*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"= "c:\program files\IObit Apps Toolbar\IE\8.8\iobitappsToolbarIE.dll" [2014-02-19 1398592]
.
[HKEY_CLASSES_ROOT\clsid\{03eb0e9c-7a91-4381-a220- 9b52b641cdb1}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
2014-02-19 12:17 1398592 ----a-w- c:\program files\IObit Apps Toolbar\IE\8.8\iobitappsToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"= "c:\program files\IObit Apps Toolbar\IE\8.8\iobitappsToolbarIE.dll" [2014-02-19 1398592]
.
[HKEY_CLASSES_ROOT\clsid\{03eb0e9c-7a91-4381-a220- 9b52b641cdb1}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-27 98304]
"MSStp"="c:\windows\system32\msstp.vbe" [2014-01-19 1419]
"mncvawhSrv"="c:\windows\inf\mncvawh.vbe" [2014-01-19 1342]
"RTHDCPL"="RTHDCPL.EXE" [2013-10-04 20145368]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"LiveUpdate 5"="c:\program files\MSI\Live Update 5\BootStartLiveupdate.exe" [2014-03-05 322544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cu rrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2014-02-26 19:57 3814736 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2014-02-19 20:17 1387328 ----a-w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallp olicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Tunngle\\TnglCtrl.exe"=
"c:\\Program Files\\Tunngle\\Tunngle.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dota 2 beta\\dota.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\War Thunder\\launcher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Hawken\\Binaries\ \Win32\\HawkenGame-Win32-Shipping.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Counter-Strike Global Offensive\\csgo.exe"=
"c:\\Program Files\\EA Games\\Battlefield Play4Free\\BFP4f.exe"=
"c:\\Documents and Settings\\Tomeček\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Activision\\Call of Duty - Black Ops\\BlackOps.exe"=
"c:\\Program Files\\Activision\\Call of Duty - Black Ops\\BlackOpsMP.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallp olicy\standardprofile\GloballyOpenPorts\List]
"3130:TCP"= 3130:TCP:xwfvbcfx
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [7.1.2002 9:33 243128]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [19.2.2014 20:13 807800]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [26.2.2014 9:50 375056]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [19.3.2014 18:36 103040]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [16.3.2014 11:41 7680]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [8.3.2014 19:56 27136]
S2 dnomvv;System Manager;c:\windows\system32\svchost.exe -k netsvcs [28.2.2006 12:00 14336]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [26.2.2014 19:57 1678672]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [21.3.2014 18:33 2151200]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23.10.2013 8:15 172192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfil t.sys [7.3.2014 16:59 1691480]
S3 fpprlehk;fpprlehk;c:\windows\system32\01.tmp [17.3.2014 18:01 4096]
S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]
S3 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [8.3.2014 19:56 758224]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NTIOLIB_1_0_4
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
dnomvv
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2014-03-07 17:52]
.
.
------- Supplementary Scan -------
.
TCP: Interfaces\{2815F065-5CFB-4E11-99E4-CF1350353D0D}: NameServer = 80.87.208.29 80.87.208.166
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-23 16:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ fpprlehk]
"ImagePath"="\??\c:\windows\system32\01.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ dnomvv]
"ServiceDll"="c:\windows\system32\elrqzqek.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(996)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2014-03-23 16:36:05
ComboFix-quarantined-files.txt 2014-03-23 16:36
.
Pre-Run: 144 723 230 720 bytes free
Post-Run: 144 742 334 464 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.
- - End Of File - - DB714F3F0546543BB04AB96C91D54670
8F558EB6672622401DA993E1E865C861
poradna.net
Neregistrovaný Přihlásit Registrovat