Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2558.2228 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jan Holík\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jan Holík\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_mailKmd
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-15 do 2010-11-15 )))))))))))))))))))))))))))))))
.
2010-11-14 17:48 . 2010-11-14 17:48 -------- d-----w- c:\documents and settings\Jan Holík\Data aplikací\Malwarebytes
2010-11-14 17:48 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-14 17:48 . 2010-11-14 17:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-14 17:48 . 2010-11-14 17:48 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-11-14 17:48 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-14 16:47 . 2010-11-14 21:32 -------- d-----w- C:\QIP Infium bz™Pack
2010-11-14 11:36 . 2010-11-14 11:36 -------- d-----w- c:\program files\trend micro
2010-11-14 11:36 . 2010-11-14 11:36 -------- d-----w- C:\rsit
2010-11-13 21:46 . 2010-11-13 22:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-13 21:46 . 2010-11-13 22:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-11-03 16:43 . 2009-02-13 19:02 11520 ----a-r- c:\windows\system32\drivers\wdcsam.sys
2010-11-01 20:06 . 2010-11-01 20:08 -------- d-----w- c:\program files\ConBuilder
2010-10-28 12:01 . 2010-10-28 12:01 -------- d-----w- c:\windows\system32\XPSViewer
2010-10-28 12:01 . 2010-10-28 12:01 -------- d-----w- c:\program files\MSBuild
2010-10-28 12:00 . 2010-10-28 12:00 -------- d-----w- c:\program files\Reference Assemblies
2010-10-28 12:00 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-10-28 12:00 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-10-28 12:00 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-10-28 12:00 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-10-28 12:00 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-10-28 12:00 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-10-28 12:00 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-10-28 12:00 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-10-28 12:00 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-10-28 11:47 . 2010-10-28 11:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Canneverbe Limited
2010-10-28 11:46 . 2010-10-28 11:47 -------- d-----w- C:\cdBurnerXp
2010-10-28 11:13 . 2010-10-28 11:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple Computer
2010-10-28 11:13 . 2010-03-17 20:53 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-10-28 11:13 . 2010-03-17 20:53 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-10-28 11:13 . 2010-03-17 20:53 180224 ----a-w- c:\windows\system32\QTCF.dll
2010-10-28 11:13 . 2010-10-28 11:14 -------- d-----w- c:\program files\QuickTime Alternative
2010-10-25 18:07 . 2010-10-25 18:07 -------- d-----w- c:\documents and settings\Jan Holík\Data aplikací\Sync App Settings
2010-10-25 18:07 . 2010-10-25 18:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sync App Settings
2010-10-25 18:07 . 2010-10-25 18:07 -------- d-----w- c:\program files\Allway Sync
2010-10-25 17:52 . 2010-10-25 18:05 -------- d-----w- c:\documents and settings\Jan Holík\Data aplikací\Western Digital
2010-10-25 17:52 . 2010-10-25 17:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Western Digital
2010-10-25 17:52 . 2010-10-25 17:52 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ServiceTest
2010-10-21 16:06 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-10-21 16:06 . 2010-01-17 15:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
2010-10-21 16:06 . 2006-10-18 18:05 232448 ----a-w- c:\windows\system32\mp3fhg.acm
2010-10-21 16:06 . 2010-10-18 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-10-21 16:06 . 2010-06-08 16:10 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-10-21 16:06 . 2010-06-08 16:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-10-21 16:06 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-10-19 20:06 . 2010-10-19 20:06 -------- d-----w- c:\program files\Kodek CZ
2010-10-19 19:13 . 2007-06-11 12:25 41856 ----a-w- c:\windows\system32\drivers\tosrfusb.sys
2010-10-19 19:13 . 2007-04-24 11:20 113920 ----a-w- c:\windows\system32\drivers\tosrfbd.sys
2010-10-19 19:13 . 2007-03-01 14:53 73728 ----a-w- c:\windows\system32\drivers\Tosrfhid.sys
2010-10-19 19:13 . 2007-01-22 08:43 53376 ----a-w- c:\windows\system32\drivers\TosRfSnd.sys
2010-10-19 19:13 . 2006-11-20 15:55 36480 ----a-w- c:\windows\system32\drivers\tosrfbnp.sys
2010-10-19 19:13 . 2005-01-07 03:42 18612 ----a-w- c:\windows\system32\drivers\tosrfnds.sys
2010-10-19 19:13 . 2007-05-24 12:27 64000 ----a-w- c:\windows\system32\drivers\tosrfcom.sys
2010-10-19 19:13 . 2006-10-10 17:33 41600 ----a-w- c:\windows\system32\drivers\tosporte.sys
2010-10-19 19:12 . 2010-10-19 19:12 -------- d-----w- c:\program files\Toshiba
2010-10-19 19:03 . 2010-10-19 19:03 -------- d-----w- c:\documents and settings\Jan Holík\Data aplikací\TOSHIBA
2010-10-19 18:59 . 2008-04-14 06:52 152064 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2010-10-19 18:59 . 2008-04-14 06:52 152064 ----a-w- c:\windows\system32\irftp.exe
2010-10-19 18:59 . 2008-04-14 06:52 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-10-19 18:59 . 2008-04-14 06:52 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-10-19 18:59 . 2008-04-14 06:51 27648 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2010-10-19 18:59 . 2008-04-14 06:51 27648 ----a-w- c:\windows\system32\irmon.dll
2010-10-17 12:29 . 2010-10-17 12:29 -------- d-----w- c:\program files\IrfanView
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-06 16:58 . 2010-10-06 16:58 737280 ----a-w- c:\windows\iun6002.exe
2010-09-18 14:25 . 2010-09-18 14:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-18 14:25 . 2010-09-18 14:25 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-18 14:05 . 2010-09-18 14:05 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-07 15:12 . 2010-09-18 13:56 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-09-18 13:56 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-09-18 13:56 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-09-18 13:56 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-09-18 13:56 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-09-18 13:56 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-09-18 13:56 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-09-18 13:56 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-09-18 13:56 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-11-14_15.33.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-15 17:09 . 2010-11-15 17:09 16384 c:\windows\Temp\Perflib_Perfdata_870.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gmail Notifier.exe"="c:\program files\Gmail Notifier\Gmail Notifier.exe" [2010-10-03 2155520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-16 8495104]
"nwiz"="nwiz.exe" [2007-11-16 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-16 81920]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-22 16236032]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"avast5"="c:\program files\Avast5\avastUI.exe" [2010-09-07 2838912]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-12-14 192512]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [BU]
"Wbutton"="c:\program files\Launch Manager\WButton.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^Jan Holík^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Jan Holík\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KONICA MINOLTA PagePro 1350WStatusDisplay]
2004-11-26 16:21 167936 ----a-w- c:\windows\system32\MSTMON_Q.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Age of Empires II\\empires2.exe"=
"c:\\Program Files\\Age of Empires II\\age2_x1.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Mozilla Firefox 4.0 Beta 6\\plugin-container.exe"=
"d:\\hry\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"d:\\hry\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.9.2010 15:05 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [18.9.2010 14:56 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.9.2010 14:56 17744]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [18.9.2010 15:12 118784]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21.9.2010 16:23 136176]
S2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [22.7.2003 15:44 18848]
S3 flash;flash;c:\windows\system32\drivers\flash.sys [18.9.2010 15:26 8064]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [3.11.2010 17:43 11520]
.
Obsah adresáře 'Naplánované úlohy'
2010-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-21 15:23]
2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-21 15:23]
.
.
------- Doplňkový sken -------
.
uStart Page = https://www.mojebanka.cz/InternetBanking/?L=CS
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: {{67F44070-BF30-43D7-BD5B-71237E821170} - c:\program files\FreshDevices\FreshDownload\fd.exe
FF - ProfilePath - c:\documents and settings\Jan Holík\Data aplikací\Mozilla\Firefox\Profiles\bgyd3rvu.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-15 18:09
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?x???0???\???????0??????????? ??|???|???????|????????L???????XO????F?????????????h?????????????B????? ??|`??|????]??|[?A?????????z?A???H???7~??????F?4^@???????????????A?????????z?A???@?HO??6u@?HO????H???@?XO?????
Wbutton = c:\program files\Launch Manager\WButton.exe?x???0???\???????0??????????? ??|???|???????|????????L???????XO????F?????????????h?????????????B????? ??|`??|????]??|[?A?????????z?A???H???7~??????F?4^@???????????????A?????????z?A???@?HO??6u@?HO????H???@?XO?????
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(4052)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avast5\AvastSvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-11-15 18:12:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-15 17:12
ComboFix2.txt 2010-11-14 15:34
Před spuštěním: 6 259 240 960
Po spuštění: 6 195 564 544
- - End Of File - - A92ECB4DE40C58DCD01D2C823C5A981D
Pořád stejné...
odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)
Přispějete na provoz fóra?