59 . 2009-12-27 13:19 -------- d-----w- c:\users\Photon\AppData\Roaming\DivX
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-18 18:22 . 2009-08-06 12:04 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-01-18 18:17 . 2008-09-28 15:58 -------- d-----w- c:\users\Photon\AppData\Roaming\Skype
2010-01-18 18:16 . 2008-09-22 23:48 8 ----a-w- c:\windows\mvraidver.dat
2010-01-18 18:15 . 2008-10-03 07:49 -------- d-----w- c:\program files\COMODO
2010-01-18 18:15 . 2008-09-29 12:32 -------- d-----w- c:\users\Photon\AppData\Roaming\Comodo
2010-01-18 18:15 . 2008-09-23 10:49 -------- d-----w- c:\program files\Avira
2010-01-18 14:56 . 2008-10-03 07:49 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-01-18 14:28 . 2009-09-22 20:50 -------- d-----w- c:\program files\Stardock
2010-01-18 13:44 . 2010-01-18 13:43 -------- dc-h--w- c:\programdata\{5F45A6CC-3DA5-4253-9769-87318172490F}
2010-01-18 13:19 . 2008-09-28 16:03 -------- d-----w- c:\users\Photon\AppData\Roaming\skypePM
2010-01-16 13:27 . 2008-09-26 14:54 -------- d-----w- c:\users\Photon\AppData\Roaming\uTorrent
2010-01-14 12:04 . 2008-09-23 13:35 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2010-01-14 12:04 . 2008-09-23 13:35 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2010-01-13 18:51 . 2010-01-18 13:43 1119536 -c--a-w- c:\programdata\{5F45A6CC-3DA5-4253-9769-87318172490F}\OFFLINE\86D01CB6\12FD35EB\impulse.dll
2010-01-13 18:51 . 2010-01-18 13:43 30000 -c--a-w- c:\programdata\{5F45A6CC-3DA5-4253-9769-87318172490F}\OFFLINE\86D01CB6\757C30BC\SDSecurity.dll
2010-01-13 18:51 . 2010-01-18 13:43 468272 -c--a-w- c:\programdata\{5F45A6CC-3DA5-4253-9769-87318172490F}\OFFLINE\86D01CB6\757C30BC\ImpulseNow.exe
2010-01-13 18:50 . 2010-01-18 13:43 491312 -c--a-w- c:\programdata\{5F45A6CC-3DA5-4253-9769-87318172490F}\OFFLINE\86D01CB6\597810BF\Microsoft.WindowsAPICodePack.Shell.dll
2010-01-13 18:49 . 2010-01-18 13:43 87344 -c--a-w- c:\programdata\{5F45A6CC-3DA5-4253-9769-87318172490F}\OFFLINE\86D01CB6\597810BF\Microsoft.WindowsAPICodePack.dll
2010-01-13 18:01 . 2008-01-21 06:01 639010 ----a-w- c:\windows\system32\perfh005.dat
2010-01-13 18:01 . 2008-01-21 06:01 135772 ----a-w- c:\windows\system32\perfc005.dat
2010-01-10 13:38 . 2008-09-22 23:26 156072 ----a-w- c:\users\Photon\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-04 15:46 . 2008-10-29 15:44 -------- d-----w- c:\program files\onOne Software
2010-01-04 15:46 . 2008-09-22 23:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-03 23:18 . 2008-11-12 22:28 -------- d-----w- c:\program files\Common Files\ChaosGroup
2010-01-03 23:18 . 2010-01-03 23:18 -------- d-----w- c:\program files\Chaos Group
2010-01-03 22:48 . 2008-09-24 11:52 -------- d-----w- c:\program files\Google
2010-01-03 22:31 . 2008-09-24 13:14 -------- d-----w- c:\programdata\FLEXnet
2010-01-03 22:18 . 2008-09-23 15:20 -------- d-----w- c:\programdata\Autodesk
2010-01-03 22:18 . 2008-09-23 15:19 -------- d-----w- c:\program files\Autodesk
2010-01-02 14:35 . 2008-09-23 10:06 -------- d-----w- c:\programdata\TrackMania
2009-12-08 09:17 . 2009-05-28 13:57 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-28 22:14 . 2009-11-28 22:12 -------- d-----w- c:\program files\DivX
2009-11-28 22:13 . 2009-08-06 13:29 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-11-28 22:13 . 2009-11-28 22:12 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-22 13:47 . 2009-11-22 13:47 -------- d-----w- c:\users\Photon\AppData\Roaming\ColorSchemer
2009-11-22 13:46 . 2009-11-22 13:46 -------- d-----w- c:\program files\ColorSchemer Studio 2
2009-11-14 00:49 . 2009-02-24 12:53 129784 ------w- c:\windows\system32\pxafs.dll
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-02 19:42 . 2009-10-04 12:47 195456 ------w- c:\windows\system32\MpSigStub.exe
2007-03-09 07:12 . 2007-03-09 07:12 27648 --sha-w- c:\windows\System32\AVSredirect.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Photon\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-10-09 133104]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2008-06-10 2645528]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-04 25623336]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"QuickGammaLoader"="c:\program files\QuickGamma\QuickGammaLoader.exe" [2009-08-14 98816]
"QuickGammaResume"="c:\program files\QuickGamma\QuickGammaResume.exe" [2009-08-14 98816]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\windows\RtHDVCpl.exe" [2008-05-20 6144000]
"Skytel"="c:\windows\Skytel.exe" [2007-11-20 1826816]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"CHotkey"="c:\windows\mHotkey.exe" [2002-07-05 491008]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"FontExpertType1Loader"="c:\program files\FontExpert\Type1Loader.exe" [2009-03-03 294152]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-14 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
R0 mv61xx;mv61xx;c:\windows\System32\drivers\mv61xx.sys [23.9.2008 0:46 143360]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [15.7.2009 3:14 172032]
R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [5.7.2009 13:16 1386008]
R2 MRUWebService;MRU Web Service;c:\program files\Marvell\61xx\Apache2\bin\Apache.exe [18.6.2007 21:33 20539]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3.1.2010 23:47 135664]
S2 IPClampService;IPCLAMP by cebas Computer GmbH;c:\progra~1\cebas\ip-clamp\ipclamp.exe [7.9.2009 13:05 45700]
S2 Marvell RAID;Marvell RAID Event Agent;c:\program files\Marvell\61xx\svc\mvraidsvc.exe [6.9.2007 0:15 57344]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [12.3.2009 17:36 86016]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15.8.2008 4:46 284016]
S3 epmntdrv;epmntdrv;c:\windows\System32\epmntdrv.sys [4.2.2009 1:33 9728]
S3 EuGdiDrv;EuGdiDrv;c:\windows\System32\EuGdiDrv.sys [4.2.2009 1:33 3072]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [3.1.2009 1:41 10976]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\System32\drivers\RtTeam60.sys [23.9.2008 0:44 33792]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0);c:\windows\System32\drivers\RtVlan60.sys [23.9.2008 0:45 19968]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\System32\drivers\s0016bus.sys [3.1.2009 1:15 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\System32\drivers\s0016mdfl.sys [3.1.2009 1:15 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\System32\drivers\s0016mdm.sys [3.1.2009 1:15 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0016mgmt.sys [3.1.2009 1:15 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\System32\drivers\s0016nd5.sys [3.1.2009 1:15 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\System32\drivers\s0016obex.sys [3.1.2009 1:15 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\System32\drivers\s0016unic.sys [3.1.2009 1:15 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\System32\drivers\s0017bus.sys [3.1.2009 1:15 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\System32\drivers\s0017mdfl.sys [3.1.2009 1:15 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\System32\drivers\s0017mdm.sys [3.1.2009 1:15 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0017mgmt.sys [3.1.2009 1:15 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\System32\drivers\s0017nd5.sys [3.1.2009 1:15 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\System32\drivers\s0017obex.sys [3.1.2009 1:15 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\System32\drivers\s0017unic.sys [3.1.2009 1:15 117672]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\System32\drivers\RtTeam60.sys [23.9.2008 0:44 33792]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\System32\drivers\teamviewervpn.sys [25.1.2008 10:12 25088]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [6.8.2009 12:44 721904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
ipripsvc REG_MULTI_SZ iprip
.
Obsah adresáře 'Naplánované úlohy'
2010-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 22:47]
2010-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 22:47]
2010-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2330161282-2524942542-2077496310-1000Core.job
- c:\users\Photon\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-09 14:00]
2010-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2330161282-2524942542-2077496310-1000UA.job
- c:\users\Photon\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-09 14:00]
2010-01-18 c:\windows\Tasks\User_Feed_Synchronization-{39C786C8-8DA4-4132-8487-F8F9BE873AF3}.job
- c:\windows\system32\msfeedssync.exe [2009-03-29 11:31]
.
.
------- Doplňkový sken -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: gemoney.cz\www
Trusted Zone: internetbanka.cz\ibs
Trusted Zone: internetbanka.cz\ra
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-COMODO Firewall Pro - c:\program files\COMODO\Firewall\cfp.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-18 19:30
Windows 6.0.6002 Service Pack 2, v.113 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2330161282-2524942542-2077496310-1000\Software\SecuROM\License information*]
"datasecu"=hex:4b,9f,5d,8f,fb,9b,5f,41,98,ba,b5,67,f7,f8,09,66,9b,3c,55,93,05,
e2,ff,02,b4,f1,8f,01,61,25,28,0c,0b,9e,64,aa,f8,60,d1,96,c1,73,4b,00,54,61,\
"rkeysecu"=hex:b6,95,46,f9,7c,52,23,65,6f,15,47,f1,22,33,84,b7
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(5120)
c:\program files\Common Files\onOne Software Shared\lt_lib_gf_iconShellEx.dll
c:\program files\Common Files\onOne Software Shared\lt_lib_gf_thumbShellEx.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
Celkový čas: 2010-01-18 19:32:01
ComboFix-quarantined-files.txt 2010-01-18 18:32
ComboFix2.txt 2010-01-18 18:06
ComboFix3.txt 2009-02-03 21:37
ComboFix4.txt 2009-02-03 20:27
Před spuštěním: Volných bajtů: 33 041 809 408
Po spuštění: Volných bajtů: 32 786 149 376
- - End Of File - - 4A6DFF8DD177FDD3EA714433AD9528CC
ComboFix 10-01-17.04 - Photon 18.01.2010 19:24:21.4.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.420.1029.18.3326.2197 [GMT 1:00]
Spuštěný z: c:\users\Photon\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-18 do 2010-01-18 )))))))))))))))))))))))))))))))
.
2010-01-18 18:30 . 2010-01-18 18:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-18 18:30 . 2010-01-18 18:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-18 17:50 . 2010-01-18 18:30 -------- d-----w- c:\users\Photon\AppData\Local\temp
2010-01-18 15:00 . 2010-01-18 15:00 -------- d-----w- C:\rsit
2010-01-18 14:28 . 2010-01-18 14:28 -------- dc-h--w- c:\programdata\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2010-01-18 14:28 . 2009-10-02 17:59 3254528 -c--a-w- c:\programdata\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}\Fences.exe
2010-01-18 13:44 . 2010-01-13 18:55 3143696 -c--a-w- c:\programdata\{5F45A6CC-3DA5-4253-9769-87318172490F}\Impulse_setup.exe
2010-01-16 11:08 . 2010-01-16 11:08 -------- d-----w- c:\windows\Sun
2010-01-04 15:47 . 2008-11-26 11:12 399114 ----a-w- c:\users\Photon\AppData\Roaming\Adobe\Lightroom\Modules\GenuineFractals6.lrplugin\win32\LaunchGF6.exe
2010-01-04 15:47 . 2008-11-26 11:12 393216 ----a-w- c:\users\Photon\AppData\Roaming\Adobe\Lightroom\Modules\GenuineFractals6.lrplugin\win32\GFPalette.exe
2010-01-04 15:47 . 2008-11-26 11:12 159744 ----a-w- c:\users\Photon\AppData\Roaming\Adobe\Lightroom\Modules\GenuineFractals6.lrplugin\win32\OnOneWidgets.dll
2010-01-04 15:47 . 2008-11-26 11:12 57344 ----a-w- c:\windows\system32\ASTSRV.EXE
2010-01-04 15:46 . 2010-01-04 15:46 -------- d-----w- c:\programdata\onOne Software
2010-01-04 15:46 . 2008-11-26 11:12 454656 ----a-w- c:\users\Photon\AppData\Roaming\Adobe\Lightroom\Modules\GenuineFractals6.lrplugin\win32\CoreFoundation.dll
2010-01-03 23:19 . 2010-01-03 23:19 -------- d-----w- c:\program files\WIBUKEY
2010-01-03 23:19 . 2010-01-03 23:19 -------- d-----w- c:\program files\WIBU-SYSTEMS
2010-01-03 23:18 . 2010-01-03 23:18 -------- d-----w- c:\program files\Chaos Group
2010-01-03 22:19 . 2010-01-03 22:20 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-01-03 22:17 . 2008-07-31 09:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-01-03 22:17 . 2008-07-31 09:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-01-03 22:17 . 2008-07-31 09:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-01-03 22:17 . 2008-07-12 07:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-01-03 22:17 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-01-03 22:17 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-01-03 22:17 . 2007-05-16 15:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2009-12-24 22:04 . 2010-01-14 13:14 -------- d-----w- c:\program files\TopCD
2009-12-20 01:04 . 2009-12-20 01:04 -------- d-----w- c:\program files\AviFixJoiner
2009-12-20 00:59 . 2009-12-27 13:19 -------- d-----w- c:\users\Photon\AppData\Roaming\DivX
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-18 18:22 . 2009-08-06 12:04 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-01-18 18:17 . 2008-09-28 15:58 -------- d-----w- c:\users\Photon\AppData\Roaming\Skype
2010-01-18 18:16 . 2008-09-22 23:48 8 ----a-w- c:\windows\mvraidver.dat
2010-01-18 18:15 . 2008-10-03 07:49 -------- d-----w- c:\program files\COMODO
2010-01-18 18:15 . 2008-09-29 12:32 -------- d-----w- c:\users\Photon\AppData\Roaming\Comodo
2010-01-18 18:15 . 2008-09-23 10:49 -------- d-----w- c:\program files\Avira
2010-01-18 14:56 . 2008-10-03 07:49 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-01-18 14:28 . 2009-09-22 20:50 -------- d-----w- c:\program files\Stardock
2010-01-18 13:44 . 2010-01-18 13:43 -------- dc-h--w- c:\programdata\{5F45A6CC-3DA5-4253-9769-87318172490F}
2010-01-18 13:19 . 2008-09-28 16:03 -------- d-----w- c:\users\Photon\AppData\Roaming\skypePM
2010-01-16 13:27 . 2008-09-26 14:54 -------- d-----w- c:\users\Photon\AppData\Roaming\uTorrent
2010-01-14 12:04 . 2008-09-23 13:35 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2010-01-14 12:04 . 2008-09-23 13:35 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2010-01-13 18:51 . 2010-01-18 13:43 1119536 -c--a-w- c:\programdata\{5F45A6CC-3DA5-4253-9769-87318172490F}\OFFLINE\86D01CB6\12FD35EB\impulse.dll
2010-01-13 18:51 . 2010-01-18 13:43 30000 -c--a-w- c:\programdata\{5F45A6CC-3DA5-4253-9769-87318172490F}\OFFLINE\86D01CB6\757C30BC\SDSecurity.dll
2010-01-13 18:51 . 2010-01-18 13:43 468272 -c--a-w- c:\programdata\{5F45A6CC-3DA5-4253-9769-87318172490F}\OFFLINE\86D01CB6\757C30BC\ImpulseNow.exe
2010-01-13 18:50 . 2010-01-18 13:43 491312 -c--a-w- c:\programdata\{5F45A6CC-3DA5-4253-9769-87318172490F}\OFFLINE\86D01CB6\597810BF\Microsoft.WindowsAPICodePack.Shell.dll
2010-01-13 18:49 . 2010-01-18 13:43 87344 -c--a-w- c:\programdata\{5F45A6CC-3DA5-4253-9769-87318172490F}\OFFLINE\86D01CB6\597810BF\Microsoft.WindowsAPICodePack.dll
2010-01-13 18:01 . 2008-01-21 06:01 639010 ----a-w- c:\windows\system32\perfh005.dat
2010-01-13 18:01 . 2008-01-21 06:01 135772 ----a-w- c:\windows\system32\perfc005.dat
2010-01-10 13:38 . 2008-09-22 23:26 156072 ----a-w- c:\users\Photon\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-04 15:46 . 2008-10-29 15:44 -------- d-----w- c:\program files\onOne Software
2010-01-04 15:46 . 2008-09-22 23:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-03 23:18 . 2008-11-12 22:28 -------- d-----w- c:\program files\Common Files\ChaosGroup
2010-01-03 23:18 . 2010-01-03 23:18 -------- d-----w- c:\program files\Chaos Group
2010-01-03 22:48 . 2008-09-24 11:52 -------- d-----w- c:\program files\Google
2010-01-03 22:31 . 2008-09-24 13:14 -------- d-----w- c:\programdata\FLEXnet
2010-01-03 22:18 . 2008-09-23 15:20 -------- d-----w- c:\programdata\Autodesk
2010-01-03 22:18 . 2008-09-23 15:19 -------- d-----w- c:\program files\Autodesk
2010-01-02 14:35 . 2008-09-23 10:06 -------- d-----w- c:\programdata\TrackMania
2009-12-08 09:17 . 2009-05-28 13:57 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-28 22:14 . 2009-11-28 22:12 -------- d-----w- c:\program files\DivX
2009-11-28 22:13 . 2009-08-06 13:29 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-11-28 22:13 . 2009-11-28 22:12 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-22 13:47 . 2009-11-22 13:47 -------- d-----w- c:\users\Photon\AppData\Roaming\ColorSchemer
2009-11-22 13:46 . 2009-11-22 13:46 -------- d-----w- c:\program files\ColorSchemer Studio 2
2009-11-14 00:49 . 2009-02-24 12:53 129784 ------w- c:\windows\system32\pxafs.dll
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-02 19:42 . 2009-10-04 12:47 195456 ------w- c:\windows\system32\MpSigStub.exe
2007-03-09 07:12 . 2007-03-09 07:12 27648 --sha-w- c:\windows\System32\AVSredirect.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Photon\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-10-09 133104]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2008-06-10 2645528]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-04 25623336]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"QuickGammaLoader"="c:\program files\QuickGamma\QuickGammaLoader.exe" [2009-08-14 98816]
"QuickGammaResume"="c:\program files\QuickGamma\QuickGammaResume.exe" [2009-08-14 98816]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\windows\RtHDVCpl.exe" [2008-05-20 6144000]
"Skytel"="c:\windows\Skytel.exe" [2007-11-20 1826816]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"CHotkey"="c:\windows\mHotkey.exe" [2002-07-05 491008]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"FontExpertType1Loader"="c:\program files\FontExpert\Type1Loader.exe" [2009-03-03 294152]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-14 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
R0 mv61xx;mv61xx;c:\windows\System32\drivers\mv61xx.sys [23.9.2008 0:46 143360]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [15.7.2009 3:14 172032]
R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [5.7.2009 13:16 1386008]
R2 MRUWebService;MRU Web Service;c:\program files\Marvell\61xx\Apache2\bin\Apache.exe [18.6.2007 21:33 20539]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3.1.2010 23:47 135664]
S2 IPClampService;IPCLAMP by cebas Computer GmbH;c:\progra~1\cebas\ip-clamp\ipclamp.exe [7.9.2009 13:05 45700]
S2 Marvell RAID;Marvell RAID Event Agent;c:\program files\Marvell\61xx\svc\mvraidsvc.exe [6.9.2007 0:15 57344]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [12.3.2009 17:36 86016]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15.8.2008 4:46 284016]
S3 epmntdrv;epmntdrv;c:\windows\System32\epmntdrv.sys [4.2.2009 1:33 9728]
S3 EuGdiDrv;EuGdiDrv;c:\windows\System32\EuGdiDrv.sys [4.2.2009 1:33 3072]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [3.1.2009 1:41 10976]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\System32\drivers\RtTeam60.sys [23.9.2008 0:44 33792]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0);c:\windows\System32\drivers\RtVlan60.sys [23.9.2008 0:45 19968]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\System32\drivers\s0016bus.sys [3.1.2009 1:15 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\System32\drivers\s0016mdfl.sys [3.1.2009 1:15 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\System32\drivers\s0016mdm.sys [3.1.2009 1:15 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0016mgmt.sys [3.1.2009 1:15 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\System32\drivers\s0016nd5.sys [3.1.2009 1:15 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\System32\drivers\s0016obex.sys [3.1.2009 1:15 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\System32\drivers\s0016unic.sys [3.1.2009 1:15 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\System32\drivers\s0017bus.sys [3.1.2009 1:15 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\System32\drivers\s0017mdfl.sys [3.1.2009 1:15 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\System32\drivers\s0017mdm.sys [3.1.2009 1:15 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0017mgmt.sys [3.1.2009 1:15 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\System32\drivers\s0017nd5.sys [3.1.2009 1:15 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\System32\drivers\s0017obex.sys [3.1.2009 1:15 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\System32\drivers\s0017unic.sys [3.1.2009 1:15 117672]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\System32\drivers\RtTeam60.sys [23.9.2008 0:44 33792]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\System32\drivers\teamviewervpn.sys [25.1.2008 10:12 25088]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [6.8.2009 12:44 721904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
ipripsvc REG_MULTI_SZ iprip
.
Obsah adresáře 'Naplánované úlohy'
2010-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 22:47]
2010-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 22:47]
2010-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2330161282-2524942542-2077496310-1000Core.job
- c:\users\Photon\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-09 14:00]
2010-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2330161282-2524942542-2077496310-1000UA.job
- c:\users\Photon\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-09 14:00]
2010-01-18 c:\windows\Tasks\User_Feed_Synchronization-{39C786C8-8DA4-4132-8487-F8F9BE873AF3}.job
- c:\windows\system32\msfeedssync.exe [2009-03-29 11:31]
.
.
------- Doplňkový sken -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: gemoney.cz\www
Trusted Zone: internetbanka.cz\ibs
Trusted Zone: internetbanka.cz\ra
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-COMODO Firewall Pro - c:\program files\COMODO\Firewall\cfp.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-18 19:30
Windows 6.0.6002 Service Pack 2, v.113 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2330161282-2524942542-2077496310-1000\Software\SecuROM\License information*]
"datasecu"=hex:4b,9f,5d,8f,fb,9b,5f,41,98,ba,b5,67,f7,f8,09,66,9b,3c,55,93,05,
e2,ff,02,b4,f1,8f,01,61,25,28,0c,0b,9e,64,aa,f8,60,d1,96,c1,73,4b,00,54,61,\
"rkeysecu"=hex:b6,95,46,f9,7c,52,23,65,6f,15,47,f1,22,33,84,b7
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(5120)
c:\program files\Common Files\onOne Software Shared\lt_lib_gf_iconShellEx.dll
c:\program files\Common Files\onOne Software Shared\lt_lib_gf_thumbShellEx.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
Celkový čas: 2010-01-18 19:32:01
ComboFix-quarantined-files.txt 2010-01-18 18:32
ComboFix2.txt 2010-01-18 18:06
ComboFix3.txt 2009-02-03 21:37
ComboFix4.txt 2009-02-03 20:27
Před spuštěním: Volných bajtů: 33 041 809 408
Po spuštění: Volných bajtů: 32 786 149 376
- - End Of File - - 4A6DFF8DD177FDD3EA714433AD9528CC
-
Rudy
- Site Admin
- Příspěvky: 118251
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Ještě dočistíme. Otvřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbe2cb10-2840-11de-bd74-002215531446}]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
Zajímavé, chtěl jsem ten soubor vytvořit, ale po kliknutí pravým tl. na ploše a kliknutí na "nový" plocha zamrzla. Musel jsem explorer ukončit správcem úloh...
-
Rudy
- Site Admin
- Příspěvky: 118251
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Zkuste to v nouz. režimu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
Tak ani v nouzovém to nešlo, ale nakonec jsem nějaký jiný *.txt otevřel, uložil na plochu a po restartu na Combofix přetáh. Ale pořád nejde na ploše vytvořit soubor...
Re: Prosím o kontrolu logu
Asi to bude vážný, teď už ani nejde stáhnout čerstvá verze Combofixu. Resp. stáhne se, ale má jen 192kB a nejde spustit. Hlásí, že "some instalation files are corrupt. Please download a fresh copy and retry the installation". Přitom klikám na odkaz od Vás... To je děs. Díky Rudy.
-
Rudy
- Site Admin
- Příspěvky: 118251
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Už by to mělo jít.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?