Re: kontrola logu
Napsal: 30 lis 2010 15:44
ComboFix 10-11-27.01 - Jitka 2010-11-30 15:38:47.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.3327.2849 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jitka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jitka\Plocha\CFScript.txt.txt
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-28 do 2010-11-30 )))))))))))))))))))))))))))))))
.
2010-11-28 12:04 . 2010-11-28 12:03 390144 ----a-w- c:\windows\system32\CF17131.exe
2010-11-28 11:57 . 2010-11-28 11:57 390144 ----a-w- c:\windows\system32\CF15861.exe
2010-11-28 11:29 . 2010-11-28 11:29 390144 ----a-w- c:\windows\system32\CF10482.exe
2010-11-28 07:38 . 2010-11-28 07:38 390144 ----a-w- c:\windows\system32\CF30767.exe
2010-11-28 07:38 . 2010-11-28 07:34 390144 ----a-w- c:\windows\system32\CF29987.exe
2010-11-23 18:04 . 2010-11-23 20:22 -------- d-----w- c:\program files\trend micro
2010-11-23 18:04 . 2010-11-23 18:04 -------- d-----w- C:\rsit
2010-11-22 17:08 . 2010-11-22 19:36 -------- d-----w- c:\windows\SxsCaPendDel
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-27 22:23 . 2010-10-27 22:23 63488 ----a-w- c:\windows\xobglu16.dll
2010-10-27 22:23 . 2010-10-27 22:23 23552 ----a-w- c:\windows\xobglu32.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-11-28_12.14.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-30 14:34 . 2010-11-30 14:34 16384 c:\windows\Temp\Perflib_Perfdata_240.dat
- 2001-10-25 14:00 . 2010-11-28 12:08 68156 c:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2010-11-30 14:38 68156 c:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2010-11-28 12:08 78694 c:\windows\system32\perfc005.dat
+ 2001-10-25 14:00 . 2010-11-30 14:38 78694 c:\windows\system32\perfc005.dat
+ 2001-10-25 14:00 . 2010-11-30 14:38 435260 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2010-11-28 12:08 435260 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2010-11-28 12:08 431648 c:\windows\system32\perfh005.dat
+ 2001-10-25 14:00 . 2010-11-30 14:38 431648 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-13 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-09 13533184]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"QuickTime Task"="e:\quicktime\qttask.exe" [2009-05-26 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-07 198160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"nwiz"="nwiz.exe" [2008-07-09 1657376]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Logitech SetPoint.lnk - e:\program files\kl vesnice\SetPoint\SetPoint.exe [2009-3-5 688128]
Microsoft Office.lnk - e:\officesxp\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"f:\\assassin\\AssassinsCreed_Dx9.exe"=
"f:\\assassin\\AssassinsCreed_Dx10.exe"=
"f:\\assassin\\AssassinsCreed_Launcher.exe"=
"f:\\Empire Earth\\Empire Earth.exe"=
"e:\\Documents and Settings\\Jitka\\Dokumenty\\uTorrent.exe"=
"f:\\Heroes of Might and Magic V Collector Edition\\bin\\H5_Game.exe"=
"e:\\icq\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"f:\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"f:\\Sacred\\Sacred.exe"=
"f:\\Sacred 2\\system\\s2gs.exe"=
"f:\\Sacred 2\\system\\sacred2.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-02-27 717296]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-02-27 165456]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2010-09-24 143184]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2010-09-24 41936]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-27 17744]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-07-19 222456]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2010-08-05 111312]
S2 gupdate1ca2fcd12ac4984;Služba Google Update (gupdate1ca2fcd12ac4984);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 133104]
S2 IBService;IBService;e:\program files\Invisible Browsing\servers\IBService.exe --> e:\program files\Invisible Browsing\servers\IBService.exe [?]
S3 dmodusb;dmodusb;c:\windows\system32\drivers\dmodusb.sys [2010-08-02 26240]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [2009-04-13 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [2009-04-13 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [2009-04-13 94064]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-08-05 100496]
S3 XilinxFirmwareEmbeddedLoader;XilinxFirmwareEmbeddedLoader;c:\windows\system32\drivers\xusb_xup.sys [2010-08-02 17408]
S3 XilinxFirmwareEmbeddedLpLoader;XilinxFirmwareEmbeddedLpLoader;c:\windows\system32\drivers\xusb_emb.sys [2010-08-02 17408]
S3 XilinxFirmwareLoader;XilinxFirmwareLoader;c:\windows\system32\drivers\xusbdfwu.sys [2010-08-02 17280]
S3 XilinxFirmwareLpLoader;XilinxFirmwareLpLoader;c:\windows\system32\drivers\xusb_xlp.sys [2010-08-02 17280]
S3 XilinxFirmwareXpressLoader;XilinxFirmwareXpressLoader;c:\windows\system32\drivers\xusb_xpr.sys [2010-08-02 16768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
2010-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 15:08]
2010-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 15:08]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - e:\office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - e:\office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Jitka\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://centrum.cz
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: e:\program files\Reader\browser\nppdf32.dll
FF - plugin: e:\quicktime\Plugins\npqtplugin.dll
FF - plugin: e:\quicktime\Plugins\npqtplugin2.dll
FF - plugin: e:\quicktime\Plugins\npqtplugin3.dll
FF - plugin: e:\quicktime\Plugins\npqtplugin4.dll
FF - plugin: e:\quicktime\Plugins\npqtplugin5.dll
FF - plugin: e:\quicktime\Plugins\npqtplugin6.dll
FF - plugin: e:\quicktime\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\mozilla\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - e:\program files\mozilla\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Extension: Illimitux: illimitux@illimitux.net - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\illimitux@illimitux.net
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Get Styles: {6236BA26-C117-4007-928C-DE0716C7FA80} - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
FF - Extension: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
FF - Extension: FBFan: {6236BA26-C117-4007-928C-DE0716C7FA99} - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
FF - Extension: U Flv: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Extension: {7645f4b1-1f19-13dd-2d6b-0200600c2a56}: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Extension: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Extension: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Extension: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1454471165-2111687655-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:97,59,6a,24,eb,b7,2b,19,f1,11,87,d1,d7,f2,d2,a8,22,2e,77,98,b1,
88,5e,3a,73,42,a1,12,e4,c7,f0,c6,8a,68,97,80,0d,4c,f8,68,8d,18,12,e8,5d,b4,\
"rkeysecu"=hex:39,8e,b4,03,43,b1,cb,7f,cd,57,48,f4,e3,f0,30,67
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(2240)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
e:\program files\klávesnice\SetPoint\lgscroll.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-11-30 15:43:25
ComboFix-quarantined-files.txt 2010-11-30 14:43
ComboFix2.txt 2010-11-28 12:15
Před spuštěním: Volných bajtů: 83,146,756,096
Po spuštění: Volných bajtů: 83,143,008,256
- - End Of File - - B95B13B29D7AD8BCB960681A1403EDB8
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.3327.2849 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jitka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jitka\Plocha\CFScript.txt.txt
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-28 do 2010-11-30 )))))))))))))))))))))))))))))))
.
2010-11-28 12:04 . 2010-11-28 12:03 390144 ----a-w- c:\windows\system32\CF17131.exe
2010-11-28 11:57 . 2010-11-28 11:57 390144 ----a-w- c:\windows\system32\CF15861.exe
2010-11-28 11:29 . 2010-11-28 11:29 390144 ----a-w- c:\windows\system32\CF10482.exe
2010-11-28 07:38 . 2010-11-28 07:38 390144 ----a-w- c:\windows\system32\CF30767.exe
2010-11-28 07:38 . 2010-11-28 07:34 390144 ----a-w- c:\windows\system32\CF29987.exe
2010-11-23 18:04 . 2010-11-23 20:22 -------- d-----w- c:\program files\trend micro
2010-11-23 18:04 . 2010-11-23 18:04 -------- d-----w- C:\rsit
2010-11-22 17:08 . 2010-11-22 19:36 -------- d-----w- c:\windows\SxsCaPendDel
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-27 22:23 . 2010-10-27 22:23 63488 ----a-w- c:\windows\xobglu16.dll
2010-10-27 22:23 . 2010-10-27 22:23 23552 ----a-w- c:\windows\xobglu32.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-11-28_12.14.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-30 14:34 . 2010-11-30 14:34 16384 c:\windows\Temp\Perflib_Perfdata_240.dat
- 2001-10-25 14:00 . 2010-11-28 12:08 68156 c:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2010-11-30 14:38 68156 c:\windows\system32\perfc009.dat
- 2001-10-25 14:00 . 2010-11-28 12:08 78694 c:\windows\system32\perfc005.dat
+ 2001-10-25 14:00 . 2010-11-30 14:38 78694 c:\windows\system32\perfc005.dat
+ 2001-10-25 14:00 . 2010-11-30 14:38 435260 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2010-11-28 12:08 435260 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2010-11-28 12:08 431648 c:\windows\system32\perfh005.dat
+ 2001-10-25 14:00 . 2010-11-30 14:38 431648 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-13 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-09 13533184]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"QuickTime Task"="e:\quicktime\qttask.exe" [2009-05-26 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-07 198160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"nwiz"="nwiz.exe" [2008-07-09 1657376]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Logitech SetPoint.lnk - e:\program files\kl vesnice\SetPoint\SetPoint.exe [2009-3-5 688128]
Microsoft Office.lnk - e:\officesxp\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"f:\\assassin\\AssassinsCreed_Dx9.exe"=
"f:\\assassin\\AssassinsCreed_Dx10.exe"=
"f:\\assassin\\AssassinsCreed_Launcher.exe"=
"f:\\Empire Earth\\Empire Earth.exe"=
"e:\\Documents and Settings\\Jitka\\Dokumenty\\uTorrent.exe"=
"f:\\Heroes of Might and Magic V Collector Edition\\bin\\H5_Game.exe"=
"e:\\icq\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"f:\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"f:\\Sacred\\Sacred.exe"=
"f:\\Sacred 2\\system\\s2gs.exe"=
"f:\\Sacred 2\\system\\sacred2.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-02-27 717296]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-02-27 165456]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2010-09-24 143184]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2010-09-24 41936]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-27 17744]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-07-19 222456]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2010-08-05 111312]
S2 gupdate1ca2fcd12ac4984;Služba Google Update (gupdate1ca2fcd12ac4984);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 133104]
S2 IBService;IBService;e:\program files\Invisible Browsing\servers\IBService.exe --> e:\program files\Invisible Browsing\servers\IBService.exe [?]
S3 dmodusb;dmodusb;c:\windows\system32\drivers\dmodusb.sys [2010-08-02 26240]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [2009-04-13 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [2009-04-13 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [2009-04-13 94064]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-08-05 100496]
S3 XilinxFirmwareEmbeddedLoader;XilinxFirmwareEmbeddedLoader;c:\windows\system32\drivers\xusb_xup.sys [2010-08-02 17408]
S3 XilinxFirmwareEmbeddedLpLoader;XilinxFirmwareEmbeddedLpLoader;c:\windows\system32\drivers\xusb_emb.sys [2010-08-02 17408]
S3 XilinxFirmwareLoader;XilinxFirmwareLoader;c:\windows\system32\drivers\xusbdfwu.sys [2010-08-02 17280]
S3 XilinxFirmwareLpLoader;XilinxFirmwareLpLoader;c:\windows\system32\drivers\xusb_xlp.sys [2010-08-02 17280]
S3 XilinxFirmwareXpressLoader;XilinxFirmwareXpressLoader;c:\windows\system32\drivers\xusb_xpr.sys [2010-08-02 16768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
2010-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 15:08]
2010-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 15:08]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - e:\office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - e:\office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Jitka\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://centrum.cz
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: e:\program files\Reader\browser\nppdf32.dll
FF - plugin: e:\quicktime\Plugins\npqtplugin.dll
FF - plugin: e:\quicktime\Plugins\npqtplugin2.dll
FF - plugin: e:\quicktime\Plugins\npqtplugin3.dll
FF - plugin: e:\quicktime\Plugins\npqtplugin4.dll
FF - plugin: e:\quicktime\Plugins\npqtplugin5.dll
FF - plugin: e:\quicktime\Plugins\npqtplugin6.dll
FF - plugin: e:\quicktime\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\mozilla\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - e:\program files\mozilla\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Extension: Illimitux: illimitux@illimitux.net - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\illimitux@illimitux.net
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Get Styles: {6236BA26-C117-4007-928C-DE0716C7FA80} - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
FF - Extension: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
FF - Extension: FBFan: {6236BA26-C117-4007-928C-DE0716C7FA99} - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
FF - Extension: U Flv: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Extension: {7645f4b1-1f19-13dd-2d6b-0200600c2a56}: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Extension: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Extension: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Extension: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - c:\documents and settings\Jitka\Data aplikací\Mozilla\Firefox\Profiles\y4v7ovo2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1454471165-2111687655-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:97,59,6a,24,eb,b7,2b,19,f1,11,87,d1,d7,f2,d2,a8,22,2e,77,98,b1,
88,5e,3a,73,42,a1,12,e4,c7,f0,c6,8a,68,97,80,0d,4c,f8,68,8d,18,12,e8,5d,b4,\
"rkeysecu"=hex:39,8e,b4,03,43,b1,cb,7f,cd,57,48,f4,e3,f0,30,67
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(2240)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
e:\program files\klávesnice\SetPoint\lgscroll.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-11-30 15:43:25
ComboFix-quarantined-files.txt 2010-11-30 14:43
ComboFix2.txt 2010-11-28 12:15
Před spuštěním: Volných bajtů: 83,146,756,096
Po spuštění: Volných bajtů: 83,143,008,256
- - End Of File - - B95B13B29D7AD8BCB960681A1403EDB8
Stáhněte 
to byl velký sken?
záložka