Re: Procesy svchost.exe, services.exe
Napsal: 28 dub 2011 17:11
Zkuste v nouz. režimu.
VIRY.CZ
Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/
Procesy svchost.exe, services.exe
Stránka 2 z 2
Re: Procesy svchost.exe, services.exe
Napsal: 28 dub 2011 21:25
promiňte ale můžete mi napsat jak se rpacuje v nouzovém režimu, nemám totiž ani potuchy
Re: Procesy svchost.exe, services.exe
Napsal: 28 dub 2011 21:33
Při startu během úvodních postů tiskněte F8. Objeví se menu, v němž se budete pohybovat kurzorovými šipkami. Zvýrazníte stav nouze a stisknete >Enter<.
Re: Procesy svchost.exe, services.exe
Napsal: 29 dub 2011 15:45
ComboFix 11-04-27.03 - Administrator 29.04.2011 16:31:53.12.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2771 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Data aplikací\Mikrotik
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\winbox.cfg
c:\documents and settings\Administrator\WINDOWS
C:\Install.exe
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\install
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-28 do 2011-04-29 )))))))))))))))))))))))))))))))
.
.
2011-04-28 18:13 . 2011-04-28 18:13 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Chromium
2011-04-27 23:27 . 2011-04-27 23:27 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\The Creative Assembly
2011-04-27 13:09 . 2011-04-28 14:59 -------- d-----w- c:\program files\trend micro
2011-04-24 16:51 . 2011-04-24 16:51 -------- d-----w- c:\program files\Cool Record Edit Pro
2011-04-24 11:25 . 2011-04-24 11:25 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Import Audio from Video
2011-04-06 17:40 . 2008-04-14 06:51 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-04-06 17:40 . 2001-10-24 10:25 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-04-06 17:40 . 2008-04-13 22:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-04-06 17:40 . 2008-04-13 22:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-25 15:36 . 2008-05-27 08:46 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-25 15:36 . 2009-02-28 17:34 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-25 15:36 . 2008-05-27 08:45 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-22 15:40 . 2008-01-18 14:02 737280 ----a-w- c:\windows\iun6002.exe
2011-03-19 11:47 . 2008-05-27 08:45 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-03-06 14:34 . 2008-08-28 09:18 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2011-03-06 14:34 . 2008-08-28 09:18 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2011-02-25 09:19 . 2008-11-06 06:39 138056 ----a-w- c:\documents and settings\Administrator\Data aplikací\PnkBstrK.sys
2011-02-25 09:19 . 2008-05-27 08:45 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-02-25 09:15 . 2008-11-06 06:39 837192 ----a-w- c:\windows\system32\pbsvc.exe
2007-12-24 09:46 . 2007-12-24 09:46 13146072 ----a-w- c:\program files\nentczst.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBD30691-DA35-45D3-98E3-82626702295F}]
2008-08-07 15:47 2484224 ----a-w- c:\program files\Medio\mediaspector_16.9(1).dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8ED663E8-FE06-47C5-A68C-C2E893A36FE0}"= "c:\program files\Medio\mediaspector_16.9(1).dll" [2008-08-07 2484224]
.
[HKEY_CLASSES_ROOT\clsid\{8ed663e8-fe06-47c5-a68c-c2e893a36fe0}]
[HKEY_CLASSES_ROOT\TBSB01731.TBSB01731.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB01731.TBSB01731]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8ED663E8-FE06-47C5-A68C-C2E893A36FE0}"= "c:\program files\Medio\mediaspector_16.9(1).dll" [2008-08-07 2484224]
.
[HKEY_CLASSES_ROOT\clsid\{8ed663e8-fe06-47c5-a68c-c2e893a36fe0}]
[HKEY_CLASSES_ROOT\TBSB01731.TBSB01731.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB01731.TBSB01731]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-11 68856]
"uTorrent"="c:\program files\Torrent\uTorrent\utorrent.exe" [2011-04-21 399736]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2008-03-25 1130496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16859648]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^GameParkKlient.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\GameParkKlient.lnk
backup=c:\windows\pss\GameParkKlient.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2009-07-15 08:18 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-03-28 13:41 1910152 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-03-01 18:38 16949128 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 15:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2006-12-18 13:34 868352 ----a-r- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-17 07:05 1242448 ----a-w- c:\hry\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-17 16:57 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\hry\\World of Warcraft\\Launcher.exe"=
"c:\\hry\\HLSW\\HLSW\\hlsw.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=
"c:\\hry\\ICQ 6\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Torrent\\uTorrent\\utorrent.exe"=
"c:\\hry\\Garena\\Garena.exe"=
"c:\\Program Files\\Ubisoft\\Emulator\\server.exe"=
"c:\\hry\\Warcraft III\\Warcraft III.exe"=
"c:\\hry\\Warcraft III\\War3.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\Free Rapid Downloader.exe"=
"c:\\hry\\Steam\\steam.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\hry\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\hry\\League of Legends\\air\\LolClient.exe"=
"c:\\hry\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\hry\\StarCraft II\\StarCraft II.exe"=
"c:\\hry\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\hry\\r.u.s.e\\Ruse.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\hry\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\hry\\Magic The Gathering\\DotP.exe"=
"c:\\hry\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"c:\\hry\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\hry\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"c:\\hry\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"c:\\hry\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"c:\\hry\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1723:TCP"= 1723:TCP:TORRENT
"1723:UDP"= 1723:UDP:TORRENT
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"57984:TCP"= 57984:TCP:Pando Media Booster
"57984:UDP"= 57984:UDP:Pando Media Booster
"8395:TCP"= 8395:TCP:League of Legends Launcher
"8395:UDP"= 8395:UDP:League of Legends Launcher
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6961:TCP"= 6961:TCP:League of Legends Launcher
"6961:UDP"= 6961:UDP:League of Legends Launcher
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6881:TCP"= 6881:TCP:League of Legends Launcher
"6881:UDP"= 6881:UDP:League of Legends Launcher
"6964:TCP"= 6964:TCP:League of Legends Launcher
"6964:UDP"= 6964:UDP:League of Legends Launcher
"6975:TCP"= 6975:TCP:League of Legends Launcher
"6975:UDP"= 6975:UDP:League of Legends Launcher
"6932:TCP"= 6932:TCP:League of Legends Launcher
"6932:UDP"= 6932:UDP:League of Legends Launcher
"6962:TCP"= 6962:TCP:League of Legends Launcher
"6962:UDP"= 6962:UDP:League of Legends Launcher
"6934:TCP"= 6934:TCP:League of Legends Launcher
"6934:UDP"= 6934:UDP:League of Legends Launcher
"6989:TCP"= 6989:TCP:League of Legends Launcher
"6989:UDP"= 6989:UDP:League of Legends Launcher
"6970:TCP"= 6970:TCP:League of Legends Launcher
"6970:UDP"= 6970:UDP:League of Legends Launcher
"6986:TCP"= 6986:TCP:League of Legends Launcher
"6986:UDP"= 6986:UDP:League of Legends Launcher
"6992:TCP"= 6992:TCP:League of Legends Launcher
"6992:UDP"= 6992:UDP:League of Legends Launcher
"6897:TCP"= 6897:TCP:League of Legends Launcher
"6897:UDP"= 6897:UDP:League of Legends Launcher
"6952:TCP"= 6952:TCP:League of Legends Launcher
"6952:UDP"= 6952:UDP:League of Legends Launcher
"6920:TCP"= 6920:TCP:League of Legends Launcher
"6920:UDP"= 6920:UDP:League of Legends Launcher
"6899:TCP"= 6899:TCP:League of Legends Launcher
"6899:UDP"= 6899:UDP:League of Legends Launcher
"6903:TCP"= 6903:TCP:League of Legends Launcher
"6903:UDP"= 6903:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6980:TCP"= 6980:TCP:League of Legends Launcher
"6980:UDP"= 6980:UDP:League of Legends Launcher
"6997:TCP"= 6997:TCP:League of Legends Launcher
"6997:UDP"= 6997:UDP:League of Legends Launcher
"6993:TCP"= 6993:TCP:League of Legends Launcher
"6993:UDP"= 6993:UDP:League of Legends Launcher
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.12.2007 11:34 717296]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [19.1.2009 20:31 277544]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [24.12.2010 22:26 233472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6.11.2010 17:56 136176]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [28.3.2011 15:41 1242504]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2.7.2008 7:57 222456]
S3 {cmote;{cmote; [x]
S3 cpuz130;cpuz130;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [24.12.2010 22:26 36608]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\CYJC8.tmp --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\CYJC8.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\hry\Garena\safedrv.sys --> c:\hry\Garena\safedrv.sys [?]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [20.11.2008 8:04 27904]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-06 15:56]
.
2011-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-06 15:56]
.
2011-04-29 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-09 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\bsyaq7rg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-DriverScanner - c:\program files\Uniblue\DriverScanner\launcher.exe
HKLM-Run-NPSStartup - (no file)
MSConfigStartUp-nwiz - nwiz.exe
AddRemove-Aliens Vs Predator MultiPlayer 1.1 - c:\hry\Steam\SteamApps\common\zero gear\Server\Uninstall.exe
AddRemove-Ant War - g:\ant war\uninstall.exe
AddRemove-Cool Edit Pro 2.1 - g:\coolpro2\cep2unin.exe
AddRemove-Cool Record Edit Pro - g:\coolre~1\UNWISE.EXE
AddRemove-HD Decrypter) (Option: Mobile) 5_is1 - g:\mssemc\Media files\other\DVDFab 5\unins000.exe
AddRemove-Fraps - g:\fraps\uninstall.exe
AddRemove-Icy Tower v1.4_is1 - g:\icytower\unins000.exe
AddRemove-meGUI modern media encoder - g:\megui\megui-uninstall.exe
AddRemove-Seismovision 3 - g:\seismovision3\uninst_seis3.exe
AddRemove-{7353BAE6-5E49-46C4-A9B5-8A269A313789} - c:\documents and settings\All Users\Data aplikací\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe
AddRemove-{CCF54332-2869-489F-80F4-AA78137E1316}_is1 - g:\ziro\unins000.exe
AddRemove-{F37167DD-4436-4641-90B6-329D60632DDA} - c:\program files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-29 16:38
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\CYJC8.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1060284298-1580436667-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,90,8a,b3,c1,5b,14,4e,4e,a7,f0,87,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,90,8a,b3,c1,5b,14,4e,4e,a7,f0,87,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(244)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Celkový čas: 2011-04-29 16:39:42
ComboFix-quarantined-files.txt 2011-04-29 14:39
.
Před spuštěním: Volných bajtů: 17 127 776 256
Po spuštění: Volných bajtů: 17 078 054 912
.
Current=6 Default=6 Failed=4 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - 5E71B7CBFB7FFF83152A05ADE826ED3B
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2771 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Data aplikací\Mikrotik
c:\documents and settings\Administrator\Data aplikací\Mikrotik\Winbox\winbox.cfg
c:\documents and settings\Administrator\WINDOWS
C:\Install.exe
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\install
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-28 do 2011-04-29 )))))))))))))))))))))))))))))))
.
.
2011-04-28 18:13 . 2011-04-28 18:13 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Chromium
2011-04-27 23:27 . 2011-04-27 23:27 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\The Creative Assembly
2011-04-27 13:09 . 2011-04-28 14:59 -------- d-----w- c:\program files\trend micro
2011-04-24 16:51 . 2011-04-24 16:51 -------- d-----w- c:\program files\Cool Record Edit Pro
2011-04-24 11:25 . 2011-04-24 11:25 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Import Audio from Video
2011-04-06 17:40 . 2008-04-14 06:51 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-04-06 17:40 . 2001-10-24 10:25 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-04-06 17:40 . 2008-04-13 22:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-04-06 17:40 . 2008-04-13 22:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-25 15:36 . 2008-05-27 08:46 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-25 15:36 . 2009-02-28 17:34 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-25 15:36 . 2008-05-27 08:45 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-22 15:40 . 2008-01-18 14:02 737280 ----a-w- c:\windows\iun6002.exe
2011-03-19 11:47 . 2008-05-27 08:45 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-03-06 14:34 . 2008-08-28 09:18 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2011-03-06 14:34 . 2008-08-28 09:18 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2011-02-25 09:19 . 2008-11-06 06:39 138056 ----a-w- c:\documents and settings\Administrator\Data aplikací\PnkBstrK.sys
2011-02-25 09:19 . 2008-05-27 08:45 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-02-25 09:15 . 2008-11-06 06:39 837192 ----a-w- c:\windows\system32\pbsvc.exe
2007-12-24 09:46 . 2007-12-24 09:46 13146072 ----a-w- c:\program files\nentczst.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBD30691-DA35-45D3-98E3-82626702295F}]
2008-08-07 15:47 2484224 ----a-w- c:\program files\Medio\mediaspector_16.9(1).dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8ED663E8-FE06-47C5-A68C-C2E893A36FE0}"= "c:\program files\Medio\mediaspector_16.9(1).dll" [2008-08-07 2484224]
.
[HKEY_CLASSES_ROOT\clsid\{8ed663e8-fe06-47c5-a68c-c2e893a36fe0}]
[HKEY_CLASSES_ROOT\TBSB01731.TBSB01731.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB01731.TBSB01731]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8ED663E8-FE06-47C5-A68C-C2E893A36FE0}"= "c:\program files\Medio\mediaspector_16.9(1).dll" [2008-08-07 2484224]
.
[HKEY_CLASSES_ROOT\clsid\{8ed663e8-fe06-47c5-a68c-c2e893a36fe0}]
[HKEY_CLASSES_ROOT\TBSB01731.TBSB01731.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB01731.TBSB01731]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-11 68856]
"uTorrent"="c:\program files\Torrent\uTorrent\utorrent.exe" [2011-04-21 399736]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2008-03-25 1130496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16859648]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^GameParkKlient.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\GameParkKlient.lnk
backup=c:\windows\pss\GameParkKlient.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2009-07-15 08:18 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-03-28 13:41 1910152 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-03-01 18:38 16949128 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 15:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2006-12-18 13:34 868352 ----a-r- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-17 07:05 1242448 ----a-w- c:\hry\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-17 16:57 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\hry\\World of Warcraft\\Launcher.exe"=
"c:\\hry\\HLSW\\HLSW\\hlsw.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=
"c:\\hry\\ICQ 6\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Torrent\\uTorrent\\utorrent.exe"=
"c:\\hry\\Garena\\Garena.exe"=
"c:\\Program Files\\Ubisoft\\Emulator\\server.exe"=
"c:\\hry\\Warcraft III\\Warcraft III.exe"=
"c:\\hry\\Warcraft III\\War3.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\Free Rapid Downloader.exe"=
"c:\\hry\\Steam\\steam.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\hry\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\hry\\League of Legends\\air\\LolClient.exe"=
"c:\\hry\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\hry\\StarCraft II\\StarCraft II.exe"=
"c:\\hry\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\hry\\r.u.s.e\\Ruse.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\hry\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\hry\\Magic The Gathering\\DotP.exe"=
"c:\\hry\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"c:\\hry\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\hry\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"c:\\hry\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"c:\\hry\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"c:\\hry\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1723:TCP"= 1723:TCP:TORRENT
"1723:UDP"= 1723:UDP:TORRENT
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"57984:TCP"= 57984:TCP:Pando Media Booster
"57984:UDP"= 57984:UDP:Pando Media Booster
"8395:TCP"= 8395:TCP:League of Legends Launcher
"8395:UDP"= 8395:UDP:League of Legends Launcher
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6961:TCP"= 6961:TCP:League of Legends Launcher
"6961:UDP"= 6961:UDP:League of Legends Launcher
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6881:TCP"= 6881:TCP:League of Legends Launcher
"6881:UDP"= 6881:UDP:League of Legends Launcher
"6964:TCP"= 6964:TCP:League of Legends Launcher
"6964:UDP"= 6964:UDP:League of Legends Launcher
"6975:TCP"= 6975:TCP:League of Legends Launcher
"6975:UDP"= 6975:UDP:League of Legends Launcher
"6932:TCP"= 6932:TCP:League of Legends Launcher
"6932:UDP"= 6932:UDP:League of Legends Launcher
"6962:TCP"= 6962:TCP:League of Legends Launcher
"6962:UDP"= 6962:UDP:League of Legends Launcher
"6934:TCP"= 6934:TCP:League of Legends Launcher
"6934:UDP"= 6934:UDP:League of Legends Launcher
"6989:TCP"= 6989:TCP:League of Legends Launcher
"6989:UDP"= 6989:UDP:League of Legends Launcher
"6970:TCP"= 6970:TCP:League of Legends Launcher
"6970:UDP"= 6970:UDP:League of Legends Launcher
"6986:TCP"= 6986:TCP:League of Legends Launcher
"6986:UDP"= 6986:UDP:League of Legends Launcher
"6992:TCP"= 6992:TCP:League of Legends Launcher
"6992:UDP"= 6992:UDP:League of Legends Launcher
"6897:TCP"= 6897:TCP:League of Legends Launcher
"6897:UDP"= 6897:UDP:League of Legends Launcher
"6952:TCP"= 6952:TCP:League of Legends Launcher
"6952:UDP"= 6952:UDP:League of Legends Launcher
"6920:TCP"= 6920:TCP:League of Legends Launcher
"6920:UDP"= 6920:UDP:League of Legends Launcher
"6899:TCP"= 6899:TCP:League of Legends Launcher
"6899:UDP"= 6899:UDP:League of Legends Launcher
"6903:TCP"= 6903:TCP:League of Legends Launcher
"6903:UDP"= 6903:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6980:TCP"= 6980:TCP:League of Legends Launcher
"6980:UDP"= 6980:UDP:League of Legends Launcher
"6997:TCP"= 6997:TCP:League of Legends Launcher
"6997:UDP"= 6997:UDP:League of Legends Launcher
"6993:TCP"= 6993:TCP:League of Legends Launcher
"6993:UDP"= 6993:UDP:League of Legends Launcher
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.12.2007 11:34 717296]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [19.1.2009 20:31 277544]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [24.12.2010 22:26 233472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6.11.2010 17:56 136176]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [28.3.2011 15:41 1242504]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2.7.2008 7:57 222456]
S3 {cmote;{cmote; [x]
S3 cpuz130;cpuz130;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [24.12.2010 22:26 36608]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\CYJC8.tmp --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\CYJC8.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\hry\Garena\safedrv.sys --> c:\hry\Garena\safedrv.sys [?]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [20.11.2008 8:04 27904]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-06 15:56]
.
2011-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-06 15:56]
.
2011-04-29 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-09 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\bsyaq7rg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-DriverScanner - c:\program files\Uniblue\DriverScanner\launcher.exe
HKLM-Run-NPSStartup - (no file)
MSConfigStartUp-nwiz - nwiz.exe
AddRemove-Aliens Vs Predator MultiPlayer 1.1 - c:\hry\Steam\SteamApps\common\zero gear\Server\Uninstall.exe
AddRemove-Ant War - g:\ant war\uninstall.exe
AddRemove-Cool Edit Pro 2.1 - g:\coolpro2\cep2unin.exe
AddRemove-Cool Record Edit Pro - g:\coolre~1\UNWISE.EXE
AddRemove-HD Decrypter) (Option: Mobile) 5_is1 - g:\mssemc\Media files\other\DVDFab 5\unins000.exe
AddRemove-Fraps - g:\fraps\uninstall.exe
AddRemove-Icy Tower v1.4_is1 - g:\icytower\unins000.exe
AddRemove-meGUI modern media encoder - g:\megui\megui-uninstall.exe
AddRemove-Seismovision 3 - g:\seismovision3\uninst_seis3.exe
AddRemove-{7353BAE6-5E49-46C4-A9B5-8A269A313789} - c:\documents and settings\All Users\Data aplikací\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe
AddRemove-{CCF54332-2869-489F-80F4-AA78137E1316}_is1 - g:\ziro\unins000.exe
AddRemove-{F37167DD-4436-4641-90B6-329D60632DDA} - c:\program files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-29 16:38
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\CYJC8.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1060284298-1580436667-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,90,8a,b3,c1,5b,14,4e,4e,a7,f0,87,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,90,8a,b3,c1,5b,14,4e,4e,a7,f0,87,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(244)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Celkový čas: 2011-04-29 16:39:42
ComboFix-quarantined-files.txt 2011-04-29 14:39
.
Před spuštěním: Volných bajtů: 17 127 776 256
Po spuštění: Volných bajtů: 17 078 054 912
.
Current=6 Default=6 Failed=4 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - 5E71B7CBFB7FFF83152A05ADE826ED3B
Re: Procesy svchost.exe, services.exe
Napsal: 29 dub 2011 18:11
Několik položek CF smazal, zbytek logu vypadá čistý. Nastala nějaká změna?
Re: Procesy svchost.exe, services.exe
Napsal: 07 kvě 2011 09:49
zatím to vypadá lépe, kdyby něco ozvu se, děkuji 
Re: Procesy svchost.exe, services.exe
Napsal: 07 kvě 2011 10:45
Nemáte zač!