moc prosim o kontrolu logu z combofix
Napsal: 06 led 2011 09:18
porad me norman antivirus hlasi nalezeni a odstraneni trojana, ale stale dokola, tak se mu to asi nedari
moc dekuji
ComboFix 11-01-05.03 - Mach 06.01.2011 8:29.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2014.1135 [GMT 1:00]
Spuštěný z: c:\combo\ComboFix.exe
AV: Norman Endpoint Protection *Enabled/Updated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
G:\Autorun.inf
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-06 do 2011-01-06 )))))))))))))))))))))))))))))))
.
2010-12-16 07:02 . 2011-01-06 07:26 -------- d-----w- C:\combo
2010-12-15 07:02 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 06:58 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-10 09:52 . 2010-12-10 09:52 -------- d-----w- c:\documents and settings\NetworkService\Nabídka Start
2010-12-10 09:23 . 2010-10-08 14:59 30584 ----a-w- c:\windows\system32\drivers\nnetsecl.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:15 . 2008-05-31 20:00 81920 ------w- c:\windows\system32\isign32.dll
2010-11-06 00:23 . 2007-08-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:23 . 2007-08-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:23 . 2007-08-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2007-08-02 12:00 385024 ------w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2007-08-02 12:00 40960 ------w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2007-08-02 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2007-08-02 12:00 1853312 ------w- c:\windows\system32\win32k.sys
2010-10-08 14:59 . 2010-11-22 14:13 50576 ----a-w- c:\windows\system32\drivers\nnetsec.sys
2008-08-16 15:42 . 2008-08-16 15:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 15:42 . 2008-08-16 15:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 15:42 . 2008-08-16 15:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 15:42 . 2008-08-16 15:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 15:43 . 2008-08-16 15:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 15:42 . 2008-08-16 15:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 15:42 . 2008-08-16 15:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-03-16 15:27 . 2007-03-16 15:27 479232 ------w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 15:27 . 2007-03-16 15:27 548864 ------w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 15:27 . 2007-03-16 15:27 626688 ------w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 11:58 . 2008-06-05 11:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 15:42 . 2008-08-16 15:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-04 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-05-31 835584]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Bio-Protection fingerprint solution\PdtWzd.exe" [2008-06-01 3813888]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2008-06-01 677408]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-07-04 475136]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-31 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2008-05-31 53248]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2007-03-02 208896]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-05-28 342528]
"NcpBudgetGui"="c:\program files\NCP\SecureClient\NcpBudgetGui.exe" [2008-07-10 531968]
"NcpPopup"="c:\program files\NCP\SecureClient\ncppopup.exe" [2007-09-27 534016]
"NcpMonitor"="c:\program files\NCP\SecureClient\ncpmon.exe" [2008-07-15 3662336]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2010-09-30 189824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2008-6-1 45056]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-06-01 20:34 2812928 ------w- c:\program files\Acer\Bio-Protection fingerprint solution\WinNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2007-05-03 10:40 331264 ------w- c:\program files\Common Files\SPBA\homefus2.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"194.212.40.12,255.255.255.255,192.168.1.99,1"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2814367047-2766507081-674649002-1142\Scripts\Logon\0\0]
"Script"=MainLogon.bat
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acer VCM.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2010-12-21 21:42 2162488 ----a-w- c:\program files\CCleaner\CCleaner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-11-24 16:05 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-02-07 14:21 54832 ------w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-06-01 20:26 784904 ------w- c:\progra~1\LAUNCH~1\LManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 08:32 1479680 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-14 19:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2010-10-22 15:47 524288 ----a-w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-06-04 04:53 68856 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile Communication Centre]
2009-07-21 16:11 1339320 ------w- c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-08-24 09:38 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NCP\\SecureClient\\NCPMON.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2868:TCP"= 2868:TCP:Norman
"2868:UDP"= 2868:UDP:Norman
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [31.5.2008 21:29 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [31.5.2008 21:29 35712]
R1 NGS;Norman General Security Driver;c:\program files\Norman\ngs\bin\ngs.sys [22.11.2010 15:13 25032]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [1.6.2008 22:26 39080]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16.9.2008 12:03 169312]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [21.7.2009 16:48 66288]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [22.10.2010 16:38 386560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [10.3.2009 11:00 247096]
R2 MSSQL$SPZSQL2009;MSSQL$SPZSQL2009;c:\program files\Microsoft SQL Server\MSSQL$SPZSQL2009\Binn\sqlservr.exe -sSPZSQL2009 --> c:\program files\Microsoft SQL Server\MSSQL$SPZSQL2009\Binn\sqlservr.exe -sSPZSQL2009 [?]
R2 ncpclcfg;ncpclcfg;c:\program files\NCP\SecureClient\ncpclcfg.exe [16.7.2008 12:58 86016]
R2 ncprwsnt;ncprwsnt;c:\program files\NCP\SecureClient\NCPRWSNT.EXE [16.7.2008 12:58 1040904]
R2 NcpSec;NcpSec;c:\program files\NCP\SecureClient\NCPSEC.EXE [16.7.2008 12:58 45056]
R2 Ndiskio;Ndiskio;c:\program files\Norman\nse\bin\Ndiskio.sys [22.11.2010 15:13 22768]
R2 NVOY;Norman Resource Provider;c:\program files\Norman\Npm\Bin\nvoy.exe [22.11.2010 15:13 98776]
R2 rwsrsu;RwsRsu;c:\program files\NCP\SecureClient\rwsrsu.exe [16.7.2008 12:58 266240]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24.8.2010 10:38 92008]
R3 CprDrvr;Driver for Lantronix CPR Device;c:\windows\system32\drivers\CprDrvr.sys [8.11.2010 11:12 137080]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23.1.2007 18:13 36608]
R3 ITEIRDA;ITE Infrared Device Driver;c:\windows\system32\drivers\ITEirda.sys [31.5.2008 21:31 23552]
R3 NcpFiltMP;NcpFiltMP;c:\windows\system32\drivers\ncpvaxp.sys [16.7.2008 12:58 80040]
R3 nnetsec;Norman Network Security service;c:\windows\system32\drivers\nnetsec.sys [22.11.2010 15:13 50576]
R3 NNetSecC;Norman Network Filter NDIS common driver;c:\program files\Norman\ngs\bin\nnetsecc.sys [10.12.2010 10:23 29968]
R3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\nse\bin\Nsesvc.exe [5.1.2011 15:54 288072]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [22.11.2010 15:13 21832]
R3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\nvc\bin\Nvcoas.exe [22.11.2010 15:13 210248]
R3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [22.11.2010 15:13 133272]
S2 gupdate1c95201517cbbc6;Google Update Service (gupdate1c95201517cbbc6);c:\program files\Google\Update\GoogleUpdate.exe [29.11.2008 10:03 133104]
S2 portD;CMS PortIO Service;c:\windows\system32\DRIVERS\portd2k.sys --> c:\windows\system32\DRIVERS\portd2k.sys [?]
S3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\drivers\ipw3gnet.sys [27.3.2008 16:46 51040]
S3 NcpFilt;Ncp Filter Service;c:\windows\system32\drivers\ncpvaxp.sys [16.7.2008 12:58 80040]
S3 ncpvaxp;NCP Secure Client Virtual Adapter Driver;c:\windows\system32\drivers\ncpvaxp.sys [16.7.2008 12:58 80040]
S3 SQLAgent$SPZSQL2009;SQLAgent$SPZSQL2009;c:\program files\Microsoft SQL Server\MSSQL$SPZSQL2009\Binn\sqlagent.EXE -i SPZSQL2009 --> c:\program files\Microsoft SQL Server\MSSQL$SPZSQL2009\Binn\sqlagent.EXE -i SPZSQL2009 [?]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - mchInjDrv
.
Obsah adresáře 'Naplánované úlohy'
2011-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-11-29 09:16]
2011-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-11-29 09:16]
2011-01-05 c:\windows\Tasks\Security Platform Backup Schedule.job
- c:\program files\Infineon\Security Platform Software\SpBackupWz.exe [2008-06-01 21:25]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Mach\Data aplikací\Mozilla\Firefox\Profiles\ek0vmmgf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - %profile%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-06 08:57
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(668)
c:\program files\Acer\Bio-Protection fingerprint solution\CompPtc.dll
c:\program files\Common Files\SPBA\vtapip.dll
c:\program files\Common Files\SPBA\infra.dll
c:\program files\Acer\Bio-Protection fingerprint solution\CustomRes.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Acer\Bio-Protection fingerprint solution\WinNotify.dll
c:\program files\Common Files\SPBA\homefus2.dll
c:\program files\Common Files\SPBA\homepass.dll
c:\program files\Common Files\SPBA\bio.dll
c:\program files\Common Files\SPBA\remote.dll
c:\program files\Common Files\SPBA\vtapipql.dll
c:\program files\Common Files\SPBA\crypto.dll
- - - - - - - > 'explorer.exe'(5752)
c:\program files\Norman\nvc\bin\Niphk.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\MFC71U.DLL
c:\windows\system32\btmmhook.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Norman\Npm\Bin\elogsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Norman\Npm\Bin\Zanda.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\ifxtcs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Microsoft SQL Server\MSSQL$SPZSQL2009\Binn\sqlservr.exe
c:\program files\O2Micro Oz128 Driver\o2flash.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\SearchIndexer.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Norman\Npm\Bin\Njeeves.exe
c:\windows\RTHDCPL.EXE
c:\docume~1\Mach\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\Norman\Nvc\Bin\Nip.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\program files\Norman\Nvc\Bin\cclaw.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\acer\Empowering Technology\eDataSecurity\eDScts.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Infineon\Security Platform Software\PSDrt.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Infineon\Security Platform Software\SpTna.exe
c:\program files\Acer\Bio-Protection fingerprint solution\FPLaunch.exe
c:\program files\Acer\Bio-Protection fingerprint solution\Navigator.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Acer\Bio-Protection fingerprint solution\PwdBank.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
c:\program files\Acer\Bio-Protection fingerprint solution\PwdBank.exe
.
**************************************************************************
.
Celkový čas: 2011-01-06 09:03:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-06 08:03
ComboFix2.txt 2010-12-16 07:24
Před spuštěním: Volných bajtů: 17 790 963 712
Po spuštění: Volných bajtů: 17 765 412 864
- - End Of File - - AD5599E8F038914B0DA0EEE8A8FA3F60
moc dekuji
ComboFix 11-01-05.03 - Mach 06.01.2011 8:29.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2014.1135 [GMT 1:00]
Spuštěný z: c:\combo\ComboFix.exe
AV: Norman Endpoint Protection *Enabled/Updated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
G:\Autorun.inf
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-06 do 2011-01-06 )))))))))))))))))))))))))))))))
.
2010-12-16 07:02 . 2011-01-06 07:26 -------- d-----w- C:\combo
2010-12-15 07:02 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 06:58 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-10 09:52 . 2010-12-10 09:52 -------- d-----w- c:\documents and settings\NetworkService\Nabídka Start
2010-12-10 09:23 . 2010-10-08 14:59 30584 ----a-w- c:\windows\system32\drivers\nnetsecl.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:15 . 2008-05-31 20:00 81920 ------w- c:\windows\system32\isign32.dll
2010-11-06 00:23 . 2007-08-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:23 . 2007-08-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:23 . 2007-08-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2007-08-02 12:00 385024 ------w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2007-08-02 12:00 40960 ------w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2007-08-02 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2007-08-02 12:00 1853312 ------w- c:\windows\system32\win32k.sys
2010-10-08 14:59 . 2010-11-22 14:13 50576 ----a-w- c:\windows\system32\drivers\nnetsec.sys
2008-08-16 15:42 . 2008-08-16 15:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 15:42 . 2008-08-16 15:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 15:42 . 2008-08-16 15:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 15:42 . 2008-08-16 15:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 15:43 . 2008-08-16 15:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 15:42 . 2008-08-16 15:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 15:42 . 2008-08-16 15:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-03-16 15:27 . 2007-03-16 15:27 479232 ------w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 15:27 . 2007-03-16 15:27 548864 ------w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 15:27 . 2007-03-16 15:27 626688 ------w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 11:58 . 2008-06-05 11:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 15:42 . 2008-08-16 15:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-04 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-05-31 835584]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Bio-Protection fingerprint solution\PdtWzd.exe" [2008-06-01 3813888]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2008-06-01 677408]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-07-04 475136]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-31 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2008-05-31 53248]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2007-03-02 208896]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-05-28 342528]
"NcpBudgetGui"="c:\program files\NCP\SecureClient\NcpBudgetGui.exe" [2008-07-10 531968]
"NcpPopup"="c:\program files\NCP\SecureClient\ncppopup.exe" [2007-09-27 534016]
"NcpMonitor"="c:\program files\NCP\SecureClient\ncpmon.exe" [2008-07-15 3662336]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2010-09-30 189824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2008-6-1 45056]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-06-01 20:34 2812928 ------w- c:\program files\Acer\Bio-Protection fingerprint solution\WinNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2007-05-03 10:40 331264 ------w- c:\program files\Common Files\SPBA\homefus2.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"194.212.40.12,255.255.255.255,192.168.1.99,1"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2814367047-2766507081-674649002-1142\Scripts\Logon\0\0]
"Script"=MainLogon.bat
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acer VCM.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2010-12-21 21:42 2162488 ----a-w- c:\program files\CCleaner\CCleaner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-11-24 16:05 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-02-07 14:21 54832 ------w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-06-01 20:26 784904 ------w- c:\progra~1\LAUNCH~1\LManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 08:32 1479680 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-14 19:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2010-10-22 15:47 524288 ----a-w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-06-04 04:53 68856 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile Communication Centre]
2009-07-21 16:11 1339320 ------w- c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-08-24 09:38 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NCP\\SecureClient\\NCPMON.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2868:TCP"= 2868:TCP:Norman
"2868:UDP"= 2868:UDP:Norman
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [31.5.2008 21:29 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [31.5.2008 21:29 35712]
R1 NGS;Norman General Security Driver;c:\program files\Norman\ngs\bin\ngs.sys [22.11.2010 15:13 25032]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [1.6.2008 22:26 39080]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16.9.2008 12:03 169312]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [21.7.2009 16:48 66288]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [22.10.2010 16:38 386560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [10.3.2009 11:00 247096]
R2 MSSQL$SPZSQL2009;MSSQL$SPZSQL2009;c:\program files\Microsoft SQL Server\MSSQL$SPZSQL2009\Binn\sqlservr.exe -sSPZSQL2009 --> c:\program files\Microsoft SQL Server\MSSQL$SPZSQL2009\Binn\sqlservr.exe -sSPZSQL2009 [?]
R2 ncpclcfg;ncpclcfg;c:\program files\NCP\SecureClient\ncpclcfg.exe [16.7.2008 12:58 86016]
R2 ncprwsnt;ncprwsnt;c:\program files\NCP\SecureClient\NCPRWSNT.EXE [16.7.2008 12:58 1040904]
R2 NcpSec;NcpSec;c:\program files\NCP\SecureClient\NCPSEC.EXE [16.7.2008 12:58 45056]
R2 Ndiskio;Ndiskio;c:\program files\Norman\nse\bin\Ndiskio.sys [22.11.2010 15:13 22768]
R2 NVOY;Norman Resource Provider;c:\program files\Norman\Npm\Bin\nvoy.exe [22.11.2010 15:13 98776]
R2 rwsrsu;RwsRsu;c:\program files\NCP\SecureClient\rwsrsu.exe [16.7.2008 12:58 266240]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24.8.2010 10:38 92008]
R3 CprDrvr;Driver for Lantronix CPR Device;c:\windows\system32\drivers\CprDrvr.sys [8.11.2010 11:12 137080]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23.1.2007 18:13 36608]
R3 ITEIRDA;ITE Infrared Device Driver;c:\windows\system32\drivers\ITEirda.sys [31.5.2008 21:31 23552]
R3 NcpFiltMP;NcpFiltMP;c:\windows\system32\drivers\ncpvaxp.sys [16.7.2008 12:58 80040]
R3 nnetsec;Norman Network Security service;c:\windows\system32\drivers\nnetsec.sys [22.11.2010 15:13 50576]
R3 NNetSecC;Norman Network Filter NDIS common driver;c:\program files\Norman\ngs\bin\nnetsecc.sys [10.12.2010 10:23 29968]
R3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\nse\bin\Nsesvc.exe [5.1.2011 15:54 288072]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [22.11.2010 15:13 21832]
R3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\nvc\bin\Nvcoas.exe [22.11.2010 15:13 210248]
R3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [22.11.2010 15:13 133272]
S2 gupdate1c95201517cbbc6;Google Update Service (gupdate1c95201517cbbc6);c:\program files\Google\Update\GoogleUpdate.exe [29.11.2008 10:03 133104]
S2 portD;CMS PortIO Service;c:\windows\system32\DRIVERS\portd2k.sys --> c:\windows\system32\DRIVERS\portd2k.sys [?]
S3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\drivers\ipw3gnet.sys [27.3.2008 16:46 51040]
S3 NcpFilt;Ncp Filter Service;c:\windows\system32\drivers\ncpvaxp.sys [16.7.2008 12:58 80040]
S3 ncpvaxp;NCP Secure Client Virtual Adapter Driver;c:\windows\system32\drivers\ncpvaxp.sys [16.7.2008 12:58 80040]
S3 SQLAgent$SPZSQL2009;SQLAgent$SPZSQL2009;c:\program files\Microsoft SQL Server\MSSQL$SPZSQL2009\Binn\sqlagent.EXE -i SPZSQL2009 --> c:\program files\Microsoft SQL Server\MSSQL$SPZSQL2009\Binn\sqlagent.EXE -i SPZSQL2009 [?]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - mchInjDrv
.
Obsah adresáře 'Naplánované úlohy'
2011-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-11-29 09:16]
2011-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-11-29 09:16]
2011-01-05 c:\windows\Tasks\Security Platform Backup Schedule.job
- c:\program files\Infineon\Security Platform Software\SpBackupWz.exe [2008-06-01 21:25]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Mach\Data aplikací\Mozilla\Firefox\Profiles\ek0vmmgf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - %profile%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-06 08:57
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(668)
c:\program files\Acer\Bio-Protection fingerprint solution\CompPtc.dll
c:\program files\Common Files\SPBA\vtapip.dll
c:\program files\Common Files\SPBA\infra.dll
c:\program files\Acer\Bio-Protection fingerprint solution\CustomRes.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Acer\Bio-Protection fingerprint solution\WinNotify.dll
c:\program files\Common Files\SPBA\homefus2.dll
c:\program files\Common Files\SPBA\homepass.dll
c:\program files\Common Files\SPBA\bio.dll
c:\program files\Common Files\SPBA\remote.dll
c:\program files\Common Files\SPBA\vtapipql.dll
c:\program files\Common Files\SPBA\crypto.dll
- - - - - - - > 'explorer.exe'(5752)
c:\program files\Norman\nvc\bin\Niphk.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\MFC71U.DLL
c:\windows\system32\btmmhook.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Norman\Npm\Bin\elogsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Norman\Npm\Bin\Zanda.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\ifxtcs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Microsoft SQL Server\MSSQL$SPZSQL2009\Binn\sqlservr.exe
c:\program files\O2Micro Oz128 Driver\o2flash.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\SearchIndexer.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Norman\Npm\Bin\Njeeves.exe
c:\windows\RTHDCPL.EXE
c:\docume~1\Mach\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\Norman\Nvc\Bin\Nip.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\program files\Norman\Nvc\Bin\cclaw.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\acer\Empowering Technology\eDataSecurity\eDScts.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Infineon\Security Platform Software\PSDrt.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Infineon\Security Platform Software\SpTna.exe
c:\program files\Acer\Bio-Protection fingerprint solution\FPLaunch.exe
c:\program files\Acer\Bio-Protection fingerprint solution\Navigator.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Acer\Bio-Protection fingerprint solution\PwdBank.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
c:\program files\Acer\Bio-Protection fingerprint solution\PwdBank.exe
.
**************************************************************************
.
Celkový čas: 2011-01-06 09:03:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-06 08:03
ComboFix2.txt 2010-12-16 07:24
Před spuštěním: Volných bajtů: 17 790 963 712
Po spuštění: Volných bajtů: 17 765 412 864
- - End Of File - - AD5599E8F038914B0DA0EEE8A8FA3F60
