Win32:jeefo
Napsal: 06 črc 2010 00:03
Ahoj rádcové na přitelkyni NB sem zanesl Win32:jeefo, pokouším s ním bojovat, ale už mi odstřelil téměř všechny programy, před chvíli sem se nemohl vůbec dostat ani do ovládacích panelů. Spustil jsem 2x ComboFix, poprvý mi nevyjel ani log, tak sem byl donucen ho spustit podruhý. Jelikož se mi nyní nějakým zázrakem povedlo spustit mozzilu, můžu sem dát alespoň ten log.
Vidím to na re-instal systému, jelikož nevím jestli komp ještě vůbec zapnu. Ale pokud ano, rád bych se re-instalu vyhnul.
Sem lama chtěl jsem nasypat NFS most-wanted. Jelikož mi avast detekoval crack jako malware, domníval jsem se že jde chybnou detekci a avasta jsem na malou chvíli deaktivoval. Win32:jeefo zřejmě byl v tom cracku
((
ComboFix 10-07-04.04 - Market 05.07.2010 19:25:14.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2814.1713 [GMT 2:00]
Spuštěný z: c:\users\Market\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\users\Irena\AppData\Roaming\.#\MBX@11AC@1CC2990.###
c:\users\Irena\AppData\Roaming\.#\MBX@11AC@1CC29C0.###
c:\users\Irena\AppData\Roaming\.#\MBX@11AC@1CC29F0.###
c:\users\Irena\AppData\Roaming\.#\MBX@1504@242990.###
c:\users\Irena\AppData\Roaming\.#\MBX@1504@2429C0.###
c:\users\Irena\AppData\Roaming\.#\MBX@1504@2429F0.###
c:\users\Irena\AppData\Roaming\.#\MBX@1640@712990.###
c:\users\Irena\AppData\Roaming\.#\MBX@1640@7129C0.###
c:\users\Irena\AppData\Roaming\.#\MBX@1640@7129F0.###
c:\users\Irena\AppData\Roaming\.#\MBX@1744@1772990.###
c:\users\Irena\AppData\Roaming\.#\MBX@1744@17729C0.###
c:\users\Irena\AppData\Roaming\.#\MBX@1744@17729F0.###
c:\users\Irena\AppData\Roaming\.#\MBX@BC0@1BA2990.###
c:\users\Irena\AppData\Roaming\.#\MBX@BC0@1BA29C0.###
c:\users\Irena\AppData\Roaming\.#\MBX@BC0@1BA29F0.###
c:\users\Irena\AppData\Roaming\.#\MBX@F34@1D32990.###
c:\users\Irena\AppData\Roaming\.#\MBX@F34@1D329C0.###
c:\users\Irena\AppData\Roaming\.#\MBX@F34@1D329F0.###
c:\users\Kody\AppData\Roaming\.#\MBX@9C0@1C32990.###
c:\users\Kody\AppData\Roaming\.#\MBX@9C0@1C329C0.###
c:\users\Kody\AppData\Roaming\.#\MBX@9C0@1C329F0.###
c:\windows\system32\vbzlib1.dll
d:\dokumenty\cc_20100612_123628.reg
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_PowerManager
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-05 do 2010-07-05 )))))))))))))))))))))))))))))))
.
2010-07-05 17:34 . 2010-07-05 17:34 -------- d-----w- c:\users\Market\AppData\Local\temp
2010-07-05 17:34 . 2010-07-05 17:34 -------- d-----w- c:\users\Kody\AppData\Local\temp
2010-07-05 17:34 . 2010-07-05 17:34 -------- d-----w- c:\users\Irena\AppData\Local\temp
2010-07-05 17:34 . 2010-07-05 17:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-05 16:29 . 2010-07-05 16:31 16986767 ----a-w- c:\windows\REGBK00.ZIP
2010-07-05 16:23 . 2010-07-05 16:23 -------- d---a-w- c:\windows\VDLL.DLL
2010-07-05 16:23 . 2010-07-05 16:23 -------- d---a-w- c:\windows\system32\runouce.exe
2010-07-05 16:23 . 2010-07-05 16:23 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-07-05 16:23 . 2010-07-05 16:23 -------- d---a-w- c:\windows\logo_1.exe
2010-07-05 16:21 . 2010-07-05 16:21 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-07-05 16:21 . 2010-07-05 16:21 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-07-05 16:21 . 2010-07-05 16:21 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-07-05 16:21 . 2010-07-05 16:21 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-07-05 16:21 . 2010-07-05 16:21 -------- d-----w- c:\programdata\MicroWorld
2010-07-05 14:49 . 2010-07-05 14:49 -------- d-----w- c:\users\Market\AppData\Roaming\Malwarebytes
2010-07-05 14:49 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-05 14:49 . 2010-07-05 14:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-05 14:49 . 2010-07-05 14:49 -------- d-----w- c:\programdata\Malwarebytes
2010-07-05 14:49 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-04 21:11 . 2010-07-04 21:11 -------- d-----w- c:\users\Market\AppData\Roaming\PTC
2010-07-04 20:24 . 2010-07-04 20:27 -------- d-----w- c:\program files\proeWildfire 2.0
2010-07-04 18:39 . 2010-07-04 18:39 -------- d-----w- c:\program files\EA GAMES
2010-07-04 18:39 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-07-04 09:38 . 2010-07-05 15:54 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-04 09:37 . 2010-07-04 09:38 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-07-04 09:36 . 2010-07-04 18:36 -------- d-----w- c:\users\Market\AppData\Roaming\DAEMON Tools Lite
2010-07-04 09:36 . 2010-07-04 09:36 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-07-02 06:57 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-06-23 16:21 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 16:21 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 16:21 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 16:21 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 16:21 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 08:12 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 08:12 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-21 17:34 . 2010-06-21 17:34 -------- d-----w- c:\program files\MSECache
2010-06-20 13:55 . 2010-06-20 13:55 53632 ----a-w- c:\users\Market\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-20 13:55 . 2010-06-20 13:55 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-20 13:55 . 2010-06-20 13:55 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-19 20:39 . 2010-06-19 20:39 -------- d-----w- c:\program files\DsNET Corp
2010-06-19 11:50 . 2010-06-19 11:50 -------- d-----w- C:\Wifi
2010-06-10 10:44 . 2010-06-10 10:44 -------- d-----w- c:\users\Kody\AppData\Local\CyberLink
2010-06-10 10:44 . 2010-06-10 10:44 -------- d-----w- c:\users\Kody\AppData\Local\SoftDMA
2010-06-10 10:44 . 2010-06-10 10:44 -------- d-----w- c:\users\Kody\AppData\Roaming\CyberLink
2010-06-10 10:44 . 2010-06-10 10:44 -------- d-----w- c:\users\Kody\AppData\Local\Acer Arcade Deluxe
2010-06-10 09:43 . 2010-06-10 09:43 537200 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbB971.tmp.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-05 17:18 . 2010-01-24 17:04 -------- d-----w- c:\users\Market\AppData\Roaming\Skype
2010-07-05 15:54 . 2008-09-03 03:03 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-07-05 15:54 . 2008-09-03 03:03 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-07-05 08:13 . 2009-02-09 17:35 -------- d-----w- c:\programdata\Google Updater
2010-06-28 20:57 . 2010-04-05 14:05 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-04-05 14:06 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-04-05 14:06 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-04-05 14:06 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-04-05 14:06 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2010-04-05 14:06 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-23 19:35 . 2009-12-25 13:27 -------- d-----w- c:\users\Market\AppData\Roaming\Media Player Classic
2010-06-23 19:25 . 2010-03-05 18:56 -------- d-----r- c:\program files\Skype
2010-06-19 20:55 . 2009-10-12 12:34 -------- d-----w- c:\users\Market\AppData\Roaming\ICQ
2010-06-12 10:56 . 2010-02-12 12:56 -------- d-----w- c:\program files\ICQ7.0
2010-06-12 10:23 . 2008-12-31 19:31 -------- d-----w- c:\program files\ESET
2010-06-12 10:22 . 2008-12-19 11:03 -------- d-----w- c:\program files\Google
2010-06-12 10:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-10 10:52 . 2010-03-13 09:14 -------- d-----w- c:\program files\CCleaner
2010-06-10 09:41 . 2008-12-31 20:34 70672 ----a-w- c:\users\Kody\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-30 08:28 . 2010-05-30 08:28 -------- d-----w- c:\program files\Common Files\Java
2010-05-30 08:27 . 2008-12-31 19:50 -------- d-----w- c:\program files\Java
2010-05-26 17:06 . 2010-06-11 10:51 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 10:51 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-10-03 08:32 256896 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 05:59 . 2010-06-11 10:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-11 10:51 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-11 10:51 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-11 10:51 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-11 10:51 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 14:13 . 2010-05-26 18:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-16 16:43 . 2010-06-23 08:12 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:43 . 2010-06-23 08:12 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:43 . 2010-06-23 08:12 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:43 . 2010-06-23 08:12 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-04-12 15:29 . 2010-05-30 08:27 411368 ----a-w- c:\windows\system32\deployJava1.dll
2009-12-14 21:04 . 2009-12-14 21:04 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 16:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-19 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 1012160]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]
c:\users\Market\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
2008-05-29 15:44 182784 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-25 19:36 28672 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-05-29 15:44 167936 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-12-14 21:04 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2008-05-12 15:28 203264 ----a-w- c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c8,d2,3c,cc,e4,4f,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1663695290-2459496147-392905735-1000]
"EnableNotificationsRef"=dword:00000001
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-05 697328]
R2 gupdate1c98adef2a3685;Google Update Service (gupdate1c98adef2a3685);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 168432]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-14 30192]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S1 aswSP;aswSP; [x]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2010-07-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-19 20:55]
2010-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 17:44]
2010-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 17:44]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=1208&m=aspire_5535
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
FF - ProfilePath - c:\users\Market\AppData\Roaming\Mozilla\Firefox\Profiles\2xhphgu0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-NWEReboot - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-05 19:34
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(5212)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\System32\SysHook.dll
.
Celkový čas: 2010-07-05 19:37:42
ComboFix-quarantined-files.txt 2010-07-05 17:37
Před spuštěním: Volných bajtů: 14 698 450 944
Po spuštění: Volných bajtů: 15 658 573 824
Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - C195852004944504AD5C31499314D1DF
Vidím to na re-instal systému, jelikož nevím jestli komp ještě vůbec zapnu. Ale pokud ano, rád bych se re-instalu vyhnul.
Sem lama chtěl jsem nasypat NFS most-wanted. Jelikož mi avast detekoval crack jako malware, domníval jsem se že jde chybnou detekci a avasta jsem na malou chvíli deaktivoval. Win32:jeefo zřejmě byl v tom cracku

ComboFix 10-07-04.04 - Market 05.07.2010 19:25:14.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2814.1713 [GMT 2:00]
Spuštěný z: c:\users\Market\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\users\Irena\AppData\Roaming\.#\MBX@11AC@1CC2990.###
c:\users\Irena\AppData\Roaming\.#\MBX@11AC@1CC29C0.###
c:\users\Irena\AppData\Roaming\.#\MBX@11AC@1CC29F0.###
c:\users\Irena\AppData\Roaming\.#\MBX@1504@242990.###
c:\users\Irena\AppData\Roaming\.#\MBX@1504@2429C0.###
c:\users\Irena\AppData\Roaming\.#\MBX@1504@2429F0.###
c:\users\Irena\AppData\Roaming\.#\MBX@1640@712990.###
c:\users\Irena\AppData\Roaming\.#\MBX@1640@7129C0.###
c:\users\Irena\AppData\Roaming\.#\MBX@1640@7129F0.###
c:\users\Irena\AppData\Roaming\.#\MBX@1744@1772990.###
c:\users\Irena\AppData\Roaming\.#\MBX@1744@17729C0.###
c:\users\Irena\AppData\Roaming\.#\MBX@1744@17729F0.###
c:\users\Irena\AppData\Roaming\.#\MBX@BC0@1BA2990.###
c:\users\Irena\AppData\Roaming\.#\MBX@BC0@1BA29C0.###
c:\users\Irena\AppData\Roaming\.#\MBX@BC0@1BA29F0.###
c:\users\Irena\AppData\Roaming\.#\MBX@F34@1D32990.###
c:\users\Irena\AppData\Roaming\.#\MBX@F34@1D329C0.###
c:\users\Irena\AppData\Roaming\.#\MBX@F34@1D329F0.###
c:\users\Kody\AppData\Roaming\.#\MBX@9C0@1C32990.###
c:\users\Kody\AppData\Roaming\.#\MBX@9C0@1C329C0.###
c:\users\Kody\AppData\Roaming\.#\MBX@9C0@1C329F0.###
c:\windows\system32\vbzlib1.dll
d:\dokumenty\cc_20100612_123628.reg
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_PowerManager
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-05 do 2010-07-05 )))))))))))))))))))))))))))))))
.
2010-07-05 17:34 . 2010-07-05 17:34 -------- d-----w- c:\users\Market\AppData\Local\temp
2010-07-05 17:34 . 2010-07-05 17:34 -------- d-----w- c:\users\Kody\AppData\Local\temp
2010-07-05 17:34 . 2010-07-05 17:34 -------- d-----w- c:\users\Irena\AppData\Local\temp
2010-07-05 17:34 . 2010-07-05 17:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-05 16:29 . 2010-07-05 16:31 16986767 ----a-w- c:\windows\REGBK00.ZIP
2010-07-05 16:23 . 2010-07-05 16:23 -------- d---a-w- c:\windows\VDLL.DLL
2010-07-05 16:23 . 2010-07-05 16:23 -------- d---a-w- c:\windows\system32\runouce.exe
2010-07-05 16:23 . 2010-07-05 16:23 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-07-05 16:23 . 2010-07-05 16:23 -------- d---a-w- c:\windows\logo_1.exe
2010-07-05 16:21 . 2010-07-05 16:21 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-07-05 16:21 . 2010-07-05 16:21 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-07-05 16:21 . 2010-07-05 16:21 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-07-05 16:21 . 2010-07-05 16:21 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-07-05 16:21 . 2010-07-05 16:21 -------- d-----w- c:\programdata\MicroWorld
2010-07-05 14:49 . 2010-07-05 14:49 -------- d-----w- c:\users\Market\AppData\Roaming\Malwarebytes
2010-07-05 14:49 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-05 14:49 . 2010-07-05 14:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-05 14:49 . 2010-07-05 14:49 -------- d-----w- c:\programdata\Malwarebytes
2010-07-05 14:49 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-04 21:11 . 2010-07-04 21:11 -------- d-----w- c:\users\Market\AppData\Roaming\PTC
2010-07-04 20:24 . 2010-07-04 20:27 -------- d-----w- c:\program files\proeWildfire 2.0
2010-07-04 18:39 . 2010-07-04 18:39 -------- d-----w- c:\program files\EA GAMES
2010-07-04 18:39 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-07-04 09:38 . 2010-07-05 15:54 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-04 09:37 . 2010-07-04 09:38 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-07-04 09:36 . 2010-07-04 18:36 -------- d-----w- c:\users\Market\AppData\Roaming\DAEMON Tools Lite
2010-07-04 09:36 . 2010-07-04 09:36 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-07-02 06:57 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-06-23 16:21 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 16:21 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 16:21 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 16:21 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 16:21 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 08:12 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 08:12 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-21 17:34 . 2010-06-21 17:34 -------- d-----w- c:\program files\MSECache
2010-06-20 13:55 . 2010-06-20 13:55 53632 ----a-w- c:\users\Market\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-20 13:55 . 2010-06-20 13:55 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-20 13:55 . 2010-06-20 13:55 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-19 20:39 . 2010-06-19 20:39 -------- d-----w- c:\program files\DsNET Corp
2010-06-19 11:50 . 2010-06-19 11:50 -------- d-----w- C:\Wifi
2010-06-10 10:44 . 2010-06-10 10:44 -------- d-----w- c:\users\Kody\AppData\Local\CyberLink
2010-06-10 10:44 . 2010-06-10 10:44 -------- d-----w- c:\users\Kody\AppData\Local\SoftDMA
2010-06-10 10:44 . 2010-06-10 10:44 -------- d-----w- c:\users\Kody\AppData\Roaming\CyberLink
2010-06-10 10:44 . 2010-06-10 10:44 -------- d-----w- c:\users\Kody\AppData\Local\Acer Arcade Deluxe
2010-06-10 09:43 . 2010-06-10 09:43 537200 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbB971.tmp.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-05 17:18 . 2010-01-24 17:04 -------- d-----w- c:\users\Market\AppData\Roaming\Skype
2010-07-05 15:54 . 2008-09-03 03:03 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-07-05 15:54 . 2008-09-03 03:03 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-07-05 08:13 . 2009-02-09 17:35 -------- d-----w- c:\programdata\Google Updater
2010-06-28 20:57 . 2010-04-05 14:05 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-04-05 14:06 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-04-05 14:06 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-04-05 14:06 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-04-05 14:06 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2010-04-05 14:06 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-23 19:35 . 2009-12-25 13:27 -------- d-----w- c:\users\Market\AppData\Roaming\Media Player Classic
2010-06-23 19:25 . 2010-03-05 18:56 -------- d-----r- c:\program files\Skype
2010-06-19 20:55 . 2009-10-12 12:34 -------- d-----w- c:\users\Market\AppData\Roaming\ICQ
2010-06-12 10:56 . 2010-02-12 12:56 -------- d-----w- c:\program files\ICQ7.0
2010-06-12 10:23 . 2008-12-31 19:31 -------- d-----w- c:\program files\ESET
2010-06-12 10:22 . 2008-12-19 11:03 -------- d-----w- c:\program files\Google
2010-06-12 10:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-10 10:52 . 2010-03-13 09:14 -------- d-----w- c:\program files\CCleaner
2010-06-10 09:41 . 2008-12-31 20:34 70672 ----a-w- c:\users\Kody\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-30 08:28 . 2010-05-30 08:28 -------- d-----w- c:\program files\Common Files\Java
2010-05-30 08:27 . 2008-12-31 19:50 -------- d-----w- c:\program files\Java
2010-05-26 17:06 . 2010-06-11 10:51 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 10:51 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-10-03 08:32 256896 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 05:59 . 2010-06-11 10:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-11 10:51 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-11 10:51 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-11 10:51 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-11 10:51 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 14:13 . 2010-05-26 18:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-16 16:43 . 2010-06-23 08:12 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:43 . 2010-06-23 08:12 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:43 . 2010-06-23 08:12 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:43 . 2010-06-23 08:12 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-04-12 15:29 . 2010-05-30 08:27 411368 ----a-w- c:\windows\system32\deployJava1.dll
2009-12-14 21:04 . 2009-12-14 21:04 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 16:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-19 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 1012160]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]
c:\users\Market\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
2008-05-29 15:44 182784 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-25 19:36 28672 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-05-29 15:44 167936 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-12-14 21:04 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2008-05-12 15:28 203264 ----a-w- c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c8,d2,3c,cc,e4,4f,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1663695290-2459496147-392905735-1000]
"EnableNotificationsRef"=dword:00000001
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-05 697328]
R2 gupdate1c98adef2a3685;Google Update Service (gupdate1c98adef2a3685);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 168432]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-14 30192]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S1 aswSP;aswSP; [x]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2010-07-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-19 20:55]
2010-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 17:44]
2010-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 17:44]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=1208&m=aspire_5535
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
FF - ProfilePath - c:\users\Market\AppData\Roaming\Mozilla\Firefox\Profiles\2xhphgu0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-NWEReboot - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-05 19:34
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(5212)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\System32\SysHook.dll
.
Celkový čas: 2010-07-05 19:37:42
ComboFix-quarantined-files.txt 2010-07-05 17:37
Před spuštěním: Volných bajtů: 14 698 450 944
Po spuštění: Volných bajtů: 15 658 573 824
Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - C195852004944504AD5C31499314D1DF