autorun.inf ,zpomalený počítač
Napsal: 11 led 2011 17:26
zdravím,
mám problém se zpomaleným pc.prosím o kontrolu logu z combofixu. díky
ComboFix 11-01-10.07 - David 11.01.2011 15:33:23.1.1 - x86
Spuštěný z: c:\documents and settings\David\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-11 do 2011-01-11 )))))))))))))))))))))))))))))))
.
2011-01-11 14:25 . 2011-01-11 14:24 390144 ----a-w- c:\windows\system32\CF7422.exe
2011-01-11 14:25 . 2011-01-11 14:24 390144 ----a-w- c:\windows\system32\CF7429.exe
2011-01-11 13:17 . 2011-01-11 13:11 390144 ----a-w- c:\windows\system32\CF25867.exe
2011-01-10 18:59 . 2011-01-10 18:59 -------- d-----w- c:\documents and settings\David\Local Settings\Data aplikací\ESET
2011-01-10 18:58 . 2011-01-10 18:58 -------- d-----w- c:\windows\LastGood
2011-01-10 18:56 . 2011-01-10 18:56 -------- d-----w- c:\program files\ESET
2011-01-10 18:56 . 2011-01-10 18:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-01-06 08:09 . 2011-01-06 08:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2011-01-05 10:24 . 2011-01-05 10:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\WinZip
2011-01-05 10:23 . 2011-01-05 10:23 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2011-01-05 10:23 . 2011-01-05 10:28 -------- d-----w- c:\documents and settings\David\Local Settings\Data aplikací\Google
2011-01-05 10:23 . 2011-01-05 10:25 -------- d-----w- c:\program files\Google
2011-01-03 09:58 . 2011-01-05 15:28 -------- d-----w- c:\documents and settings\David\Local Settings\Data aplikací\Temp
2010-12-30 21:00 . 2010-12-30 21:00 -------- d-----w- c:\documents and settings\David\Data aplikací\dvdcss
2010-12-20 18:33 . 2010-12-20 18:33 -------- d-----w- c:\documents and settings\David\Local Settings\Data aplikací\cache
2010-12-20 18:28 . 2011-01-10 18:11 -------- d-----w- c:\documents and settings\David\Local Settings\Data aplikací\FullTiltPoker
2010-12-20 18:27 . 2011-01-10 18:11 -------- d-----w- c:\program files\Full Tilt Poker
2010-12-19 07:33 . 2010-12-19 07:34 -------- d-----w- c:\documents and settings\David\Local Settings\Data aplikací\ApplicationHistory
2010-12-18 02:02 . 2010-12-18 02:02 -------- d-----w- c:\program files\MSXML 4.0
2010-12-17 11:00 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-17 11:00 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-16 19:35 . 2011-01-03 09:58 -------- d-----w- c:\documents and settings\David\Local Settings\Data aplikací\Adobe
2010-12-16 19:35 . 2010-12-16 19:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Adobe Systems
2010-12-16 19:34 . 2010-12-16 19:34 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-12-16 18:31 . 2011-01-03 09:58 -------- d-----w- c:\program files\Common Files\Adobe
2010-12-16 18:31 . 2005-01-28 12:44 819200 ----a-w- c:\program files\Windows Media Player\wmsetsdk.exe
2010-12-16 18:31 . 2005-01-28 12:44 47616 ----a-w- c:\program files\Windows Media Player\msoobci.dll
2010-12-16 18:28 . 2004-07-09 03:27 974848 -c--a-w- c:\windows\system32\dllcache\dxdiag.exe
2010-12-16 18:21 . 2010-12-16 18:19 20016 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-12-16 18:20 . 2010-12-16 18:20 82432 ----a-w- c:\windows\system32\msxml4r.dll
2010-12-16 18:06 . 2010-12-16 18:06 -------- d-----w- c:\documents and settings\David\Data aplikací\Simple Star
2010-12-16 18:06 . 1999-12-17 08:13 86016 ----a-w- c:\windows\unvise32.exe
2010-12-16 18:05 . 2010-12-16 18:05 -------- d-----w- c:\program files\Simple Star
2010-12-16 18:01 . 2010-12-16 18:01 -------- d-----w- c:\program files\UltraMixer
2010-12-16 17:51 . 2010-12-16 17:52 -------- d-----w- c:\windows\system32\URTTemp
2010-12-16 17:47 . 2010-12-16 17:47 -------- d-----w- c:\program files\Sony Setup
2010-12-16 17:33 . 2010-12-16 17:33 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-12-16 17:32 . 2010-12-16 17:32 -------- d-----w- c:\program files\DVDVideoSoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:15 . 2010-09-13 13:09 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-13 17:05 . 2010-12-05 21:58 48080 ----a-w- c:\documents and settings\David\Data aplikací\Microsoft\Internet Explorer\qstatsrv.dll
2010-11-13 17:05 . 2010-12-05 21:58 149968 ----a-w- c:\documents and settings\David\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
2010-11-06 00:25 . 2002-09-20 16:05 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:25 . 2010-09-13 14:01 78336 ------w- c:\windows\system32\ieencode.dll
2010-11-06 00:25 . 2002-09-20 16:05 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:25 . 2001-10-25 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-11-03 12:25 . 2010-09-13 14:01 389120 ------w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2001-10-25 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2001-10-25 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2002-09-20 15:41 1853312 ----a-w- c:\windows\system32\win32k.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"QIP Internet Guardian"="c:\documents and settings\David\Data aplikací\QipGuard\QipGuard.exe" [2010-11-13 194512]
"Infium"="c:\program files\QIP 2010\qip.exe" [2010-12-13 5960064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-09-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-09-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-09-15 118784]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 1724416]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\QIP 2010\\qip.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 13:31 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3.8.2010 13:28 95896]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.8.2010 14:16 810144]
R2 QipGuard;QipGuard;c:\program files\QipGuard\QipGuard.exe [5.12.2010 22:58 194512]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [13.9.2010 22:02 88192]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5.1.2011 11:23 135664]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - EKRN
.
Obsah adresáře 'Naplánované úlohy'
2011-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-05 10:23]
2011-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-05 10:23]
2011-01-09 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-12-06 21:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\David\Data aplikací\Mozilla\Firefox\Profiles\1lihxj1q.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: QipCounter: QipCounter@qip.ru - %profile%\extensions\QipCounter@qip.ru
FF - Ext: QipAuthorizer: {32a1fd71-835e-4b11-8e54-886fda0b4c89} - %profile%\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKU-Default-Run-[system] - c:\windows\system32\drivers\services.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-11 15:37
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1164)
c:\windows\System32\BCMLogon.dll
c:\windows\system32\igfxdev.dll
.
Celkový čas: 2011-01-11 15:40:27
ComboFix-quarantined-files.txt 2011-01-11 14:40
Před spuštěním: 2 464 542 720
Po spuštění: 2 649 849 856
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - B4463D2CDFC77DEFF26473E461C7820A
mám problém se zpomaleným pc.prosím o kontrolu logu z combofixu. díky
ComboFix 11-01-10.07 - David 11.01.2011 15:33:23.1.1 - x86
Spuštěný z: c:\documents and settings\David\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-11 do 2011-01-11 )))))))))))))))))))))))))))))))
.
2011-01-11 14:25 . 2011-01-11 14:24 390144 ----a-w- c:\windows\system32\CF7422.exe
2011-01-11 14:25 . 2011-01-11 14:24 390144 ----a-w- c:\windows\system32\CF7429.exe
2011-01-11 13:17 . 2011-01-11 13:11 390144 ----a-w- c:\windows\system32\CF25867.exe
2011-01-10 18:59 . 2011-01-10 18:59 -------- d-----w- c:\documents and settings\David\Local Settings\Data aplikací\ESET
2011-01-10 18:58 . 2011-01-10 18:58 -------- d-----w- c:\windows\LastGood
2011-01-10 18:56 . 2011-01-10 18:56 -------- d-----w- c:\program files\ESET
2011-01-10 18:56 . 2011-01-10 18:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-01-06 08:09 . 2011-01-06 08:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2011-01-05 10:24 . 2011-01-05 10:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\WinZip
2011-01-05 10:23 . 2011-01-05 10:23 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2011-01-05 10:23 . 2011-01-05 10:28 -------- d-----w- c:\documents and settings\David\Local Settings\Data aplikací\Google
2011-01-05 10:23 . 2011-01-05 10:25 -------- d-----w- c:\program files\Google
2011-01-03 09:58 . 2011-01-05 15:28 -------- d-----w- c:\documents and settings\David\Local Settings\Data aplikací\Temp
2010-12-30 21:00 . 2010-12-30 21:00 -------- d-----w- c:\documents and settings\David\Data aplikací\dvdcss
2010-12-20 18:33 . 2010-12-20 18:33 -------- d-----w- c:\documents and settings\David\Local Settings\Data aplikací\cache
2010-12-20 18:28 . 2011-01-10 18:11 -------- d-----w- c:\documents and settings\David\Local Settings\Data aplikací\FullTiltPoker
2010-12-20 18:27 . 2011-01-10 18:11 -------- d-----w- c:\program files\Full Tilt Poker
2010-12-19 07:33 . 2010-12-19 07:34 -------- d-----w- c:\documents and settings\David\Local Settings\Data aplikací\ApplicationHistory
2010-12-18 02:02 . 2010-12-18 02:02 -------- d-----w- c:\program files\MSXML 4.0
2010-12-17 11:00 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-17 11:00 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-16 19:35 . 2011-01-03 09:58 -------- d-----w- c:\documents and settings\David\Local Settings\Data aplikací\Adobe
2010-12-16 19:35 . 2010-12-16 19:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Adobe Systems
2010-12-16 19:34 . 2010-12-16 19:34 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-12-16 18:31 . 2011-01-03 09:58 -------- d-----w- c:\program files\Common Files\Adobe
2010-12-16 18:31 . 2005-01-28 12:44 819200 ----a-w- c:\program files\Windows Media Player\wmsetsdk.exe
2010-12-16 18:31 . 2005-01-28 12:44 47616 ----a-w- c:\program files\Windows Media Player\msoobci.dll
2010-12-16 18:28 . 2004-07-09 03:27 974848 -c--a-w- c:\windows\system32\dllcache\dxdiag.exe
2010-12-16 18:21 . 2010-12-16 18:19 20016 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-12-16 18:20 . 2010-12-16 18:20 82432 ----a-w- c:\windows\system32\msxml4r.dll
2010-12-16 18:06 . 2010-12-16 18:06 -------- d-----w- c:\documents and settings\David\Data aplikací\Simple Star
2010-12-16 18:06 . 1999-12-17 08:13 86016 ----a-w- c:\windows\unvise32.exe
2010-12-16 18:05 . 2010-12-16 18:05 -------- d-----w- c:\program files\Simple Star
2010-12-16 18:01 . 2010-12-16 18:01 -------- d-----w- c:\program files\UltraMixer
2010-12-16 17:51 . 2010-12-16 17:52 -------- d-----w- c:\windows\system32\URTTemp
2010-12-16 17:47 . 2010-12-16 17:47 -------- d-----w- c:\program files\Sony Setup
2010-12-16 17:33 . 2010-12-16 17:33 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-12-16 17:32 . 2010-12-16 17:32 -------- d-----w- c:\program files\DVDVideoSoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:15 . 2010-09-13 13:09 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-13 17:05 . 2010-12-05 21:58 48080 ----a-w- c:\documents and settings\David\Data aplikací\Microsoft\Internet Explorer\qstatsrv.dll
2010-11-13 17:05 . 2010-12-05 21:58 149968 ----a-w- c:\documents and settings\David\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
2010-11-06 00:25 . 2002-09-20 16:05 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:25 . 2010-09-13 14:01 78336 ------w- c:\windows\system32\ieencode.dll
2010-11-06 00:25 . 2002-09-20 16:05 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:25 . 2001-10-25 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-11-03 12:25 . 2010-09-13 14:01 389120 ------w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2001-10-25 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2001-10-25 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2002-09-20 15:41 1853312 ----a-w- c:\windows\system32\win32k.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"QIP Internet Guardian"="c:\documents and settings\David\Data aplikací\QipGuard\QipGuard.exe" [2010-11-13 194512]
"Infium"="c:\program files\QIP 2010\qip.exe" [2010-12-13 5960064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-09-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-09-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-09-15 118784]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 1724416]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\QIP 2010\\qip.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 13:31 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3.8.2010 13:28 95896]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.8.2010 14:16 810144]
R2 QipGuard;QipGuard;c:\program files\QipGuard\QipGuard.exe [5.12.2010 22:58 194512]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [13.9.2010 22:02 88192]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5.1.2011 11:23 135664]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - EKRN
.
Obsah adresáře 'Naplánované úlohy'
2011-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-05 10:23]
2011-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-05 10:23]
2011-01-09 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-12-06 21:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\David\Data aplikací\Mozilla\Firefox\Profiles\1lihxj1q.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: QipCounter: QipCounter@qip.ru - %profile%\extensions\QipCounter@qip.ru
FF - Ext: QipAuthorizer: {32a1fd71-835e-4b11-8e54-886fda0b4c89} - %profile%\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKU-Default-Run-[system] - c:\windows\system32\drivers\services.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-11 15:37
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1164)
c:\windows\System32\BCMLogon.dll
c:\windows\system32\igfxdev.dll
.
Celkový čas: 2011-01-11 15:40:27
ComboFix-quarantined-files.txt 2011-01-11 14:40
Před spuštěním: 2 464 542 720
Po spuštění: 2 649 849 856
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - B4463D2CDFC77DEFF26473E461C7820A