Prosim o kontrolu logu z Combofixu
Napsal: 13 pro 2010 11:38
Dobrý den,
razantně mi zpomalilo nabíhání i ukončování MS Word 2003.
Prosím o kontrolu logu, jestli to nebrzdí nějaká potvůrka
(rcClient je legální služba)
Děkuji
ComboFix 10-12-12.03 - user 13.12.2010 11:09:24.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.1516 [GMT 1:00]
Spuštěný z: d:\z_internetu\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\oaKelNt.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-13 do 2010-12-13 )))))))))))))))))))))))))))))))
.
2010-12-13 07:41 . 2010-12-13 07:41 -------- d-----w- c:\program files\Hewlett-Packard
2010-12-13 07:41 . 2010-12-13 07:41 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
2010-12-13 07:39 . 2010-12-13 07:39 1409 ----a-w- c:\windows\system32\tmpFE64D.FOT
2010-12-13 07:39 . 2010-12-13 07:39 1409 ----a-w- c:\windows\system32\tmpE074D.FOT
2010-12-13 07:39 . 2010-12-13 07:39 1409 ----a-w- c:\windows\system32\tmpC674D.FOT
2010-12-13 07:39 . 2010-12-13 07:39 1409 ----a-w- c:\windows\system32\tmpC574D.FOT
2010-12-13 07:39 . 2010-12-13 07:39 1409 ----a-w- c:\windows\system32\tmpB974D.FOT
2010-12-13 07:39 . 2010-12-13 07:39 1409 ----a-w- c:\windows\system32\tmpAA74D.FOT
2010-12-13 06:54 . 2010-12-13 06:54 -------- d-----w- c:\documents and settings\user\Data aplikací\Složka odesílání Share-to-Web
2010-12-13 06:54 . 2010-12-13 06:54 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-12-13 06:49 . 2002-04-22 06:48 450560 ------w- c:\windows\system32\hpgt35.dll
2010-12-13 06:49 . 2002-04-17 09:07 131072 ------w- c:\windows\system32\hpsjvset.dll
2010-12-13 06:49 . 2002-04-22 06:47 262144 ------w- c:\windows\system32\hpgwiamd.dll
2010-12-13 06:44 . 2001-08-17 20:47 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2010-12-13 06:44 . 2001-08-17 20:47 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2010-12-13 06:44 . 2008-04-13 23:09 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2010-12-13 06:44 . 2008-04-13 23:09 206976 ----a-w- c:\windows\system32\drivers\Dot4.sys
2010-12-12 16:16 . 2010-12-12 16:16 -------- d-----w- C:\found.000
2010-12-12 16:11 . 2008-04-13 23:16 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2010-12-12 16:11 . 2008-04-13 23:16 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2010-12-12 16:11 . 2001-08-17 20:46 6400 -c--a-w- c:\windows\system32\dllcache\enum1394.sys
2010-12-12 16:11 . 2001-08-17 20:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2010-12-12 16:11 . 2008-04-13 23:16 53376 -c--a-w- c:\windows\system32\dllcache\1394bus.sys
2010-12-12 16:11 . 2008-04-13 23:16 53376 ----a-w- c:\windows\system32\drivers\1394bus.sys
2010-12-10 06:42 . 2010-11-10 04:33 6273872 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{D4AB3497-4F33-4130-BD91-8E1FF9BCC270}\mpengine.dll
2010-11-24 08:37 . 2010-11-24 08:37 -------- d-----w- c:\documents and settings\user\Local Settings\Data aplikací\ESET
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-10 04:33 . 2008-12-15 10:23 6273872 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-10-19 09:41 . 2009-10-03 15:33 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-05 11:13 . 2009-07-14 08:07 96256 ----a-w- c:\windows\system32\PrintMon.dll
2010-10-05 11:13 . 2009-01-06 09:44 335360 ----a-r- c:\windows\system32\oacoinst.dll
2010-10-05 11:13 . 2008-12-12 09:34 37376 ------r- c:\windows\system32\drivers\oafile.sys
2010-10-05 11:13 . 2008-12-12 09:34 18944 ------r- c:\windows\system32\drivers\oaRegMgr.sys
2010-10-05 11:12 . 2009-01-06 09:44 273408 ----a-r- c:\windows\system32\oaPassCn.dll
2010-09-18 10:23 . 2002-09-23 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2002-09-23 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2002-09-23 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2002-09-23 12:00 953856 ------w- c:\windows\system32\mfc40u.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-04-23 1189104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\System32\igfxpers.exe" [2007-12-19 131072]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2029640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
c:\documents and settings\user\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Uzivatel.lnk - c:\program files\User_name\JmenoUzivatele.exe [2008-12-10 302592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GLOBALLYOPENPORTS\List]
"5509:TCP"= 5509:TCP:oa_nh9
"5508:TCP"= 5508:TCP:oa_nh8
"5507:TCP"= 5507:TCP:oa_nh7
"5506:TCP"= 5506:TCP:oa_nh6
"5505:TCP"= 5505:TCP:oa_nh5
"5504:TCP"= 5504:TCP:oa_nh4
"5503:TCP"= 5503:TCP:oa_nh3
"5502:TCP"= 5502:TCP:oa_nh2
"5501:TCP"= 5501:TCP:oa_nh1
"5500:TCP"= 5500:TCP:oa_nh0
"5020:TCP"= 5020:TCP:oa_rcclient
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
R0 oaFile;oaFile;c:\windows\system32\drivers\oafile.sys [12.12.2008 10:34 37376]
R0 oaRegMgr;oaRegMgr;c:\windows\system32\drivers\oaRegMgr.sys [12.12.2008 10:34 18944]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [19.3.2009 10:44 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 9:04 93848]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [19.3.2009 10:44 731840]
R2 rcClient;rcClient;c:\program files\OA10\rcClient --> c:\program files\OA10\rcClient [?]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\DRIVERS\activhidsermini.sys --> c:\windows\system32\DRIVERS\activhidsermini.sys [?]
S3 oaServerNT;oaServerNT;c:\program files\OA10\oaServerNT --> c:\program files\OA10\oaServerNT [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [23.9.2002 13:00 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
2010-12-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.ghorice.cz/
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {A7F17E52-CE4A-4939-A585-14A28CEFE9CC} = 192.168.180.2,192.168.176.3,192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\bq9kvfv0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.ghorice.cz
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-13 11:21
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\oaServerNT]
"ImagePath"="c:\program files\OA10\oaServerNT"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rcClient]
"ImagePath"="c:\program files\OA10\rcClient"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\NETWIN32.DLL
- - - - - - - > 'Explorer.exe'(1408)
c:\windows\System32\NETWIN32.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\OA10\rcClient.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\NWTRAY.EXE
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
.
**************************************************************************
.
Celkový čas: 2010-12-13 11:23:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-13 10:23
ComboFix2.txt 2010-03-11 10:39
Před spuštěním: 3 241 816 064
Po spuštění: 3 180 965 888
- - End Of File - - 8E5016881E230BB88B78B1F3C8976CDE
razantně mi zpomalilo nabíhání i ukončování MS Word 2003.
Prosím o kontrolu logu, jestli to nebrzdí nějaká potvůrka
(rcClient je legální služba)
Děkuji
ComboFix 10-12-12.03 - user 13.12.2010 11:09:24.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.1516 [GMT 1:00]
Spuštěný z: d:\z_internetu\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\oaKelNt.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-13 do 2010-12-13 )))))))))))))))))))))))))))))))
.
2010-12-13 07:41 . 2010-12-13 07:41 -------- d-----w- c:\program files\Hewlett-Packard
2010-12-13 07:41 . 2010-12-13 07:41 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
2010-12-13 07:39 . 2010-12-13 07:39 1409 ----a-w- c:\windows\system32\tmpFE64D.FOT
2010-12-13 07:39 . 2010-12-13 07:39 1409 ----a-w- c:\windows\system32\tmpE074D.FOT
2010-12-13 07:39 . 2010-12-13 07:39 1409 ----a-w- c:\windows\system32\tmpC674D.FOT
2010-12-13 07:39 . 2010-12-13 07:39 1409 ----a-w- c:\windows\system32\tmpC574D.FOT
2010-12-13 07:39 . 2010-12-13 07:39 1409 ----a-w- c:\windows\system32\tmpB974D.FOT
2010-12-13 07:39 . 2010-12-13 07:39 1409 ----a-w- c:\windows\system32\tmpAA74D.FOT
2010-12-13 06:54 . 2010-12-13 06:54 -------- d-----w- c:\documents and settings\user\Data aplikací\Složka odesílání Share-to-Web
2010-12-13 06:54 . 2010-12-13 06:54 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-12-13 06:49 . 2002-04-22 06:48 450560 ------w- c:\windows\system32\hpgt35.dll
2010-12-13 06:49 . 2002-04-17 09:07 131072 ------w- c:\windows\system32\hpsjvset.dll
2010-12-13 06:49 . 2002-04-22 06:47 262144 ------w- c:\windows\system32\hpgwiamd.dll
2010-12-13 06:44 . 2001-08-17 20:47 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2010-12-13 06:44 . 2001-08-17 20:47 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2010-12-13 06:44 . 2008-04-13 23:09 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2010-12-13 06:44 . 2008-04-13 23:09 206976 ----a-w- c:\windows\system32\drivers\Dot4.sys
2010-12-12 16:16 . 2010-12-12 16:16 -------- d-----w- C:\found.000
2010-12-12 16:11 . 2008-04-13 23:16 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2010-12-12 16:11 . 2008-04-13 23:16 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2010-12-12 16:11 . 2001-08-17 20:46 6400 -c--a-w- c:\windows\system32\dllcache\enum1394.sys
2010-12-12 16:11 . 2001-08-17 20:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2010-12-12 16:11 . 2008-04-13 23:16 53376 -c--a-w- c:\windows\system32\dllcache\1394bus.sys
2010-12-12 16:11 . 2008-04-13 23:16 53376 ----a-w- c:\windows\system32\drivers\1394bus.sys
2010-12-10 06:42 . 2010-11-10 04:33 6273872 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{D4AB3497-4F33-4130-BD91-8E1FF9BCC270}\mpengine.dll
2010-11-24 08:37 . 2010-11-24 08:37 -------- d-----w- c:\documents and settings\user\Local Settings\Data aplikací\ESET
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-10 04:33 . 2008-12-15 10:23 6273872 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-10-19 09:41 . 2009-10-03 15:33 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-05 11:13 . 2009-07-14 08:07 96256 ----a-w- c:\windows\system32\PrintMon.dll
2010-10-05 11:13 . 2009-01-06 09:44 335360 ----a-r- c:\windows\system32\oacoinst.dll
2010-10-05 11:13 . 2008-12-12 09:34 37376 ------r- c:\windows\system32\drivers\oafile.sys
2010-10-05 11:13 . 2008-12-12 09:34 18944 ------r- c:\windows\system32\drivers\oaRegMgr.sys
2010-10-05 11:12 . 2009-01-06 09:44 273408 ----a-r- c:\windows\system32\oaPassCn.dll
2010-09-18 10:23 . 2002-09-23 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2002-09-23 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2002-09-23 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2002-09-23 12:00 953856 ------w- c:\windows\system32\mfc40u.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-04-23 1189104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\System32\igfxpers.exe" [2007-12-19 131072]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2029640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
c:\documents and settings\user\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Uzivatel.lnk - c:\program files\User_name\JmenoUzivatele.exe [2008-12-10 302592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GLOBALLYOPENPORTS\List]
"5509:TCP"= 5509:TCP:oa_nh9
"5508:TCP"= 5508:TCP:oa_nh8
"5507:TCP"= 5507:TCP:oa_nh7
"5506:TCP"= 5506:TCP:oa_nh6
"5505:TCP"= 5505:TCP:oa_nh5
"5504:TCP"= 5504:TCP:oa_nh4
"5503:TCP"= 5503:TCP:oa_nh3
"5502:TCP"= 5502:TCP:oa_nh2
"5501:TCP"= 5501:TCP:oa_nh1
"5500:TCP"= 5500:TCP:oa_nh0
"5020:TCP"= 5020:TCP:oa_rcclient
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
R0 oaFile;oaFile;c:\windows\system32\drivers\oafile.sys [12.12.2008 10:34 37376]
R0 oaRegMgr;oaRegMgr;c:\windows\system32\drivers\oaRegMgr.sys [12.12.2008 10:34 18944]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [19.3.2009 10:44 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 9:04 93848]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [19.3.2009 10:44 731840]
R2 rcClient;rcClient;c:\program files\OA10\rcClient --> c:\program files\OA10\rcClient [?]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\DRIVERS\activhidsermini.sys --> c:\windows\system32\DRIVERS\activhidsermini.sys [?]
S3 oaServerNT;oaServerNT;c:\program files\OA10\oaServerNT --> c:\program files\OA10\oaServerNT [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [23.9.2002 13:00 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
2010-12-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.ghorice.cz/
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {A7F17E52-CE4A-4939-A585-14A28CEFE9CC} = 192.168.180.2,192.168.176.3,192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\bq9kvfv0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.ghorice.cz
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-13 11:21
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\oaServerNT]
"ImagePath"="c:\program files\OA10\oaServerNT"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rcClient]
"ImagePath"="c:\program files\OA10\rcClient"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\NETWIN32.DLL
- - - - - - - > 'Explorer.exe'(1408)
c:\windows\System32\NETWIN32.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\OA10\rcClient.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\NWTRAY.EXE
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
.
**************************************************************************
.
Celkový čas: 2010-12-13 11:23:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-13 10:23
ComboFix2.txt 2010-03-11 10:39
Před spuštěním: 3 241 816 064
Po spuštění: 3 180 965 888
- - End Of File - - 8E5016881E230BB88B78B1F3C8976CDE
