Re: Log AVPTool
Napsal: 30 zář 2010 09:03
ComboFix 10-09-28.03 - Petr 30.09.2010 9:46.1.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1770 [GMT 2:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Install.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-28 do 2010-09-30 )))))))))))))))))))))))))))))))
.
2010-09-29 11:36 . 2010-08-27 12:56 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2010-09-29 08:46 . 2010-09-29 18:21 -------- d-----w- c:\program files\SpeedFan
2010-09-28 12:42 . 2010-09-28 12:42 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-09-28 09:14 . 2010-09-28 09:14 -------- d-----w- c:\program files\Yamicsoft
2010-09-16 18:28 . 2010-09-16 18:28 -------- d-----w- c:\program files\COMODO
2010-09-15 17:17 . 2010-09-28 10:04 -------- d-----r- C:\Win 7
2010-09-11 14:44 . 2010-09-11 14:44 -------- d-----w- C:\VritualRoot
2010-09-10 21:41 . 2010-09-10 21:41 285480 ----a-w- c:\windows\system32\guard32.dll
2010-09-10 21:40 . 2010-09-10 21:40 91560 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-09-10 21:40 . 2010-09-10 21:40 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-09-10 21:40 . 2010-09-10 21:40 239240 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-09-10 21:40 . 2010-09-10 21:40 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-09-08 14:30 . 2010-06-18 11:39 16896 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-09-08 14:20 . 2005-11-23 11:55 53248 ----a-w- c:\windows\system32\csnpstd3.dll
2010-09-08 14:20 . 2006-06-19 09:43 262144 ----a-w- c:\windows\tsnpstd3.exe
2010-09-08 14:20 . 2006-04-12 10:11 147456 ----a-w- c:\windows\system32\rsnpstd3.dll
2010-09-08 14:20 . 2004-11-08 11:41 94208 ----a-w- c:\windows\amcap.exe
2010-09-08 14:20 . 2006-06-27 11:50 10148480 ----a-w- c:\windows\system32\drivers\snpstd3.sys
2010-09-08 14:20 . 2006-05-12 09:27 831488 ----a-w- c:\windows\vsnpstd3.exe
2010-09-08 14:20 . 2010-09-08 14:20 -------- d-----w- c:\program files\Common Files\StarCam
2010-09-08 14:20 . 2006-05-26 13:40 61440 ----a-w- c:\windows\system32\vsnpstd3.dll
2010-09-08 13:35 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-09-08 13:33 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-09-08 13:27 . 2010-04-28 18:15 2192128 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-09-08 13:27 . 2010-04-28 05:45 2148352 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-09-08 13:27 . 2010-04-28 05:45 2068992 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-09-08 13:27 . 2010-04-28 05:45 2026496 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-09-08 13:26 . 2010-06-24 12:27 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-09-08 13:26 . 2010-06-24 12:27 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-09-08 13:26 . 2010-06-24 12:27 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-09-08 13:26 . 2010-06-24 12:27 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-09-08 13:26 . 2010-06-24 12:27 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-09-08 13:26 . 2010-06-24 12:27 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-07 21:26 . 2009-08-06 17:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-09-07 19:29 . 2010-09-07 19:29 -------- d--h--w- c:\windows\msdownld.tmp
2010-09-07 19:20 . 2010-09-07 19:20 -------- d-----w- c:\program files\Realtek AC97
2010-09-07 19:00 . 2010-09-07 19:00 -------- d-----w- c:\windows\nview
2010-09-07 18:03 . 2008-04-14 06:51 6144 -c--a-w- c:\windows\system32\dllcache\snmpmib.dll
2010-09-07 18:02 . 2001-10-25 12:00 6144 -c--a-w- c:\windows\system32\dllcache\kbdinpun.dll
2010-09-07 18:01 . 2001-10-25 12:00 57344 -c--a-w- c:\windows\system32\dllcache\convlog.exe
2010-09-07 18:00 . 2003-03-24 13:52 20540 -c--a-w- c:\windows\system32\dllcache\admin.dll
2010-09-07 18:00 . 2008-04-14 06:52 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-09-07 17:58 . 2001-10-25 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-09-07 17:58 . 2008-04-14 06:51 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll
2010-09-07 17:58 . 2008-04-14 06:52 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe
2010-09-07 17:58 . 2008-04-14 06:52 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe
2010-09-07 17:58 . 2008-04-14 06:52 215552 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe
2010-09-07 17:47 . 2008-04-13 20:05 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2010-09-07 17:39 . 2001-10-25 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-09-07 17:39 . 2001-10-25 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-09-07 17:39 . 2001-10-25 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-09-07 17:39 . 2001-10-25 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-09-06 17:49 . 2010-09-23 13:24 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-09-06 17:49 . 2010-09-27 16:53 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-09-06 17:49 . 2010-09-27 16:53 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-09-06 17:47 . 2010-09-06 17:47 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-06 17:46 . 2010-09-06 17:46 -------- d-----w- c:\windows\system32\URTTEMP
2010-09-06 17:21 . 2010-09-06 17:21 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-06 17:20 . 2010-09-07 19:29 -------- dc-h--w- c:\windows\ie8
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 13:59 . 2001-10-25 12:00 90636 ----a-w- c:\windows\system32\perfc005.dat
2010-09-29 13:59 . 2001-10-25 12:00 457874 ----a-w- c:\windows\system32\perfh005.dat
2010-09-29 11:36 . 2010-06-29 12:11 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-09-28 11:50 . 2010-05-03 18:26 -------- d-----w- c:\program files\CCleaner
2010-09-08 14:20 . 2010-05-02 08:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-07 19:20 . 2010-05-02 08:36 -------- d-----w- c:\program files\AvRack
2010-09-07 17:56 . 2010-05-02 08:04 23544 ----a-w- c:\windows\system32\emptyregdb.dat
2010-09-06 17:50 . 2010-05-04 15:41 -------- d-----w- c:\program files\NVIDIA Corporation
2010-09-06 17:28 . 2010-05-02 20:15 -------- d-----w- c:\program files\ConMet
2010-09-06 17:19 . 2010-05-25 19:39 -------- d-----w- c:\program files\trend micro
2010-08-28 18:41 . 2010-08-28 18:41 -------- d-----w- c:\program files\Common Files\Java
2010-08-28 18:41 . 2010-08-28 18:41 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-28 18:41 . 2010-08-28 18:41 -------- d-----w- c:\program files\Java
2010-08-28 16:48 . 2010-05-05 14:31 -------- d-----w- c:\program files\ICQ7.1
2010-08-27 13:02 . 2010-07-02 09:22 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2010-08-17 13:17 . 2008-04-14 06:52 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 13:49 . 2010-07-07 18:52 -------- d-----w- c:\program files\Windows Desktop Search
2010-07-22 15:46 . 2008-04-14 06:51 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-09 14:24 . 2010-07-09 14:24 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 14:24 . 2010-07-09 14:24 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 14:24 . 2010-07-09 14:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 14:24 . 2010-07-09 14:24 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 14:24 . 2010-07-09 14:24 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-09 14:24 . 2010-07-09 14:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-05 09:55 . 2010-07-05 09:10 84722 ----a-w- c:\windows\War3Unin.dat
2010-07-05 09:47 . 2010-07-05 09:10 2829 ----a-w- c:\windows\War3Unin.pif
2010-07-05 09:47 . 2010-07-05 09:10 139264 ----a-w- c:\windows\War3Unin.exe
2010-07-04 17:07 . 2010-06-08 19:36 238952 ----a-w- c:\windows\system32\FsUsbExService.Exe
2010-07-03 07:49 . 2010-07-03 07:49 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-02 22:39 . 2010-07-02 22:39 1 ----a-w- c:\windows\system32\SI.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"Google Update"="c:\documents and settings\Petr\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-05-02 136176]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-02 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-09 2048352]
"ConMet"="c:\program files\ConMet\ConMet.exe" [2010-09-06 4123136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-06-19 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-05-12 831488]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-10 2500552]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2010-5-3 221247]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="d:\ovladače\Obrázky přihlašovací obrazovka\ms_rainbow_li\ms-rainbow\logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-05-03 11:59 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"195.137.182.212,255.255.255.255,192.168.1.15,1"=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Místní vyhledávání.lnk]
backup=c:\windows\pss\Místní vyhledávání.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2010-07-04 17:13 95576 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-05-02 08:48 136176 ----atw- c:\documents and settings\Petr\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-03-21 11:19 69632 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-09-29 22:14 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\Program Files\\Counter Strike 1.6 HD NonSteam\\hl.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"d:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2.5.2010 12:38 12552]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2.5.2010 12:38 108552]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10.9.2010 23:40 25240]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.6.2010 18:22 691696]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2.5.2010 12:38 335240]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10.9.2010 23:40 239240]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [3.5.2010 13:59 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3.5.2010 13:59 297752]
S2 CLPSLS;COMODO livePCsupport Service;"c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe" --> c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [?]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [8.6.2010 21:36 238952]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2.5.2010 10:43 135664]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [27.8.2010 14:59 1051968]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [8.6.2010 21:36 36608]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [25.5.2010 17:43 27064]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [25.7.2010 17:31 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [25.7.2010 17:31 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [25.7.2010 17:31 123648]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 10:18 10064]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23.9.2005 7:01 2799808]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 08:43]
2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 08:43]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {742E6A99-231E-4CEA-BFA2-7876AA8A21F4} = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\puj2catf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\puj2catf.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\components\nsWebFF15.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-30 09:50
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2010-09-30 09:53:02
ComboFix-quarantined-files.txt 2010-09-30 07:53
Před spuštěním: Volných bajtů: 465 713 451 008
Po spuštění: Volných bajtů: 465 919 705 088
- - End Of File - - C609B9A89576D4F22604283AE6612F49
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1770 [GMT 2:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Install.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-28 do 2010-09-30 )))))))))))))))))))))))))))))))
.
2010-09-29 11:36 . 2010-08-27 12:56 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2010-09-29 08:46 . 2010-09-29 18:21 -------- d-----w- c:\program files\SpeedFan
2010-09-28 12:42 . 2010-09-28 12:42 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-09-28 09:14 . 2010-09-28 09:14 -------- d-----w- c:\program files\Yamicsoft
2010-09-16 18:28 . 2010-09-16 18:28 -------- d-----w- c:\program files\COMODO
2010-09-15 17:17 . 2010-09-28 10:04 -------- d-----r- C:\Win 7
2010-09-11 14:44 . 2010-09-11 14:44 -------- d-----w- C:\VritualRoot
2010-09-10 21:41 . 2010-09-10 21:41 285480 ----a-w- c:\windows\system32\guard32.dll
2010-09-10 21:40 . 2010-09-10 21:40 91560 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-09-10 21:40 . 2010-09-10 21:40 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-09-10 21:40 . 2010-09-10 21:40 239240 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-09-10 21:40 . 2010-09-10 21:40 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-09-08 14:30 . 2010-06-18 11:39 16896 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-09-08 14:20 . 2005-11-23 11:55 53248 ----a-w- c:\windows\system32\csnpstd3.dll
2010-09-08 14:20 . 2006-06-19 09:43 262144 ----a-w- c:\windows\tsnpstd3.exe
2010-09-08 14:20 . 2006-04-12 10:11 147456 ----a-w- c:\windows\system32\rsnpstd3.dll
2010-09-08 14:20 . 2004-11-08 11:41 94208 ----a-w- c:\windows\amcap.exe
2010-09-08 14:20 . 2006-06-27 11:50 10148480 ----a-w- c:\windows\system32\drivers\snpstd3.sys
2010-09-08 14:20 . 2006-05-12 09:27 831488 ----a-w- c:\windows\vsnpstd3.exe
2010-09-08 14:20 . 2010-09-08 14:20 -------- d-----w- c:\program files\Common Files\StarCam
2010-09-08 14:20 . 2006-05-26 13:40 61440 ----a-w- c:\windows\system32\vsnpstd3.dll
2010-09-08 13:35 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-09-08 13:33 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-09-08 13:27 . 2010-04-28 18:15 2192128 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-09-08 13:27 . 2010-04-28 05:45 2148352 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-09-08 13:27 . 2010-04-28 05:45 2068992 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-09-08 13:27 . 2010-04-28 05:45 2026496 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-09-08 13:26 . 2010-06-24 12:27 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-09-08 13:26 . 2010-06-24 12:27 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-09-08 13:26 . 2010-06-24 12:27 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-09-08 13:26 . 2010-06-24 12:27 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-09-08 13:26 . 2010-06-24 12:27 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-09-08 13:26 . 2010-06-24 12:27 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-07 21:26 . 2009-08-06 17:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-09-07 19:29 . 2010-09-07 19:29 -------- d--h--w- c:\windows\msdownld.tmp
2010-09-07 19:20 . 2010-09-07 19:20 -------- d-----w- c:\program files\Realtek AC97
2010-09-07 19:00 . 2010-09-07 19:00 -------- d-----w- c:\windows\nview
2010-09-07 18:03 . 2008-04-14 06:51 6144 -c--a-w- c:\windows\system32\dllcache\snmpmib.dll
2010-09-07 18:02 . 2001-10-25 12:00 6144 -c--a-w- c:\windows\system32\dllcache\kbdinpun.dll
2010-09-07 18:01 . 2001-10-25 12:00 57344 -c--a-w- c:\windows\system32\dllcache\convlog.exe
2010-09-07 18:00 . 2003-03-24 13:52 20540 -c--a-w- c:\windows\system32\dllcache\admin.dll
2010-09-07 18:00 . 2008-04-14 06:52 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-09-07 17:58 . 2001-10-25 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-09-07 17:58 . 2008-04-14 06:51 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll
2010-09-07 17:58 . 2008-04-14 06:52 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe
2010-09-07 17:58 . 2008-04-14 06:52 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe
2010-09-07 17:58 . 2008-04-14 06:52 215552 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe
2010-09-07 17:47 . 2008-04-13 20:05 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2010-09-07 17:39 . 2001-10-25 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-09-07 17:39 . 2001-10-25 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-09-07 17:39 . 2001-10-25 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-09-07 17:39 . 2001-10-25 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-09-06 17:49 . 2010-09-23 13:24 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-09-06 17:49 . 2010-09-27 16:53 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-09-06 17:49 . 2010-09-27 16:53 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-09-06 17:47 . 2010-09-06 17:47 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-06 17:46 . 2010-09-06 17:46 -------- d-----w- c:\windows\system32\URTTEMP
2010-09-06 17:21 . 2010-09-06 17:21 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-06 17:20 . 2010-09-07 19:29 -------- dc-h--w- c:\windows\ie8
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 13:59 . 2001-10-25 12:00 90636 ----a-w- c:\windows\system32\perfc005.dat
2010-09-29 13:59 . 2001-10-25 12:00 457874 ----a-w- c:\windows\system32\perfh005.dat
2010-09-29 11:36 . 2010-06-29 12:11 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-09-28 11:50 . 2010-05-03 18:26 -------- d-----w- c:\program files\CCleaner
2010-09-08 14:20 . 2010-05-02 08:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-07 19:20 . 2010-05-02 08:36 -------- d-----w- c:\program files\AvRack
2010-09-07 17:56 . 2010-05-02 08:04 23544 ----a-w- c:\windows\system32\emptyregdb.dat
2010-09-06 17:50 . 2010-05-04 15:41 -------- d-----w- c:\program files\NVIDIA Corporation
2010-09-06 17:28 . 2010-05-02 20:15 -------- d-----w- c:\program files\ConMet
2010-09-06 17:19 . 2010-05-25 19:39 -------- d-----w- c:\program files\trend micro
2010-08-28 18:41 . 2010-08-28 18:41 -------- d-----w- c:\program files\Common Files\Java
2010-08-28 18:41 . 2010-08-28 18:41 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-28 18:41 . 2010-08-28 18:41 -------- d-----w- c:\program files\Java
2010-08-28 16:48 . 2010-05-05 14:31 -------- d-----w- c:\program files\ICQ7.1
2010-08-27 13:02 . 2010-07-02 09:22 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2010-08-17 13:17 . 2008-04-14 06:52 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 13:49 . 2010-07-07 18:52 -------- d-----w- c:\program files\Windows Desktop Search
2010-07-22 15:46 . 2008-04-14 06:51 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-09 14:24 . 2010-07-09 14:24 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 14:24 . 2010-07-09 14:24 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 14:24 . 2010-07-09 14:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 14:24 . 2010-07-09 14:24 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 14:24 . 2010-07-09 14:24 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-09 14:24 . 2010-07-09 14:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-05 09:55 . 2010-07-05 09:10 84722 ----a-w- c:\windows\War3Unin.dat
2010-07-05 09:47 . 2010-07-05 09:10 2829 ----a-w- c:\windows\War3Unin.pif
2010-07-05 09:47 . 2010-07-05 09:10 139264 ----a-w- c:\windows\War3Unin.exe
2010-07-04 17:07 . 2010-06-08 19:36 238952 ----a-w- c:\windows\system32\FsUsbExService.Exe
2010-07-03 07:49 . 2010-07-03 07:49 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-02 22:39 . 2010-07-02 22:39 1 ----a-w- c:\windows\system32\SI.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"Google Update"="c:\documents and settings\Petr\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-05-02 136176]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-02 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-09 2048352]
"ConMet"="c:\program files\ConMet\ConMet.exe" [2010-09-06 4123136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-06-19 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-05-12 831488]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-10 2500552]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2010-5-3 221247]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="d:\ovladače\Obrázky přihlašovací obrazovka\ms_rainbow_li\ms-rainbow\logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-05-03 11:59 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"195.137.182.212,255.255.255.255,192.168.1.15,1"=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Místní vyhledávání.lnk]
backup=c:\windows\pss\Místní vyhledávání.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2010-07-04 17:13 95576 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-05-02 08:48 136176 ----atw- c:\documents and settings\Petr\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-03-21 11:19 69632 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-09-29 22:14 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\Program Files\\Counter Strike 1.6 HD NonSteam\\hl.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"d:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2.5.2010 12:38 12552]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2.5.2010 12:38 108552]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10.9.2010 23:40 25240]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.6.2010 18:22 691696]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2.5.2010 12:38 335240]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10.9.2010 23:40 239240]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [3.5.2010 13:59 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3.5.2010 13:59 297752]
S2 CLPSLS;COMODO livePCsupport Service;"c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe" --> c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [?]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [8.6.2010 21:36 238952]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2.5.2010 10:43 135664]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [27.8.2010 14:59 1051968]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [8.6.2010 21:36 36608]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [25.5.2010 17:43 27064]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [25.7.2010 17:31 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [25.7.2010 17:31 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [25.7.2010 17:31 123648]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 10:18 10064]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23.9.2005 7:01 2799808]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 08:43]
2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 08:43]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {742E6A99-231E-4CEA-BFA2-7876AA8A21F4} = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\puj2catf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\puj2catf.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\components\nsWebFF15.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-30 09:50
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2010-09-30 09:53:02
ComboFix-quarantined-files.txt 2010-09-30 07:53
Před spuštěním: Volných bajtů: 465 713 451 008
Po spuštění: Volných bajtů: 465 919 705 088
- - End Of File - - C609B9A89576D4F22604283AE6612F49
