ComboFix 10-06-10.04 - JW 11.06.2010 16:11:38.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.446.197 [GMT 1:00]
Spuštěný z: c:\documents and settings\JW\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-11 do 2010-06-11 )))))))))))))))))))))))))))))))
.
2010-06-10 15:21 . 2010-06-10 15:21 -------- d-----w- C:\_OTL
2010-06-10 14:20 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-10 14:20 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-10 14:20 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-10 14:20 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-10 14:20 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-10 14:20 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-10 14:20 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-10 14:18 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-10 14:17 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-10 14:16 . 2010-06-10 14:16 -------- d-----w- c:\program files\Alwil Software
2010-06-10 09:16 . 2010-06-10 09:16 -------- d-----w- c:\program files\CCleaner
2010-06-10 08:59 . 2010-06-10 08:59 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-10 08:57 . 2010-06-10 08:57 -------- d-----w- c:\windows\Motorola
2010-06-10 08:57 . 2010-06-10 08:57 -------- d-----w- c:\program files\SoftMaker Viewer
2010-06-09 14:08 . 2010-06-10 14:37 -------- d-----w- c:\program files\trend micro
2010-06-09 14:08 . 2010-06-09 14:09 -------- d-----w- C:\rsit
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-10 14:29 . 2007-07-13 10:56 -------- d-----w- c:\program files\ESET
2010-06-10 11:15 . 2006-01-26 03:00 549418 ----a-w- c:\windows\system32\perfh005.dat
2010-06-10 11:15 . 2006-01-26 03:00 130830 ----a-w- c:\windows\system32\perfc005.dat
2010-06-10 09:04 . 2007-07-12 12:51 -------- d-----w- c:\program files\uTorrent
2010-06-10 08:57 . 2008-08-22 15:35 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-06-10 08:57 . 2008-03-18 18:22 -------- d-----w- c:\program files\VideoReDoPlus
2010-06-09 13:40 . 2006-01-26 07:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-04 06:48 . 2009-03-17 12:52 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-09 11:53 . 2010-05-09 11:53 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-05-09 11:53 . 2010-05-09 11:53 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-02 08:09 . 2006-01-26 03:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:32 . 2006-01-26 02:59 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:08 . 2006-01-26 03:00 668160 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:08 . 2006-01-26 03:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2008-10-25 11:09 . 2008-10-25 11:08 1851544 ----a-w- c:\program files\install_flash_player.exe
2008-09-14 20:32 . 2008-09-14 20:32 877 ----a-w- c:\program files\SolveigMM Video Splitter.lnk
2008-08-29 08:27 . 2008-08-29 08:27 405746 ----a-w- c:\program files\Diamond Tweak 0.5_English.cab
2008-08-22 15:37 . 2008-08-25 12:27 1161 ----a-w- c:\program files\Windows Mobile Resources.lnk
2008-06-17 17:00 . 2008-06-17 17:00 2391288 ----a-w- c:\program files\SVGView.exe
2008-04-30 09:37 . 2008-04-30 09:37 1793 ----a-w- c:\program files\Microsoft Flight Simulator 2004.lnk
2008-04-30 09:01 . 2008-04-30 09:01 1492 ----a-w- c:\program files\MagicISO.lnk
2008-03-18 18:22 . 2008-03-18 18:22 1544 ----a-w- c:\program files\VideoReDo Plus.lnk
2008-03-18 12:53 . 2008-03-18 12:50 11136896 ----a-w- c:\program files\VideoReDoPlus-2-5-6-512.exe
2008-03-15 11:37 . 2008-03-15 11:37 583 ----a-w- c:\program files\VideoCAM Look.lnk
2008-02-18 17:20 . 2008-02-18 17:20 154348 -c--a-w- c:\program files\ChessGenius_s60_3.sis
2007-12-21 14:35 . 2007-12-21 14:35 830 ----a-w- c:\program files\DVD Audio Ripper 4.lnk
2007-12-21 14:35 . 2007-12-21 14:34 4230820 ----a-w- c:\program files\dvd-audio-ripper.exe
2007-09-16 21:36 . 2007-09-16 21:36 1695 ----a-w- c:\program files\SUPER © Uninstall.lnk
2007-09-16 21:36 . 2007-09-16 21:36 1671 ----a-w- c:\program files\SUPER ©.lnk
2007-09-14 12:31 . 2007-09-14 12:29 9679815 ----a-w- c:\program files\vlc-0.8.6c-win32.exe
2007-08-20 08:21 . 2007-08-20 08:21 1888 ----a-w- c:\program files\3D Home Architect Home Design Deluxe 6.lnk
2007-08-09 14:01 . 2007-08-09 14:01 905 ----a-w- c:\program files\SmartMovie Converter.lnk
2007-08-08 20:55 . 2007-08-08 20:54 295160 ----a-w- c:\program files\fring91.sis
2007-07-31 09:43 . 2007-07-31 09:41 4526458 ----a-w- c:\program files\WinAVI_Video_Converter.exe
2007-07-30 14:53 . 2007-07-30 14:53 676 ----a-w- c:\program files\DVD Shrink 3.2.lnk
2007-07-22 10:40 . 2007-07-22 10:35 2383 ----a-w- c:\program files\Nokia PC Suite.lnk
2007-07-19 17:01 . 2007-07-19 17:01 582776 ----a-w- c:\program files\divx_311alpha.exe
2007-07-13 16:42 . 2007-07-13 16:41 762707 ----a-w- c:\program files\utorrent-setup.exe
2007-07-13 16:40 . 2007-07-13 16:40 122722 ----a-w- c:\program files\cestina_pro_irfanview.exe
2007-07-13 16:35 . 2007-07-13 16:35 1571 ----a-w- c:\program files\IrfanView Thumbnails.lnk
2007-07-13 16:34 . 2007-07-13 16:34 1156096 ----a-w- c:\program files\iview400.exe
2007-07-13 16:32 . 2007-07-13 16:32 1608 ----a-w- c:\program files\Mozilla Firefox.lnk
2007-07-13 16:32 . 2007-07-13 16:32 5822464 ----a-w- c:\program files\Firefox Setup 2.0.0.4.exe
2007-07-12 13:20 . 2007-07-12 13:20 10050902 ----a-w- c:\program files\Codecs6030_allin1.exe
2007-07-12 09:03 . 2007-07-12 09:03 1360 ----a-w- c:\program files\First Steps.lnk
2007-07-04 12:02 . 2007-09-16 21:32 28088805 ----a-w- c:\program files\SUPERsetup.exe
2007-05-28 17:29 . 2007-07-12 12:59 10609152 -c--a-w- c:\program files\abraclassic.exe
2003-02-26 19:55 . 2008-02-16 11:04 1254400 ----a-w- c:\program files\sachy.exe
2002-11-07 18:14 . 2008-02-16 11:04 25628 ----a-w- c:\program files\sachy.hlp
2006-05-03 09:06 . 2007-09-16 21:36 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2007-09-16 21:36 31232 --sha-r- c:\windows\system32\msfDX.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\JW\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-03-21 133104]
"AbacastDistributedOnDemand:11"="c:\documents and settings\JW\Local Settings\Data aplikací\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe" [2009-04-15 54712]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-22 344064]
"SoundMan"="SOUNDMAN.EXE" [2005-08-01 77824]
"SMSERIAL"="sm56hlpr.exe" [2005-07-06 544768]
"PowerManager"="c:\program files\Power Manager\PM.exe" [2005-12-14 159744]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"OdTray.exe"="c:\program files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe" [2005-05-18 1015871]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-07-14 98304]
"iRiver Updater"="\Updater.exe" [2004-07-01 212992]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-06-10 286720]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-06 1848648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
2007-07-12 09:05 106496 ----a-w- c:\windows\system32\odyEvent.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\JW\\Plocha\\aceftp3free.exe"=
"c:\\Program Files\\Messenger\\Msmsgs.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Sprite Software\\Sprite Backup\\spriteservice.exe"=
"c:\\Documents and Settings\\JW\\Local Settings\\Data aplikací\\AbacastDistributedOnDemand\\Node\\11\\AbacastDistributedOnDemand.exe"=
"c:\\Documents and Settings\\JW\\Local Settings\\Data aplikací\\Abacast\\Abaclient2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-09 691696]
S1 aswSP;aswSP; [x]
S1 PVR101Disk;PVR101Disk; [x]
S2 Aladdin SQL Server;Aladdin SQL Server;c:\program files\Aladdin\Aladdin SQL Server\AladdinSQL.exe [2010-03-20 136192]
S2 aswFsBlk;aswFsBlk; [x]
S2 Plánovač automatické aktualizace LiveUpdate;Plánovač automatické aktualizace LiveUpdate;c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 100032]
S3 EKBfltr;ENE Keyboard Controller;c:\windows\system32\DRIVERS\EKBfltr.sys [2005-08-01 5504]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: microsoft.com \office
DPF: {5F509E42-537E-482B-B66C-145BC170054C} - hxxp://sberna.fotostar.cz/snadno-vlozit-fotografie/fs/FotoStarPhotoUploader.dll
DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} - hxxp://asp.photoprintit.de/microsite/11466/defaults/activex/ips/IPSUploader4.cab
FF - ProfilePath - c:\documents and settings\JW\Data aplikací\Mozilla\Firefox\Profiles\yu6zca7o.default\
FF - prefs.js: browser.startup.homepage - hxxp://
www.idnes.cz/
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
SafeBoot-Wdf01000.sys
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-06-11 16:27
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1256)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\odyEvent.dll
.
Celkový čas: 2010-06-11 16:38:39
ComboFix-quarantined-files.txt 2010-06-11 15:38
Před spuštěním: Volných bajtů: 11 683 979 264
Po spuštění: Volných bajtů: 11 652 550 656
Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 9BD19D70A3B70B7405F9ED4F6E4DC0BD