windows vista extrémně zasekaná
Napsal: 15 bře 2011 19:19
kamarádův noťas je velice zasekaný, má na něm vistu, prosím o kontrolu logu z combofix:
ComboFix 11-03-14.07 - Čepelovi 15.03.2011 18:42:21.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2814.1781 [GMT 1:00]
Spuštěný z: c:\users\Čepelovi\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Čepelovi\AppData\Roaming\.#
c:\users\Čepelovi\AppData\Roaming\.#\MBX@1350@1A52990.###
c:\users\Čepelovi\AppData\Roaming\.#\MBX@1350@1A529C0.###
c:\users\Čepelovi\AppData\Roaming\.#\MBX@1350@1A529F0.###
c:\users\Čepelovi\AppData\Roaming\.#\MBX@1380@17E2990.###
c:\users\Čepelovi\AppData\Roaming\.#\MBX@1380@17E29C0.###
c:\users\Čepelovi\AppData\Roaming\.#\MBX@1380@17E29F0.###
c:\users\Čepelovi\AppData\Roaming\.#\MBX@13BC@6F2990.###
c:\users\Čepelovi\AppData\Roaming\.#\MBX@13BC@6F29C0.###
c:\users\Čepelovi\AppData\Roaming\.#\MBX@13BC@6F29F0.###
c:\windows\system32\AVSredirect.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-15 do 2011-03-15 )))))))))))))))))))))))))))))))
.
.
2011-03-15 18:00 . 2011-03-15 18:00 -------- d-----w- c:\users\Čepelovi\AppData\Local\temp
2011-03-15 18:00 . 2011-03-15 18:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-15 13:14 . 2011-03-15 13:14 -------- d-----w- c:\users\Čepelovi\AppData\Roaming\Malwarebytes
2011-03-15 13:14 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-15 13:14 . 2011-03-15 13:14 -------- d-----w- c:\programdata\Malwarebytes
2011-03-15 13:14 . 2011-03-15 13:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-15 13:14 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-15 13:09 . 2011-03-15 13:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-03-15 13:09 . 2011-03-15 13:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-15 13:04 . 2011-03-15 13:04 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-03-15 13:04 . 2011-03-15 14:51 -------- d-----w- c:\users\Čepelovi\AppData\Roaming\Spyware Terminator
2011-03-15 13:03 . 2011-03-15 15:17 -------- d-----w- c:\programdata\Spyware Terminator
2011-03-15 13:03 . 2011-03-15 15:17 -------- d-----w- c:\program files\Spyware Terminator
2011-03-15 12:56 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D5419F4-2776-4B2E-B7FB-EF6571BD49EE}\mpengine.dll
2011-03-14 20:38 . 2011-03-14 08:02 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-14 16:55 . 2011-03-14 08:02 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-03-14 16:55 . 2011-03-14 16:55 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-14 16:53 . 2011-03-14 16:53 -------- d-----w- c:\users\Čepelovi\AppData\Local\Sunbelt Software
2011-03-14 16:52 . 2011-03-14 16:52 -------- dc-h--w- c:\programdata\{D3450D7D-6D3E-4734-804F-44124D54B5EB}
2011-03-14 16:51 . 2011-03-14 16:52 -------- d-----w- c:\programdata\Lavasoft
2011-03-14 16:51 . 2011-03-14 16:51 -------- d-----w- c:\program files\Lavasoft
2011-03-14 16:23 . 2011-03-14 16:25 -------- d-----w- c:\program files\Common Files\Adobe
2011-03-09 04:51 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 04:51 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 04:51 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 04:51 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 04:51 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 04:51 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-02-26 08:48 . 2011-02-26 08:48 -------- d-----w- c:\users\Čepelovi\AppData\Roaming\Media Player Classic
2011-02-16 12:58 . 2011-02-16 12:58 -------- d-----w- c:\users\Čepelovi\Option
2011-02-15 21:35 . 2011-02-15 21:35 -------- d-----w- c:\program files\DVBPortal
2011-02-15 21:24 . 2011-02-16 12:42 -------- d-----w- c:\program files\Real
2011-02-15 21:17 . 2009-07-03 14:13 121344 ----a-w- c:\windows\system32\lagarith.dll
2011-02-15 21:17 . 2006-04-02 13:47 630784 ----a-w- c:\windows\system32\vp7vfw.dll
2011-02-15 21:11 . 2010-03-15 10:31 165376 ----a-w- c:\windows\system32\unrar.dll
2011-02-15 21:11 . 2008-09-24 19:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2011-02-15 21:11 . 2010-12-07 18:40 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2011-02-15 21:11 . 2010-12-07 18:22 810496 ----a-w- c:\windows\system32\xvidcore.dll
2011-02-15 21:11 . 2010-01-17 16:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-02-15 21:11 . 2011-01-28 08:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-02-15 21:11 . 2011-02-15 21:31 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-02-15 20:59 . 2011-02-15 21:00 -------- d-----w- c:\users\Čepelovi\AppData\Roaming\VideoReDo-TVSuite4
2011-02-15 20:27 . 2011-02-15 20:27 -------- d-----w- c:\program files\Common Files\Common Share
2011-02-15 20:03 . 2011-02-15 20:03 -------- d-----w- c:\users\Čepelovi\AppData\Roaming\Haenlein-Software
2011-02-15 20:03 . 2011-02-15 20:03 -------- d-----w- c:\program files\DVR-Compress
2011-02-15 20:03 . 2011-02-15 20:03 -------- d-----w- c:\program files\DVR-Studio Pro
2011-02-15 18:10 . 2011-02-15 18:10 -------- d-----w- c:\users\Čepelovi\AppData\Local\GHISLER
2011-02-15 18:09 . 2011-02-15 18:09 -------- d-----w- C:\totalcmd
2011-02-15 18:09 . 2011-02-15 18:09 -------- d-----w- c:\users\Čepelovi\AppData\Roaming\GHISLER
2011-02-15 18:09 . 2010-12-17 06:56 545 ----a-w- c:\windows\UC.PIF
2011-02-15 18:09 . 2010-12-17 06:56 545 ----a-w- c:\windows\RAR.PIF
2011-02-15 18:09 . 2010-12-17 06:56 545 ----a-w- c:\windows\PKZIP.PIF
2011-02-15 18:09 . 2010-12-17 06:56 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-02-15 18:09 . 2010-12-17 06:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-02-15 18:09 . 2010-12-17 06:56 545 ----a-w- c:\windows\LHA.PIF
2011-02-15 18:09 . 2010-12-17 06:56 545 ----a-w- c:\windows\ARJ.PIF
2011-02-15 18:00 . 2011-02-15 18:00 -------- d-----w- c:\users\Čepelovi\AppData\Roaming\Nero
2011-02-15 17:58 . 2011-02-15 17:59 -------- d-----w- c:\program files\Nero
2011-02-15 17:58 . 2011-02-15 17:59 -------- d-----w- c:\programdata\Nero
2011-02-15 17:58 . 2011-02-15 18:00 -------- d-----w- c:\program files\Common Files\Nero
2011-02-15 17:45 . 2011-02-15 17:45 -------- d-----w- c:\users\Čepelovi\AppData\Roaming\Ashampoo
2011-02-15 17:45 . 2011-02-15 17:45 -------- d-----w- c:\users\Čepelovi\AppData\Local\ashampoo
2011-02-15 17:45 . 2011-02-15 17:45 -------- d-----w- c:\programdata\ashampoo
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 16:11 . 2010-06-05 09:34 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-15 14:13 . 2011-01-15 14:13 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-01-08 08:47 . 2011-02-09 15:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 15:24 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-09 15:25 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-01-12 11:40 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-18 06:27 . 2011-02-09 15:24 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22 . 2011-02-09 15:24 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22 . 2011-02-09 15:24 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22 . 2011-02-09 15:24 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:22 . 2011-02-09 15:24 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 05:25 . 2011-02-09 15:24 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48 . 2011-02-09 15:24 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47 . 2011-02-09 15:24 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-24 15:06 . 2010-08-24 15:06 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 15:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-29 167936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Čepelovi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\Čepelovi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Čepelovi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
path=c:\users\Čepelovi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
backup=c:\windows\pss\Orion.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
2008-05-29 15:44 147456 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-05-14 15:05 526896 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-08-24 15:06 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
2007-10-23 08:56 200704 ----a-w- c:\windows\PLFSetI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2011-03-15 13:04 3318784 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-09-02 14:40 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2681841815-3028257421-941054366-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 135664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-03-14 1405384]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-24 30192]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-03-14 64512]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-09-11 721904]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2008-10-31 270888]
S1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-03-15 142592]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-15 172032]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 13:47]
.
2011-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 13:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=0909&m=aspire_5535
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=0909&m=aspire_5535
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: {1FE02DFE-0767-48E6-96C2-F05D932B6E75} = 212.111.0.10,193.179.148.42
FF - ProfilePath - c:\users\Čepelovi\AppData\Roaming\Mozilla\Firefox\Profiles\sdq9hkiq.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-eRecoveryService - (no file)
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
AddRemove-CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118 - c:\program files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\UIU32m.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-OJOsoft Total Video Converter_is1 - c:\program files\OJOsoft\OJOsoft Total Video Converter\unins000.exe
AddRemove-TmNationsForever_is1 - c:\program files\TmNationsForever\unins000.exe
AddRemove-VideoReDo4_is1 - c:\program files\VideoReDoTVSuite4\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-15 19:00
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\users\EPELOV~1\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2011-03-15 19:06:17
ComboFix-quarantined-files.txt 2011-03-15 18:06
.
Před spuštěním: Volných bajtů: 40 196 104 192
Po spuštění: Volných bajtů: 40 475 095 040
.
- - End Of File - - B783084379D654ED0E499E56CC995EFF
ComboFix 11-03-14.07 - Čepelovi 15.03.2011 18:42:21.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2814.1781 [GMT 1:00]
Spuštěný z: c:\users\Čepelovi\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Čepelovi\AppData\Roaming\.#
c:\users\Čepelovi\AppData\Roaming\.#\MBX@1350@1A52990.###
c:\users\Čepelovi\AppData\Roaming\.#\MBX@1350@1A529C0.###
c:\users\Čepelovi\AppData\Roaming\.#\MBX@1350@1A529F0.###
c:\users\Čepelovi\AppData\Roaming\.#\MBX@1380@17E2990.###
c:\users\Čepelovi\AppData\Roaming\.#\MBX@1380@17E29C0.###
c:\users\Čepelovi\AppData\Roaming\.#\MBX@1380@17E29F0.###
c:\users\Čepelovi\AppData\Roaming\.#\MBX@13BC@6F2990.###
c:\users\Čepelovi\AppData\Roaming\.#\MBX@13BC@6F29C0.###
c:\users\Čepelovi\AppData\Roaming\.#\MBX@13BC@6F29F0.###
c:\windows\system32\AVSredirect.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-15 do 2011-03-15 )))))))))))))))))))))))))))))))
.
.
2011-03-15 18:00 . 2011-03-15 18:00 -------- d-----w- c:\users\Čepelovi\AppData\Local\temp
2011-03-15 18:00 . 2011-03-15 18:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-15 13:14 . 2011-03-15 13:14 -------- d-----w- c:\users\Čepelovi\AppData\Roaming\Malwarebytes
2011-03-15 13:14 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-15 13:14 . 2011-03-15 13:14 -------- d-----w- c:\programdata\Malwarebytes
2011-03-15 13:14 . 2011-03-15 13:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-15 13:14 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-15 13:09 . 2011-03-15 13:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-03-15 13:09 . 2011-03-15 13:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-15 13:04 . 2011-03-15 13:04 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-03-15 13:04 . 2011-03-15 14:51 -------- d-----w- c:\users\Čepelovi\AppData\Roaming\Spyware Terminator
2011-03-15 13:03 . 2011-03-15 15:17 -------- d-----w- c:\programdata\Spyware Terminator
2011-03-15 13:03 . 2011-03-15 15:17 -------- d-----w- c:\program files\Spyware Terminator
2011-03-15 12:56 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D5419F4-2776-4B2E-B7FB-EF6571BD49EE}\mpengine.dll
2011-03-14 20:38 . 2011-03-14 08:02 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-14 16:55 . 2011-03-14 08:02 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-03-14 16:55 . 2011-03-14 16:55 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-14 16:53 . 2011-03-14 16:53 -------- d-----w- c:\users\Čepelovi\AppData\Local\Sunbelt Software
2011-03-14 16:52 . 2011-03-14 16:52 -------- dc-h--w- c:\programdata\{D3450D7D-6D3E-4734-804F-44124D54B5EB}
2011-03-14 16:51 . 2011-03-14 16:52 -------- d-----w- c:\programdata\Lavasoft
2011-03-14 16:51 . 2011-03-14 16:51 -------- d-----w- c:\program files\Lavasoft
2011-03-14 16:23 . 2011-03-14 16:25 -------- d-----w- c:\program files\Common Files\Adobe
2011-03-09 04:51 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 04:51 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 04:51 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 04:51 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 04:51 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 04:51 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-02-26 08:48 . 2011-02-26 08:48 -------- d-----w- c:\users\Čepelovi\AppData\Roaming\Media Player Classic
2011-02-16 12:58 . 2011-02-16 12:58 -------- d-----w- c:\users\Čepelovi\Option
2011-02-15 21:35 . 2011-02-15 21:35 -------- d-----w- c:\program files\DVBPortal
2011-02-15 21:24 . 2011-02-16 12:42 -------- d-----w- c:\program files\Real
2011-02-15 21:17 . 2009-07-03 14:13 121344 ----a-w- c:\windows\system32\lagarith.dll
2011-02-15 21:17 . 2006-04-02 13:47 630784 ----a-w- c:\windows\system32\vp7vfw.dll
2011-02-15 21:11 . 2010-03-15 10:31 165376 ----a-w- c:\windows\system32\unrar.dll
2011-02-15 21:11 . 2008-09-24 19:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2011-02-15 21:11 . 2010-12-07 18:40 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2011-02-15 21:11 . 2010-12-07 18:22 810496 ----a-w- c:\windows\system32\xvidcore.dll
2011-02-15 21:11 . 2010-01-17 16:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-02-15 21:11 . 2011-01-28 08:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-02-15 21:11 . 2011-02-15 21:31 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-02-15 20:59 . 2011-02-15 21:00 -------- d-----w- c:\users\Čepelovi\AppData\Roaming\VideoReDo-TVSuite4
2011-02-15 20:27 . 2011-02-15 20:27 -------- d-----w- c:\program files\Common Files\Common Share
2011-02-15 20:03 . 2011-02-15 20:03 -------- d-----w- c:\users\Čepelovi\AppData\Roaming\Haenlein-Software
2011-02-15 20:03 . 2011-02-15 20:03 -------- d-----w- c:\program files\DVR-Compress
2011-02-15 20:03 . 2011-02-15 20:03 -------- d-----w- c:\program files\DVR-Studio Pro
2011-02-15 18:10 . 2011-02-15 18:10 -------- d-----w- c:\users\Čepelovi\AppData\Local\GHISLER
2011-02-15 18:09 . 2011-02-15 18:09 -------- d-----w- C:\totalcmd
2011-02-15 18:09 . 2011-02-15 18:09 -------- d-----w- c:\users\Čepelovi\AppData\Roaming\GHISLER
2011-02-15 18:09 . 2010-12-17 06:56 545 ----a-w- c:\windows\UC.PIF
2011-02-15 18:09 . 2010-12-17 06:56 545 ----a-w- c:\windows\RAR.PIF
2011-02-15 18:09 . 2010-12-17 06:56 545 ----a-w- c:\windows\PKZIP.PIF
2011-02-15 18:09 . 2010-12-17 06:56 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-02-15 18:09 . 2010-12-17 06:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-02-15 18:09 . 2010-12-17 06:56 545 ----a-w- c:\windows\LHA.PIF
2011-02-15 18:09 . 2010-12-17 06:56 545 ----a-w- c:\windows\ARJ.PIF
2011-02-15 18:00 . 2011-02-15 18:00 -------- d-----w- c:\users\Čepelovi\AppData\Roaming\Nero
2011-02-15 17:58 . 2011-02-15 17:59 -------- d-----w- c:\program files\Nero
2011-02-15 17:58 . 2011-02-15 17:59 -------- d-----w- c:\programdata\Nero
2011-02-15 17:58 . 2011-02-15 18:00 -------- d-----w- c:\program files\Common Files\Nero
2011-02-15 17:45 . 2011-02-15 17:45 -------- d-----w- c:\users\Čepelovi\AppData\Roaming\Ashampoo
2011-02-15 17:45 . 2011-02-15 17:45 -------- d-----w- c:\users\Čepelovi\AppData\Local\ashampoo
2011-02-15 17:45 . 2011-02-15 17:45 -------- d-----w- c:\programdata\ashampoo
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 16:11 . 2010-06-05 09:34 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-15 14:13 . 2011-01-15 14:13 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-01-08 08:47 . 2011-02-09 15:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 15:24 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-09 15:25 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-01-12 11:40 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-18 06:27 . 2011-02-09 15:24 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22 . 2011-02-09 15:24 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22 . 2011-02-09 15:24 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22 . 2011-02-09 15:24 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:22 . 2011-02-09 15:24 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 05:25 . 2011-02-09 15:24 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48 . 2011-02-09 15:24 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47 . 2011-02-09 15:24 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-24 15:06 . 2010-08-24 15:06 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 15:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-29 167936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Čepelovi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\Čepelovi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Čepelovi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
path=c:\users\Čepelovi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
backup=c:\windows\pss\Orion.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
2008-05-29 15:44 147456 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-05-14 15:05 526896 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-08-24 15:06 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
2007-10-23 08:56 200704 ----a-w- c:\windows\PLFSetI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2011-03-15 13:04 3318784 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-09-02 14:40 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2681841815-3028257421-941054366-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 135664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-03-14 1405384]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-24 30192]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-03-14 64512]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-09-11 721904]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2008-10-31 270888]
S1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-03-15 142592]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-15 172032]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 13:47]
.
2011-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 13:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=0909&m=aspire_5535
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=0909&m=aspire_5535
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: {1FE02DFE-0767-48E6-96C2-F05D932B6E75} = 212.111.0.10,193.179.148.42
FF - ProfilePath - c:\users\Čepelovi\AppData\Roaming\Mozilla\Firefox\Profiles\sdq9hkiq.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-eRecoveryService - (no file)
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
AddRemove-CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118 - c:\program files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\UIU32m.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-OJOsoft Total Video Converter_is1 - c:\program files\OJOsoft\OJOsoft Total Video Converter\unins000.exe
AddRemove-TmNationsForever_is1 - c:\program files\TmNationsForever\unins000.exe
AddRemove-VideoReDo4_is1 - c:\program files\VideoReDoTVSuite4\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-15 19:00
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\users\EPELOV~1\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2011-03-15 19:06:17
ComboFix-quarantined-files.txt 2011-03-15 18:06
.
Před spuštěním: Volných bajtů: 40 196 104 192
Po spuštění: Volných bajtů: 40 475 095 040
.
- - End Of File - - B783084379D654ED0E499E56CC995EFF
