Dobrý večer, omlouvám se za zdržení.
ComboFix 12-12-14.01 - Spravce 17.12.2012 23:39:45.7.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1242 [GMT 1:00]
Spuštěný z: c:\documents and settings\Spravce\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Spravce\Plocha\CFScript.txt
AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MCHINJDRV
-------\Service_mchInjDrv
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-17 do 2012-12-17 )))))))))))))))))))))))))))))))
.
.
2012-12-17 22:35 . 2012-12-17 22:35 -------- d-----w- c:\program files\Common Files\Skype
2012-12-17 22:35 . 2012-12-17 22:35 -------- d-----r- c:\program files\Skype
2012-12-17 21:13 . 2004-08-30 15:37 286720 ----a-w- c:\windows\vsnpstd2.exe
2012-12-17 21:13 . 2004-06-08 17:25 53248 ----a-w- c:\windows\system32\dsnpstd2.dll
2012-12-17 21:13 . 2004-10-14 16:12 347264 ----a-w- c:\windows\system32\drivers\snpstd2.sys
2012-12-17 21:13 . 2004-09-24 15:24 57344 ----a-w- c:\windows\system32\rsnpstd2.dll
2012-12-17 21:13 . 2004-09-24 12:52 36864 ----a-w- c:\windows\system32\vsnpstd2.dll
2012-12-17 21:13 . 2004-02-16 12:59 61440 ----a-w- c:\windows\system32\csnpstd2.dll
2012-12-17 21:13 . 2004-06-09 15:00 20480 ----a-w- c:\windows\usnpstd2.exe
2012-12-16 09:49 . 2012-12-16 09:49 -------- d-----w- C:\_OTM
2012-12-14 16:20 . 2012-12-14 16:20 -------- d-----w- C:\rsit
2012-12-08 17:10 . 2012-12-08 17:10 -------- d-----w- c:\documents and settings\Spravce\Local Settings\Data aplikací\ESET
2012-11-26 07:54 . 2012-11-26 07:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2012-11-20 12:47 . 2012-11-20 12:47 -------- d-----w- c:\program files\Apple Software Update
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-15 19:34 . 2009-06-06 19:07 900 --sha-w- c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
2012-12-11 18:47 . 2012-03-29 07:07 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-11 18:47 . 2011-05-16 16:10 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-08 07:21 . 2012-10-08 07:21 121216 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2012-10-08 07:21 . 2012-10-08 07:21 104736 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2012-10-08 07:21 . 2012-10-08 07:21 159832 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-01 21:02 . 2012-09-17 07:21 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2012-09-17 07:21 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-09-17 07:21 . 2012-09-17 07:21 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2008-06-25 5625344]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-13 16871936]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-12-31 500208]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 13520896]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-10-23 5074384]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 286720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Alcmtr"=ALCMTR.EXE
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"ioCentre"=c:\genius\ioCentre\gTaskBar.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Game Files\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\mozilla.org\\SeaMonkey\\seamonkey.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Corel\\DVD9\\WinDVD.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Namu6\\Namu6.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"e:\\Game Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.9.2008 17:36 717296]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [8.10.2012 8:21 121216]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8.10.2012 8:21 104736]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [25.7.2010 17:54 12856]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [26.9.2008 2:14 142592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [23.10.2012 17:38 1329304]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 19:09 11032]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [28.5.2011 12:30 218688]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [27.7.2010 21:20 20480]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [27.7.2010 21:20 11520]
R3 gMouUsb16;USB 16-bit Mouse Device Drv;c:\windows\system32\drivers\gMouUsb16.sys [27.7.2010 21:20 9216]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.11.2012 11:21 160944]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [1.11.2012 20:35 89600]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [27.7.2010 21:20 17408]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [7.6.2012 9:47 137600]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys --> c:\windows\system32\drivers\SynasUSB.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 -c--a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-14 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2004\SystemOptimizer.exe [2004-11-09 20:11]
.
2012-12-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 18:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://
www.seznam.cz/
uInternet Connection Wizard,ShellNext = hxxp://
www.sezna.cz/
IE: Download by VersalSoft Internet Download - c:\program files\VersalSoft\InternetDownload\adddownload.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 77.236.192.130 88.86.107.235
FF - ProfilePath - c:\documents and settings\Spravce\Data aplikací\Mozilla\Firefox\Profiles\jdj2bd2r.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://
www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2012-12-17 23:47
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(472)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\RTHDCPL.EXE
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Photodex\ProShowGold\ScsiAccess.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Celkový čas: 2012-12-17 23:51:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-17 22:51
ComboFix2.txt 2012-12-16 15:34
.
Před spuštěním: Volných bajtů: 11.054.256.128
Po spuštění: Volných bajtů: 10.956.431.360
.
- - End Of File - - 4C1695643F972A43AC99424D2E808B0D
Přispějete na provoz fóra?