))Přidávám log z ComboFixu...ale stále se nedaří havět dostat z PC..
(V nouzouvém režimu mi comboFix ke konci spadl-a pak už nereagoval.
((můžete mi prosím někdo poradit.????a ještě něco o administraci...(((omboFix 10-08-24.0C - Libas 26.08.2010 0:32.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.1023.380 [GMT 2:00]
Spuštěný z: c:\users\Libas\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\AutoRun.inf
c:\windows\system32\wininit.exe . . . je infikován!!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-25 do 2010-08-25 )))))))))))))))))))))))))))))))
.
2010-08-25 22:40 . 2010-08-25 22:46 -------- d-----w- c:\users\Libas\AppData\Local\temp
2010-08-25 22:40 . 2010-08-25 22:40 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-25 22:40 . 2010-08-25 22:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-25 22:20 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-25 22:20 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-25 22:20 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-25 22:20 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-25 22:20 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-25 22:20 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-25 22:20 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-25 22:20 . 2010-08-25 22:20 -------- d-----w- c:\programdata\Alwil Software
2010-08-25 22:20 . 2010-08-25 22:20 -------- d-----w- c:\program files\Alwil Software
2010-08-25 21:32 . 2010-08-25 21:32 53632 ----a-w- c:\users\Libas\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-25 19:58 . 2010-08-25 20:20 -------- d-----w- c:\users\Public\Filmy
2010-08-25 14:46 . 2008-08-17 20:09 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp64X.dll
2010-08-17 10:47 . 2010-08-17 10:49 -------- d-----w- c:\program files\FlatOut
2010-08-17 10:13 . 2010-08-17 10:43 -------- d-----w- c:\users\Libas\AppData\Local\Microsoft Games
2010-08-11 15:22 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 15:22 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 15:22 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 15:21 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 15:21 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 15:21 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-03 22:24 . 2010-08-03 22:24 -------- d-----w- C:\totalcmd
2010-08-03 13:49 . 2010-08-03 13:49 -------- d-----w- c:\program files\Secunia
2010-08-01 12:57 . 2010-08-01 12:57 -------- d-----w- c:\programdata\vsosdk
2010-07-30 13:40 . 2010-07-30 13:40 -------- d-----w- c:\users\Libas\AppData\Roaming\Tific
2010-07-30 11:35 . 2010-08-25 13:58 -------- d-----w- c:\program files\Microsoft.NET
2010-07-30 11:35 . 2010-07-30 11:35 -------- d-----w- c:\windows\PCHEALTH
2010-07-30 11:33 . 2010-07-30 11:33 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-07-30 11:31 . 2010-07-30 11:31 -------- d-----r- C:\MSOCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 22:17 . 2010-06-21 17:02 -------- d-----w- c:\program files\CCleaner
2010-08-25 21:48 . 2010-06-21 15:57 -------- d-----w- c:\programdata\Norton
2010-08-25 21:46 . 2007-05-10 10:21 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-25 21:32 . 2010-06-21 16:51 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-25 21:32 . 2010-06-21 16:52 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-25 14:03 . 2007-01-08 21:09 607232 ----a-w- c:\windows\system32\perfh005.dat
2010-08-25 14:03 . 2007-01-08 21:09 117912 ----a-w- c:\windows\system32\perfc005.dat
2010-08-11 16:09 . 2007-05-10 10:30 -------- d-----w- c:\programdata\Microsoft Help
2010-08-11 16:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-08 14:17 . 2010-07-04 08:50 153726 ----a-w- c:\windows\HPHins15.dat
2010-08-08 14:10 . 2010-06-22 13:24 -------- d-----w- c:\users\Libas\AppData\Roaming\Vso
2010-08-07 16:36 . 2007-05-10 10:31 -------- d-----w- c:\program files\Microsoft Works
2010-08-06 10:19 . 2010-07-04 12:42 -------- d-----w- c:\programdata\VistaCodecs
2010-08-03 12:20 . 2010-06-22 15:04 -------- d-----w- c:\users\Libas\AppData\Roaming\ICQ
2010-07-30 12:16 . 2010-06-21 15:20 102424 ----a-w- c:\users\Libas\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-30 11:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-07-30 11:23 . 2010-07-26 11:24 -------- d-----w- c:\programdata\WinZip
2010-07-26 11:27 . 2007-05-10 10:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-22 18:30 . 2010-07-22 18:30 680 ----a-w- c:\users\Libas\AppData\Local\d3d9caps.dat
2010-07-10 20:44 . 2010-07-10 20:25 -------- d-----w- c:\users\Libas\AppData\Roaming\Download Manager
2010-07-07 20:00 . 2010-06-22 21:57 -------- d-----w- c:\programdata\NortonInstaller
2010-07-07 14:05 . 2010-07-07 14:05 14904 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-07-06 08:59 . 2010-07-06 08:59 -------- d-----w- c:\users\Libas\AppData\Roaming\Malwarebytes
2010-07-06 08:59 . 2010-07-06 08:59 -------- d-----w- c:\programdata\Malwarebytes
2010-07-06 08:51 . 2010-07-06 08:51 -------- d-----w- c:\users\Libas\AppData\Roaming\VitySoft
2010-07-06 08:51 . 2010-07-06 08:51 -------- d-----w- c:\program files\Common Files\Java
2010-07-06 08:51 . 2010-07-06 08:51 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-06 08:51 . 2010-07-06 08:51 -------- d-----w- c:\program files\Java
2010-07-06 08:42 . 2010-07-06 08:36 -------- d-----w- c:\users\Libas\AppData\Roaming\HpUpdate
2010-07-04 12:43 . 2010-07-04 12:43 -------- d-----w- c:\users\Libas\AppData\Roaming\VistaCodecs
2010-07-04 12:43 . 2010-07-04 12:43 -------- d-----w- c:\program files\VistaCodecPack
2010-07-04 09:00 . 2010-07-04 09:00 -------- d-----w- c:\users\Libas\AppData\Roaming\HP
2010-07-04 08:59 . 2010-07-04 08:59 -------- d-----w- c:\programdata\WEBREG
2010-07-04 08:58 . 2010-07-04 08:50 -------- d-----w- c:\programdata\HP
2010-07-04 08:57 . 2010-07-04 08:57 -------- d-----w- c:\programdata\HPSSUPPLY
2010-07-04 08:57 . 2010-07-04 08:53 -------- d-----w- c:\program files\HP
2010-07-04 08:56 . 2010-07-04 08:56 -------- d-----w- c:\programdata\HP Product Assistant
2010-07-04 08:54 . 2010-07-04 08:54 -------- d-----w- c:\program files\Common Files\HP
2010-07-04 08:50 . 2010-07-04 08:50 -------- d-----w- c:\programdata\Hewlett-Packard
2010-06-26 06:05 . 2010-08-11 15:23 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 15:23 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 15:23 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 15:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-23 10:35 . 2010-06-23 10:35 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-06-23 10:35 . 2010-06-23 10:35 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-06-22 14:10 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-22 13:24 . 2010-06-22 13:24 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-06-22 13:24 . 2010-06-22 13:24 47360 ----a-w- c:\users\Libas\AppData\Roaming\pcouffin.sys
2010-06-22 13:24 . 2010-06-22 13:24 47360 ----a-w- c:\users\Libas\AppData\Roaming\pcouffin.sys
2010-06-22 09:57 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-06-22 09:56 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-06-22 08:06 . 2010-06-22 08:06 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-06-21 21:50 . 2010-06-21 21:50 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2010-06-21 21:50 . 2010-06-21 21:50 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2010-06-21 21:50 . 2010-06-21 21:50 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll
2010-06-21 21:50 . 2010-06-21 21:50 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll
2010-06-21 21:50 . 2010-06-21 21:50 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll
2010-06-21 21:50 . 2010-06-21 21:50 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll
2010-06-21 21:50 . 2010-06-21 21:50 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll
2010-06-21 21:50 . 2010-06-21 21:50 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll
2010-06-21 21:50 . 2010-06-21 21:50 7964672 ----a-w- c:\windows\system32\NlsLexicons0024.dll
2010-06-21 21:50 . 2010-06-21 21:50 5791232 ----a-w- c:\windows\system32\NlsLexicons0026.dll
2010-06-21 21:50 . 2010-06-21 21:50 6224896 ----a-w- c:\windows\system32\NlsLexicons0027.dll
2010-06-21 21:48 . 2010-06-21 21:48 1523712 ----a-w- c:\windows\system32\NlsData0000.dll
2010-06-21 21:36 . 2010-06-21 21:36 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-06-21 20:53 . 2010-06-21 20:53 23552 ----a-w- c:\windows\system32\lpk.dll
2010-06-21 20:53 . 2010-06-21 20:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-06-21 20:53 . 2010-06-21 20:53 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-06-21 20:53 . 2010-06-21 20:53 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-06-21 20:48 . 2010-06-21 20:48 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-06-21 20:48 . 2010-06-21 20:48 272896 ----a-w- c:\windows\system32\polstore.dll
2010-06-21 20:46 . 2010-06-21 20:46 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-21 20:41 . 2010-06-21 20:41 17920 ----a-w- c:\windows\system32\netevent.dll
2010-06-21 20:41 . 2010-06-21 20:41 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-06-21 20:41 . 2010-06-21 20:41 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-06-21 20:41 . 2010-06-21 20:41 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-06-21 20:41 . 2010-06-21 20:41 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-06-21 20:41 . 2010-06-21 20:41 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-06-21 20:41 . 2010-06-21 20:41 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-06-21 20:41 . 2010-06-21 20:41 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-06-21 20:41 . 2010-06-21 20:41 10240 ----a-w- c:\windows\system32\finger.exe
2010-06-21 20:37 . 2010-06-21 20:37 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-06-21 20:37 . 2010-06-21 20:37 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-06-21 20:37 . 2010-06-21 20:37 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-06-21 20:37 . 2010-06-21 20:37 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-06-21 20:37 . 2010-06-21 20:37 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-06-21 20:37 . 2010-06-21 20:37 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-06-21 20:37 . 2010-06-21 20:37 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2010-06-21 20:35 . 2010-06-21 20:35 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-06-21 20:35 . 2010-06-21 20:35 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-06-21 20:35 . 2010-06-21 20:35 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-06-21 20:34 . 2010-06-21 20:34 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-06-21 20:34 . 2010-06-21 20:34 9728 ----a-w- c:\windows\system32\lsass.exe
2010-06-21 20:34 . 2010-06-21 20:34 72704 ----a-w- c:\windows\system32\secur32.dll
2010-06-21 20:34 . 2010-06-21 20:34 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-06-21 20:34 . 2010-06-21 20:34 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-06-21 20:34 . 2010-06-21 20:34 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-06-21 20:33 . 2010-06-21 20:33 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-06-21 20:33 . 2010-06-21 20:33 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-06-21 20:33 . 2010-06-21 20:33 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-5-10 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PCM Media Sharing.lnk]
backup=c:\windows\pss\PCM Media Sharing.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Libas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
2007-01-24 08:27 319488 ----a-w- c:\acer\Empowering Technology\SysMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-03-23 11:04 4423680 ----a-w- c:\windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-03-16 07:06 1822720 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 19:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c8,cb,14,91,0b,12,cb,01
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-07-07 14904]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744]
S1 aswSP;aswSP; [x]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-04-04 266343]
S2 Acer TV Share Service;Acer TV Share Service;c:\program files\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLMSServer.exe [2007-04-04 269424]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S3 Ph3xIB32;Philips 713x VU PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://cs.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Libas\AppData\Roaming\Mozilla\Firefox\Profiles\2f8a83c0.default\
FF - prefs.js: browser.startup.homepage - http://www.seznam.cz
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-26 00:46
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Celkový čas: 2010-08-26 00:50:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-25 22:50
ComboFix2.txt 2010-08-20 09:24
Před spuštěním: Volných bajtů: 151 433 216 000
Po spuštění: Volných bajtů: 151 561 166 848
- - End Of File - - E5121D52D9930AFECF51DA4612652037
ještě log...ComboFix-quarantined-files
2010-08-25 22:38:29 . 2010-08-23 17:02:06 3,910 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-08-25 22:29:02 . 2010-08-23 16:58:17 175 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-06-22 09:39:52 . 2008-01-19 07:33:37 96,768 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\wininit.exe.vir
2007-06-07 08:57:22 . 2007-06-07 08:57:22 486,373 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\autorun.inf.vir
Přispějete na provoz fóra?