ComboFix 10-01-02.04 - me 03.01.2010 20:21:45.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.439 [GMT 1:00]
Spuštěný z: c:\documents and settings\me\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\me\Plocha\CFScript.txt.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\me\LOCALS~1\Temp\sshnas.dll
c:\windows\system32\ctfmon .exe
c:\windows\system32\sshnas.dll
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SSHNAS
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-03 do 2010-01-03 )))))))))))))))))))))))))))))))
.
2010-01-03 19:11 . 2010-01-03 19:11 -------- d-----w- C:\My Website
2010-01-03 17:43 . 2010-01-03 17:43 -------- d-sh--w- c:\windows\ftpcache
2010-01-03 17:42 . 2010-01-03 17:46 -------- d-----w- c:\program files\HTMLPad 2008
2010-01-03 12:11 . 2010-01-03 12:11 -------- d-----w- c:\program files\CCleaner
2010-01-02 17:45 . 2010-01-02 18:13 -------- d-----w- c:\documents and settings\me\DoctorWeb
2010-01-01 20:28 . 2010-01-03 19:16 -------- d-----w- c:\program files\WebSite X5 v8 - Evolution
2010-01-01 20:00 . 2010-01-01 19:59 737280 ----a-w- c:\windows\iun6002.exe
2010-01-01 13:36 . 2010-01-01 14:10 -------- d-----w- C:\MyWebSite
2009-12-31 16:34 . 2009-12-31 16:34 -------- d-----w- c:\program files\kompozer-0.7.10-win32
2009-12-29 20:49 . 2009-12-29 20:49 -------- d-----w- c:\program files\WinPcap
2009-12-29 20:48 . 2009-12-29 20:49 -------- d-----w- c:\program files\Wireshark
2009-12-29 11:06 . 2009-12-29 11:07 -------- d-----w- c:\program files\tcpview
2009-12-28 21:55 . 2009-12-28 21:56 -------- d-----w- c:\program files\Seznam DVD 2008
2009-12-28 21:13 . 2009-12-28 21:13 -------- d-----w- c:\documents and settings\me\Seznam DVD
2009-12-26 16:13 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-17 15:40 . 2009-12-17 15:40 -------- dc----w- c:\windows\system32\DRVSTORE
2009-12-17 15:40 . 2009-12-17 15:40 -------- d-----w- c:\program files\Western Digital
2009-12-17 15:25 . 2009-02-13 11:02 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2009-12-15 16:13 . 2009-12-15 16:53 -------- d-----w- c:\windows\SxsCaPendDel
2009-12-14 20:54 . 2009-12-14 20:54 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-13 09:45 . 2009-12-13 09:45 -------- d-----w- c:\program files\MSBuild
2009-12-13 09:45 . 2009-12-15 16:15 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-13 09:45 . 2009-12-13 09:45 -------- d-----w- c:\program files\Reference Assemblies
2009-12-13 09:45 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-13 09:44 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-12-12 19:51 . 2010-01-03 19:28 -------- d-----w- c:\program files\HDD Health
2009-12-12 19:27 . 2009-11-13 11:23 32824 ----a-w- c:\windows\system32\rrMon.sys
2009-12-12 19:26 . 2009-12-28 19:27 -------- d-----w- c:\program files\Registrar Registry Manager
2009-12-12 18:42 . 2005-02-11 09:24 6144 ----a-r- c:\windows\system32\drivers\k750cm.sys
2009-12-12 18:41 . 2005-02-11 09:19 5744 ----a-r- c:\windows\system32\drivers\k750wh.sys
2009-12-12 18:34 . 2009-12-12 19:35 -------- d-----w- c:\program files\Common Files\Teleca Shared
2009-12-12 18:30 . 2009-12-12 18:30 -------- d-----w- c:\windows\Downloaded Installations
2009-12-12 12:47 . 2009-12-12 12:47 -------- d-----w- c:\documents and settings\me\data aplikac?
2009-12-12 12:47 . 2009-12-12 12:47 -------- d-----w- c:\documents and settings\All Users\data aplikac?
2009-12-08 07:55 . 2009-12-08 07:55 -------- d-----w- c:\program files\FreeRapid-0.83
2009-12-07 13:46 . 2009-12-07 13:49 -------- d-----w- c:\program files\VB Colour Picker
2009-12-07 12:14 . 2010-01-02 11:20 -------- d-----w- c:\program files\trend micro
2009-12-06 12:13 . 2009-12-08 06:53 -------- d-----w- c:\program files\Common Files\BinarySense
2009-12-06 11:57 . 2010-01-03 17:10 -------- d-----w- c:\program files\AAALOGO2009.1
2009-12-06 08:02 . 2009-12-06 08:02 -------- d-sh--w- c:\documents and settings\me\IECompatCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-03 19:29 . 2009-11-28 11:55 -------- d-----w- c:\program files\QIP
2010-01-03 19:29 . 2009-11-28 12:08 -------- d---a-w- c:\program files\MemInfo
2010-01-03 19:29 . 2009-11-28 12:10 -------- d---a-w- c:\program files\NetMeter
2010-01-01 21:14 . 2009-12-02 20:09 40960 ----a-w- c:\windows\vsnpstd3.exe
2010-01-01 19:40 . 2009-11-26 18:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-01 12:36 . 2009-12-01 20:31 -------- d-----w- c:\program files\Nvu
2009-12-30 19:52 . 2009-11-28 12:05 -------- d---a-w- c:\program files\LFS
2009-12-29 12:10 . 2004-08-18 12:00 82552 ----a-w- c:\windows\system32\perfc005.dat
2009-12-29 12:10 . 2004-08-18 12:00 437832 ----a-w- c:\windows\system32\perfh005.dat
2009-12-28 20:08 . 2009-11-29 09:00 -------- d-----w- c:\program files\DiskBase
2009-12-24 13:06 . 2009-11-28 16:34 -------- d-----w- c:\program files\DreamCom
2009-12-16 19:39 . 2009-11-28 18:20 -------- d-----w- c:\program files\TuneUp Utilities 2010
2009-12-12 18:34 . 2009-11-28 16:09 -------- d-----w- c:\program files\Sony Ericsson
2009-12-12 18:16 . 2009-11-29 19:49 -------- d-----w- c:\program files\Google
2009-12-12 14:42 . 2009-11-30 18:49 -------- d-----w- c:\program files\MyPhoneExplorer
2009-12-10 17:49 . 2009-11-28 20:13 -------- d-----w- c:\program files\The KMPlayer
2009-12-08 19:47 . 2009-11-28 16:27 -------- d-----w- c:\program files\AMP Font Viewer
2009-12-06 13:41 . 2009-11-28 16:13 -------- d-----w- c:\program files\Opera USB
2009-12-03 20:08 . 2009-12-03 20:08 -------- d-----w- c:\program files\Alcohol Soft
2009-12-03 20:06 . 2009-12-03 20:06 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-03 14:05 . 2009-12-03 14:05 -------- d-----w- c:\program files\Nová složka
2009-12-03 13:19 . 2009-12-03 13:17 -------- d-----w- c:\program files\UltraISO
2009-12-03 13:17 . 2009-12-03 13:17 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-12-02 20:12 . 2009-11-29 08:33 -------- d-----w- c:\program files\MSI
2009-12-02 20:09 . 2009-12-02 20:09 -------- d-----w- c:\program files\Common Files\snpstd3
2009-12-02 19:29 . 2009-12-02 19:23 -------- d-----w- c:\program files\TechSmith
2009-12-02 17:16 . 2009-11-28 12:57 294912 ----a-w- c:\windows\TrnWord.dll
2009-12-02 17:16 . 2009-11-28 12:57 356352 ----a-w- c:\windows\TrnOutl.dll
2009-12-02 17:16 . 2009-11-28 12:57 45056 ----a-w- c:\windows\TRNOEH.DLL
2009-12-02 17:16 . 2009-11-28 12:57 26624 ----a-w- c:\windows\OETRN.EXE
2009-12-02 17:16 . 2009-11-28 12:57 200704 ----a-w- c:\windows\TRNOET.DLL
2009-12-02 17:16 . 2009-11-29 11:05 -------- d-----w- c:\program files\PC Translator
2009-12-02 17:06 . 2009-11-28 13:01 -------- d-----w- c:\program files\Topfield
2009-12-01 19:20 . 2009-11-30 19:07 -------- d-----w- c:\program files\WebSite X5 Smart
2009-11-30 20:40 . 2009-11-28 11:05 -------- d-----w- c:\program files\Cobian Backup 9
2009-11-30 20:18 . 2009-11-30 20:14 -------- d-----w- c:\program files\Womble Multimedia
2009-11-30 19:25 . 2009-11-30 19:25 -------- d-----w- c:\program files\Avanquest
2009-11-30 18:14 . 2009-11-28 12:18 -------- d---a-w- c:\program files\The Ultimate File Splitter 1.0
2009-11-30 18:13 . 2009-11-30 18:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-30 18:13 . 2009-11-28 11:17 -------- d-----w- c:\program files\Java
2009-11-30 18:06 . 2009-11-28 12:16 -------- d---a-w- c:\program files\ShellExView
2009-11-30 18:04 . 2009-11-30 18:04 -------- d-----w- c:\program files\Skype
2009-11-30 18:00 . 2009-11-30 18:00 -------- d-----w- c:\program files\Samsung
2009-11-30 17:59 . 2009-11-28 16:20 -------- d---a-w- c:\program files\RealDrawPRO4
2009-11-30 17:53 . 2009-11-28 16:20 -------- d-----w- c:\program files\pravitko
2009-11-30 17:41 . 2009-11-28 12:08 -------- d-----w- c:\program files\MediaCoder
2009-11-30 17:38 . 2009-11-28 16:19 -------- d---a-w- c:\program files\LiknoWebButtonMakerFree
2009-11-30 17:37 . 2009-11-28 12:05 -------- d---a-w- c:\program files\lexikon
2009-11-30 17:28 . 2009-11-28 12:02 -------- d---a-r- c:\program files\GSpot
2009-11-30 17:04 . 2009-11-28 16:19 -------- d---a-w- c:\program files\FileZilla FTP Client
2009-11-30 17:03 . 2009-11-28 12:00 -------- d---a-w- c:\program files\EvilLyrics
2009-11-30 17:00 . 2009-11-28 12:00 -------- d-----w- c:\program files\DVDFab Decrypter 3
2009-11-30 16:59 . 2009-11-28 12:00 -------- d---a-w- c:\program files\DVD Decrypter
2009-11-30 16:48 . 2009-11-28 18:02 -------- d-----w- c:\program files\Internet Download Manager
2009-11-30 15:51 . 2009-11-30 15:51 2331008 ----a-w- c:\windows\system32\TUKernel.exe
2009-11-29 20:37 . 2009-11-28 11:57 -------- d-----w- c:\program files\Cedulky
2009-11-29 20:36 . 2009-11-28 16:11 -------- d-----w- c:\program files\Caricature Studio 3.0
2009-11-29 20:33 . 2009-11-29 20:33 4608 ----a-w- c:\windows\system32\bbchlp.dll
2009-11-29 20:33 . 2009-11-29 20:33 2944 ----a-w- c:\windows\system32\drivers\bbcap.sys
2009-11-29 20:33 . 2009-11-29 20:33 27776 ----a-w- c:\windows\system32\bbcap.dll
2009-11-29 20:29 . 2009-11-28 11:56 -------- d---a-w- c:\program files\Avidemux 2.4
2009-11-29 20:28 . 2009-11-29 20:27 -------- d-----w- c:\program files\AutoGK
2009-11-29 20:27 . 2009-11-29 20:27 43602 ----a-w- c:\windows\system32\xvid-uninstall.exe
2009-11-29 20:27 . 2009-11-29 20:27 -------- d-----w- c:\program files\AviSynth 2.5
2009-11-29 20:27 . 2009-11-29 20:27 -------- d-----w- c:\program files\Gabest
2009-11-29 20:26 . 2009-11-28 11:56 -------- d---a-w- c:\program files\Audacity
2009-11-29 19:46 . 2009-11-28 11:14 -------- d---a-w- c:\program files\DVD Shrink
2009-11-29 17:50 . 2009-11-29 17:50 -------- d-----w- c:\program files\Microsoft.NET
2009-11-29 14:54 . 2009-11-29 14:51 -------- d-----w- c:\program files\linguatec
2009-11-29 10:52 . 2009-11-29 10:52 -------- d-----w- c:\program files\MSXML 4.0
2009-11-29 10:30 . 2009-11-29 10:12 -------- d-----w- c:\program files\Zoner
2009-11-29 08:28 . 2009-11-29 08:23 -------- d-----w- c:\program files\ASUS
2009-11-29 08:14 . 2009-11-29 07:52 113335 ----a-w- c:\windows\hpoins07.dat
2009-11-29 08:10 . 2009-11-29 08:10 -------- d-----w- c:\program files\Common Files\HP
2009-11-29 08:10 . 2009-11-29 07:57 -------- d-----w- c:\program files\HP
2009-11-29 08:09 . 2009-11-29 08:09 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-29 08:07 . 2009-11-29 08:07 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-11-28 22:06 . 2009-11-28 21:59 -------- d-----w- c:\program files\Nero
2009-11-28 22:01 . 2009-11-28 21:59 -------- d-----w- c:\program files\Common Files\Nero
2009-11-28 20:10 . 2009-11-28 20:10 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-28 18:56 . 2009-11-28 18:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-28 16:19 . 2009-11-28 16:19 -------- d-----w- c:\program files\CardTest
2009-11-28 16:11 . 2009-11-28 16:11 -------- d-----w- c:\program files\Ghostscript
2009-11-28 16:11 . 2009-11-28 16:11 -------- d-----w- c:\program files\Ghostgum
2009-11-28 16:11 . 2009-11-28 16:11 -------- d-----w- c:\program files\DComSoft
2009-11-28 15:26 . 2009-11-28 15:23 -------- d-----w- c:\program files\OO Software
2009-11-28 14:56 . 2009-11-28 14:50 -------- d-----w- c:\program files\ATI Technologies
2009-11-28 14:55 . 2009-11-28 14:55 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-11-28 14:48 . 2009-11-26 18:47 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-28 14:44 . 2009-11-28 14:44 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-11-28 14:15 . 2009-11-28 13:47 -------- d-----w- c:\program files\ICQ6.5
2009-11-28 13:46 . 2009-11-28 11:55 -------- d-----w- c:\program files\ICQ6
2009-11-28 13:30 . 2009-11-28 11:37 -------- d-----w- c:\program files\Symantec
2009-11-28 13:30 . 2009-11-28 11:37 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-28 13:30 . 2009-11-28 11:37 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-28 13:30 . 2009-11-28 11:37 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-11-28 13:30 . 2009-11-28 11:37 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-28 12:57 . 2009-11-28 12:57 491520 ----a-w- c:\windows\WebIE.dll
2009-11-28 12:20 . 2009-11-28 12:00 -------- d-----w- c:\program files\Diagnostika HDD
2009-11-28 12:16 . 2009-11-28 12:16 -------- d-----w- c:\program files\Smart PC Solutions
.
Kód: Vybrat vše
<pre>
c:\program files\ASUS\ASUS Remote\remotecontrolappl .exe
c:\program files\ASUS\ASUS Remote\remotecontrolappl .exe
c:\program files\ATI Technologies\ATI.ACE\cli .exe
c:\program files\HDD Health\hddhealth .exe
c:\program files\MemInfo\meminfo .exe
c:\program files\NetMeter\netmeter .exe
c:\program files\QIP\qip .exe
c:\program files\QIP\qip .exe
</pre>
((((((((((((((((((((((((((((( SnapShot@2010-01-03_12.51.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-03 19:28 . 2010-01-03 19:28 16384 c:\windows\Temp\Perflib_Perfdata_444.dat
+ 2010-01-03 13:36 . 2010-01-03 13:36 16384 c:\windows\Temp\Perflib_Perfdata_1d0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hddhealth"="c:\program files\HDD Health\hddhealth.exe" [2010-01-03 40960]
"c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [2010-01-03 40960]
"MemInfo"="c:\program files\MemInfo\meminfo.exe" [2010-01-03 40960]
"QIP2005"="c:\program files\qip\qip .exe" [2008-07-01 3256320]
"ASUSTeKRCAppl"="c:\program files\ASUS\ASUS Remote\remotecontrolappl .exe" [2010-01-03 40960]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2010-01-03 40960]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-9-22 40960]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"OEXPRESS"=c:\windows\OETRN.EXE
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"OODefragTray"=c:\windows\system32\oodtray.exe
"SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe
"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"tsnpstd3"=c:\windows\tsnpstd3.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1007020.00B\SymEFA.sys [28.11.2009 14:30 310320]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [29.11.2009 21:33 2944]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1007020.00B\BHDrvx86.sys [28.11.2009 14:30 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1007020.00B\cchpx86.sys [28.11.2009 14:30 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSXpx86.sys [21.12.2009 21:58 329592]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [28.11.2009 14:30 117640]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14.10.2009 14:31 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 9:58 20480]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [29.11.2009 9:23 2825088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [29.12.2009 21:31 102448]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;"c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe" --> c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 19:19 50704]
S3 pbfilter;pbfilter;\??\c:\program files\Peerblock\pbfilter.sys --> c:\program files\Peerblock\pbfilter.sys [?]
S3 TfBulk;TfBulk;c:\windows\system32\drivers\TfBulk.SYS [31.5.2007 21:11 13312]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [17.12.2009 16:25 11520]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3.12.2009 21:06 717296]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-01-03 c:\windows\Tasks\Automatic maintenance.job
- c:\program files\TuneUp Utilities 2010\OneClickStarter.exe [2009-10-29 19:46]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://
www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-01-03 20:28
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1606980848-57989841-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="38D140A9C8AA2DD0A9B3839FED7894F6A768EFF07D5F3B942D0054CD2522FA393796A30010953ED4E27A0D380E36D63319A016A1CB7C6832CFE85949938D675858B4BE5FAC359C34BCC6513637B4C78CAD7DA39FAE5EC15F05523E12E301BD34CE3127A79DA68FBD6B9A705E3B1F0746BC9DDCB5685CDE7564151196E7A12FDA93C0D50C697C7E53E8A86CC76E93D8B8DDD1700240C27BE0C7C0C719788691EB6252A81498BAF8EBF1DA2BE12BA5224E711FEAF58051F820CE1839B171BEDC1EBA03E09C365EB09087CC78EA4F5CEE8618C0C15678BCD84A5C90A3C831CB2FB8E0A7A3D4D454FB61EFCE00F73CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A6171C11EC38DE3DFEBC9E127BECC74C3B060D50980065913945AF4169ABFAC48E096D6F9E618E3074F761E2A2E07A02B0E13CA95E35C926D2876A746242FB75C17503C45B71A5641771062E51D9504ECA70EEA2C40B39CA312615CE0B5AD593C81BDB8F07452FFAD25932E7AD6989F3C226E61658015B277ACEC32E6BF61518557F014CC98C3F5F07AF85CD19885FEEC49CF8A4D7F7AA67C65421B43F851A818ECE133E7BDB3C8187193563AA125A3F73909033B6B3F83E262CEC45F8531BD00FD745EAAAA85CD11DDD09F12C47D967E2E2A8699DDF685D1970F6893B119F8BE78CDE1D17CE314704E8DC021E4C12EF1D1952336788F101975E28EF5FD784BC1A85BB63380E1ADD6B4A21E2302B08E31D5AB441A22060630958F8A97121FA709D7B498EB78A4E937836D929CA4E1853D6F4870793FAD3C4CE64F72AB2CA07B75C4E8D35F04AD6EAC18420AA0807EF512C5A98BDB2D2C06B372C48AC179703AAB6821DB177B991EA54322083360991F6781DC9DF2A45ED9F0B7E202C48AD1A61003CA4A21127AF9D2FDC1A1358EDD5DD87F8102FDAD3772D834B486BA197CD797D48E269B4C7B81248C9E07BA4B067A89AC974AF57634D65CDA921EFB3C4F2956B152CAC92B184DB85615E258533C2F6668E93A8E6BDB39C8D541B01C28532DAF7B466570BE04210C3AD0E3919393C73156FA0270511C12C57A73D2CC89108F1485F8D953433F2C854E08129336AFA49C333DE7AE2ECE2EFB5272244F0044689F06F315AD6EDEC28F8CCDB275954F82781472837E14757C8A777F65D9B5910D2FDE3F3DC70B7D94CEAEAD52A47E60542553CE9359A7B339C9DE10050DEF55F84EE5F0E16339CB6DFD6D63A6C6A76C25137C726115944DDD17E56913B021E00D6B4A849C4840BD50BDB4F6B6EE43B280F1542F0AB1C4593D5A465967E817E9409B92B07EA7D575DFC8DB95CF30DD1003C4E2874279682639ADB450E3F0FA38FDAD575B84EEC38C6E8749D96826F3AE81C3A1BED"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1072)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(300)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\oodag.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\docume~1\me\locals~1\temp\wmpscfgs.exe
c:\program files\internet explorer\wmpscfgs.exe
c:\docume~1\me\locals~1\temp\wmpscfgs.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Celkový čas: 2010-01-03 20:32:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-03 19:32
ComboFix2.txt 2010-01-03 12:53
Před spuštěním: Volných bajtů: 236 403 515 392
Po spuštění: Volných bajtů: 236 328 968 192
- - End Of File - - A2D3551F645BE09AE62519AAC5DE730F