Re: Pomalé PC
Napsal: 06 led 2012 22:58
ComboFix 12-01-06.01 - vasek 06.01.2012 22:47:36.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1279.766 [GMT 1:00]
Spuštěný z: c:\documents and settings\vasek\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 101019-1] *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\~SETUP.T
c:\documents and settings\vasek\WINDOWS
c:\windows\EventSystem.log
c:\windows\IsUn0405.exe
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\regopt.log
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-06 do 2012-01-06 )))))))))))))))))))))))))))))))
.
.
2025-01-01 19:20 . 2025-01-01 19:20 -------- d-----w- C:\_OTM
2025-01-01 19:03 . 2001-10-24 11:25 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2025-01-01 19:02 . 2004-08-18 12:00 45109 -c--a-w- c:\windows\system32\dllcache\imjpuex.exe
2025-01-01 19:01 . 2004-08-18 12:00 330752 -c--a-w- c:\windows\system32\dllcache\aqueue.dll
2025-01-01 18:58 . 2004-08-18 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2025-01-01 18:58 . 2004-08-18 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2025-01-01 18:50 . 2001-08-17 19:13 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys
2025-01-01 18:45 . 2004-08-18 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2025-01-01 18:45 . 2004-08-18 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2025-01-01 18:45 . 2004-08-18 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2025-01-01 18:45 . 2004-08-18 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2025-01-01 17:55 . 2025-01-01 17:55 -------- d-----w- c:\program files\Smart Projects
2025-01-01 17:49 . 2025-01-01 17:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Yandex
2025-01-01 17:48 . 2025-01-01 17:49 -------- d-----w- c:\documents and settings\vasek\Data aplikací\Yandex
2025-01-01 17:48 . 2025-01-01 17:50 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2025-01-01 17:47 . 2025-01-01 17:49 -------- d-----w- c:\program files\DAEMON Tools Lite
2025-01-01 17:47 . 2025-01-01 17:51 -------- d-----w- c:\documents and settings\vasek\Data aplikací\DAEMON Tools Lite
2025-01-01 17:47 . 2025-01-01 17:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2025-01-01 17:37 . 2025-01-01 17:37 -------- d-----w- c:\program files\Vypalovač
2012-01-06 21:21 . 2012-01-06 21:21 56200 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{674FC9E6-52DC-482B-B75C-7C8869BAE84B}\offreg.dll
2012-01-06 20:26 . 2012-01-06 20:26 -------- d-----w- c:\windows\system32\CatRoot_bak
2012-01-06 20:22 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-01-06 20:19 . 2008-06-14 18:00 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-01-06 20:18 . 2010-02-16 19:34 2060544 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2012-01-06 20:18 . 2010-02-16 19:34 2018816 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-01-06 20:18 . 2010-02-16 19:34 2183552 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-01-06 20:18 . 2010-02-16 19:34 2139136 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-01-06 20:10 . 2012-01-06 20:10 -------- d-----w- c:\program files\7-Zip
2012-01-06 19:57 . 2004-10-22 01:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-01-06 19:57 . 2004-10-22 01:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-01-06 19:57 . 2004-10-22 01:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-01-06 19:57 . 2004-10-22 01:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-01-06 19:57 . 2012-01-06 19:57 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-01-06 19:57 . 2012-01-06 19:57 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-01-06 19:57 . 2004-10-22 01:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-01-06 19:44 . 2012-01-06 19:44 -------- d-----w- c:\program files\Lavalys
2012-01-01 16:37 . 2012-01-01 16:37 -------- d-----w- c:\program files\Defraggler
2012-01-01 16:36 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{674FC9E6-52DC-482B-B75C-7C8869BAE84B}\mpengine.dll
2011-12-22 16:07 . 2011-12-22 16:07 -------- d-----w- C:\NASA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-06 19:56 . 2007-03-29 07:17 163840 ----a-w- c:\windows\system32\S3Trayp.exe
2012-01-06 19:56 . 2007-03-29 07:17 53248 ----a-w- c:\windows\system32\VTTimer.exe
2012-01-06 19:56 . 2004-01-09 09:52 49152 ----a-w- c:\windows\system32\VTSetvga.exe
2012-01-06 19:56 . 2007-03-29 07:17 524288 ----a-w- c:\windows\system32\S3ovrlay.dll
2012-01-06 19:56 . 2007-03-29 07:17 327680 ----a-w- c:\windows\system32\S3Info2.dll
2012-01-06 19:56 . 2007-03-29 07:17 808448 ----a-w- c:\windows\system32\drivers\S3gIGPm.sys
2012-01-06 19:56 . 2007-03-29 07:17 739840 ----a-w- c:\windows\system32\S3gIGP.dll
2012-01-06 19:56 . 2007-03-29 07:17 6549504 ----a-w- c:\windows\system32\s3gIGPgl.dll
2012-01-06 19:56 . 2007-03-29 07:17 2465280 ----a-w- c:\windows\system32\s3gcil_inv.dll
2012-01-06 19:56 . 2007-03-29 07:17 638976 ----a-w- c:\windows\system32\S3Disply.dll
2012-01-06 19:56 . 2007-03-29 07:17 450560 ----a-w- c:\windows\system32\S3Gamma2.dll
2012-01-06 19:56 . 2007-03-29 07:17 380928 ----a-w- c:\windows\system32\S3Cfg3d.dll
2011-12-22 16:08 . 2007-08-13 15:50 805376 ----a-w- c:\windows\Nero Burning Rom Screensaver.scr
2011-11-21 10:47 . 2009-10-09 13:00 6823496 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2012-01-06 53248]
"S3Trayp"="S3trayp.exe" [2012-01-06 163840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-07-10 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Pexeso 2002\\Pexeso.dat"=
"c:\\Program Files\\EA SPORTS\\NHL07\\nhl2007.exe"=
.
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9.10.2009 15:41 114768]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [1.1.2025 18:48 239168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.10.2009 15:41 20560]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 18:19 13592]
S3 kbeepm;kbeepm;\??\c:\docume~1\vasek\LOCALS~1\Temp\kbeepm.sys --> c:\docume~1\vasek\LOCALS~1\Temp\kbeepm.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-01-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 10.100.0.100 90.183.12.188
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{91397D20-1446-11D4-8AF4-0040CA1127B6} - (no file)
AddRemove-3D Arctic Bear_is1 - c:\documents and settings\DANČA\Plocha\3D Arctic Bear\unins000.exe
AddRemove-Amazing Landscapes 2.1_is1 - c:\documents and settings\DANČA\Plocha\Amazing Landscapes 2.1\unins000.exe
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe
AddRemove-Lidské tělo 2.0 - c:\windows\IsUn0405.exe
AddRemove-Moorhuhnjagd - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-06 22:52
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-967640650-3354510997-3455805987-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Celkový čas: 2012-01-06 22:54:47
ComboFix-quarantined-files.txt 2012-01-06 21:54
.
Před spuštěním: Volných bajtů: 34 927 742 976
Po spuštění: Volných bajtů: 34 876 661 760
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 7D49449D9FCB189FCD4DD069434CAC23
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1279.766 [GMT 1:00]
Spuštěný z: c:\documents and settings\vasek\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 101019-1] *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\~SETUP.T
c:\documents and settings\vasek\WINDOWS
c:\windows\EventSystem.log
c:\windows\IsUn0405.exe
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\regopt.log
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-06 do 2012-01-06 )))))))))))))))))))))))))))))))
.
.
2025-01-01 19:20 . 2025-01-01 19:20 -------- d-----w- C:\_OTM
2025-01-01 19:03 . 2001-10-24 11:25 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2025-01-01 19:02 . 2004-08-18 12:00 45109 -c--a-w- c:\windows\system32\dllcache\imjpuex.exe
2025-01-01 19:01 . 2004-08-18 12:00 330752 -c--a-w- c:\windows\system32\dllcache\aqueue.dll
2025-01-01 18:58 . 2004-08-18 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2025-01-01 18:58 . 2004-08-18 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2025-01-01 18:50 . 2001-08-17 19:13 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys
2025-01-01 18:45 . 2004-08-18 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2025-01-01 18:45 . 2004-08-18 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2025-01-01 18:45 . 2004-08-18 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2025-01-01 18:45 . 2004-08-18 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2025-01-01 17:55 . 2025-01-01 17:55 -------- d-----w- c:\program files\Smart Projects
2025-01-01 17:49 . 2025-01-01 17:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Yandex
2025-01-01 17:48 . 2025-01-01 17:49 -------- d-----w- c:\documents and settings\vasek\Data aplikací\Yandex
2025-01-01 17:48 . 2025-01-01 17:50 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2025-01-01 17:47 . 2025-01-01 17:49 -------- d-----w- c:\program files\DAEMON Tools Lite
2025-01-01 17:47 . 2025-01-01 17:51 -------- d-----w- c:\documents and settings\vasek\Data aplikací\DAEMON Tools Lite
2025-01-01 17:47 . 2025-01-01 17:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2025-01-01 17:37 . 2025-01-01 17:37 -------- d-----w- c:\program files\Vypalovač
2012-01-06 21:21 . 2012-01-06 21:21 56200 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{674FC9E6-52DC-482B-B75C-7C8869BAE84B}\offreg.dll
2012-01-06 20:26 . 2012-01-06 20:26 -------- d-----w- c:\windows\system32\CatRoot_bak
2012-01-06 20:22 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-01-06 20:19 . 2008-06-14 18:00 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-01-06 20:18 . 2010-02-16 19:34 2060544 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2012-01-06 20:18 . 2010-02-16 19:34 2018816 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-01-06 20:18 . 2010-02-16 19:34 2183552 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-01-06 20:18 . 2010-02-16 19:34 2139136 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-01-06 20:10 . 2012-01-06 20:10 -------- d-----w- c:\program files\7-Zip
2012-01-06 19:57 . 2004-10-22 01:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-01-06 19:57 . 2004-10-22 01:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-01-06 19:57 . 2004-10-22 01:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-01-06 19:57 . 2004-10-22 01:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-01-06 19:57 . 2012-01-06 19:57 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-01-06 19:57 . 2012-01-06 19:57 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-01-06 19:57 . 2004-10-22 01:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-01-06 19:44 . 2012-01-06 19:44 -------- d-----w- c:\program files\Lavalys
2012-01-01 16:37 . 2012-01-01 16:37 -------- d-----w- c:\program files\Defraggler
2012-01-01 16:36 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{674FC9E6-52DC-482B-B75C-7C8869BAE84B}\mpengine.dll
2011-12-22 16:07 . 2011-12-22 16:07 -------- d-----w- C:\NASA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-06 19:56 . 2007-03-29 07:17 163840 ----a-w- c:\windows\system32\S3Trayp.exe
2012-01-06 19:56 . 2007-03-29 07:17 53248 ----a-w- c:\windows\system32\VTTimer.exe
2012-01-06 19:56 . 2004-01-09 09:52 49152 ----a-w- c:\windows\system32\VTSetvga.exe
2012-01-06 19:56 . 2007-03-29 07:17 524288 ----a-w- c:\windows\system32\S3ovrlay.dll
2012-01-06 19:56 . 2007-03-29 07:17 327680 ----a-w- c:\windows\system32\S3Info2.dll
2012-01-06 19:56 . 2007-03-29 07:17 808448 ----a-w- c:\windows\system32\drivers\S3gIGPm.sys
2012-01-06 19:56 . 2007-03-29 07:17 739840 ----a-w- c:\windows\system32\S3gIGP.dll
2012-01-06 19:56 . 2007-03-29 07:17 6549504 ----a-w- c:\windows\system32\s3gIGPgl.dll
2012-01-06 19:56 . 2007-03-29 07:17 2465280 ----a-w- c:\windows\system32\s3gcil_inv.dll
2012-01-06 19:56 . 2007-03-29 07:17 638976 ----a-w- c:\windows\system32\S3Disply.dll
2012-01-06 19:56 . 2007-03-29 07:17 450560 ----a-w- c:\windows\system32\S3Gamma2.dll
2012-01-06 19:56 . 2007-03-29 07:17 380928 ----a-w- c:\windows\system32\S3Cfg3d.dll
2011-12-22 16:08 . 2007-08-13 15:50 805376 ----a-w- c:\windows\Nero Burning Rom Screensaver.scr
2011-11-21 10:47 . 2009-10-09 13:00 6823496 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2012-01-06 53248]
"S3Trayp"="S3trayp.exe" [2012-01-06 163840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-07-10 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Pexeso 2002\\Pexeso.dat"=
"c:\\Program Files\\EA SPORTS\\NHL07\\nhl2007.exe"=
.
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9.10.2009 15:41 114768]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [1.1.2025 18:48 239168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.10.2009 15:41 20560]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 18:19 13592]
S3 kbeepm;kbeepm;\??\c:\docume~1\vasek\LOCALS~1\Temp\kbeepm.sys --> c:\docume~1\vasek\LOCALS~1\Temp\kbeepm.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-01-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 10.100.0.100 90.183.12.188
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{91397D20-1446-11D4-8AF4-0040CA1127B6} - (no file)
AddRemove-3D Arctic Bear_is1 - c:\documents and settings\DANČA\Plocha\3D Arctic Bear\unins000.exe
AddRemove-Amazing Landscapes 2.1_is1 - c:\documents and settings\DANČA\Plocha\Amazing Landscapes 2.1\unins000.exe
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe
AddRemove-Lidské tělo 2.0 - c:\windows\IsUn0405.exe
AddRemove-Moorhuhnjagd - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-06 22:52
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-967640650-3354510997-3455805987-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Celkový čas: 2012-01-06 22:54:47
ComboFix-quarantined-files.txt 2012-01-06 21:54
.
Před spuštěním: Volných bajtů: 34 927 742 976
Po spuštění: Volných bajtů: 34 876 661 760
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 7D49449D9FCB189FCD4DD069434CAC23
