Re: Prosím o pomoc - program Host process for windows
Napsal: 23 kvě 2010 11:30
ComboFix 10-05-20.A1 - Daniel 23.05.2010 12:11:53.2.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.2368 [GMT 2:00]
Spuštěný z: c:\users\Daniel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Daniel\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-23 do 2010-05-23 )))))))))))))))))))))))))))))))
.
2010-05-23 10:20 . 2010-05-23 10:20 -------- d-----w- c:\users\Daniel\AppData\Local\temp
2010-05-23 10:20 . 2010-05-23 10:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-23 10:20 . 2010-05-23 10:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-21 19:17 . 2010-05-21 19:17 -------- d-----w- c:\users\Daniel\AppData\Roaming\IObit
2010-05-21 19:17 . 2010-05-21 19:17 -------- d-----w- c:\program files\IObit
2010-05-21 19:06 . 2010-05-21 19:06 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-05-21 16:57 . 2010-05-21 16:57 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-21 16:25 . 2010-05-21 16:25 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-05-21 13:11 . 2010-05-21 13:11 -------- d-----w- c:\users\Daniel\AppData\Local\WindowsUpdate
2010-05-21 11:51 . 2010-05-21 13:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-21 11:51 . 2010-05-21 13:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-21 11:24 . 2010-05-21 11:29 -------- d-----w- c:\users\Daniel\AppData\Roaming\BSplayer
2010-05-21 11:24 . 2010-05-21 11:24 -------- d-----w- c:\users\Daniel\AppData\Roaming\BSplayer Pro
2010-05-21 11:18 . 2010-05-21 11:18 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-05-21 11:18 . 2010-05-21 11:18 -------- d-----w- c:\windows\system32\languages
2010-05-21 11:10 . 2010-05-12 09:21 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 11:02 . 2010-05-21 11:02 -------- d-----w- c:\program files\trend micro
2010-05-21 11:02 . 2010-05-21 11:02 -------- d-----w- C:\rsit
2010-05-17 03:15 . 2010-05-17 03:15 -------- d-----w- c:\program files\Windows Portable Devices
2010-05-17 01:09 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-05-17 01:09 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-05-17 01:09 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-05-17 01:06 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-05-17 01:06 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2010-05-17 01:06 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-05-17 01:06 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2010-05-17 01:06 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2010-05-17 01:06 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2010-05-17 01:06 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2010-05-17 01:06 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-05-17 01:06 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-05-17 01:06 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2010-05-17 01:06 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2010-05-17 01:06 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-05-17 01:04 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-05-17 01:04 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-05-17 01:04 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-05-16 10:11 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-16 10:05 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-05-16 10:05 . 2010-02-23 06:39 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-16 10:04 . 2010-02-23 04:55 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-16 10:04 . 2010-02-23 06:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-16 10:04 . 2010-02-23 06:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-16 10:04 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-05-16 10:04 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-05-16 10:04 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-05-16 09:53 . 2010-05-16 12:35 -------- d-----w- c:\users\Daniel\AppData\Roaming\Bioshock
2010-05-12 17:31 . 2010-05-23 07:44 -------- d-----w- c:\users\Daniel\AppData\Roaming\skypePM
2010-05-12 17:09 . 2010-05-23 09:30 -------- d-----w- c:\users\Daniel\AppData\Roaming\Skype
2010-05-12 17:08 . 2010-05-12 17:08 -------- d-----w- c:\program files\Skype
2010-05-12 17:08 . 2010-05-12 17:08 -------- d-----w- c:\program files\Common Files\Skype
2010-05-12 17:08 . 2010-05-12 17:08 -------- d-----w- c:\programdata\Skype
2010-05-12 17:05 . 2010-05-12 17:07 22595368 ----a-w- c:\users\Public\SkypeSetup.exe
2010-05-07 10:14 . 2010-05-07 10:14 -------- d-----w- c:\programdata\Isotx
2010-04-30 04:06 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-04-30 04:06 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-04-30 04:06 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-04-30 04:06 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-04-30 04:04 . 2010-04-30 04:05 -------- d--h--w- c:\windows\msdownld.tmp
2010-04-30 03:55 . 2010-04-30 03:55 -------- d-----w- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2010-04-30 03:54 . 2010-04-30 03:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-26 21:04 . 2010-04-26 21:06 -------- d-----w- c:\users\Daniel\Massive Assault Network 2
2010-04-26 16:57 . 2009-09-04 15:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-04-26 16:57 . 2009-09-04 15:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-04-26 16:57 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-04-26 16:57 . 2009-09-04 15:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-04-26 16:57 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-04-26 16:57 . 2009-09-04 15:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-04-26 16:57 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-04-26 16:57 . 2009-09-04 15:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-04-26 16:57 . 2008-07-31 08:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-04-26 16:57 . 2008-07-31 08:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-04-26 16:57 . 2008-07-31 08:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-04-23 19:30 . 2010-04-23 19:30 -------- d-----w- c:\program files\Kuju Entertainment
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-23 09:37 . 2010-02-10 18:44 12 ----a-w- c:\windows\bthservsdp.dat
2010-05-23 08:18 . 2009-03-05 20:21 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-05-23 08:18 . 2009-03-05 20:21 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-05-23 08:01 . 2010-04-20 22:15 -------- d-----w- c:\program files\Steam
2010-05-23 07:54 . 2009-02-21 00:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-23 07:54 . 2010-02-05 18:29 -------- d-----w- c:\program files\Acer
2010-05-21 18:36 . 2010-03-20 15:33 -------- d-----w- c:\users\Daniel\AppData\Roaming\Uniblue
2010-05-21 18:36 . 2010-03-20 15:33 -------- d-----w- c:\program files\Uniblue
2010-05-21 18:36 . 2010-03-20 15:35 -------- dc-h--w- c:\programdata\{E18C8A94-0667-4A02-B59B-9CB3A8F22628}
2010-05-21 16:58 . 2009-03-05 13:29 -------- d-----w- c:\program files\Microsoft
2010-05-21 16:54 . 2010-02-05 18:20 76432 ----a-w- c:\users\Daniel\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-21 16:35 . 2009-03-05 13:07 -------- d-----w- c:\programdata\Microsoft Help
2010-05-21 16:33 . 2009-03-05 13:09 -------- d-----w- c:\program files\Microsoft Works
2010-05-21 11:24 . 2010-03-08 14:43 -------- d-----w- c:\program files\Webteh
2010-05-21 11:17 . 2010-03-28 13:35 737280 ----a-w- c:\windows\iun6002.exe
2010-05-21 10:58 . 2009-03-05 12:37 -------- d-----w- c:\programdata\McAfee
2010-05-20 13:22 . 2010-02-05 18:19 -------- d-----w- c:\program files\Google
2010-05-18 14:47 . 2010-04-20 18:32 -------- d-----w- c:\program files\GameSpy Arcade
2010-05-18 14:12 . 2010-04-20 22:15 -------- d-----w- c:\program files\Common Files\Steam
2010-05-17 03:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-17 03:13 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-17 03:13 . 2010-05-17 03:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-05-12 17:31 . 2010-05-12 17:31 32 ----a-w- c:\programdata\ezsid.dat
2010-05-09 20:05 . 2010-02-10 14:57 680 ----a-w- c:\users\Daniel\AppData\Local\d3d9caps.dat
2010-05-06 20:59 . 2010-02-09 15:33 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2010-02-09 15:34 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2010-02-09 15:34 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2010-02-09 15:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:34 . 2010-02-09 15:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-06 20:33 . 2010-02-09 15:34 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-23 18:56 . 2010-04-20 19:18 -------- d-----w- c:\program files\LucasArts
2010-04-21 18:09 . 2010-04-21 18:09 -------- d-----w- c:\program files\Ubi Soft
2010-04-20 22:40 . 2010-04-20 22:40 -------- d-----w- c:\programdata\InstallShield
2010-04-20 22:26 . 2010-04-20 22:26 -------- d-----w- c:\program files\The Creative Assembly
2010-04-20 22:26 . 2009-03-05 13:43 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-20 19:28 . 2010-04-20 19:28 -------- d-----w- c:\users\Daniel\AppData\Roaming\Petroglyph
2010-04-20 19:18 . 2010-04-20 19:18 -------- d-----w- c:\users\Daniel\AppData\Roaming\Xfire
2010-04-20 19:18 . 2010-04-20 19:17 -------- d-s---w- c:\program files\Xfire
2010-04-20 18:37 . 2010-04-20 18:37 -------- d-----w- c:\program files\Codemasters
2010-04-18 10:23 . 2010-04-18 10:23 -------- d-----w- c:\programdata\MumboJumbo
2010-04-16 19:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-04-16 19:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-04-16 19:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-04-16 19:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-04-16 19:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-04-16 19:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-04-16 14:22 . 2010-04-16 14:22 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-04-16 14:22 . 2010-04-16 14:22 -------- d-----w- c:\program files\DVDVideoSoft
2010-04-16 13:53 . 2010-04-16 13:53 -------- d-----w- c:\program files\XviD
2010-04-16 13:53 . 2010-04-16 13:53 -------- d-----w- c:\program files\Apex
2010-04-14 16:47 . 2010-02-09 15:33 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-28 13:44 . 2010-02-05 19:33 -------- d-----w- c:\users\Daniel\AppData\Roaming\CyberLink
2010-03-22 18:54 . 2010-03-22 18:54 10134 ----a-r- c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{5CB6A112-DA36-486B-9B1C-6341CB95DE37}\ARPPRODUCTICON.exe
2010-03-22 12:52 . 2010-05-21 11:25 697690 ----a-w- c:\users\Daniel\AppData\Roaming\BSplayer\AC3 Filter\unins000.exe
2010-03-13 15:51 . 2010-03-13 15:51 1 ----a-w- c:\users\Daniel\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-24 18:25 . 2010-02-24 18:25 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-24 18:23 . 2010-02-24 18:23 8854 ----a-r- c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{B2390904-74BD-48AA-B2CC-6612F8D46379}\Uninstall_GameShadow_B239090474BD48AAB2CC6612F8D46379.exe
2010-02-24 18:23 . 2010-02-24 18:23 45056 ----a-r- c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{B2390904-74BD-48AA-B2CC-6612F8D46379}\GameShadow.exe1_0A3DE514292C4EBA987823B82B0B2BA2.exe
2010-02-24 18:23 . 2010-02-24 18:23 45056 ----a-r- c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{B2390904-74BD-48AA-B2CC-6612F8D46379}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe
2010-02-24 18:23 . 2010-02-24 18:23 45056 ----a-r- c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{B2390904-74BD-48AA-B2CC-6612F8D46379}\ARPPRODUCTICON.exe
2010-02-23 15:01 . 2010-05-21 11:25 1185871 ----a-w- c:\users\Daniel\AppData\Roaming\BSplayer\FFDShow\unins000.exe
2010-02-23 14:00 . 2010-05-21 11:25 42288 ----a-w- c:\users\Daniel\AppData\Roaming\BSplayer\Haali media splitter\uninstall.exe
2010-02-23 11:10 . 2010-04-14 12:51 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 11:10 . 2010-04-14 12:51 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 11:10 . 2010-04-14 12:51 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
------- Sigcheck -------
[-] 2008-01-21 . B50F1A6F285D9D09B5FD57B5AF220BEB . 81920 . . [6.0.6000.16386] . . c:\windows\System32\browser.dll
[-] 2008-01-21 . 169C3341A66485195898C73E337764FC . 259072 . . [6.0.6000.16386] . . c:\windows\System32\upnphost.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Steam"="c:\program files\steam\steam.exe" [2010-05-08 1238352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-12-07 21686568]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2010-05-10 46456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-11 6957600]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-11 1833504]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-02-24 204800]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-04-03 698912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):47,28,51,5f,99,dd,ca,01
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-04-03 723488]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2008-01-21 21504]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-09-30 223232]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - ECACHE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2010-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 11:11]
2010-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 11:11]
2010-05-21 c:\windows\Tasks\User_Feed_Synchronization-{657B01BD-5DE2-44F8-AEEF-49F3573F2628}.job
- c:\windows\system32\msfeedssync.exe [2010-05-16 04:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=0210&m=aspire_5536
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-RunOnce-<NO NAME> - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-23 12:20
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-574327362-3969190619-1937496751-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d7,d7,3c,0a,e5,41,7f,59,b0,5a,89,83,8d,ac,3c,26,d1,8f,8a,9f,ed,f0,00,
e2,a5,cb,c3,f2,d0,85,66,1d,7d,33,d4,44,73,dd,50,0b,1a,8a,10,83,1d,89,23,6c,\
"??"=hex:dd,99,0c,75,e0,d9,b3,83,e9,61,6d,9e,fe,35,fe,09
[HKEY_USERS\S-1-5-21-574327362-3969190619-1937496751-1000\Software\SecuROM\License information*]
"datasecu"=hex:4e,c2,7c,67,58,65,aa,c8,0f,31,df,9f,48,cd,e8,20,7f,17,4a,a0,69,
da,77,b8,d4,f7,6a,b4,85,ab,8c,0a,7a,4b,a3,6f,70,f9,15,93,cf,52,b3,8e,cc,fb,\
"rkeysecu"=hex:1e,8e,a7,4e,f9,c3,ef,fc,96,3a,e4,52,31,cb,4c,0f
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-05-23 12:22:35
ComboFix-quarantined-files.txt 2010-05-23 10:22
ComboFix2.txt 2010-05-23 07:28
ComboFix3.txt 2010-05-21 13:33
Před spuštěním: Volných bajtů: 116 458 668 032
Po spuštění: Volných bajtů: 116 425 617 408
- - End Of File - - 0BB7D2F29A6AC14B706C4193C77C4343
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.2368 [GMT 2:00]
Spuštěný z: c:\users\Daniel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Daniel\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-23 do 2010-05-23 )))))))))))))))))))))))))))))))
.
2010-05-23 10:20 . 2010-05-23 10:20 -------- d-----w- c:\users\Daniel\AppData\Local\temp
2010-05-23 10:20 . 2010-05-23 10:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-23 10:20 . 2010-05-23 10:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-21 19:17 . 2010-05-21 19:17 -------- d-----w- c:\users\Daniel\AppData\Roaming\IObit
2010-05-21 19:17 . 2010-05-21 19:17 -------- d-----w- c:\program files\IObit
2010-05-21 19:06 . 2010-05-21 19:06 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-05-21 16:57 . 2010-05-21 16:57 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-21 16:25 . 2010-05-21 16:25 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-05-21 13:11 . 2010-05-21 13:11 -------- d-----w- c:\users\Daniel\AppData\Local\WindowsUpdate
2010-05-21 11:51 . 2010-05-21 13:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-21 11:51 . 2010-05-21 13:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-21 11:24 . 2010-05-21 11:29 -------- d-----w- c:\users\Daniel\AppData\Roaming\BSplayer
2010-05-21 11:24 . 2010-05-21 11:24 -------- d-----w- c:\users\Daniel\AppData\Roaming\BSplayer Pro
2010-05-21 11:18 . 2010-05-21 11:18 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-05-21 11:18 . 2010-05-21 11:18 -------- d-----w- c:\windows\system32\languages
2010-05-21 11:10 . 2010-05-12 09:21 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 11:02 . 2010-05-21 11:02 -------- d-----w- c:\program files\trend micro
2010-05-21 11:02 . 2010-05-21 11:02 -------- d-----w- C:\rsit
2010-05-17 03:15 . 2010-05-17 03:15 -------- d-----w- c:\program files\Windows Portable Devices
2010-05-17 01:09 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-05-17 01:09 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-05-17 01:09 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-05-17 01:06 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-05-17 01:06 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2010-05-17 01:06 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-05-17 01:06 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2010-05-17 01:06 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2010-05-17 01:06 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2010-05-17 01:06 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2010-05-17 01:06 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-05-17 01:06 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-05-17 01:06 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2010-05-17 01:06 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2010-05-17 01:06 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-05-17 01:04 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-05-17 01:04 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-05-17 01:04 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-05-16 10:11 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-16 10:05 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-05-16 10:05 . 2010-02-23 06:39 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-16 10:04 . 2010-02-23 04:55 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-16 10:04 . 2010-02-23 06:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-16 10:04 . 2010-02-23 06:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-16 10:04 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-05-16 10:04 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-05-16 10:04 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-05-16 09:53 . 2010-05-16 12:35 -------- d-----w- c:\users\Daniel\AppData\Roaming\Bioshock
2010-05-12 17:31 . 2010-05-23 07:44 -------- d-----w- c:\users\Daniel\AppData\Roaming\skypePM
2010-05-12 17:09 . 2010-05-23 09:30 -------- d-----w- c:\users\Daniel\AppData\Roaming\Skype
2010-05-12 17:08 . 2010-05-12 17:08 -------- d-----w- c:\program files\Skype
2010-05-12 17:08 . 2010-05-12 17:08 -------- d-----w- c:\program files\Common Files\Skype
2010-05-12 17:08 . 2010-05-12 17:08 -------- d-----w- c:\programdata\Skype
2010-05-12 17:05 . 2010-05-12 17:07 22595368 ----a-w- c:\users\Public\SkypeSetup.exe
2010-05-07 10:14 . 2010-05-07 10:14 -------- d-----w- c:\programdata\Isotx
2010-04-30 04:06 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-04-30 04:06 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-04-30 04:06 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-04-30 04:06 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-04-30 04:04 . 2010-04-30 04:05 -------- d--h--w- c:\windows\msdownld.tmp
2010-04-30 03:55 . 2010-04-30 03:55 -------- d-----w- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2010-04-30 03:54 . 2010-04-30 03:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-26 21:04 . 2010-04-26 21:06 -------- d-----w- c:\users\Daniel\Massive Assault Network 2
2010-04-26 16:57 . 2009-09-04 15:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-04-26 16:57 . 2009-09-04 15:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-04-26 16:57 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-04-26 16:57 . 2009-09-04 15:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-04-26 16:57 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-04-26 16:57 . 2009-09-04 15:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-04-26 16:57 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-04-26 16:57 . 2009-09-04 15:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-04-26 16:57 . 2008-07-31 08:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-04-26 16:57 . 2008-07-31 08:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-04-26 16:57 . 2008-07-31 08:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-04-23 19:30 . 2010-04-23 19:30 -------- d-----w- c:\program files\Kuju Entertainment
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-23 09:37 . 2010-02-10 18:44 12 ----a-w- c:\windows\bthservsdp.dat
2010-05-23 08:18 . 2009-03-05 20:21 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-05-23 08:18 . 2009-03-05 20:21 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-05-23 08:01 . 2010-04-20 22:15 -------- d-----w- c:\program files\Steam
2010-05-23 07:54 . 2009-02-21 00:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-23 07:54 . 2010-02-05 18:29 -------- d-----w- c:\program files\Acer
2010-05-21 18:36 . 2010-03-20 15:33 -------- d-----w- c:\users\Daniel\AppData\Roaming\Uniblue
2010-05-21 18:36 . 2010-03-20 15:33 -------- d-----w- c:\program files\Uniblue
2010-05-21 18:36 . 2010-03-20 15:35 -------- dc-h--w- c:\programdata\{E18C8A94-0667-4A02-B59B-9CB3A8F22628}
2010-05-21 16:58 . 2009-03-05 13:29 -------- d-----w- c:\program files\Microsoft
2010-05-21 16:54 . 2010-02-05 18:20 76432 ----a-w- c:\users\Daniel\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-21 16:35 . 2009-03-05 13:07 -------- d-----w- c:\programdata\Microsoft Help
2010-05-21 16:33 . 2009-03-05 13:09 -------- d-----w- c:\program files\Microsoft Works
2010-05-21 11:24 . 2010-03-08 14:43 -------- d-----w- c:\program files\Webteh
2010-05-21 11:17 . 2010-03-28 13:35 737280 ----a-w- c:\windows\iun6002.exe
2010-05-21 10:58 . 2009-03-05 12:37 -------- d-----w- c:\programdata\McAfee
2010-05-20 13:22 . 2010-02-05 18:19 -------- d-----w- c:\program files\Google
2010-05-18 14:47 . 2010-04-20 18:32 -------- d-----w- c:\program files\GameSpy Arcade
2010-05-18 14:12 . 2010-04-20 22:15 -------- d-----w- c:\program files\Common Files\Steam
2010-05-17 03:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-17 03:13 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-17 03:13 . 2010-05-17 03:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-05-12 17:31 . 2010-05-12 17:31 32 ----a-w- c:\programdata\ezsid.dat
2010-05-09 20:05 . 2010-02-10 14:57 680 ----a-w- c:\users\Daniel\AppData\Local\d3d9caps.dat
2010-05-06 20:59 . 2010-02-09 15:33 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2010-02-09 15:34 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2010-02-09 15:34 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2010-02-09 15:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:34 . 2010-02-09 15:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-06 20:33 . 2010-02-09 15:34 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-23 18:56 . 2010-04-20 19:18 -------- d-----w- c:\program files\LucasArts
2010-04-21 18:09 . 2010-04-21 18:09 -------- d-----w- c:\program files\Ubi Soft
2010-04-20 22:40 . 2010-04-20 22:40 -------- d-----w- c:\programdata\InstallShield
2010-04-20 22:26 . 2010-04-20 22:26 -------- d-----w- c:\program files\The Creative Assembly
2010-04-20 22:26 . 2009-03-05 13:43 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-20 19:28 . 2010-04-20 19:28 -------- d-----w- c:\users\Daniel\AppData\Roaming\Petroglyph
2010-04-20 19:18 . 2010-04-20 19:18 -------- d-----w- c:\users\Daniel\AppData\Roaming\Xfire
2010-04-20 19:18 . 2010-04-20 19:17 -------- d-s---w- c:\program files\Xfire
2010-04-20 18:37 . 2010-04-20 18:37 -------- d-----w- c:\program files\Codemasters
2010-04-18 10:23 . 2010-04-18 10:23 -------- d-----w- c:\programdata\MumboJumbo
2010-04-16 19:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-04-16 19:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-04-16 19:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-04-16 19:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-04-16 19:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-04-16 19:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-04-16 14:22 . 2010-04-16 14:22 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-04-16 14:22 . 2010-04-16 14:22 -------- d-----w- c:\program files\DVDVideoSoft
2010-04-16 13:53 . 2010-04-16 13:53 -------- d-----w- c:\program files\XviD
2010-04-16 13:53 . 2010-04-16 13:53 -------- d-----w- c:\program files\Apex
2010-04-14 16:47 . 2010-02-09 15:33 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-28 13:44 . 2010-02-05 19:33 -------- d-----w- c:\users\Daniel\AppData\Roaming\CyberLink
2010-03-22 18:54 . 2010-03-22 18:54 10134 ----a-r- c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{5CB6A112-DA36-486B-9B1C-6341CB95DE37}\ARPPRODUCTICON.exe
2010-03-22 12:52 . 2010-05-21 11:25 697690 ----a-w- c:\users\Daniel\AppData\Roaming\BSplayer\AC3 Filter\unins000.exe
2010-03-13 15:51 . 2010-03-13 15:51 1 ----a-w- c:\users\Daniel\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-24 18:25 . 2010-02-24 18:25 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-24 18:23 . 2010-02-24 18:23 8854 ----a-r- c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{B2390904-74BD-48AA-B2CC-6612F8D46379}\Uninstall_GameShadow_B239090474BD48AAB2CC6612F8D46379.exe
2010-02-24 18:23 . 2010-02-24 18:23 45056 ----a-r- c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{B2390904-74BD-48AA-B2CC-6612F8D46379}\GameShadow.exe1_0A3DE514292C4EBA987823B82B0B2BA2.exe
2010-02-24 18:23 . 2010-02-24 18:23 45056 ----a-r- c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{B2390904-74BD-48AA-B2CC-6612F8D46379}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe
2010-02-24 18:23 . 2010-02-24 18:23 45056 ----a-r- c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{B2390904-74BD-48AA-B2CC-6612F8D46379}\ARPPRODUCTICON.exe
2010-02-23 15:01 . 2010-05-21 11:25 1185871 ----a-w- c:\users\Daniel\AppData\Roaming\BSplayer\FFDShow\unins000.exe
2010-02-23 14:00 . 2010-05-21 11:25 42288 ----a-w- c:\users\Daniel\AppData\Roaming\BSplayer\Haali media splitter\uninstall.exe
2010-02-23 11:10 . 2010-04-14 12:51 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 11:10 . 2010-04-14 12:51 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 11:10 . 2010-04-14 12:51 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
------- Sigcheck -------
[-] 2008-01-21 . B50F1A6F285D9D09B5FD57B5AF220BEB . 81920 . . [6.0.6000.16386] . . c:\windows\System32\browser.dll
[-] 2008-01-21 . 169C3341A66485195898C73E337764FC . 259072 . . [6.0.6000.16386] . . c:\windows\System32\upnphost.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Steam"="c:\program files\steam\steam.exe" [2010-05-08 1238352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-12-07 21686568]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2010-05-10 46456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-11 6957600]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-11 1833504]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-02-24 204800]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-04-03 698912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):47,28,51,5f,99,dd,ca,01
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-04-03 723488]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2008-01-21 21504]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-09-30 223232]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - ECACHE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2010-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 11:11]
2010-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 11:11]
2010-05-21 c:\windows\Tasks\User_Feed_Synchronization-{657B01BD-5DE2-44F8-AEEF-49F3573F2628}.job
- c:\windows\system32\msfeedssync.exe [2010-05-16 04:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=0210&m=aspire_5536
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-RunOnce-<NO NAME> - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-23 12:20
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-574327362-3969190619-1937496751-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d7,d7,3c,0a,e5,41,7f,59,b0,5a,89,83,8d,ac,3c,26,d1,8f,8a,9f,ed,f0,00,
e2,a5,cb,c3,f2,d0,85,66,1d,7d,33,d4,44,73,dd,50,0b,1a,8a,10,83,1d,89,23,6c,\
"??"=hex:dd,99,0c,75,e0,d9,b3,83,e9,61,6d,9e,fe,35,fe,09
[HKEY_USERS\S-1-5-21-574327362-3969190619-1937496751-1000\Software\SecuROM\License information*]
"datasecu"=hex:4e,c2,7c,67,58,65,aa,c8,0f,31,df,9f,48,cd,e8,20,7f,17,4a,a0,69,
da,77,b8,d4,f7,6a,b4,85,ab,8c,0a,7a,4b,a3,6f,70,f9,15,93,cf,52,b3,8e,cc,fb,\
"rkeysecu"=hex:1e,8e,a7,4e,f9,c3,ef,fc,96,3a,e4,52,31,cb,4c,0f
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-05-23 12:22:35
ComboFix-quarantined-files.txt 2010-05-23 10:22
ComboFix2.txt 2010-05-23 07:28
ComboFix3.txt 2010-05-21 13:33
Před spuštěním: Volných bajtů: 116 458 668 032
Po spuštění: Volných bajtů: 116 425 617 408
- - End Of File - - 0BB7D2F29A6AC14B706C4193C77C4343
Stahněte z mého podpisu AVPTOOl