prosím o kontrolu logu
Napsal: 10 pro 2010 15:45
mám pravděpodobně nějakého rookita můžete mi prosím pomoc
zde výpis
ComboFix 10-12-08.04 - Admin 09.12.2010 19:47:30.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2327 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\UA000106.DLL
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-09 do 2010-12-09 )))))))))))))))))))))))))))))))
.
2010-12-08 20:07 . 2010-12-08 20:07 -------- d-----w- c:\documents and settings\Admin\Data aplikací\MaskMyIP
2010-12-08 20:07 . 2010-12-08 20:07 -------- d-----w- c:\program files\MaskMyIP
2010-12-08 20:05 . 2010-12-08 20:06 -------- d---a-w- c:\program files\AdvTor
2010-12-07 17:42 . 2010-12-07 17:42 -------- d-----w- c:\program files\Team17
2010-12-07 17:41 . 2010-12-07 17:41 -------- d-----w- C:\xx
2010-12-06 19:40 . 2010-12-06 19:53 -------- d-----w- c:\program files\wormsarm
2010-12-04 17:28 . 2010-12-04 17:28 -------- d-----w- c:\documents and settings\Evicka\Local Settings\Data aplikací\O&O
2010-11-28 15:10 . 2010-11-28 15:10 -------- d-----w- c:\documents and settings\Evicka\Data aplikací\Ulead Systems
2010-11-28 12:09 . 2010-11-28 12:13 -------- d-----w- c:\program files\AdorageI-GfxDatas
2010-11-27 13:42 . 2010-11-27 13:47 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Apache
2010-11-27 11:26 . 2010-11-27 12:46 -------- d-----w- c:\documents and settings\Admin\Data aplikací\Ulead Systems
2010-11-27 11:24 . 2008-04-01 20:40 209040 ----a-w- c:\windows\system32\IVIresizeW7.dll
2010-11-27 11:24 . 2008-04-01 20:40 196752 ----a-w- c:\windows\system32\IVIresizeP6.dll
2010-11-27 11:24 . 2008-04-01 20:40 192656 ----a-w- c:\windows\system32\IVIresizePX.dll
2010-11-27 11:24 . 2008-04-01 20:40 196752 ----a-w- c:\windows\system32\IVIresizeM6.dll
2010-11-27 11:24 . 2008-04-01 20:40 204944 ----a-w- c:\windows\system32\IVIresizeA6.dll
2010-11-27 11:24 . 2008-04-01 20:40 24720 ----a-w- c:\windows\system32\IVIresize.dll
2010-11-27 11:24 . 2000-01-04 05:39 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2010-11-27 11:23 . 2010-11-27 11:23 -------- d-----w- c:\program files\Windows Media Components
2010-11-27 11:23 . 2010-11-27 11:23 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-11-27 11:22 . 2010-11-27 11:23 -------- d-----w- c:\program files\Corel
2010-11-21 17:22 . 2010-11-21 17:22 -------- d-----w- c:\documents and settings\Admin\.oces
2010-11-19 19:35 . 2010-11-19 19:35 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-11-18 09:47 . 2010-11-18 09:47 -------- d-----w- c:\documents and settings\Admin\Data aplikací\U3
2010-11-18 06:25 . 2004-08-18 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-11-18 05:26 . 2010-11-18 05:26 75048 ----a-r- c:\documents and settings\Admin\Data aplikací\Microsoft\Installer\{7EE8ED57-682B-4AB0-860C-2E079BCD90B1}\ARPPRODUCTICON.exe
2010-11-18 05:16 . 2010-11-28 13:06 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Pinnacle
2010-11-17 21:00 . 2010-11-17 21:00 -------- d-----w- c:\documents and settings\Evicka\Local Settings\Data aplikací\Electronic Arts
2010-11-15 15:44 . 2010-11-15 15:44 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Electronic Arts
2010-11-15 15:07 . 2008-04-14 07:52 20992 ----a-w- c:\windows\system32\dshowext.ax
2010-11-14 16:58 . 2010-11-18 05:03 -------- d-----w- c:\documents and settings\Admin\Data aplikací\proDAD
2010-11-14 16:58 . 2010-11-18 05:03 -------- d-----w- c:\program files\proDAD
2010-11-14 16:58 . 2004-03-29 15:23 90112 ----a-w- c:\windows\unvise32.exe
2010-11-14 16:58 . 2010-11-14 16:58 -------- d-----w- c:\program files\LooksBuilderSE
2010-11-14 16:58 . 2003-07-01 15:49 69632 ----a-w- c:\windows\system32\MtxPreview.dll
2010-11-14 16:58 . 2003-07-01 15:49 49152 ----a-w- c:\windows\system32\MtxParhBFXPreview.dll
2010-11-14 16:58 . 2003-06-26 09:04 237568 ----a-r- c:\windows\system32\qtmlClient.dll
2010-11-14 16:58 . 2003-07-09 09:43 45056 ----a-w- c:\windows\system32\BFXSrcFilter.ax
2010-11-14 16:58 . 2003-01-20 08:08 49152 ----a-w- c:\windows\system32\CvoAPI.dll
2010-11-14 16:58 . 2010-11-14 16:58 -------- d-----w- c:\program files\Boris FX, Inc
2010-11-14 16:57 . 2004-04-18 22:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2010-11-14 16:57 . 2004-04-18 22:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2010-11-14 16:57 . 2004-04-18 22:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2010-11-14 16:57 . 2004-04-18 22:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2010-11-14 16:57 . 2004-04-18 22:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2010-11-14 16:57 . 2010-11-14 16:57 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2010-11-14 16:57 . 2010-11-14 16:57 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2010-11-14 13:27 . 2010-11-14 13:27 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Downloaded Installations
2010-11-14 13:27 . 2010-11-14 17:24 -------- d-----w- c:\documents and settings\All Users\Data aplikac
2010-11-14 13:19 . 2010-11-28 12:09 -------- d-----w- c:\program files\Pinnacle
2010-11-14 13:19 . 2010-11-14 13:19 -------- d-----w- c:\program files\Common Files\Yahoo!
2010-11-14 12:57 . 2010-11-14 12:57 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Activision
2010-11-12 16:02 . 2010-11-12 16:04 -------- d-----w- c:\program files\SMBX
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-28 14:01 . 2010-09-29 08:11 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-28 14:01 . 2010-09-29 08:11 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-28 14:01 . 2010-09-29 08:11 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-10-08 07:14 . 2010-10-08 07:14 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2010-10-08 07:14 . 2010-10-08 07:14 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-10-08 07:14 . 2010-10-08 07:14 132224 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-10-08 07:14 . 2010-10-08 07:14 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2010-10-06 05:25 . 2010-09-29 08:11 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-10-05 06:18 . 2005-12-08 10:12 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-10-05 06:18 . 2005-12-08 10:08 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-27 08:29 . 2010-09-27 08:29 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-18 10:23 . 2004-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-18 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-18 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 03:50 . 2010-10-01 11:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 01:29 . 2010-10-01 11:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Admin\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-09-26 136176]
"WallpaperDownloader"="c:\program files\WallpaperDownloader\WallpaperDownloader.exe" [2010-10-06 657920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"uTorrent"="c:\program files\TC UP\PLUGINS\Media\uTorrent\utorrent.exe" [2010-10-05 328056]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"CTHelper"="CTHELPER.EXE" [2005-12-08 16384]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-20 94208]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-11-02 136544]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2009-09-11 2524416]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2010-10-27 139264]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2005-12-08 25600]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-18 44544]
c:\documents and settings\Admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
FreeRapid 0.85alpha3.lnk - c:\program files\FreeRapid-0.85alpha3\frd.exe [2010-10-1 35840]
c:\documents and settings\Evicka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Tapety 2.01.lnk - c:\program files\Tapety 2.01\Tapety.exe [2002-1-6 167936]
c:\documents and settings\Admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
FreeRapid 0.85alpha3.lnk - c:\program files\FreeRapid-0.85alpha3\frd.exe [2010-10-1 35840]
c:\documents and settings\Admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
FreeRapid 0.85alpha3.lnk - c:\program files\FreeRapid-0.85alpha3\frd.exe [2010-10-1 35840]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BTTray.lnk - c:\program files\MSI\Bluetooth Software\BTTray.exe [2004-3-31 507965]
DualCoreCenter.lnk - c:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2010-9-25 192512]
c:\documents and settings\Admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
FreeRapid 0.85alpha3.lnk - c:\program files\FreeRapid-0.85alpha3\frd.exe [2010-10-1 35840]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Nabídka Start^Programy^Po spuštění^MacSound.lnk]
path=c:\documents and settings\Admin\Nabídka Start\Programy\Po spuštění\MacSound.lnk
backup=c:\windows\pss\MacSound.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-11-02 16:57 906288 ----a-w- c:\program files\Seagate\DiscWizard\TimounterMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
2009-11-02 16:49 1346000 ----a-w- c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\floAt's Media Control]
2005-08-29 10:09 916480 ----a-w- c:\program files\FloatMediaCtrl\floAtMediaCtrl.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\TC UP\\PLUGINS\\Media\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.9.2010 9:29 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25.9.2010 20:30 165584]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [8.10.2010 4:58 20088]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [25.9.2010 20:11 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 3:54 66600]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [25.10.2009 17:30 16384]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 10:28 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.9.2010 20:30 17744]
R2 Iprip;Naslouchání RIP;c:\windows\System32\svchost.exe -k netsvcs [18.8.2004 13:00 14336]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [25.3.2010 13:39 490280]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 6:24 95528]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [2.11.2009 17:52 431456]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 6:24 1365288]
R3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [25.9.2010 20:04 28160]
R3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [25.9.2010 20:04 50176]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [25.9.2010 20:11 65576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 cpuz131;cpuz131;\??\c:\docume~1\Admin\LOCALS~1\Temp\cpuz131\cpuz_x32.sys --> c:\docume~1\Admin\LOCALS~1\Temp\cpuz131\cpuz_x32.sys [?]
S3 DigiCellDriver;DigiCellDriver;\??\c:\program files\MSI\DigiCell\NTGLM7X.sys --> c:\program files\MSI\DigiCell\NTGLM7X.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [25.3.2010 9:25 30969208]
S3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\MSI\MSIWDev\DVDSYS32_100507.sys [10.5.2010 9:44 22328]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios32_100507.sys [10.5.2010 9:44 25912]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\MSI\MSIWDev\VGASYS32_100507.sys [10.5.2010 9:44 16696]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 20:37 4640000]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [18.8.2004 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - NVR0DEV
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
2010-11-09 c:\windows\Tasks\Admin.job
- c:\program files\Nero\Nero 10\Nero BackItUp\NBCore.exe [2010-03-26 08:52]
2010-12-09 c:\windows\Tasks\User_Feed_Synchronization-{C5B9EE86-0D05-4A62-9D94-F28FEB77CE4A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
2010-12-09 c:\windows\Tasks\User_Feed_Synchronization-{D84CE8C8-2F94-4DA1-A7FD-09525D9B82AE}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send To &Bluetooth - c:\program files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ?3,16,13,0
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
.
.
------- Asociace souborů -------
.
.scr=scr
.txt=txt
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-09 20:01
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3160827AS rev.3.42 -> Harddisk1\DR1 -> \Device\00000095
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AEAE1F8]<<
_asm { MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX; PUSH 0x8aeae008; MOV EAX, 0xb7ec6fee; CALL EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk1\DR1[0x8ADE2AB8]
3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000093[0x8ADBAA08]
5 ACPI[0xB7E74620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000091[0x8ADB6030]
\Driver\nvata[0x8AEBA8A0] -> IRP_MJ_CREATE -> 0x8AEAE1F8
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
sectors 312581806 (+190): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="7352FA196B4ADEC3CE5C5C0A369B4C65E56A5458458D6403682E180DA3A4A2F17946AA875BB5B0CD015DF05F6A0CDB993A680AC700ADD571256879908F25505138C32B2B2F6559626C2A3A4A4BB195DF970D8C0720A1C3890E244320932C8D27248674C14FC731976DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555FEBC9E127BECC74C8EDD5E5BE2F6E66764ADE50490C24B1AD361BE195F50B77E5D6E30557EED04EAF42EF9855D5187E7407C28A2B2E2CDFD2BF3DD731FE8A1060B782DFCD7F5AE3B5B160644E430BBA580AB2ADAF2E766531D6740C2AF75F6DE7C9564A038F4C4CA05B85C351747A7A6C2FCCAB5D5E5788AFA6BFC68968828DDD1FE4613461BDD72047DE6C15B7F2AE6ACA20A52A1A44EE6189F4FD31B6686AC30E464BCEAC87360EEC0AFE55BF80A3AE3C80C5F649E15FECE1C928CCA874947436AF518569467965FD067320884EE47950B1B246C05DEC07AEACB2D77180BFDB626D43479C67CEA77F3614A93A9E48970FA23F84F3A20E9FC889E6237F7C8F5BEA281350ADC598655E0176675225CCD291DB5CB64D5B31039E75471613D67A80E5F9E5183898968A3C4A254675DA9B9F5E9879C4824D4991BEE5D2D94AF2A62DF50F2552230FCE089BEC3726A7D8541144FF082DAA327C20BF8C902314B3E43F1DAE89EE9EC8617B86260B5C1D90C31C2AE6F25C188AE1C7CD150ED5CC0B04106DB1122208CDE0462397FA6F2FB3FA7C4DBA3C2E1BA5408E33C4A827E75F324E0219B66CE101F75BC3E4CE04AA18016E2A153ABE9D467BEB96EB56746825D894C6D610744AC480D04611716D7BE1A46E73AE5C64A26984D7893B4D4A4322AE196F7DB3213CB3EC0F486D3886BF939CF245AE80C35B27C12A4C70D9ACD8676F091ECAC2C918C46DA53861B1220ACEBA3E9248E0AA4330D40BF1FA81BBBB3C5D112E9134CD83F8E78E52D271FCE66290413B129DF54112761549D954CAAA2FDEEF182F8FD48E8A38C77B9592E1769C686F88F34C4C3ED0D50ED3E86371D6EE88A0F3E674080C47B5BD561B4D55C2C8318FD3F4A80B61CE33D9C6E4FFC576937B84B978E2669BE6CFE53CB623CC5587E7582B4AE72B7A2B5ABF7916CCC621878630B7DC0D6ACF8B0E54815AC1FBD4DBBB270DAC4898FBDEDF3157CF86E0B32A4C4B953F40E37C869518ECB05CE741EA436B38E954CD15D5F4013F839BCE3A316EFC4EE451BBB38995704F5FDAE5C1206BA3A1F4E54CEA4409191C61124418D8A4A9C1EF1613184A8E08C8A5037AC200FCE78D2BE4E236A28BB35168C293C45A50A379CDCD7519F61AD0E76D774E17A545667E1DDFA273B9566A68D58603252EB3D8F200E091AAE734D731994083981CE8680FA44B07C5669"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(2316)
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\MSI\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\OO Software\Defrag\oodag.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\SearchIndexer.exe
c:\documents and settings\Admin\Local Settings\Data aplikací\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\NetSoftware\NetSoftware.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\program files\Java\jre6\launch4j-tmp\frd.exe
c:\progra~1\MSI\BLUETO~1\BTSTAC~1.EXE
c:\program files\MSI\DualCoreCenter\DualCoreCenter.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Celkový čas: 2010-12-09 20:11:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-09 19:11
Před spuštěním: Volných bajtů: 19 464 060 928
Po spuštění: Volných bajtů: 31 917 162 496
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
Current=3 Default=3 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 779ED10839ABB2C3D1B4124B1AFAB51C
zde výpis
ComboFix 10-12-08.04 - Admin 09.12.2010 19:47:30.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2327 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\UA000106.DLL
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-09 do 2010-12-09 )))))))))))))))))))))))))))))))
.
2010-12-08 20:07 . 2010-12-08 20:07 -------- d-----w- c:\documents and settings\Admin\Data aplikací\MaskMyIP
2010-12-08 20:07 . 2010-12-08 20:07 -------- d-----w- c:\program files\MaskMyIP
2010-12-08 20:05 . 2010-12-08 20:06 -------- d---a-w- c:\program files\AdvTor
2010-12-07 17:42 . 2010-12-07 17:42 -------- d-----w- c:\program files\Team17
2010-12-07 17:41 . 2010-12-07 17:41 -------- d-----w- C:\xx
2010-12-06 19:40 . 2010-12-06 19:53 -------- d-----w- c:\program files\wormsarm
2010-12-04 17:28 . 2010-12-04 17:28 -------- d-----w- c:\documents and settings\Evicka\Local Settings\Data aplikací\O&O
2010-11-28 15:10 . 2010-11-28 15:10 -------- d-----w- c:\documents and settings\Evicka\Data aplikací\Ulead Systems
2010-11-28 12:09 . 2010-11-28 12:13 -------- d-----w- c:\program files\AdorageI-GfxDatas
2010-11-27 13:42 . 2010-11-27 13:47 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Apache
2010-11-27 11:26 . 2010-11-27 12:46 -------- d-----w- c:\documents and settings\Admin\Data aplikací\Ulead Systems
2010-11-27 11:24 . 2008-04-01 20:40 209040 ----a-w- c:\windows\system32\IVIresizeW7.dll
2010-11-27 11:24 . 2008-04-01 20:40 196752 ----a-w- c:\windows\system32\IVIresizeP6.dll
2010-11-27 11:24 . 2008-04-01 20:40 192656 ----a-w- c:\windows\system32\IVIresizePX.dll
2010-11-27 11:24 . 2008-04-01 20:40 196752 ----a-w- c:\windows\system32\IVIresizeM6.dll
2010-11-27 11:24 . 2008-04-01 20:40 204944 ----a-w- c:\windows\system32\IVIresizeA6.dll
2010-11-27 11:24 . 2008-04-01 20:40 24720 ----a-w- c:\windows\system32\IVIresize.dll
2010-11-27 11:24 . 2000-01-04 05:39 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2010-11-27 11:23 . 2010-11-27 11:23 -------- d-----w- c:\program files\Windows Media Components
2010-11-27 11:23 . 2010-11-27 11:23 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-11-27 11:22 . 2010-11-27 11:23 -------- d-----w- c:\program files\Corel
2010-11-21 17:22 . 2010-11-21 17:22 -------- d-----w- c:\documents and settings\Admin\.oces
2010-11-19 19:35 . 2010-11-19 19:35 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-11-18 09:47 . 2010-11-18 09:47 -------- d-----w- c:\documents and settings\Admin\Data aplikací\U3
2010-11-18 06:25 . 2004-08-18 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-11-18 05:26 . 2010-11-18 05:26 75048 ----a-r- c:\documents and settings\Admin\Data aplikací\Microsoft\Installer\{7EE8ED57-682B-4AB0-860C-2E079BCD90B1}\ARPPRODUCTICON.exe
2010-11-18 05:16 . 2010-11-28 13:06 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Pinnacle
2010-11-17 21:00 . 2010-11-17 21:00 -------- d-----w- c:\documents and settings\Evicka\Local Settings\Data aplikací\Electronic Arts
2010-11-15 15:44 . 2010-11-15 15:44 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Electronic Arts
2010-11-15 15:07 . 2008-04-14 07:52 20992 ----a-w- c:\windows\system32\dshowext.ax
2010-11-14 16:58 . 2010-11-18 05:03 -------- d-----w- c:\documents and settings\Admin\Data aplikací\proDAD
2010-11-14 16:58 . 2010-11-18 05:03 -------- d-----w- c:\program files\proDAD
2010-11-14 16:58 . 2004-03-29 15:23 90112 ----a-w- c:\windows\unvise32.exe
2010-11-14 16:58 . 2010-11-14 16:58 -------- d-----w- c:\program files\LooksBuilderSE
2010-11-14 16:58 . 2003-07-01 15:49 69632 ----a-w- c:\windows\system32\MtxPreview.dll
2010-11-14 16:58 . 2003-07-01 15:49 49152 ----a-w- c:\windows\system32\MtxParhBFXPreview.dll
2010-11-14 16:58 . 2003-06-26 09:04 237568 ----a-r- c:\windows\system32\qtmlClient.dll
2010-11-14 16:58 . 2003-07-09 09:43 45056 ----a-w- c:\windows\system32\BFXSrcFilter.ax
2010-11-14 16:58 . 2003-01-20 08:08 49152 ----a-w- c:\windows\system32\CvoAPI.dll
2010-11-14 16:58 . 2010-11-14 16:58 -------- d-----w- c:\program files\Boris FX, Inc
2010-11-14 16:57 . 2004-04-18 22:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2010-11-14 16:57 . 2004-04-18 22:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2010-11-14 16:57 . 2004-04-18 22:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2010-11-14 16:57 . 2004-04-18 22:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2010-11-14 16:57 . 2004-04-18 22:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2010-11-14 16:57 . 2010-11-14 16:57 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2010-11-14 16:57 . 2010-11-14 16:57 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2010-11-14 13:27 . 2010-11-14 13:27 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Downloaded Installations
2010-11-14 13:27 . 2010-11-14 17:24 -------- d-----w- c:\documents and settings\All Users\Data aplikac
2010-11-14 13:19 . 2010-11-28 12:09 -------- d-----w- c:\program files\Pinnacle
2010-11-14 13:19 . 2010-11-14 13:19 -------- d-----w- c:\program files\Common Files\Yahoo!
2010-11-14 12:57 . 2010-11-14 12:57 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Activision
2010-11-12 16:02 . 2010-11-12 16:04 -------- d-----w- c:\program files\SMBX
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-28 14:01 . 2010-09-29 08:11 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-28 14:01 . 2010-09-29 08:11 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-28 14:01 . 2010-09-29 08:11 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-10-08 07:14 . 2010-10-08 07:14 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2010-10-08 07:14 . 2010-10-08 07:14 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-10-08 07:14 . 2010-10-08 07:14 132224 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-10-08 07:14 . 2010-10-08 07:14 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2010-10-06 05:25 . 2010-09-29 08:11 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-10-05 06:18 . 2005-12-08 10:12 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-10-05 06:18 . 2005-12-08 10:08 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-27 08:29 . 2010-09-27 08:29 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-18 10:23 . 2004-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-18 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-18 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 03:50 . 2010-10-01 11:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 01:29 . 2010-10-01 11:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Admin\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-09-26 136176]
"WallpaperDownloader"="c:\program files\WallpaperDownloader\WallpaperDownloader.exe" [2010-10-06 657920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"uTorrent"="c:\program files\TC UP\PLUGINS\Media\uTorrent\utorrent.exe" [2010-10-05 328056]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"CTHelper"="CTHELPER.EXE" [2005-12-08 16384]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-20 94208]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-11-02 136544]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2009-09-11 2524416]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2010-10-27 139264]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2005-12-08 25600]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-18 44544]
c:\documents and settings\Admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
FreeRapid 0.85alpha3.lnk - c:\program files\FreeRapid-0.85alpha3\frd.exe [2010-10-1 35840]
c:\documents and settings\Evicka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Tapety 2.01.lnk - c:\program files\Tapety 2.01\Tapety.exe [2002-1-6 167936]
c:\documents and settings\Admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
FreeRapid 0.85alpha3.lnk - c:\program files\FreeRapid-0.85alpha3\frd.exe [2010-10-1 35840]
c:\documents and settings\Admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
FreeRapid 0.85alpha3.lnk - c:\program files\FreeRapid-0.85alpha3\frd.exe [2010-10-1 35840]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BTTray.lnk - c:\program files\MSI\Bluetooth Software\BTTray.exe [2004-3-31 507965]
DualCoreCenter.lnk - c:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2010-9-25 192512]
c:\documents and settings\Admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
FreeRapid 0.85alpha3.lnk - c:\program files\FreeRapid-0.85alpha3\frd.exe [2010-10-1 35840]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Nabídka Start^Programy^Po spuštění^MacSound.lnk]
path=c:\documents and settings\Admin\Nabídka Start\Programy\Po spuštění\MacSound.lnk
backup=c:\windows\pss\MacSound.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-11-02 16:57 906288 ----a-w- c:\program files\Seagate\DiscWizard\TimounterMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
2009-11-02 16:49 1346000 ----a-w- c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\floAt's Media Control]
2005-08-29 10:09 916480 ----a-w- c:\program files\FloatMediaCtrl\floAtMediaCtrl.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\TC UP\\PLUGINS\\Media\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.9.2010 9:29 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25.9.2010 20:30 165584]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [8.10.2010 4:58 20088]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [25.9.2010 20:11 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 3:54 66600]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [25.10.2009 17:30 16384]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 10:28 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.9.2010 20:30 17744]
R2 Iprip;Naslouchání RIP;c:\windows\System32\svchost.exe -k netsvcs [18.8.2004 13:00 14336]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [25.3.2010 13:39 490280]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 6:24 95528]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [2.11.2009 17:52 431456]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 6:24 1365288]
R3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [25.9.2010 20:04 28160]
R3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [25.9.2010 20:04 50176]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [25.9.2010 20:11 65576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 cpuz131;cpuz131;\??\c:\docume~1\Admin\LOCALS~1\Temp\cpuz131\cpuz_x32.sys --> c:\docume~1\Admin\LOCALS~1\Temp\cpuz131\cpuz_x32.sys [?]
S3 DigiCellDriver;DigiCellDriver;\??\c:\program files\MSI\DigiCell\NTGLM7X.sys --> c:\program files\MSI\DigiCell\NTGLM7X.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [25.3.2010 9:25 30969208]
S3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\MSI\MSIWDev\DVDSYS32_100507.sys [10.5.2010 9:44 22328]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios32_100507.sys [10.5.2010 9:44 25912]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\MSI\MSIWDev\VGASYS32_100507.sys [10.5.2010 9:44 16696]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 20:37 4640000]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [18.8.2004 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - NVR0DEV
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
2010-11-09 c:\windows\Tasks\Admin.job
- c:\program files\Nero\Nero 10\Nero BackItUp\NBCore.exe [2010-03-26 08:52]
2010-12-09 c:\windows\Tasks\User_Feed_Synchronization-{C5B9EE86-0D05-4A62-9D94-F28FEB77CE4A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
2010-12-09 c:\windows\Tasks\User_Feed_Synchronization-{D84CE8C8-2F94-4DA1-A7FD-09525D9B82AE}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send To &Bluetooth - c:\program files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ?3,16,13,0
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
.
.
------- Asociace souborů -------
.
.scr=scr
.txt=txt
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-09 20:01
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3160827AS rev.3.42 -> Harddisk1\DR1 -> \Device\00000095
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AEAE1F8]<<
_asm { MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX; PUSH 0x8aeae008; MOV EAX, 0xb7ec6fee; CALL EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk1\DR1[0x8ADE2AB8]
3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000093[0x8ADBAA08]
5 ACPI[0xB7E74620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000091[0x8ADB6030]
\Driver\nvata[0x8AEBA8A0] -> IRP_MJ_CREATE -> 0x8AEAE1F8
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
sectors 312581806 (+190): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="7352FA196B4ADEC3CE5C5C0A369B4C65E56A5458458D6403682E180DA3A4A2F17946AA875BB5B0CD015DF05F6A0CDB993A680AC700ADD571256879908F25505138C32B2B2F6559626C2A3A4A4BB195DF970D8C0720A1C3890E244320932C8D27248674C14FC731976DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555FEBC9E127BECC74C8EDD5E5BE2F6E66764ADE50490C24B1AD361BE195F50B77E5D6E30557EED04EAF42EF9855D5187E7407C28A2B2E2CDFD2BF3DD731FE8A1060B782DFCD7F5AE3B5B160644E430BBA580AB2ADAF2E766531D6740C2AF75F6DE7C9564A038F4C4CA05B85C351747A7A6C2FCCAB5D5E5788AFA6BFC68968828DDD1FE4613461BDD72047DE6C15B7F2AE6ACA20A52A1A44EE6189F4FD31B6686AC30E464BCEAC87360EEC0AFE55BF80A3AE3C80C5F649E15FECE1C928CCA874947436AF518569467965FD067320884EE47950B1B246C05DEC07AEACB2D77180BFDB626D43479C67CEA77F3614A93A9E48970FA23F84F3A20E9FC889E6237F7C8F5BEA281350ADC598655E0176675225CCD291DB5CB64D5B31039E75471613D67A80E5F9E5183898968A3C4A254675DA9B9F5E9879C4824D4991BEE5D2D94AF2A62DF50F2552230FCE089BEC3726A7D8541144FF082DAA327C20BF8C902314B3E43F1DAE89EE9EC8617B86260B5C1D90C31C2AE6F25C188AE1C7CD150ED5CC0B04106DB1122208CDE0462397FA6F2FB3FA7C4DBA3C2E1BA5408E33C4A827E75F324E0219B66CE101F75BC3E4CE04AA18016E2A153ABE9D467BEB96EB56746825D894C6D610744AC480D04611716D7BE1A46E73AE5C64A26984D7893B4D4A4322AE196F7DB3213CB3EC0F486D3886BF939CF245AE80C35B27C12A4C70D9ACD8676F091ECAC2C918C46DA53861B1220ACEBA3E9248E0AA4330D40BF1FA81BBBB3C5D112E9134CD83F8E78E52D271FCE66290413B129DF54112761549D954CAAA2FDEEF182F8FD48E8A38C77B9592E1769C686F88F34C4C3ED0D50ED3E86371D6EE88A0F3E674080C47B5BD561B4D55C2C8318FD3F4A80B61CE33D9C6E4FFC576937B84B978E2669BE6CFE53CB623CC5587E7582B4AE72B7A2B5ABF7916CCC621878630B7DC0D6ACF8B0E54815AC1FBD4DBBB270DAC4898FBDEDF3157CF86E0B32A4C4B953F40E37C869518ECB05CE741EA436B38E954CD15D5F4013F839BCE3A316EFC4EE451BBB38995704F5FDAE5C1206BA3A1F4E54CEA4409191C61124418D8A4A9C1EF1613184A8E08C8A5037AC200FCE78D2BE4E236A28BB35168C293C45A50A379CDCD7519F61AD0E76D774E17A545667E1DDFA273B9566A68D58603252EB3D8F200E091AAE734D731994083981CE8680FA44B07C5669"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(2316)
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\MSI\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\OO Software\Defrag\oodag.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\SearchIndexer.exe
c:\documents and settings\Admin\Local Settings\Data aplikací\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\NetSoftware\NetSoftware.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\program files\Java\jre6\launch4j-tmp\frd.exe
c:\progra~1\MSI\BLUETO~1\BTSTAC~1.EXE
c:\program files\MSI\DualCoreCenter\DualCoreCenter.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Celkový čas: 2010-12-09 20:11:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-09 19:11
Před spuštěním: Volných bajtů: 19 464 060 928
Po spuštění: Volných bajtů: 31 917 162 496
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
Current=3 Default=3 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 779ED10839ABB2C3D1B4124B1AFAB51C
ComboFix neni hracka na skenovani - ma se pouzivat jen na doporuceni - vizte nize
