Re: prosim o kontrolu, neobvykla aktivita site
Napsal: 29 pro 2010 00:00
ComboFix 10-12-26.01 - Eduard 28.12.2010 23:51:26.2.2 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3071.2399 [GMT 1:00]
Spuštěný z: c:\users\Eduard\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-28 do 2010-12-28 )))))))))))))))))))))))))))))))
.
2010-12-28 22:56 . 2010-12-28 22:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-28 19:40 . 2010-12-28 19:40 -------- d-----w- c:\program files\Maxis
2010-12-27 21:39 . 2010-12-27 21:39 -------- d-----w- c:\programdata\Kaspersky Lab
2010-12-27 12:18 . 2010-12-27 12:18 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-12-26 09:47 . 2010-12-26 09:47 -------- d-----w- c:\users\Eduard\AppData\Local\Secunia PSI
2010-12-24 21:37 . 2010-12-25 12:48 -------- d-----w- c:\users\Eduard\AppData\Local\Apple Computer
2010-12-24 21:37 . 2010-12-25 12:44 -------- d-----w- c:\users\Eduard\AppData\Roaming\Apple Computer
2010-12-24 21:36 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-24 21:36 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-12-24 21:36 . 2010-12-24 21:36 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-24 21:36 . 2010-12-24 21:36 -------- d-----w- c:\program files\iTunes
2010-12-24 21:36 . 2010-12-24 21:36 -------- d-----w- c:\program files\iPod
2010-12-24 21:34 . 2010-12-24 21:34 -------- d-----w- c:\program files\Bonjour
2010-12-24 21:34 . 2010-12-24 21:39 -------- d-----w- c:\programdata\Apple
2010-12-24 21:34 . 2010-12-24 21:36 -------- d-----w- c:\program files\Common Files\Apple
2010-12-23 23:39 . 2010-12-23 23:39 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-23 23:36 . 2010-12-23 23:36 -------- d-----w- c:\users\Eduard\AppData\Local\Sunbelt Software
2010-12-23 23:35 . 2010-12-28 22:21 -------- d-----w- c:\programdata\Lavasoft
2010-12-22 21:42 . 2010-12-22 21:42 -------- d-----w- c:\program files\HyCam2
2010-12-17 17:42 . 2010-12-17 17:42 -------- d-----w- c:\program files\WinHTTrack
2010-12-15 09:30 . 2010-12-15 09:32 -------- d-----w- C:\4581386463297300e3bd92ebac10
2010-12-06 21:51 . 2004-01-21 20:26 377856 ----a-w- c:\windows\system32\binkw32.dll
2010-12-05 23:37 . 2010-12-05 23:37 -------- d-----w- c:\users\Eduard\AppData\Roaming\Leadertech
2010-12-05 22:36 . 2010-12-05 22:36 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-12-04 16:56 . 2010-12-05 22:37 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-12-04 16:56 . 2010-12-05 23:28 -------- d-----w- c:\users\Eduard\AppData\Roaming\DAEMON Tools Lite
2010-12-04 16:45 . 2010-12-04 16:45 -------- d-----w- c:\program files\Infogrames Interactive
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-28 19:00 . 2010-09-07 00:26 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-12-20 17:09 . 2010-09-07 00:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-09-07 00:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-14 11:21 . 2010-09-07 18:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-07 11:23 . 2010-10-07 11:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 11:23 . 2010-10-07 11:23 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 11:23 . 2010-10-07 11:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 11:23 . 2010-10-07 11:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2006-10-12 03:09 94208 --sh--w- c:\windows\System32\SalaatTime.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"SalaatTime"="c:\program files\Salaat Time\SalaatTime.exe" [2008-05-16 13496320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-01 13789728]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-05-05 1466368]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-17 7737344]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-02 778240]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2010-09-07 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2010-09-07 33136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
"GrpConv"="grpconv -o" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKLM\~\startupfolder\C:^Users^Eduard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Eduard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-20 15:20 136176 ----atw- c:\users\Eduard\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 12:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 16:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 16:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 08:32 1479680 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-12-25 09:47 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 10:15 1826816 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-08-25 18:03 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
2010-10-27 00:17 5636136 ----a-w- c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-05 691696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 136176]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2010-12-21 399416]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2010-12-21 987704]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-06 1343400]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2007-09-26 15416]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-06-20 49664]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Obsah adresáře 'Naplánované úlohy'
2010-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 12:09]
2010-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 12:09]
2010-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2413461409-2882023136-2989487530-1001Core.job
- c:\users\Eduard\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-18 15:20]
2010-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2413461409-2882023136-2989487530-1001UA.job
- c:\users\Eduard\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-18 15:20]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = localhost:8118
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Eduard\AppData\Roaming\Mozilla\Firefox\Profiles\v7lyw48u.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.cz/nwshp?hl=cs&tab=wn
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c85cd47&v=6.010.006.004&i=26&tp=ab&iy=&ychte=us&lng=cs&q=
FF - prefs.js: network.proxy.ftp - localhost
FF - prefs.js: network.proxy.ftp_port - 8118
FF - prefs.js: network.proxy.gopher - localhost
FF - prefs.js: network.proxy.gopher_port - 8118
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 8118
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Gmail Manager: {582195F5-92E7-40a0-A127-DB71295901D7} - %profile%\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: Pray Times!: azan-times@hamid.net - %profile%\extensions\azan-times@hamid.net
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-RunOnce-<NO NAME> - (no file)
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-12-28 23:58:19
ComboFix-quarantined-files.txt 2010-12-28 22:58
Před spuštěním: Volných bajtů: 57 444 675 584
Po spuštění: Volných bajtů: 58 825 023 488
- - End Of File - - E82AF8AB7BA5906927311642AEFBB42C
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3071.2399 [GMT 1:00]
Spuštěný z: c:\users\Eduard\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-28 do 2010-12-28 )))))))))))))))))))))))))))))))
.
2010-12-28 22:56 . 2010-12-28 22:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-28 19:40 . 2010-12-28 19:40 -------- d-----w- c:\program files\Maxis
2010-12-27 21:39 . 2010-12-27 21:39 -------- d-----w- c:\programdata\Kaspersky Lab
2010-12-27 12:18 . 2010-12-27 12:18 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-12-26 09:47 . 2010-12-26 09:47 -------- d-----w- c:\users\Eduard\AppData\Local\Secunia PSI
2010-12-24 21:37 . 2010-12-25 12:48 -------- d-----w- c:\users\Eduard\AppData\Local\Apple Computer
2010-12-24 21:37 . 2010-12-25 12:44 -------- d-----w- c:\users\Eduard\AppData\Roaming\Apple Computer
2010-12-24 21:36 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-24 21:36 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-12-24 21:36 . 2010-12-24 21:36 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-24 21:36 . 2010-12-24 21:36 -------- d-----w- c:\program files\iTunes
2010-12-24 21:36 . 2010-12-24 21:36 -------- d-----w- c:\program files\iPod
2010-12-24 21:34 . 2010-12-24 21:34 -------- d-----w- c:\program files\Bonjour
2010-12-24 21:34 . 2010-12-24 21:39 -------- d-----w- c:\programdata\Apple
2010-12-24 21:34 . 2010-12-24 21:36 -------- d-----w- c:\program files\Common Files\Apple
2010-12-23 23:39 . 2010-12-23 23:39 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-23 23:36 . 2010-12-23 23:36 -------- d-----w- c:\users\Eduard\AppData\Local\Sunbelt Software
2010-12-23 23:35 . 2010-12-28 22:21 -------- d-----w- c:\programdata\Lavasoft
2010-12-22 21:42 . 2010-12-22 21:42 -------- d-----w- c:\program files\HyCam2
2010-12-17 17:42 . 2010-12-17 17:42 -------- d-----w- c:\program files\WinHTTrack
2010-12-15 09:30 . 2010-12-15 09:32 -------- d-----w- C:\4581386463297300e3bd92ebac10
2010-12-06 21:51 . 2004-01-21 20:26 377856 ----a-w- c:\windows\system32\binkw32.dll
2010-12-05 23:37 . 2010-12-05 23:37 -------- d-----w- c:\users\Eduard\AppData\Roaming\Leadertech
2010-12-05 22:36 . 2010-12-05 22:36 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-12-04 16:56 . 2010-12-05 22:37 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-12-04 16:56 . 2010-12-05 23:28 -------- d-----w- c:\users\Eduard\AppData\Roaming\DAEMON Tools Lite
2010-12-04 16:45 . 2010-12-04 16:45 -------- d-----w- c:\program files\Infogrames Interactive
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-28 19:00 . 2010-09-07 00:26 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-12-20 17:09 . 2010-09-07 00:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-09-07 00:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-14 11:21 . 2010-09-07 18:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-07 11:23 . 2010-10-07 11:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 11:23 . 2010-10-07 11:23 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 11:23 . 2010-10-07 11:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 11:23 . 2010-10-07 11:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2006-10-12 03:09 94208 --sh--w- c:\windows\System32\SalaatTime.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"SalaatTime"="c:\program files\Salaat Time\SalaatTime.exe" [2008-05-16 13496320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-01 13789728]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-05-05 1466368]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-17 7737344]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-02 778240]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2010-09-07 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2010-09-07 33136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
"GrpConv"="grpconv -o" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKLM\~\startupfolder\C:^Users^Eduard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Eduard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-20 15:20 136176 ----atw- c:\users\Eduard\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 12:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 16:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 16:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 08:32 1479680 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-12-25 09:47 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 10:15 1826816 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-08-25 18:03 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
2010-10-27 00:17 5636136 ----a-w- c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-05 691696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 136176]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2010-12-21 399416]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2010-12-21 987704]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-06 1343400]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2007-09-26 15416]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-06-20 49664]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Obsah adresáře 'Naplánované úlohy'
2010-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 12:09]
2010-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 12:09]
2010-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2413461409-2882023136-2989487530-1001Core.job
- c:\users\Eduard\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-18 15:20]
2010-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2413461409-2882023136-2989487530-1001UA.job
- c:\users\Eduard\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-18 15:20]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = localhost:8118
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Eduard\AppData\Roaming\Mozilla\Firefox\Profiles\v7lyw48u.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.cz/nwshp?hl=cs&tab=wn
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c85cd47&v=6.010.006.004&i=26&tp=ab&iy=&ychte=us&lng=cs&q=
FF - prefs.js: network.proxy.ftp - localhost
FF - prefs.js: network.proxy.ftp_port - 8118
FF - prefs.js: network.proxy.gopher - localhost
FF - prefs.js: network.proxy.gopher_port - 8118
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 8118
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Gmail Manager: {582195F5-92E7-40a0-A127-DB71295901D7} - %profile%\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: Pray Times!: azan-times@hamid.net - %profile%\extensions\azan-times@hamid.net
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-RunOnce-<NO NAME> - (no file)
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-12-28 23:58:19
ComboFix-quarantined-files.txt 2010-12-28 22:58
Před spuštěním: Volných bajtů: 57 444 675 584
Po spuštění: Volných bajtů: 58 825 023 488
- - End Of File - - E82AF8AB7BA5906927311642AEFBB42C
