Re: VIRUS RECYCLER NA PAMETOVCE
Napsal: 25 črc 2012 14:35
Tak tady to je, ještě se po restartu PC nahrával nějaký soubor malware k analýze:
ComboFix 12-07-08.01 - Monika 25.07.2012 15:15:44.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.570 [GMT 2:00]
Spuštěný z: c:\documents and settings\Monika\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Monika\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
file zipped: c:\\Documents and Settings\\Monika\\Data aplikací\\Bwtstt.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.1267214146
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-25 do 2012-07-25 )))))))))))))))))))))))))))))))
.
.
2012-07-17 07:36 . 2012-07-18 12:48 -------- d-----w- c:\program files\Red Alert 2 Yuri's Revenge
2012-07-01 10:36 . 2012-07-01 10:36 207977 ---ha-w- c:\documents and settings\Monika\Data aplikací\Bwtstt.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 15:10 . 2012-04-05 15:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 15:10 . 2011-05-14 12:37 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-16 13:19 . 2012-06-16 12:09 2004 ----a-w- C:\UsbFix_Upload_Me_MONIKA-PC.zip
2012-06-16 10:57 . 2012-06-16 10:58 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-16 10:57 . 2012-06-16 10:58 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-16 10:57 . 2010-05-12 16:26 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-13 13:55 . 2006-03-02 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2008-04-14 03:21 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:35 . 2010-08-24 07:18 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2006-03-02 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2010-02-26 20:36 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2010-02-26 20:36 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2010-02-26 19:50 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2010-02-26 19:50 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2010-02-26 19:50 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2010-02-26 20:36 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2010-02-26 20:36 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2010-02-26 20:36 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2010-02-26 19:50 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2010-02-26 19:50 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2006-03-02 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2010-02-26 19:50 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2010-02-26 19:50 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2010-08-24 07:18 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2010-08-24 07:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2006-03-02 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:44 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:44 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 03:14 . 2006-03-02 12:00 2194816 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2004-08-17 15:45 2071296 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2010-02-26 19:48 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-18 06:50 . 2011-03-22 18:50 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-08_15.06.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-25 13:27 . 2012-07-25 13:27 16384 c:\windows\Temp\Perflib_Perfdata_28c.dat
+ 2012-07-12 15:10 . 2012-07-12 15:10 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe
+ 2012-07-12 14:11 . 2012-07-12 14:11 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
+ 2012-07-12 14:11 . 2012-07-12 14:11 465096 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.dll
+ 2012-04-05 15:51 . 2012-07-12 15:10 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-04-05 15:51 . 2012-06-25 13:10 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2010-02-26 20:38 . 2012-07-11 14:42 210488 c:\windows\system32\FNTCACHE.DAT
- 2010-02-26 20:38 . 2012-06-14 19:10 210488 c:\windows\system32\FNTCACHE.DAT
+ 2009-06-25 08:27 . 2012-06-04 04:32 152576 c:\windows\system32\dllcache\schannel.dll
- 2010-02-26 19:50 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
+ 2010-02-26 19:50 . 2012-05-28 18:16 536576 c:\windows\system32\dllcache\msado15.dll
+ 2012-07-16 09:13 . 2012-07-16 09:13 371272 c:\windows\Installer\{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}\SkypeIcon.exe
- 2011-06-17 12:43 . 2011-06-17 12:43 371272 c:\windows\Installer\{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}\SkypeIcon.exe
+ 2006-03-02 12:00 . 2012-06-08 14:25 8466944 c:\windows\system32\shell32.dll
+ 2012-07-12 15:10 . 2012-07-12 15:10 9465032 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
+ 2009-08-14 15:15 . 2012-06-13 13:55 1866112 c:\windows\system32\dllcache\win32k.sys
+ 2008-06-17 19:02 . 2012-06-08 14:25 8466944 c:\windows\system32\dllcache\shell32.dll
+ 2008-04-14 03:21 . 2012-06-05 15:49 1372672 c:\windows\system32\dllcache\msxml6.dll
- 2008-04-14 03:21 . 2009-07-31 09:05 1372672 c:\windows\system32\dllcache\msxml6.dll
- 2010-02-26 20:44 . 2010-06-14 07:43 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2010-02-26 20:44 . 2012-06-05 15:49 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2010-02-26 22:32 . 2012-07-11 14:38 57442464 c:\windows\system32\MRT.exe
+ 2012-06-15 15:44 . 2012-07-25 13:26 492591136 c:\windows\system32\drivers\fidbox.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\windows\system32\qttask.exe" [2010-02-26 98304]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-31 2145000]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Data aplikací\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Hlavní panel ATI CATALYST.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Hlavní panel ATI CATALYST.lnk
backup=c:\windows\pss\Hlavní panel ATI CATALYST.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-09-25 07:12 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-06-28 20:05 344064 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
2004-06-11 03:15 83968 ----a-r- c:\windows\system32\nvraidservice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-26 23:11 98304 ----a-w- c:\windows\system32\qttask.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Red Alert 2 Yuri's Revenge\\gamemd.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13309:TCP"= 13309:TCP:BitComet 13309 TCP
"13309:UDP"= 13309:UDP:BitComet 13309 UDP
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [31.3.2010 8:22 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [31.3.2010 8:23 95872]
R1 is-D72FGdrv;is-D72FGdrv;c:\windows\system32\drivers\24392970.sys [16.6.2012 14:40 148496]
R1 is-SGD7Ddrv;is-SGD7Ddrv;c:\windows\system32\drivers\87520850.sys [15.6.2012 17:44 148496]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [31.3.2010 8:23 810120]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18.1.2012 18:49 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18.1.2012 18:49 22216]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5.4.2012 17:51 250056]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [20.1.2011 19:18 13224]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [30.4.2012 9:55 113120]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 15:10]
.
2012-07-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-725345543-1993962763-2147133589-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2012-03-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-725345543-1993962763-2147133589-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:reklama@europrinty.eu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.0&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-25 15:28
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3424)
c:\documents and settings\All Users\Data aplikací\Anti-phishing Domain Advisor\visicom_antiphishing.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2012-07-25 15:32:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-07-25 13:32
ComboFix2.txt 2012-07-25 06:23
ComboFix3.txt 2012-07-08 15:10
.
Před spuštěním: 232 693 760
Po spuštění: 215 285 760
.
- - End Of File - - 17D03857F7FB810F596619D3AB5EF026
Nahr nˇ probŘhlo ŁspŘçnŘ
ComboFix 12-07-08.01 - Monika 25.07.2012 15:15:44.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.570 [GMT 2:00]
Spuštěný z: c:\documents and settings\Monika\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Monika\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
file zipped: c:\\Documents and Settings\\Monika\\Data aplikací\\Bwtstt.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.1267214146
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-25 do 2012-07-25 )))))))))))))))))))))))))))))))
.
.
2012-07-17 07:36 . 2012-07-18 12:48 -------- d-----w- c:\program files\Red Alert 2 Yuri's Revenge
2012-07-01 10:36 . 2012-07-01 10:36 207977 ---ha-w- c:\documents and settings\Monika\Data aplikací\Bwtstt.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 15:10 . 2012-04-05 15:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 15:10 . 2011-05-14 12:37 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-16 13:19 . 2012-06-16 12:09 2004 ----a-w- C:\UsbFix_Upload_Me_MONIKA-PC.zip
2012-06-16 10:57 . 2012-06-16 10:58 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-16 10:57 . 2012-06-16 10:58 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-16 10:57 . 2010-05-12 16:26 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-13 13:55 . 2006-03-02 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2008-04-14 03:21 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:35 . 2010-08-24 07:18 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2006-03-02 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2010-02-26 20:36 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2010-02-26 20:36 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2010-02-26 19:50 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2010-02-26 19:50 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2010-02-26 19:50 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2010-02-26 20:36 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2010-02-26 20:36 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2010-02-26 20:36 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2010-02-26 19:50 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2010-02-26 19:50 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2006-03-02 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2010-02-26 19:50 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2010-02-26 19:50 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2010-08-24 07:18 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2010-08-24 07:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2006-03-02 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:44 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:44 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 03:14 . 2006-03-02 12:00 2194816 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2004-08-17 15:45 2071296 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2010-02-26 19:48 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-18 06:50 . 2011-03-22 18:50 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-08_15.06.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-25 13:27 . 2012-07-25 13:27 16384 c:\windows\Temp\Perflib_Perfdata_28c.dat
+ 2012-07-12 15:10 . 2012-07-12 15:10 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe
+ 2012-07-12 14:11 . 2012-07-12 14:11 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
+ 2012-07-12 14:11 . 2012-07-12 14:11 465096 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.dll
+ 2012-04-05 15:51 . 2012-07-12 15:10 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-04-05 15:51 . 2012-06-25 13:10 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2010-02-26 20:38 . 2012-07-11 14:42 210488 c:\windows\system32\FNTCACHE.DAT
- 2010-02-26 20:38 . 2012-06-14 19:10 210488 c:\windows\system32\FNTCACHE.DAT
+ 2009-06-25 08:27 . 2012-06-04 04:32 152576 c:\windows\system32\dllcache\schannel.dll
- 2010-02-26 19:50 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
+ 2010-02-26 19:50 . 2012-05-28 18:16 536576 c:\windows\system32\dllcache\msado15.dll
+ 2012-07-16 09:13 . 2012-07-16 09:13 371272 c:\windows\Installer\{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}\SkypeIcon.exe
- 2011-06-17 12:43 . 2011-06-17 12:43 371272 c:\windows\Installer\{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}\SkypeIcon.exe
+ 2006-03-02 12:00 . 2012-06-08 14:25 8466944 c:\windows\system32\shell32.dll
+ 2012-07-12 15:10 . 2012-07-12 15:10 9465032 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
+ 2009-08-14 15:15 . 2012-06-13 13:55 1866112 c:\windows\system32\dllcache\win32k.sys
+ 2008-06-17 19:02 . 2012-06-08 14:25 8466944 c:\windows\system32\dllcache\shell32.dll
+ 2008-04-14 03:21 . 2012-06-05 15:49 1372672 c:\windows\system32\dllcache\msxml6.dll
- 2008-04-14 03:21 . 2009-07-31 09:05 1372672 c:\windows\system32\dllcache\msxml6.dll
- 2010-02-26 20:44 . 2010-06-14 07:43 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2010-02-26 20:44 . 2012-06-05 15:49 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2010-02-26 22:32 . 2012-07-11 14:38 57442464 c:\windows\system32\MRT.exe
+ 2012-06-15 15:44 . 2012-07-25 13:26 492591136 c:\windows\system32\drivers\fidbox.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\windows\system32\qttask.exe" [2010-02-26 98304]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-31 2145000]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Data aplikací\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Hlavní panel ATI CATALYST.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Hlavní panel ATI CATALYST.lnk
backup=c:\windows\pss\Hlavní panel ATI CATALYST.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-09-25 07:12 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-06-28 20:05 344064 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
2004-06-11 03:15 83968 ----a-r- c:\windows\system32\nvraidservice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-26 23:11 98304 ----a-w- c:\windows\system32\qttask.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Red Alert 2 Yuri's Revenge\\gamemd.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13309:TCP"= 13309:TCP:BitComet 13309 TCP
"13309:UDP"= 13309:UDP:BitComet 13309 UDP
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [31.3.2010 8:22 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [31.3.2010 8:23 95872]
R1 is-D72FGdrv;is-D72FGdrv;c:\windows\system32\drivers\24392970.sys [16.6.2012 14:40 148496]
R1 is-SGD7Ddrv;is-SGD7Ddrv;c:\windows\system32\drivers\87520850.sys [15.6.2012 17:44 148496]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [31.3.2010 8:23 810120]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18.1.2012 18:49 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18.1.2012 18:49 22216]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5.4.2012 17:51 250056]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [20.1.2011 19:18 13224]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [30.4.2012 9:55 113120]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 15:10]
.
2012-07-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-725345543-1993962763-2147133589-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2012-03-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-725345543-1993962763-2147133589-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:reklama@europrinty.eu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Monika\Data aplikací\Mozilla\Firefox\Profiles\8vlckoor.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.0&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-25 15:28
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3424)
c:\documents and settings\All Users\Data aplikací\Anti-phishing Domain Advisor\visicom_antiphishing.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2012-07-25 15:32:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-07-25 13:32
ComboFix2.txt 2012-07-25 06:23
ComboFix3.txt 2012-07-08 15:10
.
Před spuštěním: 232 693 760
Po spuštění: 215 285 760
.
- - End Of File - - 17D03857F7FB810F596619D3AB5EF026
Nahr nˇ probŘhlo ŁspŘçnŘ