píšu, protože jednak se mi zpomalil trochu internet (např. na youtube jsem vždy 'sjížděl' video v HD celkem v pohodě, teď se nestíhá načítat ani kvalita 420 a stále musím čekat), jednak vždy při startu PC musím čekat tak 3 minuty, než pracuje PC v pohodě /i když taky se někdy sekne na 10 sekund/ (není to při startu třeba i spouštěním mnoha aplikací?); ---ale hlavně si chci být jistý, jestli nemám žádný humus v PC.
Sice jsem už bez rozmyslu zkusil před 10-ti minutami Combofix, aniž bych se zeptal, ale myslím, že jsem to zvládl a nic nezbytného se nesmazalo.. Tady je zpráva:
ComboFix 10-12-07.06 - PC 08.12.2010 22:52:28.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1439 [GMT 1:00]
Spuštěný z: c:\documents and settings\PC\Dokumenty\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
ADS - WINDOWS: deleted 72 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Icq\ICQ6.5\ICQLRun.exe
c:\windows\system32\kr_done1
c:\windows\system32\spool\prtprocs\w32x86\pcldll6l.dll
c:\windows\system32\spool\prtprocs\w32x86\zpp.dll
I:\Autorun.inf
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-08 do 2010-12-08 )))))))))))))))))))))))))))))))
.
2010-12-08 21:43 . 2010-12-08 21:22 390144 ----a-w- c:\windows\system32\CF31829.exe
2010-12-08 21:26 . 2010-11-10 04:33 6273872 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{BE0BC81F-8642-44FA-BCB6-7837A3AA53F4}\mpengine.dll
2010-12-05 22:17 . 2010-12-05 22:17 -------- d-----w- c:\program files\Microsoft Silverlight
2010-12-04 12:26 . 2010-12-04 12:26 -------- d-----w- c:\program files\Hasbro
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-10 04:33 . 2009-10-02 14:05 6273872 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-19 20:51 . 2009-09-30 22:12 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-10 22:53 . 2010-10-10 22:53 249856 ----a-w- c:\windows\lcmmfu.cpl
2010-10-10 22:53 . 2010-10-10 22:53 16384 ----a-w- c:\windows\runservice.exe
2010-10-10 22:53 . 2010-10-10 22:53 48640 ----a-w- c:\windows\mmfs.dll
2010-10-01 21:04 . 2004-07-17 09:36 12464 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-09-18 10:23 . 2004-08-17 13:49 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-17 13:49 974848 ------w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-10-25 14:00 954368 ------w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-10-25 14:00 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2004-08-17 13:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-10 05:52 . 2004-08-17 13:49 43520 ------w- c:\windows\system32\licmgr10.dll
2010-08-30 08:34 94720 --sh--r- c:\windows\system32\TR2468scrobj3.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-10-10 3906656]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-10 14:51 3906656 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-10-10 14:51 3906656 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-10-10 3906656]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-10 3906656]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-10-10 3906656]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-10 3906656]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-07 323392]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2009-03-01 26624]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Google Update"="c:\documents and settings\PC\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-10-01 136176]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-10-06 488728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 15797248]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2010-03-12 139264]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"hp 1000 firmware"="c:\program files\hp LaserJet 1000\fwdl.exe" [2001-12-15 36864]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-08-30 1167808]
"Cobian Backup 10"="c:\program files\Cobian Backup 10\Cobian.exe" [2010-07-13 421376]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-11-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"4shared Update"="c:\program files\4shared Desktop\checkUpdate.exe" [2010-10-29 608760]
"Anti-keylogger"="c:\program files\Anti-keylogger\Anti-keylogger.exe" [2009-04-21 395776]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
c:\documents and settings\PC\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ------w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ------w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"TapiSrv"=3 (0x3)
"mnmsrvc"=3 (0x3)
"gusvc"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"ERSvc"=2 (0x2)
"CryptSvc"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Picasa Media Detector"=c:\program files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE"=
"c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\dfbhdlc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Icq\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\PC\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Documents and Settings\\PC\\Plocha\\PLOCHA\\HRY\\Aoe II\\empires2.exe"=
"c:\\Documents and Settings\\PC\\Plocha\\PLOCHA\\HRY\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12012:TCP"= 12012:TCP:BitComet 12012 TCP
"12012:UDP"= 12012:UDP:BitComet 12012 UDP
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.4.2008 13:31 691696]
R1 krnl_akl;Anti-keylogger Kernel Service;c:\windows\system32\drivers\krnl_akl.sys [21.4.2009 19:49 360960]
R2 akl_svc;Anti-keylogger Service;c:\program files\Anti-keylogger\akl_svc.exe [21.4.2009 19:56 59904]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [5.9.2010 17:06 67584]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [24.2.2010 13:41 10064]
S2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [10.10.2010 23:53 16384]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [14.6.2010 15:02 1051976]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [25.3.2010 9:25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 20:37 4640000]
S3 RDID1061;EDIROL UA-4FX;c:\windows\system32\drivers\Rdwm1061.sys [5.12.2008 23:18 174834]
S3 scrambler;scrambler;c:\windows\system32\drivers\scrambler.sys [14.2.2005 10:17 206336]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-12-07 c:\windows\Tasks\AdobeAAMUpdater-1.0-PC-661B1E4526C6-PC.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-11-06 23:41]
2010-12-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 19:40]
2010-12-08 c:\windows\Tasks\User_Feed_Synchronization-{A1487C6F-A328-4B43-93EF-7299544DCDE2}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: &Download using 4shared Desktop - c:\program files\4shared Desktop\down_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {1192C33F-FFB3-4660-AE58-09B1E22291DF} = 212.71.131.166,212.71.131.6
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} - hxxp://pl.recruit.netmonitor.cz/WebInstaller.dll
FF - ProfilePath - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\1z81vgma.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\1z81vgma.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\1z81vgma.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\1z81vgma.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - component: c:\program files\NetSoftware\gemgecko\components\gemgecko.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: LastPass: support@lastpass.com - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\1z81vgma.default\extensions\support@lastpass.com
FF - Extension: All-in-One Sidebar: {097d3191-e6fa-4728-9826-b533d755359d} - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\1z81vgma.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\1z81vgma.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Google Enhancer - True Knowledge: {7738069b-91db-41a0-91d2-7b06ca79d2e1} - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\1z81vgma.default\extensions\{7738069b-91db-41a0-91d2-7b06ca79d2e1}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\1z81vgma.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: <![CDATA[1-ClickWeather]]>: {DCBD1271-D228-4082-9FBC-36D9B7660B03} - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\1z81vgma.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
FF - Extension: Seznam lištiÄŤka: {ea614400-e918-4741-9a97-7a972ff7c30b} - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\1z81vgma.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - Extension: Fasterfox (EladKarako Mod): {eeeeeeee-aaaa-0000-aaaa-000000000000} - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\1z81vgma.default\extensions\{eeeeeeee-aaaa-0000-aaaa-000000000000}
FF - Extension: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\1z81vgma.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
FF - Extension: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\1z81vgma.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: VýzkumNetMonitor: gemgecko@gemius.com - c:\program files\NetSoftware\gemgecko
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-Nokia FastStart - c:\program files\Nokia\Nokia Music\NokiaMusic.exe
ActiveSetup-{6E8A3CA7-9539-7B4A-DD70-6F50B964A374} - c:\windows\system32:Service.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-08 22:57
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1715567821-630328440-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:93,7f,e6,66,c3,08,5e,ce,a2,62,04,a7,7d,99,86,12,1d,10,da,ac,ab,20,7d,
12,1a,77,1f,67,3e,e8,d1,5f,96,da,5d,25,65,f5,31,b2,b4,52,9d,80,34,96,3b,d3,\
"??"=hex:0e,99,c0,e6,d2,61,6b,1c,cd,e0,e6,03,51,e8,4c,9b
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347]
"1"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,60,bf,2f,c2,35,91,ae,
25
"2"=hex:fb,e6,50,7f,41,f4,51,a7,7f,ec,2d,f9,42,45,3a,02,3a,b7,45,15,3f,9d,8b,
c3
"3"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,5d,f5,58,d1,21,e0,48,
8b,38,57,44,9c,4e,8d,78,88,fd,f1,01,9d,86,d8,b5,cb,d9,bf,23,55,4a,bb,31,1f
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\0BB4AB33ED50D261F5C8A2C244CF5435]
"1"=hex:df,c7,3a,96,ab,66,13,d2,36,78,6c,b8,10,1c,c4,b0,41,14,92,53,8b,f4,9f,
53,ff,8f,6c,08,d5,ab,f1,06
"2"=hex:7d,73,4a,d4,1d,ee,c7,5a
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:97,e4,84,cd,95,83,bf,82,bd,04,75,27,c9,a8,72,b1,55,38,49,8a,a6,16,a2,
28,28,eb,ee,eb,0f,d6,d6,b8,f4,df,4a,8d,b5,18,4f,2a,0d,c4,ee,cf,81,df,fe,df,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,2e,4e,96,8c,7e,a3,52,
64,3a,77,a0,c6,f3,8c,f2,ae,2e,ea,bc,14,1c,92,a4,c2,43,3d,0b,78,bd,76,70,3e,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:b6,dd,00,4d,9d,38,11,d1
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Celkový čas: 2010-12-08 22:59:56
ComboFix-quarantined-files.txt 2010-12-08 21:59
Před spuštěním: Volných bajtů: 32 533 798 912
Po spuštění: Volných bajtů: 32 741 433 344
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Current=8 Default=8 Failed=7 LastKnownGood=9 Sets=1,2,4,5,6,7,8,9
- - End Of File - - 8BB0B6618C8EFD9F8DB74EFACD7B6850
Přispějete na provoz fóra?