Divné chování PC - myš a klávesnice
Napsal: 04 pro 2010 20:53
Ahoj, prosím o kontrolu logu jestli problém s tím, že sama od sebe pise klavesnice a klika mys nedělá vir. Všelijak náhodne. uz jsem zkusil nějaké softy na kontrolu a pročištění, ale dělá to pořád, a to i když vyndám baterky z myši i klavesnice.
Log z Combofix:
ComboFix 10-12-03.03 - wencaS 04.12.2010 16:40:21.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1017 [GMT 1:00]
Spuštěný z: c:\documents and settings\wencaS\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\d.ini
c:\windows\system32\Chip.dll
c:\windows\system32\Pvt.tmp
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-04 do 2010-12-04 )))))))))))))))))))))))))))))))
.
2010-12-04 08:24 . 2010-12-04 08:24 1409 ----a-w- c:\windows\QTFont.for
2010-12-03 19:58 . 2010-12-03 19:58 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-26 17:39 . 2010-11-26 17:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Panasonic
2010-11-26 17:32 . 2007-06-14 19:57 145504 ----a-w- c:\windows\system32\bgsvcgen.exe
2010-11-26 17:32 . 2005-04-30 21:41 49152 ----a-w- c:\windows\system32\setupsvc.dll
2010-11-26 17:32 . 2007-06-14 19:57 59488 ----a-w- c:\windows\system32\GenSvcInst.exe
2010-11-26 17:32 . 2006-12-18 20:42 8704 ----a-w- c:\windows\system32\BHARegister.dll
2010-11-26 17:32 . 2006-02-20 02:17 33408 ----a-w- c:\windows\system32\drivers\cdrbsdrv.sys
2010-11-26 17:32 . 2010-11-26 17:32 -------- d-----w- c:\program files\Panasonic
2010-11-18 10:09 . 2010-11-18 10:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ReviverSoft
2010-11-18 10:09 . 2010-11-18 10:09 -------- d-----w- c:\documents and settings\wencaS\Data aplikací\ProgSense
2010-11-18 10:09 . 2010-12-02 01:41 -------- d-----w- C:\downloads
2010-11-18 10:09 . 2010-11-18 10:09 -------- d-----w- c:\documents and settings\wencaS\Data aplikací\GrabPro
2010-11-18 10:08 . 2010-11-18 10:09 -------- d-----w- c:\documents and settings\wencaS\Local Settings\Data aplikací\OpenCandy
2010-11-18 10:08 . 2010-11-18 10:08 -------- d-----w- c:\documents and settings\wencaS\Data aplikací\OpenCandy
2010-11-18 10:08 . 2010-12-02 01:41 -------- d-----w- c:\documents and settings\wencaS\Data aplikací\Orbit
2010-11-18 10:08 . 2010-11-18 10:09 -------- d-----w- c:\program files\Orbitdownloader
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 16:16 . 2010-09-23 16:16 29352 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2010-09-23 14:35 . 2010-09-23 14:35 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2010-09-15 02:50 . 2010-06-03 09:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 00:29 . 2010-06-03 09:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-14 13:16 . 2010-09-14 13:16 108480 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2010-02-04 26624]
"PowerArchiver Tray"="c:\program files\PowerArchiver\PASTARTER.EXE" [2007-03-20 140328]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2010-11-21 394104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2009-06-04 5777408]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-02-02 917504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"SW20"="c:\windows\system32\sw20.exe" [2006-05-18 208896]
"SW24"="c:\windows\system32\sw24.exe" [2006-05-17 69632]
"WinSys2"="c:\windows\system32\winsys2.exe" [2008-01-18 208896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"UpdateReminder"="c:\program files\Eset\UpdateReminder.exe" [2010-11-03 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="logonuiwencaS.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
"HP Software Update"=c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.2.2010 23:39 691696]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [27.2.2010 17:33 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 19:19 50704]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2.2.2010 12:21 1043784]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [4.2.2010 14:47 65576]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25.7.2010 9:31 136176]
S2 Nexus Server;Nexus Server (Carbon Coder);c:\program files\Common Files\Rhozet\Carbon Coder\Kernel\PNXSERVR.exe [5.2.2010 14:58 700548]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2.2.2010 18:16 1684736]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-12-04 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2010-02-02 11:28]
2010-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-25 08:31]
2010-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-25 08:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.msi.com/index.php?func=html&name=liveupdate_star
uInternet Connection Wizard,ShellNext = hxxp://shop.symantecstore.com/servlet/PromoServlet?promoID=1173800&NOS=Y8f55MnnamD8Fpjj8hCwhCzdEeCDjwM%2BGADDdfdm%2BgCDVwXq3gRDv4hACDFGGl6CSMtktgJPBBX6xKCGVHPTR2GPY&SASSERVER=lcsitemain.symantec.com&TRANSID=%2F10097711%2FAITgu78334AAF10E109C2&GUID=8936BE4102011DF95AD90E6BA61B37E&SSLT=4096&oslang=iso:CZE&oslocale=iso:CZE&vendid=0&vendtag=&epid={08936be4-1020-11df-95ad-90e6ba61b37e}
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\
FF - prefs.js: keyword.URL - hxxp://www.google.cz/search?ie=utf-8&oe=utf-8& ... cs&aq=t&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - Extension: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Extension: Tab Scope: tabscope@xuldev.org - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\tabscope@xuldev.org
FF - Extension: WebTran: {003D3EDC-99B9-4a34-9C20-60CB94F7E829} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
FF - Extension: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF - Extension: Favicon Picker 2: {446c03e0-2c35-11db-a98b-0800200c9a66} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a66}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Extension: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Extension: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Extension: GrayModern2: {eb46c787-131a-4eb7-9b93-7f62ca550917} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{eb46c787-131a-4eb7-9b93-7f62ca550917}
FF - Extension: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
FF - Extension: Automatic Save Folder: asf@mangaheart.org - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\asf@mangaheart.org
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: FxIF: {11483926-db67-4190-91b1-ef20fcec5f33} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{11483926-db67-4190-91b1-ef20fcec5f33}
FF - Extension: Firebug: firebug@software.joehewitt.com - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\firebug@software.joehewitt.com
FF - Extension: SQLite Manager: SQLiteManager@mrinalkant.blogspot.com - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\SQLiteManager@mrinalkant.blogspot.com
FF - Extension: Autotrans: autotrans@glennpow - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\autotrans@glennpow
FF - Extension: Past Modern: {81514210-E22A-4e69-93D5-E1EFD45B4620} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{81514210-E22A-4e69-93D5-E1EFD45B4620}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
---- NASTAVENÍ FIREFOXU ----
FF - user.js: capability.policy.policynames - localfilelinks
FF - user.js: capability.policy.localfilelinks.sites - hxxp://s1.travian.cz http://s2.travian.cz http://s3.travian.cz http://s4.travian.cz http://s5.travian.cz http://s6.travian.cz http://s7.travian.cz http://s8.travian.cz http://s9.travian.cz http://s10.travian.cz http://s11.travian.cz http://s12.travian.cz http://s13.travian.cz http://s14.travian.cz http://s15.travian.cz http://speed.travian.cz http://s1.travian.sk http://s2.travian.sk http://s3.travian.sk http://s4.travian.sk http://s5.travian.sk http://s6.travian.sk http://s7.travian.sk http://s8.travian.sk http://s9.travian.sk http://s10.travian.sk http://speed.travian.sk
FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccess
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-PC Translator - c:\docume~1\wencaS\LOCALS~1\Temp\UN32.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-04 16:45
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(1780)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2010-12-04 16:49:42
ComboFix-quarantined-files.txt 2010-12-04 15:49
Před spuštěním: 3 801 681 920
Po spuštění: 7 968 178 176
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer /TUTag=T3GJ5G /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /noexecute=optin /fastdetect /usepmtimer /TUTag=T3GJ5G-BAK
- - End Of File - - C0C193AF731181F106CF53FBE78E9329
Log z Combofix:
ComboFix 10-12-03.03 - wencaS 04.12.2010 16:40:21.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1017 [GMT 1:00]
Spuštěný z: c:\documents and settings\wencaS\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\d.ini
c:\windows\system32\Chip.dll
c:\windows\system32\Pvt.tmp
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-04 do 2010-12-04 )))))))))))))))))))))))))))))))
.
2010-12-04 08:24 . 2010-12-04 08:24 1409 ----a-w- c:\windows\QTFont.for
2010-12-03 19:58 . 2010-12-03 19:58 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-26 17:39 . 2010-11-26 17:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Panasonic
2010-11-26 17:32 . 2007-06-14 19:57 145504 ----a-w- c:\windows\system32\bgsvcgen.exe
2010-11-26 17:32 . 2005-04-30 21:41 49152 ----a-w- c:\windows\system32\setupsvc.dll
2010-11-26 17:32 . 2007-06-14 19:57 59488 ----a-w- c:\windows\system32\GenSvcInst.exe
2010-11-26 17:32 . 2006-12-18 20:42 8704 ----a-w- c:\windows\system32\BHARegister.dll
2010-11-26 17:32 . 2006-02-20 02:17 33408 ----a-w- c:\windows\system32\drivers\cdrbsdrv.sys
2010-11-26 17:32 . 2010-11-26 17:32 -------- d-----w- c:\program files\Panasonic
2010-11-18 10:09 . 2010-11-18 10:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ReviverSoft
2010-11-18 10:09 . 2010-11-18 10:09 -------- d-----w- c:\documents and settings\wencaS\Data aplikací\ProgSense
2010-11-18 10:09 . 2010-12-02 01:41 -------- d-----w- C:\downloads
2010-11-18 10:09 . 2010-11-18 10:09 -------- d-----w- c:\documents and settings\wencaS\Data aplikací\GrabPro
2010-11-18 10:08 . 2010-11-18 10:09 -------- d-----w- c:\documents and settings\wencaS\Local Settings\Data aplikací\OpenCandy
2010-11-18 10:08 . 2010-11-18 10:08 -------- d-----w- c:\documents and settings\wencaS\Data aplikací\OpenCandy
2010-11-18 10:08 . 2010-12-02 01:41 -------- d-----w- c:\documents and settings\wencaS\Data aplikací\Orbit
2010-11-18 10:08 . 2010-11-18 10:09 -------- d-----w- c:\program files\Orbitdownloader
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 16:16 . 2010-09-23 16:16 29352 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2010-09-23 14:35 . 2010-09-23 14:35 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2010-09-15 02:50 . 2010-06-03 09:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 00:29 . 2010-06-03 09:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-14 13:16 . 2010-09-14 13:16 108480 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2010-02-04 26624]
"PowerArchiver Tray"="c:\program files\PowerArchiver\PASTARTER.EXE" [2007-03-20 140328]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2010-11-21 394104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2009-06-04 5777408]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-02-02 917504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"SW20"="c:\windows\system32\sw20.exe" [2006-05-18 208896]
"SW24"="c:\windows\system32\sw24.exe" [2006-05-17 69632]
"WinSys2"="c:\windows\system32\winsys2.exe" [2008-01-18 208896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"UpdateReminder"="c:\program files\Eset\UpdateReminder.exe" [2010-11-03 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="logonuiwencaS.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
"HP Software Update"=c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.2.2010 23:39 691696]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [27.2.2010 17:33 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 19:19 50704]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2.2.2010 12:21 1043784]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [4.2.2010 14:47 65576]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25.7.2010 9:31 136176]
S2 Nexus Server;Nexus Server (Carbon Coder);c:\program files\Common Files\Rhozet\Carbon Coder\Kernel\PNXSERVR.exe [5.2.2010 14:58 700548]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2.2.2010 18:16 1684736]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-12-04 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2010-02-02 11:28]
2010-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-25 08:31]
2010-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-25 08:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.msi.com/index.php?func=html&name=liveupdate_star
uInternet Connection Wizard,ShellNext = hxxp://shop.symantecstore.com/servlet/PromoServlet?promoID=1173800&NOS=Y8f55MnnamD8Fpjj8hCwhCzdEeCDjwM%2BGADDdfdm%2BgCDVwXq3gRDv4hACDFGGl6CSMtktgJPBBX6xKCGVHPTR2GPY&SASSERVER=lcsitemain.symantec.com&TRANSID=%2F10097711%2FAITgu78334AAF10E109C2&GUID=8936BE4102011DF95AD90E6BA61B37E&SSLT=4096&oslang=iso:CZE&oslocale=iso:CZE&vendid=0&vendtag=&epid={08936be4-1020-11df-95ad-90e6ba61b37e}
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\
FF - prefs.js: keyword.URL - hxxp://www.google.cz/search?ie=utf-8&oe=utf-8& ... cs&aq=t&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - Extension: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Extension: Tab Scope: tabscope@xuldev.org - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\tabscope@xuldev.org
FF - Extension: WebTran: {003D3EDC-99B9-4a34-9C20-60CB94F7E829} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
FF - Extension: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF - Extension: Favicon Picker 2: {446c03e0-2c35-11db-a98b-0800200c9a66} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a66}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Extension: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Extension: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Extension: GrayModern2: {eb46c787-131a-4eb7-9b93-7f62ca550917} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{eb46c787-131a-4eb7-9b93-7f62ca550917}
FF - Extension: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
FF - Extension: Automatic Save Folder: asf@mangaheart.org - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\asf@mangaheart.org
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: FxIF: {11483926-db67-4190-91b1-ef20fcec5f33} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{11483926-db67-4190-91b1-ef20fcec5f33}
FF - Extension: Firebug: firebug@software.joehewitt.com - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\firebug@software.joehewitt.com
FF - Extension: SQLite Manager: SQLiteManager@mrinalkant.blogspot.com - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\SQLiteManager@mrinalkant.blogspot.com
FF - Extension: Autotrans: autotrans@glennpow - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\autotrans@glennpow
FF - Extension: Past Modern: {81514210-E22A-4e69-93D5-E1EFD45B4620} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{81514210-E22A-4e69-93D5-E1EFD45B4620}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
---- NASTAVENÍ FIREFOXU ----
FF - user.js: capability.policy.policynames - localfilelinks
FF - user.js: capability.policy.localfilelinks.sites - hxxp://s1.travian.cz http://s2.travian.cz http://s3.travian.cz http://s4.travian.cz http://s5.travian.cz http://s6.travian.cz http://s7.travian.cz http://s8.travian.cz http://s9.travian.cz http://s10.travian.cz http://s11.travian.cz http://s12.travian.cz http://s13.travian.cz http://s14.travian.cz http://s15.travian.cz http://speed.travian.cz http://s1.travian.sk http://s2.travian.sk http://s3.travian.sk http://s4.travian.sk http://s5.travian.sk http://s6.travian.sk http://s7.travian.sk http://s8.travian.sk http://s9.travian.sk http://s10.travian.sk http://speed.travian.sk
FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccess
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-PC Translator - c:\docume~1\wencaS\LOCALS~1\Temp\UN32.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-04 16:45
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(1780)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2010-12-04 16:49:42
ComboFix-quarantined-files.txt 2010-12-04 15:49
Před spuštěním: 3 801 681 920
Po spuštění: 7 968 178 176
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer /TUTag=T3GJ5G /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /noexecute=optin /fastdetect /usepmtimer /TUTag=T3GJ5G-BAK
- - End Of File - - C0C193AF731181F106CF53FBE78E9329
