Re: zmizelé ikony a pomalý net
Napsal: 05 zář 2010 10:19
změny nepozoruji, ikony stále nejsou zvuk sice jde, ale když pustím nějaké video tak všude jde jinak ne obrázek... pc se mi zdá stále takové unavené
Stránka 2 z 3
Re: zmizelé ikony a pomalý net
Napsal: 05 zář 2010 10:26
Dejte ještě jeden log z ComboFix.
Re: zmizelé ikony a pomalý net
Napsal: 05 zář 2010 12:03
ikony se nyní objevily, video už se zdá jít souběžně se zvukem taky (blbne jen jeden film, ale to bude chyba v něm) AVP tool mohu odinstalovat?
ComboFix 10-09-04.06 - Vašek 05.09.2010 11:56:43.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.2173 [GMT 2:00]
Spuštěný z: c:\users\Vašek\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-05 do 2010-09-05 )))))))))))))))))))))))))))))))
.
2010-09-05 10:24 . 2010-09-05 10:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-05 10:24 . 2010-09-05 10:24 -------- d-----w- c:\users\Martinka\AppData\Local\temp
2010-09-05 10:24 . 2010-09-05 10:24 -------- d-----w- c:\users\Martina\AppData\Local\temp
2010-09-05 10:24 . 2010-09-05 10:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-04 16:39 . 2010-09-05 08:54 -------- d-----w- c:\programdata\Kaspersky Lab
2010-09-04 16:37 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\44631142.sys
2010-09-04 16:37 . 2009-10-09 21:31 311312 ----a-w- c:\windows\system32\drivers\4463114.sys
2010-09-04 16:37 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\44631141.sys
2010-08-31 19:39 . 2010-08-31 19:39 -------- d-----w- c:\users\Martinka\AppData\Local\Temp(24)
2010-08-31 19:39 . 2010-09-02 12:28 -------- d-----w- c:\users\Martina\AppData\Local\Temp(19)
2010-08-30 17:33 . 2010-08-30 17:33 -------- d-----w- c:\program files\2K Games(1)
2010-08-29 19:16 . 2010-09-02 13:49 -------- d-----w- c:\program files\2K Games
2010-08-21 14:52 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-21 14:52 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-21 14:46 . 2010-08-21 14:46 -------- d-----w- c:\program files\Common Files\Java
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 10:39 . 2009-07-12 10:59 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-09-05 10:26 . 2008-09-24 00:46 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-04 16:35 . 2009-02-19 18:17 -------- d-----w- c:\program files\CCleaner
2010-09-02 13:49 . 2010-05-22 18:31 -------- d-----w- c:\users\Martina\AppData\Roaming\IrfanView
2010-09-02 13:49 . 2008-09-24 01:22 -------- d-----w- c:\programdata\P4G
2010-09-02 13:49 . 2010-04-22 13:08 -------- d-----w- c:\program files\Pythagoras s.r.o
2010-09-02 13:49 . 2010-04-17 09:23 -------- d-----w- c:\program files\OpenAL
2010-09-02 13:49 . 2010-02-07 13:29 -------- d-----w- c:\program files\German Truck Simulator
2010-08-31 18:17 . 2009-03-31 15:17 -------- d-----w- c:\program files\Trend Micro
2010-08-31 18:01 . 2009-08-16 11:42 -------- d-----w- c:\users\Martina\AppData\Roaming\ICQ
2010-08-23 08:13 . 2009-08-16 11:50 -------- d-----w- c:\users\Martina\AppData\Roaming\gtk-2.0
2010-08-22 13:17 . 2008-04-17 10:34 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-08-22 13:17 . 2008-04-17 10:34 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-08-21 14:59 . 2008-09-23 23:23 -------- d-----w- c:\programdata\Microsoft Help
2010-08-21 14:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-21 14:45 . 2010-01-08 15:01 -------- d-----w- c:\program files\Java
2010-08-05 12:00 . 2009-08-18 17:43 1 ----a-w- c:\users\Martina\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-04 19:09 . 2009-01-08 16:53 -------- d-----w- c:\program files\ICQ6.5
2010-07-17 03:00 . 2010-05-16 06:45 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-06 10:33 . 2010-05-12 13:50 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-05 20:33 . 2010-07-05 20:33 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-05 20:33 . 2010-07-05 20:33 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-07-05 20:33 . 2010-07-05 20:33 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-07-05 20:32 . 2010-07-05 20:32 84062 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-07-05 20:32 . 2010-07-05 20:32 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-07-05 20:32 . 2010-07-05 20:32 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-05 20:32 . 2010-07-05 20:32 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-05 20:31 . 2010-05-12 13:15 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-07-05 20:31 . 2010-05-12 13:18 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-07-05 20:31 . 2010-05-12 13:18 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-06-28 20:57 . 2010-06-30 15:07 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-04-21 13:23 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-04-21 13:25 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-04-21 13:25 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-04-21 13:25 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-04-21 13:25 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2010-04-21 13:25 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-26 06:05 . 2010-08-21 14:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-21 14:51 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-21 14:51 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-21 14:51 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-22 17:30 . 2010-04-25 13:32 680 ----a-w- c:\users\Martina\AppData\Local\d3d9caps.dat
2010-06-21 13:37 . 2010-08-21 14:51 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-21 14:51 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-21 14:51 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-21 14:51 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-17 16:11 . 2010-06-17 16:10 383234 ----a-w- c:\windows\system32\~.tmp
2010-06-16 16:04 . 2010-08-21 14:51 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-11 16:16 . 2010-08-21 14:51 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-21 14:51 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-07-12 17:04 . 2009-07-11 17:41 30636064 --sha-w- c:\windows\System32\drivers\fidbox.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-09-24 33136]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-26 677408]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-12-17 61440]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-23 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"KONICA MINOLTA PagePro 1350WStatusDisplay"="c:\windows\system32\MSTMON_Q.EXE" [2004-11-26 167936]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]
c:\users\Vaçek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
setup_9.0.0.722_04.09.2010_18-19.lnk - c:\users\Vaçek\Desktop\Virus Removal Tool\setup_9.0.0.722_04.09.2010_18-19\startup.exe [2010-9-4 72208]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-5-27 752168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):3e,83,28,08,b6,fb,c9,01
R2 gupdate1ca030b4ab62a20;Služba Google Update (gupdate1ca030b4ab62a20);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 133104]
R2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.sys [2003-07-22 18848]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-08-21 721904]
S0 44631142;44631142 Boot Guard Driver;c:\windows\system32\DRIVERS\44631142.sys [2009-10-22 37392]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S1 44631141;44631141;c:\windows\system32\DRIVERS\44631141.sys [2009-09-25 128016]
S1 aswSP;aswSP; [x]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2007-01-23 39080]
S1 setup_9.0.0.722_04.09.2010_18-19drv;setup_9.0.0.722_04.09.2010_18-19drv;c:\windows\system32\DRIVERS\4463114.sys [2009-10-09 311312]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 SafeRemove;AMD Safely Remove Disk Drive;c:\program files\AMD\Safely Remove Disk\SafeRemoveService.exe [2008-07-07 147456]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys [2008-04-01 16896]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys [2007-07-20 9856]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-29 22072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 16:10]
2010-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 16:10]
2010-09-05 c:\windows\Tasks\User_Feed_Synchronization-{24C39000-5513-498C-8894-21F2D3F53673}.job
- c:\windows\system32\msfeedssync.exe [2010-08-21 04:24]
2010-09-05 c:\windows\Tasks\User_Feed_Synchronization-{3BC79880-106D-4338-B74A-0E7A89BC3DAF}.job
- c:\windows\system32\msfeedssync.exe [2010-08-21 04:24]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.asus.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {DE7DC703-2093-4F8E-8F79-6C7904F37C6C} = 10.111.0.1,62.240.161.226
FF - ProfilePath - c:\users\Vašek\AppData\Roaming\Mozilla\Firefox\Profiles\t2uusqge.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-05 12:40
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(4008)
c:\windows\system32\APSHook.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\ifxtcs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\windows\system32\SafeRemoveDialog.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\system32\conime.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\RtHDVCpl.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2010-09-05 12:56:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-05 10:56
ComboFix2.txt 2010-08-31 19:39
ComboFix3.txt 2009-05-20 13:24
Před spuštěním: 8 269 000 704
Po spuštění: 7 864 979 456
Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 324D34E6AA573C125E2AE2CD54286D5E
ComboFix 10-09-04.06 - Vašek 05.09.2010 11:56:43.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.2173 [GMT 2:00]
Spuštěný z: c:\users\Vašek\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-05 do 2010-09-05 )))))))))))))))))))))))))))))))
.
2010-09-05 10:24 . 2010-09-05 10:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-05 10:24 . 2010-09-05 10:24 -------- d-----w- c:\users\Martinka\AppData\Local\temp
2010-09-05 10:24 . 2010-09-05 10:24 -------- d-----w- c:\users\Martina\AppData\Local\temp
2010-09-05 10:24 . 2010-09-05 10:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-04 16:39 . 2010-09-05 08:54 -------- d-----w- c:\programdata\Kaspersky Lab
2010-09-04 16:37 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\44631142.sys
2010-09-04 16:37 . 2009-10-09 21:31 311312 ----a-w- c:\windows\system32\drivers\4463114.sys
2010-09-04 16:37 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\44631141.sys
2010-08-31 19:39 . 2010-08-31 19:39 -------- d-----w- c:\users\Martinka\AppData\Local\Temp(24)
2010-08-31 19:39 . 2010-09-02 12:28 -------- d-----w- c:\users\Martina\AppData\Local\Temp(19)
2010-08-30 17:33 . 2010-08-30 17:33 -------- d-----w- c:\program files\2K Games(1)
2010-08-29 19:16 . 2010-09-02 13:49 -------- d-----w- c:\program files\2K Games
2010-08-21 14:52 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-21 14:52 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-21 14:46 . 2010-08-21 14:46 -------- d-----w- c:\program files\Common Files\Java
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 10:39 . 2009-07-12 10:59 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-09-05 10:26 . 2008-09-24 00:46 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-04 16:35 . 2009-02-19 18:17 -------- d-----w- c:\program files\CCleaner
2010-09-02 13:49 . 2010-05-22 18:31 -------- d-----w- c:\users\Martina\AppData\Roaming\IrfanView
2010-09-02 13:49 . 2008-09-24 01:22 -------- d-----w- c:\programdata\P4G
2010-09-02 13:49 . 2010-04-22 13:08 -------- d-----w- c:\program files\Pythagoras s.r.o
2010-09-02 13:49 . 2010-04-17 09:23 -------- d-----w- c:\program files\OpenAL
2010-09-02 13:49 . 2010-02-07 13:29 -------- d-----w- c:\program files\German Truck Simulator
2010-08-31 18:17 . 2009-03-31 15:17 -------- d-----w- c:\program files\Trend Micro
2010-08-31 18:01 . 2009-08-16 11:42 -------- d-----w- c:\users\Martina\AppData\Roaming\ICQ
2010-08-23 08:13 . 2009-08-16 11:50 -------- d-----w- c:\users\Martina\AppData\Roaming\gtk-2.0
2010-08-22 13:17 . 2008-04-17 10:34 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-08-22 13:17 . 2008-04-17 10:34 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-08-21 14:59 . 2008-09-23 23:23 -------- d-----w- c:\programdata\Microsoft Help
2010-08-21 14:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-21 14:45 . 2010-01-08 15:01 -------- d-----w- c:\program files\Java
2010-08-05 12:00 . 2009-08-18 17:43 1 ----a-w- c:\users\Martina\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-04 19:09 . 2009-01-08 16:53 -------- d-----w- c:\program files\ICQ6.5
2010-07-17 03:00 . 2010-05-16 06:45 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-06 10:33 . 2010-05-12 13:50 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-05 20:33 . 2010-07-05 20:33 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-05 20:33 . 2010-07-05 20:33 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-07-05 20:33 . 2010-07-05 20:33 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-07-05 20:32 . 2010-07-05 20:32 84062 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-07-05 20:32 . 2010-07-05 20:32 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-07-05 20:32 . 2010-07-05 20:32 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-05 20:32 . 2010-07-05 20:32 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-05 20:31 . 2010-05-12 13:15 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-07-05 20:31 . 2010-05-12 13:18 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-07-05 20:31 . 2010-05-12 13:18 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-06-28 20:57 . 2010-06-30 15:07 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-04-21 13:23 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-04-21 13:25 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-04-21 13:25 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-04-21 13:25 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-04-21 13:25 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2010-04-21 13:25 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-26 06:05 . 2010-08-21 14:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-21 14:51 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-21 14:51 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-21 14:51 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-22 17:30 . 2010-04-25 13:32 680 ----a-w- c:\users\Martina\AppData\Local\d3d9caps.dat
2010-06-21 13:37 . 2010-08-21 14:51 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-21 14:51 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-21 14:51 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-21 14:51 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-17 16:11 . 2010-06-17 16:10 383234 ----a-w- c:\windows\system32\~.tmp
2010-06-16 16:04 . 2010-08-21 14:51 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-11 16:16 . 2010-08-21 14:51 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-21 14:51 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-07-12 17:04 . 2009-07-11 17:41 30636064 --sha-w- c:\windows\System32\drivers\fidbox.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-09-24 33136]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-26 677408]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-12-17 61440]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-23 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"KONICA MINOLTA PagePro 1350WStatusDisplay"="c:\windows\system32\MSTMON_Q.EXE" [2004-11-26 167936]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]
c:\users\Vaçek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
setup_9.0.0.722_04.09.2010_18-19.lnk - c:\users\Vaçek\Desktop\Virus Removal Tool\setup_9.0.0.722_04.09.2010_18-19\startup.exe [2010-9-4 72208]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-5-27 752168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):3e,83,28,08,b6,fb,c9,01
R2 gupdate1ca030b4ab62a20;Služba Google Update (gupdate1ca030b4ab62a20);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 133104]
R2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.sys [2003-07-22 18848]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-08-21 721904]
S0 44631142;44631142 Boot Guard Driver;c:\windows\system32\DRIVERS\44631142.sys [2009-10-22 37392]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S1 44631141;44631141;c:\windows\system32\DRIVERS\44631141.sys [2009-09-25 128016]
S1 aswSP;aswSP; [x]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2007-01-23 39080]
S1 setup_9.0.0.722_04.09.2010_18-19drv;setup_9.0.0.722_04.09.2010_18-19drv;c:\windows\system32\DRIVERS\4463114.sys [2009-10-09 311312]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 SafeRemove;AMD Safely Remove Disk Drive;c:\program files\AMD\Safely Remove Disk\SafeRemoveService.exe [2008-07-07 147456]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys [2008-04-01 16896]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys [2007-07-20 9856]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-29 22072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 16:10]
2010-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 16:10]
2010-09-05 c:\windows\Tasks\User_Feed_Synchronization-{24C39000-5513-498C-8894-21F2D3F53673}.job
- c:\windows\system32\msfeedssync.exe [2010-08-21 04:24]
2010-09-05 c:\windows\Tasks\User_Feed_Synchronization-{3BC79880-106D-4338-B74A-0E7A89BC3DAF}.job
- c:\windows\system32\msfeedssync.exe [2010-08-21 04:24]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.asus.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {DE7DC703-2093-4F8E-8F79-6C7904F37C6C} = 10.111.0.1,62.240.161.226
FF - ProfilePath - c:\users\Vašek\AppData\Roaming\Mozilla\Firefox\Profiles\t2uusqge.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-05 12:40
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(4008)
c:\windows\system32\APSHook.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\ifxtcs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\windows\system32\SafeRemoveDialog.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\system32\conime.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\RtHDVCpl.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2010-09-05 12:56:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-05 10:56
ComboFix2.txt 2010-08-31 19:39
ComboFix3.txt 2009-05-20 13:24
Před spuštěním: 8 269 000 704
Po spuštění: 7 864 979 456
Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 324D34E6AA573C125E2AE2CD54286D5E
Re: zmizelé ikony a pomalý net
Napsal: 05 zář 2010 17:55
Přesuňte Combofix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFSCript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Collect::
c:\windows\system32\drivers\44631142.sys
c:\windows\system32\drivers\4463114.sys
c:\windows\system32\drivers\44631141.sys
c:\windows\system32\acovcnt.exe
Driver::
44631142
4463114
44631141
Re: zmizelé ikony a pomalý net
Napsal: 06 zář 2010 17:03
ComboFix 10-09-04.06 - Vašek 06.09.2010 17:07:43.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.1534 [GMT 2:00]
Spuštěný z: c:\users\Vašek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Vašek\Desktop\CFSCript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
file zipped: c:\windows\system32\acovcnt.exe
file zipped: c:\windows\system32\drivers\4463114.sys
file zipped: c:\windows\system32\drivers\44631141.sys
file zipped: c:\windows\system32\drivers\44631142.sys
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\acovcnt.exe
c:\windows\system32\drivers\4463114.sys
c:\windows\system32\drivers\44631141.sys
c:\windows\system32\drivers\44631142.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_44631141
-------\Legacy_44631142
-------\Service_44631141
-------\Service_44631142
-------\Legacy_setup_9.0.0.722_04.09.2010_18-19drv
-------\Service_setup_9.0.0.722_04.09.2010_18-19drv
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-06 do 2010-09-06 )))))))))))))))))))))))))))))))
.
2010-09-06 15:38 . 2010-09-06 15:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-06 15:38 . 2010-09-06 15:38 -------- d-----w- c:\users\Martinka\AppData\Local\temp
2010-09-06 15:38 . 2010-09-06 15:38 -------- d-----w- c:\users\Martina\AppData\Local\temp
2010-09-06 15:38 . 2010-09-06 15:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-04 16:39 . 2010-09-05 10:43 -------- d-----w- c:\programdata\Kaspersky Lab
2010-08-31 19:39 . 2010-08-31 19:39 -------- d-----w- c:\users\Martinka\AppData\Local\Temp(24)
2010-08-31 19:39 . 2010-09-02 12:28 -------- d-----w- c:\users\Martina\AppData\Local\Temp(19)
2010-08-30 17:33 . 2010-08-30 17:33 -------- d-----w- c:\program files\2K Games(1)
2010-08-29 19:16 . 2010-09-02 13:49 -------- d-----w- c:\program files\2K Games
2010-08-21 14:52 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-21 14:52 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-21 14:46 . 2010-08-21 14:46 -------- d-----w- c:\program files\Common Files\Java
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 15:39 . 2008-09-24 00:46 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-04 16:35 . 2009-02-19 18:17 -------- d-----w- c:\program files\CCleaner
2010-09-02 13:49 . 2010-05-22 18:31 -------- d-----w- c:\users\Martina\AppData\Roaming\IrfanView
2010-09-02 13:49 . 2008-09-24 01:22 -------- d-----w- c:\programdata\P4G
2010-09-02 13:49 . 2010-04-22 13:08 -------- d-----w- c:\program files\Pythagoras s.r.o
2010-09-02 13:49 . 2010-04-17 09:23 -------- d-----w- c:\program files\OpenAL
2010-09-02 13:49 . 2010-02-07 13:29 -------- d-----w- c:\program files\German Truck Simulator
2010-08-31 18:17 . 2009-03-31 15:17 -------- d-----w- c:\program files\Trend Micro
2010-08-31 18:01 . 2009-08-16 11:42 -------- d-----w- c:\users\Martina\AppData\Roaming\ICQ
2010-08-23 08:13 . 2009-08-16 11:50 -------- d-----w- c:\users\Martina\AppData\Roaming\gtk-2.0
2010-08-22 13:17 . 2008-04-17 10:34 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-08-22 13:17 . 2008-04-17 10:34 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-08-21 14:59 . 2008-09-23 23:23 -------- d-----w- c:\programdata\Microsoft Help
2010-08-21 14:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-21 14:45 . 2010-01-08 15:01 -------- d-----w- c:\program files\Java
2010-08-05 12:00 . 2009-08-18 17:43 1 ----a-w- c:\users\Martina\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-04 19:09 . 2009-01-08 16:53 -------- d-----w- c:\program files\ICQ6.5
2010-07-17 03:00 . 2010-05-16 06:45 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-06 10:33 . 2010-05-12 13:50 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-05 20:33 . 2010-07-05 20:33 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-05 20:33 . 2010-07-05 20:33 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-07-05 20:33 . 2010-07-05 20:33 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-07-05 20:32 . 2010-07-05 20:32 84062 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-07-05 20:32 . 2010-07-05 20:32 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-07-05 20:32 . 2010-07-05 20:32 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-05 20:32 . 2010-07-05 20:32 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-05 20:31 . 2010-05-12 13:15 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-07-05 20:31 . 2010-05-12 13:18 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-07-05 20:31 . 2010-05-12 13:18 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-06-28 20:57 . 2010-06-30 15:07 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-04-21 13:23 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-04-21 13:25 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-04-21 13:25 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-04-21 13:25 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-04-21 13:25 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2010-04-21 13:25 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-26 06:05 . 2010-08-21 14:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-21 14:51 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-21 14:51 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-21 14:51 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-22 17:30 . 2010-04-25 13:32 680 ----a-w- c:\users\Martina\AppData\Local\d3d9caps.dat
2010-06-21 13:37 . 2010-08-21 14:51 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-21 14:51 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-21 14:51 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-21 14:51 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-17 16:11 . 2010-06-17 16:10 383234 ----a-w- c:\windows\system32\~.tmp
2010-06-16 16:04 . 2010-08-21 14:51 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-11 16:16 . 2010-08-21 14:51 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-21 14:51 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-07-12 17:04 . 2009-07-11 17:41 30636064 --sha-w- c:\windows\System32\drivers\fidbox.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-09-24 33136]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-26 677408]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-12-17 61440]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-23 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"KONICA MINOLTA PagePro 1350WStatusDisplay"="c:\windows\system32\MSTMON_Q.EXE" [2004-11-26 167936]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]
c:\users\Vaçek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
setup_9.0.0.722_04.09.2010_18-19.lnk - c:\users\Vaçek\Desktop\Virus Removal Tool\setup_9.0.0.722_04.09.2010_18-19\startup.exe [2010-9-4 72208]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-5-27 752168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):3e,83,28,08,b6,fb,c9,01
R2 gupdate1ca030b4ab62a20;Služba Google Update (gupdate1ca030b4ab62a20);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 133104]
R2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.sys [2003-07-22 18848]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-08-21 721904]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S1 aswSP;aswSP; [x]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2007-01-23 39080]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 SafeRemove;AMD Safely Remove Disk Drive;c:\program files\AMD\Safely Remove Disk\SafeRemoveService.exe [2008-07-07 147456]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys [2008-04-01 16896]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys [2007-07-20 9856]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-29 22072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 16:10]
2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 16:10]
2010-09-06 c:\windows\Tasks\User_Feed_Synchronization-{24C39000-5513-498C-8894-21F2D3F53673}.job
- c:\windows\system32\msfeedssync.exe [2010-08-21 04:24]
2010-09-06 c:\windows\Tasks\User_Feed_Synchronization-{3BC79880-106D-4338-B74A-0E7A89BC3DAF}.job
- c:\windows\system32\msfeedssync.exe [2010-08-21 04:24]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.asus.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {DE7DC703-2093-4F8E-8F79-6C7904F37C6C} = 10.111.0.1,62.240.161.226
FF - ProfilePath - c:\users\Vašek\AppData\Roaming\Mozilla\Firefox\Profiles\t2uusqge.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-06 17:45
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(5616)
c:\windows\system32\APSHook.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\ifxtcs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\windows\system32\SafeRemoveDialog.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2010-09-06 18:01:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-06 16:01
ComboFix2.txt 2010-09-05 10:56
ComboFix3.txt 2010-08-31 19:39
ComboFix4.txt 2009-05-20 13:24
Před spuštěním: Volných bajtů: 21 468 979 200
Po spuštění: Volných bajtů: 21 209 321 472
Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - C36C8849F49112FD5EDD701558CA6257
Nahr nˇ probŘhlo ŁspŘçnŘ
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.1534 [GMT 2:00]
Spuštěný z: c:\users\Vašek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Vašek\Desktop\CFSCript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
file zipped: c:\windows\system32\acovcnt.exe
file zipped: c:\windows\system32\drivers\4463114.sys
file zipped: c:\windows\system32\drivers\44631141.sys
file zipped: c:\windows\system32\drivers\44631142.sys
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\acovcnt.exe
c:\windows\system32\drivers\4463114.sys
c:\windows\system32\drivers\44631141.sys
c:\windows\system32\drivers\44631142.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_44631141
-------\Legacy_44631142
-------\Service_44631141
-------\Service_44631142
-------\Legacy_setup_9.0.0.722_04.09.2010_18-19drv
-------\Service_setup_9.0.0.722_04.09.2010_18-19drv
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-06 do 2010-09-06 )))))))))))))))))))))))))))))))
.
2010-09-06 15:38 . 2010-09-06 15:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-06 15:38 . 2010-09-06 15:38 -------- d-----w- c:\users\Martinka\AppData\Local\temp
2010-09-06 15:38 . 2010-09-06 15:38 -------- d-----w- c:\users\Martina\AppData\Local\temp
2010-09-06 15:38 . 2010-09-06 15:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-04 16:39 . 2010-09-05 10:43 -------- d-----w- c:\programdata\Kaspersky Lab
2010-08-31 19:39 . 2010-08-31 19:39 -------- d-----w- c:\users\Martinka\AppData\Local\Temp(24)
2010-08-31 19:39 . 2010-09-02 12:28 -------- d-----w- c:\users\Martina\AppData\Local\Temp(19)
2010-08-30 17:33 . 2010-08-30 17:33 -------- d-----w- c:\program files\2K Games(1)
2010-08-29 19:16 . 2010-09-02 13:49 -------- d-----w- c:\program files\2K Games
2010-08-21 14:52 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-21 14:52 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-21 14:46 . 2010-08-21 14:46 -------- d-----w- c:\program files\Common Files\Java
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 15:39 . 2008-09-24 00:46 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-04 16:35 . 2009-02-19 18:17 -------- d-----w- c:\program files\CCleaner
2010-09-02 13:49 . 2010-05-22 18:31 -------- d-----w- c:\users\Martina\AppData\Roaming\IrfanView
2010-09-02 13:49 . 2008-09-24 01:22 -------- d-----w- c:\programdata\P4G
2010-09-02 13:49 . 2010-04-22 13:08 -------- d-----w- c:\program files\Pythagoras s.r.o
2010-09-02 13:49 . 2010-04-17 09:23 -------- d-----w- c:\program files\OpenAL
2010-09-02 13:49 . 2010-02-07 13:29 -------- d-----w- c:\program files\German Truck Simulator
2010-08-31 18:17 . 2009-03-31 15:17 -------- d-----w- c:\program files\Trend Micro
2010-08-31 18:01 . 2009-08-16 11:42 -------- d-----w- c:\users\Martina\AppData\Roaming\ICQ
2010-08-23 08:13 . 2009-08-16 11:50 -------- d-----w- c:\users\Martina\AppData\Roaming\gtk-2.0
2010-08-22 13:17 . 2008-04-17 10:34 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-08-22 13:17 . 2008-04-17 10:34 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-08-21 14:59 . 2008-09-23 23:23 -------- d-----w- c:\programdata\Microsoft Help
2010-08-21 14:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-21 14:45 . 2010-01-08 15:01 -------- d-----w- c:\program files\Java
2010-08-05 12:00 . 2009-08-18 17:43 1 ----a-w- c:\users\Martina\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-04 19:09 . 2009-01-08 16:53 -------- d-----w- c:\program files\ICQ6.5
2010-07-17 03:00 . 2010-05-16 06:45 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-06 10:33 . 2010-05-12 13:50 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-05 20:33 . 2010-07-05 20:33 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-05 20:33 . 2010-07-05 20:33 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-07-05 20:33 . 2010-07-05 20:33 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-07-05 20:32 . 2010-07-05 20:32 84062 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-07-05 20:32 . 2010-07-05 20:32 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-07-05 20:32 . 2010-07-05 20:32 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-05 20:32 . 2010-07-05 20:32 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-05 20:31 . 2010-05-12 13:15 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-07-05 20:31 . 2010-05-12 13:18 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-07-05 20:31 . 2010-05-12 13:18 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-06-28 20:57 . 2010-06-30 15:07 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-04-21 13:23 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-04-21 13:25 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-04-21 13:25 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-04-21 13:25 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-04-21 13:25 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2010-04-21 13:25 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-26 06:05 . 2010-08-21 14:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-21 14:51 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-21 14:51 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-21 14:51 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-22 17:30 . 2010-04-25 13:32 680 ----a-w- c:\users\Martina\AppData\Local\d3d9caps.dat
2010-06-21 13:37 . 2010-08-21 14:51 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-21 14:51 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-21 14:51 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-21 14:51 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-17 16:11 . 2010-06-17 16:10 383234 ----a-w- c:\windows\system32\~.tmp
2010-06-16 16:04 . 2010-08-21 14:51 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-11 16:16 . 2010-08-21 14:51 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-21 14:51 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-07-12 17:04 . 2009-07-11 17:41 30636064 --sha-w- c:\windows\System32\drivers\fidbox.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-09-24 33136]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-26 677408]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-12-17 61440]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-23 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"KONICA MINOLTA PagePro 1350WStatusDisplay"="c:\windows\system32\MSTMON_Q.EXE" [2004-11-26 167936]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]
c:\users\Vaçek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
setup_9.0.0.722_04.09.2010_18-19.lnk - c:\users\Vaçek\Desktop\Virus Removal Tool\setup_9.0.0.722_04.09.2010_18-19\startup.exe [2010-9-4 72208]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-5-27 752168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):3e,83,28,08,b6,fb,c9,01
R2 gupdate1ca030b4ab62a20;Služba Google Update (gupdate1ca030b4ab62a20);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 133104]
R2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.sys [2003-07-22 18848]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-08-21 721904]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S1 aswSP;aswSP; [x]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2007-01-23 39080]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 SafeRemove;AMD Safely Remove Disk Drive;c:\program files\AMD\Safely Remove Disk\SafeRemoveService.exe [2008-07-07 147456]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys [2008-04-01 16896]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys [2007-07-20 9856]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-29 22072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 16:10]
2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 16:10]
2010-09-06 c:\windows\Tasks\User_Feed_Synchronization-{24C39000-5513-498C-8894-21F2D3F53673}.job
- c:\windows\system32\msfeedssync.exe [2010-08-21 04:24]
2010-09-06 c:\windows\Tasks\User_Feed_Synchronization-{3BC79880-106D-4338-B74A-0E7A89BC3DAF}.job
- c:\windows\system32\msfeedssync.exe [2010-08-21 04:24]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.asus.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {DE7DC703-2093-4F8E-8F79-6C7904F37C6C} = 10.111.0.1,62.240.161.226
FF - ProfilePath - c:\users\Vašek\AppData\Roaming\Mozilla\Firefox\Profiles\t2uusqge.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-06 17:45
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(5616)
c:\windows\system32\APSHook.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\ifxtcs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\windows\system32\SafeRemoveDialog.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2010-09-06 18:01:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-06 16:01
ComboFix2.txt 2010-09-05 10:56
ComboFix3.txt 2010-08-31 19:39
ComboFix4.txt 2009-05-20 13:24
Před spuštěním: Volných bajtů: 21 468 979 200
Po spuštění: Volných bajtů: 21 209 321 472
Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - C36C8849F49112FD5EDD701558CA6257
Nahr nˇ probŘhlo ŁspŘçnŘ
Re: zmizelé ikony a pomalý net
Napsal: 06 zář 2010 17:14
Ještě se něco objevilo. Spusťte ještě jednou tímto skriptem:
Collect::
c:\windows\system32\~.tmp
Re: zmizelé ikony a pomalý net
Napsal: 06 zář 2010 18:14
ComboFix 10-09-04.06 - Vašek 06.09.2010 18:33:42.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.1663 [GMT 2:00]
Spuštěný z: c:\users\Vašek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Vašek\Desktop\CFSCript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
file zipped: c:\windows\system32\~.tmp
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\~.tmp
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-06 do 2010-09-06 )))))))))))))))))))))))))))))))
.
2010-09-06 17:00 . 2010-09-06 17:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-06 17:00 . 2010-09-06 17:00 -------- d-----w- c:\users\Martinka\AppData\Local\temp
2010-09-06 17:00 . 2010-09-06 17:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-06 17:00 . 2010-09-06 17:00 -------- d-----w- c:\users\Martina\AppData\Local\temp
2010-09-04 16:39 . 2010-09-05 10:43 -------- d-----w- c:\programdata\Kaspersky Lab
2010-08-31 19:39 . 2010-08-31 19:39 -------- d-----w- c:\users\Martinka\AppData\Local\Temp(24)
2010-08-31 19:39 . 2010-09-02 12:28 -------- d-----w- c:\users\Martina\AppData\Local\Temp(19)
2010-08-30 17:33 . 2010-08-30 17:33 -------- d-----w- c:\program files\2K Games(1)
2010-08-29 19:16 . 2010-09-02 13:49 -------- d-----w- c:\program files\2K Games
2010-08-21 14:52 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-21 14:52 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-21 14:46 . 2010-08-21 14:46 -------- d-----w- c:\program files\Common Files\Java
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 16:15 . 2008-04-17 10:34 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-09-06 16:15 . 2008-04-17 10:34 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-09-06 15:39 . 2008-09-24 00:46 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-04 16:35 . 2009-02-19 18:17 -------- d-----w- c:\program files\CCleaner
2010-09-02 13:49 . 2010-05-22 18:31 -------- d-----w- c:\users\Martina\AppData\Roaming\IrfanView
2010-09-02 13:49 . 2008-09-24 01:22 -------- d-----w- c:\programdata\P4G
2010-09-02 13:49 . 2010-04-22 13:08 -------- d-----w- c:\program files\Pythagoras s.r.o
2010-09-02 13:49 . 2010-04-17 09:23 -------- d-----w- c:\program files\OpenAL
2010-09-02 13:49 . 2010-02-07 13:29 -------- d-----w- c:\program files\German Truck Simulator
2010-08-31 18:17 . 2009-03-31 15:17 -------- d-----w- c:\program files\Trend Micro
2010-08-31 18:01 . 2009-08-16 11:42 -------- d-----w- c:\users\Martina\AppData\Roaming\ICQ
2010-08-23 08:13 . 2009-08-16 11:50 -------- d-----w- c:\users\Martina\AppData\Roaming\gtk-2.0
2010-08-21 14:59 . 2008-09-23 23:23 -------- d-----w- c:\programdata\Microsoft Help
2010-08-21 14:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-21 14:45 . 2010-01-08 15:01 -------- d-----w- c:\program files\Java
2010-08-05 12:00 . 2009-08-18 17:43 1 ----a-w- c:\users\Martina\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-04 19:09 . 2009-01-08 16:53 -------- d-----w- c:\program files\ICQ6.5
2010-07-17 03:00 . 2010-05-16 06:45 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-06 10:33 . 2010-05-12 13:50 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-05 20:33 . 2010-07-05 20:33 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-05 20:33 . 2010-07-05 20:33 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-07-05 20:33 . 2010-07-05 20:33 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-07-05 20:32 . 2010-07-05 20:32 84062 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-07-05 20:32 . 2010-07-05 20:32 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-07-05 20:32 . 2010-07-05 20:32 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-05 20:32 . 2010-07-05 20:32 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-05 20:31 . 2010-05-12 13:15 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-07-05 20:31 . 2010-05-12 13:18 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-07-05 20:31 . 2010-05-12 13:18 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-06-28 20:57 . 2010-06-30 15:07 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-04-21 13:23 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-04-21 13:25 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-04-21 13:25 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-04-21 13:25 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-04-21 13:25 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2010-04-21 13:25 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-26 06:05 . 2010-08-21 14:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-21 14:51 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-21 14:51 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-21 14:51 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-22 17:30 . 2010-04-25 13:32 680 ----a-w- c:\users\Martina\AppData\Local\d3d9caps.dat
2010-06-21 13:37 . 2010-08-21 14:51 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-21 14:51 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-21 14:51 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-21 14:51 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-16 16:04 . 2010-08-21 14:51 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-11 16:16 . 2010-08-21 14:51 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-21 14:51 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-07-12 17:04 . 2009-07-11 17:41 30636064 --sha-w- c:\windows\System32\drivers\fidbox.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-09-24 33136]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-26 677408]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-12-17 61440]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-23 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"KONICA MINOLTA PagePro 1350WStatusDisplay"="c:\windows\system32\MSTMON_Q.EXE" [2004-11-26 167936]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]
c:\users\Vaçek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
setup_9.0.0.722_04.09.2010_18-19.lnk - c:\users\Vaçek\Desktop\Virus Removal Tool\setup_9.0.0.722_04.09.2010_18-19\startup.exe [2010-9-4 72208]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-5-27 752168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):3e,83,28,08,b6,fb,c9,01
R2 gupdate1ca030b4ab62a20;Služba Google Update (gupdate1ca030b4ab62a20);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 133104]
R2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.sys [2003-07-22 18848]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-08-21 721904]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S1 aswSP;aswSP; [x]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2007-01-23 39080]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 SafeRemove;AMD Safely Remove Disk Drive;c:\program files\AMD\Safely Remove Disk\SafeRemoveService.exe [2008-07-07 147456]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys [2008-04-01 16896]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys [2007-07-20 9856]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-29 22072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 16:10]
2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 16:10]
2010-09-06 c:\windows\Tasks\User_Feed_Synchronization-{24C39000-5513-498C-8894-21F2D3F53673}.job
- c:\windows\system32\msfeedssync.exe [2010-08-21 04:24]
2010-09-06 c:\windows\Tasks\User_Feed_Synchronization-{3BC79880-106D-4338-B74A-0E7A89BC3DAF}.job
- c:\windows\system32\msfeedssync.exe [2010-08-21 04:24]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.asus.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {DE7DC703-2093-4F8E-8F79-6C7904F37C6C} = 10.111.0.1,62.240.161.226
FF - ProfilePath - c:\users\Vašek\AppData\Roaming\Mozilla\Firefox\Profiles\t2uusqge.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-06 19:00
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-09-06 19:13:17
ComboFix-quarantined-files.txt 2010-09-06 17:13
ComboFix2.txt 2010-09-06 16:02
ComboFix3.txt 2010-09-05 10:56
ComboFix4.txt 2010-08-31 19:39
ComboFix5.txt 2010-09-06 16:30
Před spuštěním: Volných bajtů: 21 249 826 816
Po spuštění: Volných bajtů: 21 308 563 456
Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 49B8AEDFBEE1278AFE4BEE06BDC24E94
Nahr nˇ probŘhlo ŁspŘçnŘ
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.1663 [GMT 2:00]
Spuštěný z: c:\users\Vašek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Vašek\Desktop\CFSCript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
file zipped: c:\windows\system32\~.tmp
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\~.tmp
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-06 do 2010-09-06 )))))))))))))))))))))))))))))))
.
2010-09-06 17:00 . 2010-09-06 17:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-06 17:00 . 2010-09-06 17:00 -------- d-----w- c:\users\Martinka\AppData\Local\temp
2010-09-06 17:00 . 2010-09-06 17:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-06 17:00 . 2010-09-06 17:00 -------- d-----w- c:\users\Martina\AppData\Local\temp
2010-09-04 16:39 . 2010-09-05 10:43 -------- d-----w- c:\programdata\Kaspersky Lab
2010-08-31 19:39 . 2010-08-31 19:39 -------- d-----w- c:\users\Martinka\AppData\Local\Temp(24)
2010-08-31 19:39 . 2010-09-02 12:28 -------- d-----w- c:\users\Martina\AppData\Local\Temp(19)
2010-08-30 17:33 . 2010-08-30 17:33 -------- d-----w- c:\program files\2K Games(1)
2010-08-29 19:16 . 2010-09-02 13:49 -------- d-----w- c:\program files\2K Games
2010-08-21 14:52 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-21 14:52 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-21 14:46 . 2010-08-21 14:46 -------- d-----w- c:\program files\Common Files\Java
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 16:15 . 2008-04-17 10:34 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-09-06 16:15 . 2008-04-17 10:34 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-09-06 15:39 . 2008-09-24 00:46 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-04 16:35 . 2009-02-19 18:17 -------- d-----w- c:\program files\CCleaner
2010-09-02 13:49 . 2010-05-22 18:31 -------- d-----w- c:\users\Martina\AppData\Roaming\IrfanView
2010-09-02 13:49 . 2008-09-24 01:22 -------- d-----w- c:\programdata\P4G
2010-09-02 13:49 . 2010-04-22 13:08 -------- d-----w- c:\program files\Pythagoras s.r.o
2010-09-02 13:49 . 2010-04-17 09:23 -------- d-----w- c:\program files\OpenAL
2010-09-02 13:49 . 2010-02-07 13:29 -------- d-----w- c:\program files\German Truck Simulator
2010-08-31 18:17 . 2009-03-31 15:17 -------- d-----w- c:\program files\Trend Micro
2010-08-31 18:01 . 2009-08-16 11:42 -------- d-----w- c:\users\Martina\AppData\Roaming\ICQ
2010-08-23 08:13 . 2009-08-16 11:50 -------- d-----w- c:\users\Martina\AppData\Roaming\gtk-2.0
2010-08-21 14:59 . 2008-09-23 23:23 -------- d-----w- c:\programdata\Microsoft Help
2010-08-21 14:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-21 14:45 . 2010-01-08 15:01 -------- d-----w- c:\program files\Java
2010-08-05 12:00 . 2009-08-18 17:43 1 ----a-w- c:\users\Martina\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-04 19:09 . 2009-01-08 16:53 -------- d-----w- c:\program files\ICQ6.5
2010-07-17 03:00 . 2010-05-16 06:45 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-06 10:33 . 2010-05-12 13:50 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-05 20:33 . 2010-07-05 20:33 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-05 20:33 . 2010-07-05 20:33 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-07-05 20:33 . 2010-07-05 20:33 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-07-05 20:32 . 2010-07-05 20:32 84062 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-07-05 20:32 . 2010-07-05 20:32 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-07-05 20:32 . 2010-07-05 20:32 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-05 20:32 . 2010-07-05 20:32 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-05 20:31 . 2010-05-12 13:15 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-07-05 20:31 . 2010-05-12 13:18 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-07-05 20:31 . 2010-05-12 13:18 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-06-28 20:57 . 2010-06-30 15:07 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-04-21 13:23 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-04-21 13:25 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-04-21 13:25 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-04-21 13:25 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-04-21 13:25 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2010-04-21 13:25 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-26 06:05 . 2010-08-21 14:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-21 14:51 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-21 14:51 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-21 14:51 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-22 17:30 . 2010-04-25 13:32 680 ----a-w- c:\users\Martina\AppData\Local\d3d9caps.dat
2010-06-21 13:37 . 2010-08-21 14:51 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-21 14:51 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-21 14:51 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-21 14:51 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-16 16:04 . 2010-08-21 14:51 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-11 16:16 . 2010-08-21 14:51 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-21 14:51 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-07-12 17:04 . 2009-07-11 17:41 30636064 --sha-w- c:\windows\System32\drivers\fidbox.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-09-24 33136]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-26 677408]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-12-17 61440]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-23 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"KONICA MINOLTA PagePro 1350WStatusDisplay"="c:\windows\system32\MSTMON_Q.EXE" [2004-11-26 167936]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]
c:\users\Vaçek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
setup_9.0.0.722_04.09.2010_18-19.lnk - c:\users\Vaçek\Desktop\Virus Removal Tool\setup_9.0.0.722_04.09.2010_18-19\startup.exe [2010-9-4 72208]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-5-27 752168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):3e,83,28,08,b6,fb,c9,01
R2 gupdate1ca030b4ab62a20;Služba Google Update (gupdate1ca030b4ab62a20);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 133104]
R2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.sys [2003-07-22 18848]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-08-21 721904]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S1 aswSP;aswSP; [x]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2007-01-23 39080]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 SafeRemove;AMD Safely Remove Disk Drive;c:\program files\AMD\Safely Remove Disk\SafeRemoveService.exe [2008-07-07 147456]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys [2008-04-01 16896]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys [2007-07-20 9856]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-29 22072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 16:10]
2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 16:10]
2010-09-06 c:\windows\Tasks\User_Feed_Synchronization-{24C39000-5513-498C-8894-21F2D3F53673}.job
- c:\windows\system32\msfeedssync.exe [2010-08-21 04:24]
2010-09-06 c:\windows\Tasks\User_Feed_Synchronization-{3BC79880-106D-4338-B74A-0E7A89BC3DAF}.job
- c:\windows\system32\msfeedssync.exe [2010-08-21 04:24]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.asus.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {DE7DC703-2093-4F8E-8F79-6C7904F37C6C} = 10.111.0.1,62.240.161.226
FF - ProfilePath - c:\users\Vašek\AppData\Roaming\Mozilla\Firefox\Profiles\t2uusqge.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-06 19:00
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-09-06 19:13:17
ComboFix-quarantined-files.txt 2010-09-06 17:13
ComboFix2.txt 2010-09-06 16:02
ComboFix3.txt 2010-09-05 10:56
ComboFix4.txt 2010-08-31 19:39
ComboFix5.txt 2010-09-06 16:30
Před spuštěním: Volných bajtů: 21 249 826 816
Po spuštění: Volných bajtů: 21 308 563 456
Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 49B8AEDFBEE1278AFE4BEE06BDC24E94
Nahr nˇ probŘhlo ŁspŘçnŘ
Re: zmizelé ikony a pomalý net
Napsal: 06 zář 2010 18:26
Log již vypadá čistý.
Re: zmizelé ikony a pomalý net
Napsal: 07 zář 2010 07:06
potom, co jsem ho dnes zapnul tak ikony zas na ploše nejsou... 
Re: zmizelé ikony a pomalý net
Napsal: 07 zář 2010 17:35
Zkuste obnovu systému k datu, kdy korektně fungoval.
Re: zmizelé ikony a pomalý net
Napsal: 07 zář 2010 17:50
já se s obnovou dat dostanu už jen do minulého týdne, kdy už to blblo, tak nevím jestli to má cenu, nebo vracet do včerejška? a už se zase objevili problémy se zvukem, na netu jde jen u něčeho a třeba WMP vyhazuje na videa nebo písničky chybu souboru...
Re: zmizelé ikony a pomalý net
Napsal: 07 zář 2010 17:59
Co jste instaloval těsně před tím, než tyto problémy nastaly?
Re: zmizelé ikony a pomalý net
Napsal: 07 zář 2010 18:56
instaloval jsem mafii2, kterou jsem pak stejně odinstaloval, ale možná že by to mohlo být crackem
Re: zmizelé ikony a pomalý net
Napsal: 07 zář 2010 19:06
Je to možné. Asi vás nemine oprava systému. Lze ji provést buď Vistamanagerem: http://www.studna.cz/vista-manager-p-6753.html , nebo z instal. DVD.
Re: zmizelé ikony a pomalý net
Napsal: 07 zář 2010 19:08
mám nějak zálohovat data? nebo by to nemělo nic udělat, jestli je to jako přeinstalování systému?