Log z Combofixu
Napsal: 18 zář 2011 14:11
Dobrý den,
poprosil bych o zhlédnutí logu od někoho, kdo mu rozumí. Je tam nějaká havěť? Předem děkuju.
Tomas
ComboFix 11-09-17.04 - Tomáš 18.09.2011 13:48:37.1.1 - x86
Spuštěný z: d:\stßhnout\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Skype\Plugin Manager\SkypePM.exe
c:\windows\ehome\medctrro.exe
c:\windows\iun6002.exe
c:\windows\msmqinst.log
c:\windows\My.ini
c:\windows\system32\d3d9caps.dat
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-18 do 2011-09-18 )))))))))))))))))))))))))))))))
.
.
2011-09-18 11:38 . 2011-09-18 11:38 -------- d--h--w- c:\documents and settings\Tomáš\Okolní tiskárny
2011-09-18 10:38 . 2011-09-18 10:38 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-09 10:13 . 2007-11-30 07:45 644400 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-09-09 10:12 . 2011-09-09 10:12 -------- d-----w- c:\program files\Google
2011-09-07 06:30 . 2011-09-07 06:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 14:29 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-09-06 14:26 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-09-06 13:12 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-03 10:17 . 2011-09-03 10:17 602112 -c----w- c:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-06 20:45 . 2010-10-15 14:25 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2007-02-07 23:50 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:37 . 2008-04-01 06:05 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2007-02-07 23:50 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2007-02-07 23:50 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2007-02-07 23:50 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2007-02-07 23:50 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2008-04-01 06:05 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2007-02-07 23:50 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-03 10:17 . 2001-10-25 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-03 10:17 . 2001-10-25 12:00 602112 ----a-w- c:\windows\system32\crypt32(3)(3).dll
2011-09-03 10:17 . 2001-10-25 12:00 602112 ----a-w- c:\windows\system32\crypt32(2).dll
2011-09-03 10:17 . 2001-10-25 12:00 602112 ----a-w- c:\windows\system32\crypt32(2)(2).dll
2011-07-15 13:29 . 2001-10-25 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2001-10-25 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2007-02-08 02:38 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:18 . 2001-10-25 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:18 . 2001-10-25 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-06-21 18:18 . 2007-02-07 23:12 81920 ------w- c:\windows\system32\ieencode.dll
2011-06-21 18:16 . 2007-02-07 23:12 370176 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2001-10-25 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-09-07 22:09 . 2011-05-01 11:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ------w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"thebat_startup"="c:\program files\The Bat!\thebat.exe" [2010-04-20 13797296]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2011-01-06 2342400]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
"pamela.exe"="c:\program files\Pamela\pamela.exe" [2011-01-04 8781312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7630848]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 0 (0x0)
"NoSimpleStartMenu"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Color Calibration.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Color Calibration.lnk
backup=c:\windows\pss\Color Calibration.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^eInstruction Device Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\eInstruction Device Manager.lnk
backup=c:\windows\pss\eInstruction Device Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Logo Calibration Loader.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Logo Calibration Loader.lnk
backup=c:\windows\pss\Logo Calibration Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^MagicTune 3.5.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\MagicTune 3.5.lnk
backup=c:\windows\pss\MagicTune 3.5.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^PHOTOfunSTUDIO HD Edition.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\PHOTOfunSTUDIO HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO HD Edition.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ProfileReminder.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\ProfileReminder.lnk
backup=c:\windows\pss\ProfileReminder.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tomáš^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
path=c:\documents and settings\Tomáš\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tomáš^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\Tomáš\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMReminderService
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2011-07-04 11:43 3493720 ------w- c:\program files\Alwil Software\Avast5\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boincmgr]
2010-07-01 11:27 4862720 ----a-w- c:\program files\BOINC\boincmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boinctray]
2010-07-01 11:27 58112 ----a-w- c:\program files\BOINC\boinctray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 01:41 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InterWrite Device Manager SysTray]
2008-06-19 13:11 688128 -c--a-w- c:\program files\Interwrite Learning\Interwrite Workspace\IWDMSystemTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-08-16 07:35 7630848 -c--a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Print2PDF Print Monitor]
2010-12-03 15:47 141368 ----a-w- c:\program files\Software602\Print2PDF\Print2PDF.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-06-01 08:48 16208384 -c----r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-05-26 19:50 15147400 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 -c----r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-31 13:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0420Mon.exe]
2007-04-30 01:00 32768 -c--a-r- c:\windows\V0420Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2006-11-21 17:38 35328 -c--a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Microsoft Office Groove Audit Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"XAMPP"=2 (0x2)
"wscsvc"=2 (0x2)
"TapiSrv"=3 (0x3)
"Schedule"=2 (0x2)
"RasMan"=3 (0x3)
"odserv"=3 (0x3)
"mysql"=2 (0x2)
"mnmsrvc"=3 (0x3)
"Irmon"=2 (0x2)
"Imapi Helper"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"ClipSrv"=3 (0x3)
"cisvc"=3 (0x3)
"Browser"=2 (0x2)
"bgsvcgen"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"Apache2.2"=2 (0x2)
"ALG"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"602XML Updater"=2 (0x2)
"SharedAccess"=2 (0x2)
"OOD2000"=2 (0x2)
"Bonjour Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE c:\windows\System32\NvMcTray.dll,NvTaskbarInit
"Alcmtr"=ALCMTR.EXE
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"NvCplDaemon"=RUNDLL32.EXE c:\windows\System32\NvCpl.dll,NvStartup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Totalcmd\\TOTALCMD.EXE"=
"d:\\Apache\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 17:11 35328]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.2.2007 3:11 639224]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6.9.2011 15:12 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1.4.2008 8:05 320856]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.4.2007 10:21 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.4.2007 10:21 72624]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.4.2008 8:05 20568]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [22.9.2009 10:18 14416]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [26.4.2007 10:21 1234480]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [11.2.2011 17:41 603896]
R3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\drivers\V0420Vid.sys [20.5.2008 17:33 99648]
S3 i1display;i1 Display;c:\windows\system32\drivers\i1display.sys [22.9.2009 10:18 44344]
S4 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 12:28 73728]
S4 Apache2.2;Apache2.2;d:\apache\xampp\apache\bin\httpd.exe [17.1.2011 16:22 29416]
S4 XAMPP;XAMPP Service;d:\apache\xampp\service.exe --> d:\apache\xampp\service.exe [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ALERTER
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-17 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2007-02-08 13:31]
.
2009-09-25 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-08-09 13:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.parlamentnilisty.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Zend Studio - Debug current page - c:\program files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugCurrent.html
IE: Zend Studio - Debug next page - c:\program files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugNext.html
TCP: DhcpNameServer = 172.21.0.6 195.113.115.171 195.113.115.174
FF - ProfilePath - c:\documents and settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\6ich4ibh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.parlamentnilisty.cz
FF - user.js: capability.policy.policynames - localfilelinks
FF - user.js: capability.policy.localfilelinks.sites - hxxp://s1.travian.cz http://s2.travian.cz http://s3.travian.cz http://s4.travian.cz http://speed.travian.cz http://s9.travian.cz
FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccess
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-Diar_VS - c:\program files\Diar 5\diar.exe
MSConfigStartUp-ICQ Lite - c:\program files\ICQLite\ICQLite.exe
MSConfigStartUp-KeyLemon LemonScreen - c:\program files\KeyLemon\KLLockEngine.exe
MSConfigStartUp-KeyLemon Updater - c:\program files\KeyLemon\KLUpdater.exe
MSConfigStartUp-mmtask - c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe
MSConfigStartUp-MMTray - c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-18 14:21
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2011-09-18 14:33:39
ComboFix-quarantined-files.txt 2011-09-18 12:33
.
Před spuštěním: 836 063 232
Po spuštění: 1 310 830 592
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptIn
.
- - End Of File - - 2DAEA98D79C4A8E12158C4DFDB3423E2
poprosil bych o zhlédnutí logu od někoho, kdo mu rozumí. Je tam nějaká havěť? Předem děkuju.
Tomas
ComboFix 11-09-17.04 - Tomáš 18.09.2011 13:48:37.1.1 - x86
Spuštěný z: d:\stßhnout\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Skype\Plugin Manager\SkypePM.exe
c:\windows\ehome\medctrro.exe
c:\windows\iun6002.exe
c:\windows\msmqinst.log
c:\windows\My.ini
c:\windows\system32\d3d9caps.dat
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-18 do 2011-09-18 )))))))))))))))))))))))))))))))
.
.
2011-09-18 11:38 . 2011-09-18 11:38 -------- d--h--w- c:\documents and settings\Tomáš\Okolní tiskárny
2011-09-18 10:38 . 2011-09-18 10:38 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-09 10:13 . 2007-11-30 07:45 644400 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-09-09 10:12 . 2011-09-09 10:12 -------- d-----w- c:\program files\Google
2011-09-07 06:30 . 2011-09-07 06:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 14:29 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-09-06 14:26 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-09-06 13:12 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-03 10:17 . 2011-09-03 10:17 602112 -c----w- c:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-06 20:45 . 2010-10-15 14:25 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2007-02-07 23:50 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:37 . 2008-04-01 06:05 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2007-02-07 23:50 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2007-02-07 23:50 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2007-02-07 23:50 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2007-02-07 23:50 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2008-04-01 06:05 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2007-02-07 23:50 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-03 10:17 . 2001-10-25 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-03 10:17 . 2001-10-25 12:00 602112 ----a-w- c:\windows\system32\crypt32(3)(3).dll
2011-09-03 10:17 . 2001-10-25 12:00 602112 ----a-w- c:\windows\system32\crypt32(2).dll
2011-09-03 10:17 . 2001-10-25 12:00 602112 ----a-w- c:\windows\system32\crypt32(2)(2).dll
2011-07-15 13:29 . 2001-10-25 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2001-10-25 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2007-02-08 02:38 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:18 . 2001-10-25 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:18 . 2001-10-25 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-06-21 18:18 . 2007-02-07 23:12 81920 ------w- c:\windows\system32\ieencode.dll
2011-06-21 18:16 . 2007-02-07 23:12 370176 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2001-10-25 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-09-07 22:09 . 2011-05-01 11:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ------w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"thebat_startup"="c:\program files\The Bat!\thebat.exe" [2010-04-20 13797296]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2011-01-06 2342400]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
"pamela.exe"="c:\program files\Pamela\pamela.exe" [2011-01-04 8781312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7630848]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 0 (0x0)
"NoSimpleStartMenu"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Color Calibration.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Color Calibration.lnk
backup=c:\windows\pss\Color Calibration.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^eInstruction Device Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\eInstruction Device Manager.lnk
backup=c:\windows\pss\eInstruction Device Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Logo Calibration Loader.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Logo Calibration Loader.lnk
backup=c:\windows\pss\Logo Calibration Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^MagicTune 3.5.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\MagicTune 3.5.lnk
backup=c:\windows\pss\MagicTune 3.5.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^PHOTOfunSTUDIO HD Edition.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\PHOTOfunSTUDIO HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO HD Edition.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ProfileReminder.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\ProfileReminder.lnk
backup=c:\windows\pss\ProfileReminder.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tomáš^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
path=c:\documents and settings\Tomáš\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tomáš^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\Tomáš\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMReminderService
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2011-07-04 11:43 3493720 ------w- c:\program files\Alwil Software\Avast5\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boincmgr]
2010-07-01 11:27 4862720 ----a-w- c:\program files\BOINC\boincmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boinctray]
2010-07-01 11:27 58112 ----a-w- c:\program files\BOINC\boinctray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 01:41 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InterWrite Device Manager SysTray]
2008-06-19 13:11 688128 -c--a-w- c:\program files\Interwrite Learning\Interwrite Workspace\IWDMSystemTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-08-16 07:35 7630848 -c--a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Print2PDF Print Monitor]
2010-12-03 15:47 141368 ----a-w- c:\program files\Software602\Print2PDF\Print2PDF.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-06-01 08:48 16208384 -c----r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-05-26 19:50 15147400 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 -c----r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-31 13:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0420Mon.exe]
2007-04-30 01:00 32768 -c--a-r- c:\windows\V0420Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2006-11-21 17:38 35328 -c--a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Microsoft Office Groove Audit Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"XAMPP"=2 (0x2)
"wscsvc"=2 (0x2)
"TapiSrv"=3 (0x3)
"Schedule"=2 (0x2)
"RasMan"=3 (0x3)
"odserv"=3 (0x3)
"mysql"=2 (0x2)
"mnmsrvc"=3 (0x3)
"Irmon"=2 (0x2)
"Imapi Helper"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"ClipSrv"=3 (0x3)
"cisvc"=3 (0x3)
"Browser"=2 (0x2)
"bgsvcgen"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"Apache2.2"=2 (0x2)
"ALG"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"602XML Updater"=2 (0x2)
"SharedAccess"=2 (0x2)
"OOD2000"=2 (0x2)
"Bonjour Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE c:\windows\System32\NvMcTray.dll,NvTaskbarInit
"Alcmtr"=ALCMTR.EXE
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"NvCplDaemon"=RUNDLL32.EXE c:\windows\System32\NvCpl.dll,NvStartup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Totalcmd\\TOTALCMD.EXE"=
"d:\\Apache\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 17:11 35328]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.2.2007 3:11 639224]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6.9.2011 15:12 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1.4.2008 8:05 320856]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.4.2007 10:21 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.4.2007 10:21 72624]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.4.2008 8:05 20568]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [22.9.2009 10:18 14416]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [26.4.2007 10:21 1234480]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [11.2.2011 17:41 603896]
R3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\drivers\V0420Vid.sys [20.5.2008 17:33 99648]
S3 i1display;i1 Display;c:\windows\system32\drivers\i1display.sys [22.9.2009 10:18 44344]
S4 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 12:28 73728]
S4 Apache2.2;Apache2.2;d:\apache\xampp\apache\bin\httpd.exe [17.1.2011 16:22 29416]
S4 XAMPP;XAMPP Service;d:\apache\xampp\service.exe --> d:\apache\xampp\service.exe [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ALERTER
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-17 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2007-02-08 13:31]
.
2009-09-25 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-08-09 13:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.parlamentnilisty.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Zend Studio - Debug current page - c:\program files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugCurrent.html
IE: Zend Studio - Debug next page - c:\program files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugNext.html
TCP: DhcpNameServer = 172.21.0.6 195.113.115.171 195.113.115.174
FF - ProfilePath - c:\documents and settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\6ich4ibh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.parlamentnilisty.cz
FF - user.js: capability.policy.policynames - localfilelinks
FF - user.js: capability.policy.localfilelinks.sites - hxxp://s1.travian.cz http://s2.travian.cz http://s3.travian.cz http://s4.travian.cz http://speed.travian.cz http://s9.travian.cz
FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccess
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-Diar_VS - c:\program files\Diar 5\diar.exe
MSConfigStartUp-ICQ Lite - c:\program files\ICQLite\ICQLite.exe
MSConfigStartUp-KeyLemon LemonScreen - c:\program files\KeyLemon\KLLockEngine.exe
MSConfigStartUp-KeyLemon Updater - c:\program files\KeyLemon\KLUpdater.exe
MSConfigStartUp-mmtask - c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe
MSConfigStartUp-MMTray - c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-18 14:21
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2011-09-18 14:33:39
ComboFix-quarantined-files.txt 2011-09-18 12:33
.
Před spuštěním: 836 063 232
Po spuštění: 1 310 830 592
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptIn
.
- - End Of File - - 2DAEA98D79C4A8E12158C4DFDB3423E2
Rudy promine spam.
