ComboFix 10-08-15.02 - Pepa 16.08.2010 11:04:56.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.997.675 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pepa\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Pepa\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Security Master AV.lnk
c:\documents and settings\Pepa\Plocha\Security Master AV.lnk
c:\documents and settings\Pepa\Recent\ANTIGEN.dll
c:\documents and settings\Pepa\Recent\ANTIGEN.drv
c:\documents and settings\Pepa\Recent\ANTIGEN.exe
c:\documents and settings\Pepa\Recent\ANTIGEN.sys
c:\documents and settings\Pepa\Recent\ANTIGEN.tmp
c:\documents and settings\Pepa\Recent\cb.dll
c:\documents and settings\Pepa\Recent\cb.drv
c:\documents and settings\Pepa\Recent\cb.exe
c:\documents and settings\Pepa\Recent\cb.sys
c:\documents and settings\Pepa\Recent\cb.tmp
c:\documents and settings\Pepa\Recent\cid.dll
c:\documents and settings\Pepa\Recent\cid.drv
c:\documents and settings\Pepa\Recent\cid.exe
c:\documents and settings\Pepa\Recent\cid.sys
c:\documents and settings\Pepa\Recent\cid.tmp
c:\documents and settings\Pepa\Recent\CLSV.dll
c:\documents and settings\Pepa\Recent\CLSV.drv
c:\documents and settings\Pepa\Recent\CLSV.exe
c:\documents and settings\Pepa\Recent\CLSV.sys
c:\documents and settings\Pepa\Recent\CLSV.tmp
c:\documents and settings\Pepa\Recent\DBOLE.dll
c:\documents and settings\Pepa\Recent\DBOLE.drv
c:\documents and settings\Pepa\Recent\DBOLE.exe
c:\documents and settings\Pepa\Recent\DBOLE.sys
c:\documents and settings\Pepa\Recent\DBOLE.tmp
c:\documents and settings\Pepa\Recent\ddv.dll
c:\documents and settings\Pepa\Recent\ddv.drv
c:\documents and settings\Pepa\Recent\ddv.exe
c:\documents and settings\Pepa\Recent\ddv.sys
c:\documents and settings\Pepa\Recent\ddv.tmp
c:\documents and settings\Pepa\Recent\delfile.dll
c:\documents and settings\Pepa\Recent\delfile.drv
c:\documents and settings\Pepa\Recent\delfile.exe
c:\documents and settings\Pepa\Recent\delfile.sys
c:\documents and settings\Pepa\Recent\delfile.tmp
c:\documents and settings\Pepa\Recent\dudl.dll
c:\documents and settings\Pepa\Recent\dudl.drv
c:\documents and settings\Pepa\Recent\dudl.exe
c:\documents and settings\Pepa\Recent\dudl.sys
c:\documents and settings\Pepa\Recent\dudl.tmp
c:\documents and settings\Pepa\Recent\eb.dll
c:\documents and settings\Pepa\Recent\eb.drv
c:\documents and settings\Pepa\Recent\eb.exe
c:\documents and settings\Pepa\Recent\eb.sys
c:\documents and settings\Pepa\Recent\eb.tmp
c:\documents and settings\Pepa\Recent\energy.dll
c:\documents and settings\Pepa\Recent\energy.drv
c:\documents and settings\Pepa\Recent\energy.exe
c:\documents and settings\Pepa\Recent\energy.sys
c:\documents and settings\Pepa\Recent\energy.tmp
c:\documents and settings\Pepa\Recent\exec.dll
c:\documents and settings\Pepa\Recent\exec.drv
c:\documents and settings\Pepa\Recent\exec.exe
c:\documents and settings\Pepa\Recent\exec.sys
c:\documents and settings\Pepa\Recent\exec.tmp
c:\documents and settings\Pepa\Recent\fan.dll
c:\documents and settings\Pepa\Recent\fan.drv
c:\documents and settings\Pepa\Recent\fan.exe
c:\documents and settings\Pepa\Recent\fan.sys
c:\documents and settings\Pepa\Recent\fan.tmp
c:\documents and settings\Pepa\Recent\fix.dll
c:\documents and settings\Pepa\Recent\fix.drv
c:\documents and settings\Pepa\Recent\fix.exe
c:\documents and settings\Pepa\Recent\fix.sys
c:\documents and settings\Pepa\Recent\fix.tmp
c:\documents and settings\Pepa\Recent\FS.dll
c:\documents and settings\Pepa\Recent\FS.drv
c:\documents and settings\Pepa\Recent\FS.exe
c:\documents and settings\Pepa\Recent\FS.sys
c:\documents and settings\Pepa\Recent\FS.tmp
c:\documents and settings\Pepa\Recent\FW.dll
c:\documents and settings\Pepa\Recent\FW.drv
c:\documents and settings\Pepa\Recent\FW.exe
c:\documents and settings\Pepa\Recent\FW.sys
c:\documents and settings\Pepa\Recent\FW.tmp
c:\documents and settings\Pepa\Recent\gid.dll
c:\documents and settings\Pepa\Recent\gid.drv
c:\documents and settings\Pepa\Recent\gid.exe
c:\documents and settings\Pepa\Recent\gid.sys
c:\documents and settings\Pepa\Recent\gid.tmp
c:\documents and settings\Pepa\Recent\grid.dll
c:\documents and settings\Pepa\Recent\grid.drv
c:\documents and settings\Pepa\Recent\grid.exe
c:\documents and settings\Pepa\Recent\grid.sys
c:\documents and settings\Pepa\Recent\grid.tmp
c:\documents and settings\Pepa\Recent\hymt.dll
c:\documents and settings\Pepa\Recent\hymt.drv
c:\documents and settings\Pepa\Recent\hymt.exe
c:\documents and settings\Pepa\Recent\hymt.sys
c:\documents and settings\Pepa\Recent\hymt.tmp
c:\documents and settings\Pepa\Recent\kernel32.dll
c:\documents and settings\Pepa\Recent\kernel32.drv
c:\documents and settings\Pepa\Recent\kernel32.exe
c:\documents and settings\Pepa\Recent\kernel32.sys
c:\documents and settings\Pepa\Recent\kernel32.tmp
c:\documents and settings\Pepa\Recent\pal.dll
c:\documents and settings\Pepa\Recent\pal.drv
c:\documents and settings\Pepa\Recent\pal.exe
c:\documents and settings\Pepa\Recent\pal.sys
c:\documents and settings\Pepa\Recent\pal.tmp
c:\documents and settings\Pepa\Recent\PE.dll
c:\documents and settings\Pepa\Recent\PE.drv
c:\documents and settings\Pepa\Recent\PE.exe
c:\documents and settings\Pepa\Recent\PE.sys
c:\documents and settings\Pepa\Recent\PE.tmp
c:\documents and settings\Pepa\Recent\ppal.dll
c:\documents and settings\Pepa\Recent\ppal.drv
c:\documents and settings\Pepa\Recent\ppal.exe
c:\documents and settings\Pepa\Recent\ppal.sys
c:\documents and settings\Pepa\Recent\ppal.tmp
c:\documents and settings\Pepa\Recent\runddl.dll
c:\documents and settings\Pepa\Recent\runddl.drv
c:\documents and settings\Pepa\Recent\runddl.exe
c:\documents and settings\Pepa\Recent\runddl.sys
c:\documents and settings\Pepa\Recent\runddl.tmp
c:\documents and settings\Pepa\Recent\runddlkey.dll
c:\documents and settings\Pepa\Recent\runddlkey.drv
c:\documents and settings\Pepa\Recent\runddlkey.exe
c:\documents and settings\Pepa\Recent\runddlkey.sys
c:\documents and settings\Pepa\Recent\runddlkey.tmp
c:\documents and settings\Pepa\Recent\SICKBOY.dll
c:\documents and settings\Pepa\Recent\SICKBOY.drv
c:\documents and settings\Pepa\Recent\SICKBOY.exe
c:\documents and settings\Pepa\Recent\SICKBOY.sys
c:\documents and settings\Pepa\Recent\SICKBOY.tmp
c:\documents and settings\Pepa\Recent\sld.dll
c:\documents and settings\Pepa\Recent\sld.drv
c:\documents and settings\Pepa\Recent\sld.exe
c:\documents and settings\Pepa\Recent\sld.sys
c:\documents and settings\Pepa\Recent\sld.tmp
c:\documents and settings\Pepa\Recent\SM.dll
c:\documents and settings\Pepa\Recent\SM.drv
c:\documents and settings\Pepa\Recent\SM.exe
c:\documents and settings\Pepa\Recent\SM.sys
c:\documents and settings\Pepa\Recent\SM.tmp
c:\documents and settings\Pepa\Recent\snl2w.dll
c:\documents and settings\Pepa\Recent\snl2w.drv
c:\documents and settings\Pepa\Recent\snl2w.exe
c:\documents and settings\Pepa\Recent\snl2w.sys
c:\documents and settings\Pepa\Recent\snl2w.tmp
c:\documents and settings\Pepa\Recent\std.dll
c:\documents and settings\Pepa\Recent\std.drv
c:\documents and settings\Pepa\Recent\std.exe
c:\documents and settings\Pepa\Recent\std.sys
c:\documents and settings\Pepa\Recent\std.tmp
c:\documents and settings\Pepa\Recent\tempdoc.dll
c:\documents and settings\Pepa\Recent\tempdoc.drv
c:\documents and settings\Pepa\Recent\tempdoc.exe
c:\documents and settings\Pepa\Recent\tempdoc.sys
c:\documents and settings\Pepa\Recent\tempdoc.tmp
c:\documents and settings\Pepa\Recent\tjd.dll
c:\documents and settings\Pepa\Recent\tjd.drv
c:\documents and settings\Pepa\Recent\tjd.exe
c:\documents and settings\Pepa\Recent\tjd.sys
c:\documents and settings\Pepa\Recent\tjd.tmp
c:\windows\system\oeminfo.ini
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-16 do 2010-08-16 )))))))))))))))))))))))))))))))
.
2010-08-16 08:30 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-16 08:30 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-16 08:11 . 2010-08-16 08:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-16 07:25 . 2010-08-16 07:25 -------- d-----w- C:\_OTM
2010-08-16 06:59 . 2010-08-16 07:00 -------- d-----w- c:\program files\trend micro
2010-08-16 06:59 . 2010-08-16 07:00 -------- d-----w- C:\rsit
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-16 07:30 . 2010-06-15 08:33 -------- d-----w- c:\program files\ICQ7.2
2010-07-26 08:30 . 2008-02-20 11:51 -------- d-----w- c:\program files\ICQToolbar
2010-06-30 12:33 . 2006-03-02 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:19 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:19 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:19 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-24 09:02 . 2006-03-02 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-03-02 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-03-02 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2007-11-26 16:47 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-03 10:20 . 2006-03-02 12:00 47386 ----a-w- c:\windows\system32\perfc005.dat
2010-06-03 10:20 . 2006-03-02 12:00 313244 ----a-w- c:\windows\system32\perfh005.dat
2010-06-02 06:57 . 2007-11-26 16:49 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-02 06:57 . 2007-11-26 16:49 2684 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2008-10-30 09:34 . 2008-10-30 09:34 27550368 ----a-w- c:\program files\setupczepro.exe
2008-10-16 11:38 . 2008-07-16 10:49 18222080 ----a-w- c:\program files\eav_nt32_csy.msi
2008-08-11 17:42 . 2008-08-11 17:09 9660770 ----a-w- c:\program files\webguru-publisher-cms-2.0.4-install.zip
2008-08-11 16:44 . 2008-08-11 16:44 8337533 ----a-w- c:\program files\nvu-1.0-cs-CZ.win32.installer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-08-09 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 16384512]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Documents and Settings\\Pepa\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.9.2009 14:02 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [29.9.2009 14:05 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [29.9.2009 14:03 735960]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [23.7.2009 13:49 246520]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11.6.2010 10:59 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [16.8.2010 10:30 38224]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {41B557F1-9EF1-45F0-A77A-11E0BFAF1B0F} = 62.204.224.2,62.204.224.3
FF - ProfilePath - c:\documents and settings\Pepa\Data aplikací\Mozilla\Firefox\Profiles\j4blexzj.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://
www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-08-16 11:15
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2010-08-16 11:17:46
ComboFix-quarantined-files.txt 2010-08-16 09:17
Před spuštěním: Volných bajtů: 103 144 300 544
Po spuštění: Volných bajtů: 103 102 627 840
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 393444ABF3B22874544F2791CADE51D1
Stahnete na plochu RKill http://download.bleepingcomputer.com/grinler/rkill.com
Nejak se mu nechce 
Přispějete na provoz fóra?