Prosba o radu
Napsal: 23 bře 2010 18:28
Dobrý den, nelze nainstalovat NOD 32 Antivirus 4.2.35.5 hlásí to několik chyb, že nelze zapisovat do registru a pak, ze se nepodařilo nainstalovat službu Eset service (ekrn)
spustil jsem CClean, spybot S&D a projel PC online testem na stránkách Esetu. nic to nenašlo.
Toto je log z Combofix, prosím o radu co dál... Děkuji předem
ComboFix 10-03-22.02 - Stanislav Brunclik 23.03.2010 17:54:55.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.420.1029.18.3069.1800 [GMT 1:00]
Spuštěný z: c:\users\Stanislav Brunclik\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\desktop.ini
C:\Internet Explorer.lnk
c:\users\Stanislav Brunclik\Documents\cc_20100323_152501.reg
c:\windows\system32\Connect.dll
c:\windows\system32\ReadMe.txt
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-23 do 2010-03-23 )))))))))))))))))))))))))))))))
.
2010-03-23 17:00 . 2010-03-23 17:04 -------- d-----w- c:\users\Stanislav Brunclik\AppData\Local\temp
2010-03-23 17:00 . 2010-03-23 17:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-23 16:33 . 2010-03-23 16:33 -------- d-----w- c:\program files\Crawler
2010-03-23 16:33 . 2010-03-23 16:33 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-03-23 16:33 . 2010-03-23 16:39 -------- d-----w- c:\users\Stanislav Brunclik\AppData\Roaming\Spyware Terminator
2010-03-23 16:33 . 2010-03-23 16:47 -------- d-----w- c:\programdata\Spyware Terminator
2010-03-23 16:33 . 2010-03-23 16:47 -------- d-----w- c:\program files\Spyware Terminator
2010-03-23 14:55 . 2010-03-23 14:59 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-23 14:55 . 2010-03-23 14:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-23 14:43 . 2010-03-23 14:43 -------- d-----w- c:\program files\Windows Portable Devices
2010-03-23 14:29 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-03-23 14:29 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-03-23 14:29 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-03-23 14:27 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-03-23 14:27 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-03-23 14:27 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-03-23 14:22 . 2010-03-23 14:22 -------- d-----w- c:\program files\CCleaner
2010-03-23 06:18 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-03-23 06:18 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-03-23 06:18 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-03-22 13:01 . 2010-03-22 13:02 -------- d-----w- c:\windows\system32\ca-ES
2010-03-22 13:01 . 2010-03-22 13:02 -------- d-----w- c:\windows\system32\eu-ES
2010-03-22 13:01 . 2010-03-22 13:02 -------- d-----w- c:\windows\system32\vi-VN
2010-03-22 12:52 . 2010-03-22 12:52 -------- d-----w- c:\program files\Common Files\Skype
2010-03-22 12:31 . 2010-03-22 12:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-22 12:29 . 2010-03-22 12:29 -------- d-----w- c:\windows\system32\EventProviders
2010-03-19 02:03 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-03-18 12:13 . 2009-04-11 06:28 1381376 ----a-w- c:\windows\system32\Query.dll
2010-03-18 12:12 . 2009-04-11 06:32 53224 ----a-w- c:\windows\system32\drivers\termdd.sys
2010-03-18 12:11 . 2009-04-11 06:28 91136 ----a-w- c:\windows\system32\rdpendp.dll
2010-03-18 12:10 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-03-18 12:10 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-03-18 12:10 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-03-17 09:44 . 2010-03-17 09:44 -------- d-----w- C:\PerfLogs
2010-03-17 05:16 . 2010-02-12 10:49 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-13 09:25 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-13 09:25 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-13 09:25 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-26 05:41 . 2010-02-26 05:41 96896 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2010-02-26 05:41 . 2010-02-26 05:41 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-02-26 05:39 . 2010-02-26 05:39 133512 ----a-w- c:\windows\system32\drivers\eamonm.sys
2010-02-24 05:34 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 05:33 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 05:33 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 05:33 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 05:33 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 05:33 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 05:33 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 05:33 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 05:33 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 05:33 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-23 17:00 . 2008-05-13 06:32 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-23 16:53 . 2007-01-08 21:12 598838 ----a-w- c:\windows\system32\perfh005.dat
2010-03-23 16:53 . 2007-01-08 21:12 115014 ----a-w- c:\windows\system32\perfc005.dat
2010-03-23 16:33 . 2010-03-23 16:33 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-03-23 16:33 . 2010-03-23 16:33 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-03-23 15:08 . 2008-05-13 14:48 -------- d-----w- c:\program files\ESET
2010-03-23 14:43 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-03-23 14:33 . 2010-03-23 14:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-03-23 14:31 . 2010-03-23 14:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-03-22 13:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-03-22 13:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-22 13:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-03-22 13:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-03-22 13:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-03-22 13:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-03-22 13:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-03-22 12:58 . 2010-03-22 12:58 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-03-22 12:54 . 2009-11-16 13:11 -------- d-----w- c:\users\Stanislav Brunclik\AppData\Roaming\Skype
2010-03-22 12:51 . 2008-05-13 06:04 -------- d-----w- c:\program files\Yahoo!
2010-03-22 12:50 . 2009-11-16 13:11 -------- d-----r- c:\program files\Skype
2010-03-22 12:45 . 2008-12-04 14:10 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-22 12:30 . 2009-04-01 13:04 -------- d-----w- c:\program files\Java
2010-03-22 12:09 . 2010-03-22 12:09 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-03-22 07:05 . 2009-11-16 13:15 -------- d-----w- c:\users\Stanislav Brunclik\AppData\Roaming\skypePM
2010-03-17 09:20 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-03-17 09:20 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-03-13 09:28 . 2008-05-15 10:43 -------- d-----w- c:\programdata\Microsoft Help
2010-02-24 10:23 . 2008-05-13 06:05 100432 ----a-w- c:\users\Stanislav Brunclik\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 09:16 . 2009-10-03 16:08 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-13 07:35 . 2009-01-09 09:42 -------- d-----w- c:\users\Stanislav Brunclik\AppData\Roaming\Canon
2010-02-10 14:55 . 2009-06-05 08:26 -------- d-----w- c:\program files\Google
2010-02-04 02:03 . 2008-05-15 10:47 -------- d-----w- c:\program files\Microsoft Works
2010-01-06 15:38 . 2010-03-23 06:18 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-03-23 06:18 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-03-23 06:18 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-03-23 06:18 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-03-23 3037696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-01 835584]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 4468736]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-04-20 404248]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-26 677408]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 502568]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-09-14 789000]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Bio-Protection fingerprint solution\PdtWzd.exe" [2008-05-13 3870208]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-06-13 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-22 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-02-26 2140880]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-5-13 1208320]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-10-27 535336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-05-13 07:03 2869760 ----a-w- c:\program files\Acer\Bio-Protection fingerprint solution\WinNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2007-05-03 10:40 331264 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):24,b5,9c,e8,c0,c9,ca,01
R2 gupdate1c9e5b7a1ea9110;Služba Google Update (gupdate1c9e5b7a1ea9110);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-05 133104]
R3 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-02-26 133512]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2007-04-02 39680]
S0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2007-04-02 35712]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-02-26 114984]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-03-23 142592]
S2 atchksrv;Intel(R) Active Management Technology System Status Service;c:\program files\Intel\AMT\atchksrv.exe [2007-04-20 183064]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-02-26 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-02-26 96896]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2007-04-20 1489688]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\DRIVERS\Axtmvflt.sys [2007-03-22 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\DRIVERS\Axtmvmdm.sys [2007-03-26 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\Drivers\Axtmvprt.sys [2007-03-26 38784]
S3 ITEIRDA;ITE Infrared Device Driver;c:\windows\system32\DRIVERS\ITEirda.sys [2007-04-28 23552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2010-03-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-05 08:26]
2010-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-05 08:28]
2010-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-05 08:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://cs.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-23 18:02
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(5800)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\windows\system32\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\SPBA\upeksvr.exe
c:\program files\Acer\Bio-Protection fingerprint solution\CompPtcVUI.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\windows\system32\ifxtcs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\AMT\LMS.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\O2Micro Oz128 Driver\o2flash.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\windows\system32\WUDFHost.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\system32\ifxuagui.exe
c:\program files\Launch Manager\LManager.exe
c:\acer\Empowering Technology\ENET\ENMTRAY.EXE
c:\program files\Infineon\Security Platform Software\SpTna.exe
c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE
c:\users\STANIS~1\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\Acer\Bio-Protection fingerprint solution\FPLaunch.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Celkový čas: 2010-03-23 18:10:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-23 17:10
Před spuštěním: Volných bajtů: 62 699 532 288
Po spuštění: Volných bajtů: 62 116 593 664
- - End Of File - - 976B72257BF476E97FF970ED5BC42210
spustil jsem CClean, spybot S&D a projel PC online testem na stránkách Esetu. nic to nenašlo.
Toto je log z Combofix, prosím o radu co dál... Děkuji předem
ComboFix 10-03-22.02 - Stanislav Brunclik 23.03.2010 17:54:55.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.420.1029.18.3069.1800 [GMT 1:00]
Spuštěný z: c:\users\Stanislav Brunclik\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\desktop.ini
C:\Internet Explorer.lnk
c:\users\Stanislav Brunclik\Documents\cc_20100323_152501.reg
c:\windows\system32\Connect.dll
c:\windows\system32\ReadMe.txt
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-23 do 2010-03-23 )))))))))))))))))))))))))))))))
.
2010-03-23 17:00 . 2010-03-23 17:04 -------- d-----w- c:\users\Stanislav Brunclik\AppData\Local\temp
2010-03-23 17:00 . 2010-03-23 17:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-23 16:33 . 2010-03-23 16:33 -------- d-----w- c:\program files\Crawler
2010-03-23 16:33 . 2010-03-23 16:33 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-03-23 16:33 . 2010-03-23 16:39 -------- d-----w- c:\users\Stanislav Brunclik\AppData\Roaming\Spyware Terminator
2010-03-23 16:33 . 2010-03-23 16:47 -------- d-----w- c:\programdata\Spyware Terminator
2010-03-23 16:33 . 2010-03-23 16:47 -------- d-----w- c:\program files\Spyware Terminator
2010-03-23 14:55 . 2010-03-23 14:59 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-23 14:55 . 2010-03-23 14:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-23 14:43 . 2010-03-23 14:43 -------- d-----w- c:\program files\Windows Portable Devices
2010-03-23 14:29 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-03-23 14:29 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-03-23 14:29 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-03-23 14:27 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-03-23 14:27 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-03-23 14:27 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-03-23 14:22 . 2010-03-23 14:22 -------- d-----w- c:\program files\CCleaner
2010-03-23 06:18 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-03-23 06:18 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-03-23 06:18 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-03-22 13:01 . 2010-03-22 13:02 -------- d-----w- c:\windows\system32\ca-ES
2010-03-22 13:01 . 2010-03-22 13:02 -------- d-----w- c:\windows\system32\eu-ES
2010-03-22 13:01 . 2010-03-22 13:02 -------- d-----w- c:\windows\system32\vi-VN
2010-03-22 12:52 . 2010-03-22 12:52 -------- d-----w- c:\program files\Common Files\Skype
2010-03-22 12:31 . 2010-03-22 12:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-22 12:29 . 2010-03-22 12:29 -------- d-----w- c:\windows\system32\EventProviders
2010-03-19 02:03 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-03-18 12:13 . 2009-04-11 06:28 1381376 ----a-w- c:\windows\system32\Query.dll
2010-03-18 12:12 . 2009-04-11 06:32 53224 ----a-w- c:\windows\system32\drivers\termdd.sys
2010-03-18 12:11 . 2009-04-11 06:28 91136 ----a-w- c:\windows\system32\rdpendp.dll
2010-03-18 12:10 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-03-18 12:10 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-03-18 12:10 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-03-17 09:44 . 2010-03-17 09:44 -------- d-----w- C:\PerfLogs
2010-03-17 05:16 . 2010-02-12 10:49 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-13 09:25 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-13 09:25 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-13 09:25 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-26 05:41 . 2010-02-26 05:41 96896 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2010-02-26 05:41 . 2010-02-26 05:41 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-02-26 05:39 . 2010-02-26 05:39 133512 ----a-w- c:\windows\system32\drivers\eamonm.sys
2010-02-24 05:34 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 05:33 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 05:33 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 05:33 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 05:33 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 05:33 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 05:33 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 05:33 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 05:33 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 05:33 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-23 17:00 . 2008-05-13 06:32 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-23 16:53 . 2007-01-08 21:12 598838 ----a-w- c:\windows\system32\perfh005.dat
2010-03-23 16:53 . 2007-01-08 21:12 115014 ----a-w- c:\windows\system32\perfc005.dat
2010-03-23 16:33 . 2010-03-23 16:33 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-03-23 16:33 . 2010-03-23 16:33 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-03-23 15:08 . 2008-05-13 14:48 -------- d-----w- c:\program files\ESET
2010-03-23 14:43 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-03-23 14:33 . 2010-03-23 14:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-03-23 14:31 . 2010-03-23 14:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-03-22 13:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-03-22 13:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-22 13:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-03-22 13:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-03-22 13:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-03-22 13:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-03-22 13:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-03-22 12:58 . 2010-03-22 12:58 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-03-22 12:54 . 2009-11-16 13:11 -------- d-----w- c:\users\Stanislav Brunclik\AppData\Roaming\Skype
2010-03-22 12:51 . 2008-05-13 06:04 -------- d-----w- c:\program files\Yahoo!
2010-03-22 12:50 . 2009-11-16 13:11 -------- d-----r- c:\program files\Skype
2010-03-22 12:45 . 2008-12-04 14:10 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-22 12:30 . 2009-04-01 13:04 -------- d-----w- c:\program files\Java
2010-03-22 12:09 . 2010-03-22 12:09 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-03-22 07:05 . 2009-11-16 13:15 -------- d-----w- c:\users\Stanislav Brunclik\AppData\Roaming\skypePM
2010-03-17 09:20 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-03-17 09:20 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-03-13 09:28 . 2008-05-15 10:43 -------- d-----w- c:\programdata\Microsoft Help
2010-02-24 10:23 . 2008-05-13 06:05 100432 ----a-w- c:\users\Stanislav Brunclik\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 09:16 . 2009-10-03 16:08 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-13 07:35 . 2009-01-09 09:42 -------- d-----w- c:\users\Stanislav Brunclik\AppData\Roaming\Canon
2010-02-10 14:55 . 2009-06-05 08:26 -------- d-----w- c:\program files\Google
2010-02-04 02:03 . 2008-05-15 10:47 -------- d-----w- c:\program files\Microsoft Works
2010-01-06 15:38 . 2010-03-23 06:18 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-03-23 06:18 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-03-23 06:18 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-03-23 06:18 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-03-23 3037696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-01 835584]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 4468736]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-04-20 404248]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-26 677408]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 502568]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-09-14 789000]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Bio-Protection fingerprint solution\PdtWzd.exe" [2008-05-13 3870208]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-06-13 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-22 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-02-26 2140880]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-5-13 1208320]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-10-27 535336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-05-13 07:03 2869760 ----a-w- c:\program files\Acer\Bio-Protection fingerprint solution\WinNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2007-05-03 10:40 331264 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):24,b5,9c,e8,c0,c9,ca,01
R2 gupdate1c9e5b7a1ea9110;Služba Google Update (gupdate1c9e5b7a1ea9110);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-05 133104]
R3 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-02-26 133512]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2007-04-02 39680]
S0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2007-04-02 35712]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-02-26 114984]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-03-23 142592]
S2 atchksrv;Intel(R) Active Management Technology System Status Service;c:\program files\Intel\AMT\atchksrv.exe [2007-04-20 183064]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-02-26 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-02-26 96896]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2007-04-20 1489688]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\DRIVERS\Axtmvflt.sys [2007-03-22 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\DRIVERS\Axtmvmdm.sys [2007-03-26 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\Drivers\Axtmvprt.sys [2007-03-26 38784]
S3 ITEIRDA;ITE Infrared Device Driver;c:\windows\system32\DRIVERS\ITEirda.sys [2007-04-28 23552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2010-03-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-05 08:26]
2010-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-05 08:28]
2010-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-05 08:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://cs.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-23 18:02
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(5800)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\windows\system32\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\SPBA\upeksvr.exe
c:\program files\Acer\Bio-Protection fingerprint solution\CompPtcVUI.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\windows\system32\ifxtcs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\AMT\LMS.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\O2Micro Oz128 Driver\o2flash.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\windows\system32\WUDFHost.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\system32\ifxuagui.exe
c:\program files\Launch Manager\LManager.exe
c:\acer\Empowering Technology\ENET\ENMTRAY.EXE
c:\program files\Infineon\Security Platform Software\SpTna.exe
c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE
c:\users\STANIS~1\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\Acer\Bio-Protection fingerprint solution\FPLaunch.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Celkový čas: 2010-03-23 18:10:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-23 17:10
Před spuštěním: Volných bajtů: 62 699 532 288
Po spuštění: Volných bajtů: 62 116 593 664
- - End Of File - - 976B72257BF476E97FF970ED5BC42210