PC spamuje :-( prosím pomoc
Napsal: 06 úno 2011 15:10
CF:
ComboFix 11-02-05.01 - Uzivatel 06.02.2011 14:55:56.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.639.330 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uzivatel\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 081204-0] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-06 do 2011-02-06 )))))))))))))))))))))))))))))))
.
2011-02-06 13:12 . 2008-11-26 17:16 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-06 13:12 . 2008-11-26 17:16 50864 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-06 13:12 . 2008-11-26 17:15 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-06 13:12 . 2008-11-26 17:15 97480 ----a-w- c:\windows\system32\AvastSS.scr
2011-02-06 13:12 . 2008-11-26 17:18 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-06 13:12 . 2008-11-26 17:18 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-06 13:12 . 2008-11-26 17:17 111184 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-06 13:12 . 2008-11-26 17:17 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-06 13:12 . 2008-11-26 17:21 1236208 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-06 13:12 . 2004-01-09 09:13 380928 ----a-w- c:\windows\system32\actskin4.ocx
2011-02-06 13:12 . 2011-02-06 13:12 -------- d-----w- c:\program files\Alwil Software
2011-02-06 12:42 . 2011-02-06 12:42 -------- d-----w- c:\documents and settings\Uzivatel\Data aplikací\Malwarebytes
2011-02-06 12:42 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-06 12:42 . 2011-02-06 12:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-02-06 12:42 . 2011-02-06 12:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-06 12:42 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-06 12:22 . 2011-02-06 14:04 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-02-06 12:17 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-06 10:55 . 2011-02-06 10:55 -------- d-----w- c:\program files\CCleaner
2011-02-06 10:42 . 2011-02-06 10:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2011-02-06 10:24 . 2004-08-17 14:49 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-02-06 10:24 . 2004-08-17 14:49 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-02-04 18:19 . 2011-02-04 18:19 -------- d-----w- C:\3cdfc5f87a97b53e5389f1cd23
2011-01-29 17:04 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-01-29 17:03 . 2011-02-06 14:04 738304 ----a-w- c:\windows\system32\drivers\xdztetsph.sys
2011-01-29 16:57 . 2004-08-03 22:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2011-01-29 16:57 . 2004-08-03 22:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2011-01-29 16:56 . 2008-11-07 17:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-01-29 16:31 . 2011-02-04 18:35 -------- d-----w- c:\documents and settings\Uzivatel\Data aplikací\Nokia
2011-01-29 16:31 . 2011-01-29 16:57 -------- d-----w- c:\documents and settings\Uzivatel\Data aplikací\PC Suite
2011-01-29 16:31 . 2011-02-04 18:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Suite
2011-01-29 16:30 . 2011-01-29 16:31 -------- d-----w- c:\program files\DIFX
2011-01-29 16:30 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-01-29 16:30 . 2011-01-29 16:30 -------- d-----w- c:\program files\PC Connectivity Solution
2011-01-29 16:29 . 2011-02-06 10:29 -------- dc----w- c:\windows\system32\DRVSTORE
2011-01-29 16:29 . 2010-07-30 13:17 111104 ----a-w- c:\windows\system32\ccdcmbwu.dll
2011-01-29 16:29 . 2010-07-30 13:17 604160 ----a-w- c:\windows\system32\nmwcdcocls.dll
2011-01-29 16:29 . 2010-02-26 13:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-01-29 16:29 . 2010-07-30 13:17 75264 ----a-w- c:\windows\system32\nmwcdcls.dll
2011-01-29 16:29 . 2011-02-06 10:31 -------- d-----w- c:\program files\Nokia
2011-01-29 16:27 . 2011-01-29 16:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Installations
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 14:25 . 2008-01-16 15:33 21321008 ----a-w- c:\program files\QuickTimeInstaller.exe
.
((((((((((((((((((((((((((((( SnapShot@2011-02-06_11.30.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-06 13:44 . 2011-02-06 13:44 16384 c:\windows\temp\Perflib_Perfdata_638.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanSoft OmniPage SE 4.0-reminder"="c:\program files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" [2006-09-26 1410600]
"SoundMan"="SOUNDMAN.EXE" [2004-08-30 69632]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^6qwxcs6.exe]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\6qwxcs6.exe
backup=c:\windows\pss\6qwxcs6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^6uu6gwx.exe]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\6uu6gwx.exe
backup=c:\windows\pss\6uu6gwx.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^6ww6ii6.exe]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\6ww6ii6.exe
backup=c:\windows\pss\6ww6ii6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^9q1miid.exe]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\9q1miid.exe
backup=c:\windows\pss\9q1miid.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^a2bhxi9e.exe]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\a2bhxi9e.exe
backup=c:\windows\pss\a2bhxi9e.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^bww6ii6uu6g.exe]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\bww6ii6uu6g.exe
backup=c:\windows\pss\bww6ii6uu6g.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^jjfvvrhhdtt.exe]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\jjfvvrhhdtt.exe
backup=c:\windows\pss\jjfvvrhhdtt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^o1kggbss.exe]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\o1kggbss.exe
backup=c:\windows\pss\o1kggbss.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^q1miiduu.exe]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\q1miiduu.exe
backup=c:\windows\pss\q1miiduu.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^vfgbhxi9e1.exe]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\vfgbhxi9e1.exe
backup=c:\windows\pss\vfgbhxi9e1.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^y6kk6ww6.exe]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\y6kk6ww6.exe
backup=c:\windows\pss\y6kk6ww6.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2003-08-20 12:18 88363 ----a-r- c:\windows\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-10-11 11:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD]
2005-08-22 23:33 528384 ----a-w- c:\program files\CyberLink\PowerDVD\PowerDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-12-11 09:56 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 12:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6.2.2011 14:12 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6.2.2011 14:12 20560]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - xdztetsph
.
Obsah adresáře 'Naplánované úlohy'
2011-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: {{572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - {DB7FBFE3-82CB-49E0-9C41-39C2A80B4966} - c:\progra~1\EUROTR~1\e2003i.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-falowou - c:\windows\system32\zouquissefo.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-06 15:04
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xdztetsph]
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2928)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-02-06 15:07:06
ComboFix-quarantined-files.txt 2011-02-06 14:07
ComboFix2.txt 2011-02-06 11:32
Před spuštěním: Volných bajtů: 63 634 321 408
Po spuštění: Volných bajtů: 63 778 357 248
- - End Of File - - 8EE1DE8EEF832B226AE55A8A7E38CD03
ComboFix 11-02-05.01 - Uzivatel 06.02.2011 14:55:56.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.639.330 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uzivatel\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 081204-0] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-06 do 2011-02-06 )))))))))))))))))))))))))))))))
.
2011-02-06 13:12 . 2008-11-26 17:16 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-06 13:12 . 2008-11-26 17:16 50864 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-06 13:12 . 2008-11-26 17:15 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-06 13:12 . 2008-11-26 17:15 97480 ----a-w- c:\windows\system32\AvastSS.scr
2011-02-06 13:12 . 2008-11-26 17:18 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-06 13:12 . 2008-11-26 17:18 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-06 13:12 . 2008-11-26 17:17 111184 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-06 13:12 . 2008-11-26 17:17 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-06 13:12 . 2008-11-26 17:21 1236208 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-06 13:12 . 2004-01-09 09:13 380928 ----a-w- c:\windows\system32\actskin4.ocx
2011-02-06 13:12 . 2011-02-06 13:12 -------- d-----w- c:\program files\Alwil Software
2011-02-06 12:42 . 2011-02-06 12:42 -------- d-----w- c:\documents and settings\Uzivatel\Data aplikací\Malwarebytes
2011-02-06 12:42 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-06 12:42 . 2011-02-06 12:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-02-06 12:42 . 2011-02-06 12:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-06 12:42 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-06 12:22 . 2011-02-06 14:04 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-02-06 12:17 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-06 10:55 . 2011-02-06 10:55 -------- d-----w- c:\program files\CCleaner
2011-02-06 10:42 . 2011-02-06 10:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2011-02-06 10:24 . 2004-08-17 14:49 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-02-06 10:24 . 2004-08-17 14:49 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-02-04 18:19 . 2011-02-04 18:19 -------- d-----w- C:\3cdfc5f87a97b53e5389f1cd23
2011-01-29 17:04 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-01-29 17:03 . 2011-02-06 14:04 738304 ----a-w- c:\windows\system32\drivers\xdztetsph.sys
2011-01-29 16:57 . 2004-08-03 22:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2011-01-29 16:57 . 2004-08-03 22:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2011-01-29 16:56 . 2008-11-07 17:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-01-29 16:31 . 2011-02-04 18:35 -------- d-----w- c:\documents and settings\Uzivatel\Data aplikací\Nokia
2011-01-29 16:31 . 2011-01-29 16:57 -------- d-----w- c:\documents and settings\Uzivatel\Data aplikací\PC Suite
2011-01-29 16:31 . 2011-02-04 18:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Suite
2011-01-29 16:30 . 2011-01-29 16:31 -------- d-----w- c:\program files\DIFX
2011-01-29 16:30 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-01-29 16:30 . 2011-01-29 16:30 -------- d-----w- c:\program files\PC Connectivity Solution
2011-01-29 16:29 . 2011-02-06 10:29 -------- dc----w- c:\windows\system32\DRVSTORE
2011-01-29 16:29 . 2010-07-30 13:17 111104 ----a-w- c:\windows\system32\ccdcmbwu.dll
2011-01-29 16:29 . 2010-07-30 13:17 604160 ----a-w- c:\windows\system32\nmwcdcocls.dll
2011-01-29 16:29 . 2010-02-26 13:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-01-29 16:29 . 2010-07-30 13:17 75264 ----a-w- c:\windows\system32\nmwcdcls.dll
2011-01-29 16:29 . 2011-02-06 10:31 -------- d-----w- c:\program files\Nokia
2011-01-29 16:27 . 2011-01-29 16:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Installations
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 14:25 . 2008-01-16 15:33 21321008 ----a-w- c:\program files\QuickTimeInstaller.exe
.
((((((((((((((((((((((((((((( SnapShot@2011-02-06_11.30.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-06 13:44 . 2011-02-06 13:44 16384 c:\windows\temp\Perflib_Perfdata_638.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanSoft OmniPage SE 4.0-reminder"="c:\program files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" [2006-09-26 1410600]
"SoundMan"="SOUNDMAN.EXE" [2004-08-30 69632]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^6qwxcs6.exe]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\6qwxcs6.exe
backup=c:\windows\pss\6qwxcs6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^6uu6gwx.exe]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\6uu6gwx.exe
backup=c:\windows\pss\6uu6gwx.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^6ww6ii6.exe]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\6ww6ii6.exe
backup=c:\windows\pss\6ww6ii6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^9q1miid.exe]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\9q1miid.exe
backup=c:\windows\pss\9q1miid.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^a2bhxi9e.exe]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\a2bhxi9e.exe
backup=c:\windows\pss\a2bhxi9e.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^bww6ii6uu6g.exe]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\bww6ii6uu6g.exe
backup=c:\windows\pss\bww6ii6uu6g.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^jjfvvrhhdtt.exe]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\jjfvvrhhdtt.exe
backup=c:\windows\pss\jjfvvrhhdtt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^o1kggbss.exe]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\o1kggbss.exe
backup=c:\windows\pss\o1kggbss.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^q1miiduu.exe]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\q1miiduu.exe
backup=c:\windows\pss\q1miiduu.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^vfgbhxi9e1.exe]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\vfgbhxi9e1.exe
backup=c:\windows\pss\vfgbhxi9e1.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Uzivatel^Nabídka Start^Programy^Po spuštění^y6kk6ww6.exe]
path=c:\documents and settings\Uzivatel\Nabídka Start\Programy\Po spuštění\y6kk6ww6.exe
backup=c:\windows\pss\y6kk6ww6.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2003-08-20 12:18 88363 ----a-r- c:\windows\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-10-11 11:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD]
2005-08-22 23:33 528384 ----a-w- c:\program files\CyberLink\PowerDVD\PowerDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-12-11 09:56 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 12:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6.2.2011 14:12 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6.2.2011 14:12 20560]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - xdztetsph
.
Obsah adresáře 'Naplánované úlohy'
2011-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: {{572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - {DB7FBFE3-82CB-49E0-9C41-39C2A80B4966} - c:\progra~1\EUROTR~1\e2003i.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-falowou - c:\windows\system32\zouquissefo.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-06 15:04
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xdztetsph]
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2928)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-02-06 15:07:06
ComboFix-quarantined-files.txt 2011-02-06 14:07
ComboFix2.txt 2011-02-06 11:32
Před spuštěním: Volných bajtů: 63 634 321 408
Po spuštění: Volných bajtů: 63 778 357 248
- - End Of File - - 8EE1DE8EEF832B226AE55A8A7E38CD03
Ten ComboFix Vam poradil kdo prosim 
Nejak nechapu jeho pouziti kdyz stejne log jak vidno doresit neumite 
Navic CF neni hracka - vizte nize