Re: Blokované stránky , ping , síť , pomoc!
Napsal: 30 bře 2012 13:58
ComboFix 12-03-29.02 - Eurox 30.03.2012 14:24:00.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.3070.2206 [GMT 2:00]
Spuštěný z: c:\users\Eurox\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Eurox\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\078F6.tmp"
"c:\windows\system32\07A2E.tmp"
"c:\windows\system32\07A6C.tmp"
"c:\windows\system32\07FF8.tmp"
"c:\windows\system32\08738.tmp"
"c:\windows\system32\08AC1.tmp"
"c:\windows\system32\ctyrrq.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\078F6.tmp
c:\windows\system32\07A2E.tmp
c:\windows\system32\07A6C.tmp
c:\windows\system32\07FF8.tmp
c:\windows\system32\08738.tmp
c:\windows\system32\08AC1.tmp
c:\windows\system32\ctyrrq.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_mvfthfwo
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-28 do 2012-03-30 )))))))))))))))))))))))))))))))
.
.
2012-03-30 12:41 . 2012-03-30 12:43 -------- d-----w- c:\users\Eurox\AppData\Local\temp
2012-03-29 17:11 . 2012-03-29 17:11 -------- d-----w- C:\rsit
2012-03-29 16:44 . 2012-03-29 16:44 -------- d--h--w- c:\programdata\Common Files
2012-03-29 16:42 . 2012-03-29 16:44 -------- d-----w- c:\programdata\MFAData
2012-03-29 14:01 . 2012-03-30 12:43 -------- d-----w- c:\users\Eurox\AppData\Local\LogMeIn Hamachi
2012-03-29 13:59 . 2012-03-29 13:59 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-03-29 08:47 . 2012-03-29 08:47 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-25 14:56 . 2012-03-29 18:20 -------- d-----w- c:\users\Eurox\AppData\Roaming\Skype
2012-03-25 14:55 . 2012-03-25 14:55 -------- d-----w- c:\program files\Common Files\Skype
2012-03-25 14:55 . 2012-03-25 14:55 -------- d-----r- c:\program files\Skype
2012-03-25 14:55 . 2012-03-25 14:55 -------- d-----w- c:\programdata\Skype
2012-03-25 14:45 . 2012-03-25 15:37 -------- d-----w- c:\program files\PC Tools Security
2012-03-25 14:45 . 2012-03-25 15:37 -------- d-----w- c:\program files\Common Files\PC Tools
2012-03-25 07:57 . 2012-03-25 07:57 -------- d-----w- c:\users\Eurox\AppData\Local\adaware
2012-03-25 07:57 . 2012-03-25 14:29 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-03-25 07:57 . 2011-04-05 15:35 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-03-25 07:57 . 2011-04-05 15:35 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-03-25 07:56 . 2011-04-05 15:35 221784 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-03-25 07:56 . 2011-02-08 07:14 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-03-24 16:47 . 2012-03-24 16:50 -------- d-----w- c:\programdata\SystemKey
2012-03-21 19:40 . 2012-03-21 20:04 -------- d-----w- c:\users\Eurox\AppData\Roaming\TS3Client
2012-03-21 19:40 . 2012-03-21 19:40 -------- d-----w- c:\users\Eurox\AppData\Local\TeamSpeak 3 Client
2012-03-21 17:00 . 2012-03-26 21:09 -------- d-----w- c:\users\Eurox\riotsGamesLogs
2012-03-21 16:17 . 2012-03-21 16:17 -------- d-----w- C:\Riot Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-29 08:47 . 2012-02-21 01:03 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 438272]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Eurox^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Connect.lnk]
path=c:\users\Eurox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Connect.lnk
backup=c:\windows\pss\Connect.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Eurox^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Spc.lnk]
backup=c:\windows\pss\Spc.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 08:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 20:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-04-10 14:40 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-04-01 09:39 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop SMS]
2007-06-18 08:51 1507328 ----a-w- c:\program files\IDM\Desktop SMS\DesktopSMS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-02-28 15:38 1987976 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-10-18 09:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 14:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-04-03 14:52 509496 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-22 22:19 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2007-07-10 07:24 581632 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2007-02-19 14:00 571024 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-473734820-815038978-2971271164-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-30 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
.
2012-03-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 08:47]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-30 14:43
Windows 6.0.6001 Service Pack 1 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3200)
c:\windows\System32\SyncCenter.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\LogMeIn Hamachi\hamachi-2.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\conime.exe
c:\windows\System32\TUProgSt.exe
c:\windows\RtHDVCpl.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2012-03-30 14:46:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-30 12:46
ComboFix2.txt 2012-03-29 20:24
ComboFix3.txt 2012-03-29 19:02
.
Před spuštěním: 7 582 969 856
Po spuštění: 7 522 660 352
.
- - End Of File - - 0DB83E75F5AEB0FAF0ACBC5E31B2A851
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.3070.2206 [GMT 2:00]
Spuštěný z: c:\users\Eurox\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Eurox\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\078F6.tmp"
"c:\windows\system32\07A2E.tmp"
"c:\windows\system32\07A6C.tmp"
"c:\windows\system32\07FF8.tmp"
"c:\windows\system32\08738.tmp"
"c:\windows\system32\08AC1.tmp"
"c:\windows\system32\ctyrrq.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\078F6.tmp
c:\windows\system32\07A2E.tmp
c:\windows\system32\07A6C.tmp
c:\windows\system32\07FF8.tmp
c:\windows\system32\08738.tmp
c:\windows\system32\08AC1.tmp
c:\windows\system32\ctyrrq.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_mvfthfwo
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-28 do 2012-03-30 )))))))))))))))))))))))))))))))
.
.
2012-03-30 12:41 . 2012-03-30 12:43 -------- d-----w- c:\users\Eurox\AppData\Local\temp
2012-03-29 17:11 . 2012-03-29 17:11 -------- d-----w- C:\rsit
2012-03-29 16:44 . 2012-03-29 16:44 -------- d--h--w- c:\programdata\Common Files
2012-03-29 16:42 . 2012-03-29 16:44 -------- d-----w- c:\programdata\MFAData
2012-03-29 14:01 . 2012-03-30 12:43 -------- d-----w- c:\users\Eurox\AppData\Local\LogMeIn Hamachi
2012-03-29 13:59 . 2012-03-29 13:59 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-03-29 08:47 . 2012-03-29 08:47 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-25 14:56 . 2012-03-29 18:20 -------- d-----w- c:\users\Eurox\AppData\Roaming\Skype
2012-03-25 14:55 . 2012-03-25 14:55 -------- d-----w- c:\program files\Common Files\Skype
2012-03-25 14:55 . 2012-03-25 14:55 -------- d-----r- c:\program files\Skype
2012-03-25 14:55 . 2012-03-25 14:55 -------- d-----w- c:\programdata\Skype
2012-03-25 14:45 . 2012-03-25 15:37 -------- d-----w- c:\program files\PC Tools Security
2012-03-25 14:45 . 2012-03-25 15:37 -------- d-----w- c:\program files\Common Files\PC Tools
2012-03-25 07:57 . 2012-03-25 07:57 -------- d-----w- c:\users\Eurox\AppData\Local\adaware
2012-03-25 07:57 . 2012-03-25 14:29 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-03-25 07:57 . 2011-04-05 15:35 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-03-25 07:57 . 2011-04-05 15:35 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-03-25 07:56 . 2011-04-05 15:35 221784 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-03-25 07:56 . 2011-02-08 07:14 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-03-24 16:47 . 2012-03-24 16:50 -------- d-----w- c:\programdata\SystemKey
2012-03-21 19:40 . 2012-03-21 20:04 -------- d-----w- c:\users\Eurox\AppData\Roaming\TS3Client
2012-03-21 19:40 . 2012-03-21 19:40 -------- d-----w- c:\users\Eurox\AppData\Local\TeamSpeak 3 Client
2012-03-21 17:00 . 2012-03-26 21:09 -------- d-----w- c:\users\Eurox\riotsGamesLogs
2012-03-21 16:17 . 2012-03-21 16:17 -------- d-----w- C:\Riot Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-29 08:47 . 2012-02-21 01:03 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 438272]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Eurox^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Connect.lnk]
path=c:\users\Eurox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Connect.lnk
backup=c:\windows\pss\Connect.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Eurox^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Spc.lnk]
backup=c:\windows\pss\Spc.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 08:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 20:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-04-10 14:40 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-04-01 09:39 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop SMS]
2007-06-18 08:51 1507328 ----a-w- c:\program files\IDM\Desktop SMS\DesktopSMS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-02-28 15:38 1987976 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-10-18 09:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 14:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-04-03 14:52 509496 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-22 22:19 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2007-07-10 07:24 581632 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2007-02-19 14:00 571024 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-473734820-815038978-2971271164-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-30 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
.
2012-03-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 08:47]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-30 14:43
Windows 6.0.6001 Service Pack 1 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3200)
c:\windows\System32\SyncCenter.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\LogMeIn Hamachi\hamachi-2.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\conime.exe
c:\windows\System32\TUProgSt.exe
c:\windows\RtHDVCpl.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2012-03-30 14:46:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-30 12:46
ComboFix2.txt 2012-03-29 20:24
ComboFix3.txt 2012-03-29 19:02
.
Před spuštěním: 7 582 969 856
Po spuštění: 7 522 660 352
.
- - End Of File - - 0DB83E75F5AEB0FAF0ACBC5E31B2A851