ComboFix 10-12-17.02 - uzivatel 18.12.2010 11:10:53.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2814.1766 [GMT 1:00] Spuštěný z: c:\users\uzivatel\Desktop\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308} SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Ostatní výmazy ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Public\nvsvc32.exe c:\users\uzivatel\AppData\Roaming\.# c:\users\uzivatel\AppData\Roaming\.#\MBX@11D4@1C82990.### c:\users\uzivatel\AppData\Roaming\.#\MBX@11D4@1C829C0.### c:\users\uzivatel\AppData\Roaming\.#\MBX@11D4@1C829F0.### D:\install.exe . ((((((((((((((((((((((((( Soubory vytvořené od 2010-11-18 do 2010-12-18 ))))))))))))))))))))))))))))))) . 2010-12-18 08:13 . 2010-12-18 08:13 -------- d-----w- C:\ATI 2010-12-17 19:17 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll 2010-12-17 19:10 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF1EC382-513C-4FB6-B777-B528D911FA91}\mpengine.dll 2010-12-17 18:43 . 2010-12-18 08:54 -------- d-----w- c:\program files\TuneUp Utilities 2011 2010-12-17 18:42 . 2010-12-17 18:42 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} 2010-12-17 17:27 . 2010-12-17 17:27 -------- d-----w- C:\NVIDIA 2010-12-09 10:47 . 2010-12-09 10:47 12800 ----a-w- c:\program files\Mozilla Firefox\plugins\npwachk.dll . (((((((((((((((((((((((((((((((((((((((( Find3M výpis )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-17 17:18 . 2009-11-28 20:58 737280 ----a-w- c:\windows\iun6002.exe 2010-11-12 17:53 . 2010-05-22 09:30 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-10-19 09:41 . 2009-10-04 08:20 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-09-22 22:32 . 2010-09-22 22:32 301936 ----a-w- c:\windows\WLXPGSS.SCR 2010-09-22 22:21 . 2010-10-21 15:16 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys . (((((((((((((((((((((((((((((((((( Spouštěcí body v registru ))))))))))))))))))))))))))))))))))))))))))))) . . *Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-05-14 16:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000] "Skytel"="Skytel.exe" [2007-11-21 1826816] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912] c:\users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2010-12-09 10:45 74752 ----a-w- c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1868523592-4015847765-3149123062-1000] "EnableNotificationsRef"=dword:00000001 R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-01 691696] S1 aswSP;aswSP; [x] S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768] S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576] S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache getPlusHelper REG_MULTI_SZ getPlusHelper . . ------- Doplňkový sken ------- . uStart Page = hxxp://www.seznam.cz/ mStart Page = hxxp://home.sweetim.com uInternet Settings,ProxyOverride = local IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {FA4F7A77-D250-4AFE-948C-38BB265238FE} = 10.0.0.1 FF - ProfilePath - c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\ngk6dd57.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/ FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard FF - Ext: Fasterfox Lite: FasterFox_Lite@BigRedBrent - %profile%\extensions\FasterFox_Lite@BigRedBrent FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - - WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-18 11:18 Windows 6.0.6002 Service Pack 2 NTFS skenování skrytých procesů ... skenování skrytých položek 'Po spuštění' ... skenování skrytých souborů ... sken byl úspešně dokončen skryté soubory: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl" . --------------------- ZAMKNUTÉ KLÍČE V REGISTRU --------------------- [HKEY_USERS\S-1-5-21-1868523592-4015847765-3149123062-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:f4,cf,b5,aa,0d,8c,4a,82,b2,ac,8d,52,86,f4,20,69,ff,f8,f8,27,51,86,a9, c5,0c,02,cc,56,73,db,dd,5b,b9,c0,1c,f1,c6,ee,6e,23,56,28,41,16,05,bf,2d,72,\ "??"=hex:d3,72,a1,5e,fc,8f,be,f0,cd,c7,54,ae,4e,50,d5,14 [HKEY_USERS\S-1-5-21-1868523592-4015847765-3149123062-1000\Software\SecuROM\License information*] "datasecu"=hex:bc,d2,12,1b,6a,20,06,12,a6,2c,55,34,e6,32,e7,41,e7,74,ce,74,e7, fb,2c,41,a9,c4,68,0e,37,5f,f5,fc,0d,c5,50,89,58,6f,74,7e,96,66,81,85,4a,2c,\ "rkeysecu"=hex:23,a3,af,54,bb,74,ae,3e,82,c9,ef,fd,02,56,63,8b [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Celkový čas: 2010-12-18 11:20:56 ComboFix-quarantined-files.txt 2010-12-18 10:20 Před spuštěním: Volných bajtů: 19 232 374 784 Po spuštění: Volných bajtů: 19 279 572 992 Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - 4FBDCA3153C34E3204D9311FD637969A