Tady je požadovaný log:
ComboFix 09-02-08.02 - Tomas 2009-02-10 20:52:15.5 - NTFSx86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1535.1261 [GMT 1:00]
Spuštěný z: c:\documents and settings\Tomas\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Tomas\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.0 *On-access scanning enabled* (Updated)
FW: Kerio Personal Firewall *enabled*
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-01-10 do 2009-02-10 )))))))))))))))))))))))))))))))
.
2040-11-09 12:38 . 2005-12-16 12:29 <DIR> d-------- c:\program files\Web Page Maker V2
2010-03-29 21:54 . 2006-12-31 11:35 <DIR> d-------- c:\program files\SlySoft
2009-02-10 11:28 . 2009-02-10 11:40 250 --a------ c:\windows\gmer.ini
2009-02-09 17:55 . 2009-02-09 17:55 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-02-09 17:53 . 2009-02-09 17:53 <DIR> d-------- c:\windows\ERUNT
2009-02-09 17:53 . 2001-08-18 12:00 1,688 --a------ c:\windows\system32\AUTOEXEC.NT
2009-02-09 17:48 . 2009-02-09 18:10 <DIR> d-------- C:\SDFix
2009-02-09 17:24 . 2009-02-09 17:24 <DIR> d-------- c:\documents and settings\Tomas\DoctorWeb
2009-02-09 09:50 . 2009-02-09 09:50 <DIR> d-------- c:\documents and settings\Tomas\Data aplikací\Ashampoo
2009-02-09 09:50 . 2009-02-09 09:50 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ashampoo
2009-01-23 16:02 . 2009-01-23 16:02 <DIR> d-------- c:\program files\QO Developments
2009-01-14 00:09 . 2009-01-14 00:09 1,597,440 --a------ C:\t2fo.d
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 19:49 66,961 ----a-w c:\windows\system32\drivers\fwdrv.err
2009-02-09 20:58 --------- d-----w c:\program files\ESET
2009-02-09 19:05 --------- d-----w c:\program files\SMS
2009-02-09 08:50 --------- d-----w c:\program files\Ashampoo
2009-02-04 16:30 --------- d-----w c:\documents and settings\Tomas\Data aplikací\Canon
2009-01-04 23:13 --------- d-----w c:\documents and settings\Tomas\Data aplikací\Skype
2009-01-04 14:23 --------- d-----w c:\program files\Formica4.40
2009-01-02 10:32 --------- d-----w c:\program files\Google
2009-01-02 00:14 --------- d-----w c:\documents and settings\All Users\Data aplikací\285D
2009-01-01 23:16 --------- d-----w c:\program files\ICQ6.5
2009-01-01 16:46 --------- d-----w c:\documents and settings\Tomas\Data aplikací\Apple Computer
2009-01-01 16:18 --------- d-----w c:\program files\ICQ6
2008-12-31 18:41 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-31 18:41 --------- d-----w c:\program files\Java
2008-12-21 22:56 --------- d-----w c:\documents and settings\All Users\Data aplikací\233B9
2008-12-19 12:30 --------- d-----w c:\documents and settings\All Users\Data aplikací\201D4
2008-12-19 12:06 --------- d-----w c:\documents and settings\All Users\Data aplikací\182AF
2008-12-11 19:00 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-10 14:56 --------- d-----w c:\program files\Common Files\Motive
2008-12-10 14:56 --------- d-----w c:\documents and settings\All Users\Data aplikací\Motive
2008-12-10 11:59 --------- d-----w c:\program files\TO2SAM
2003-07-31 09:53 147,456 -c--a-w c:\windows\inf\EL2K_XP.sys
2003-07-31 09:50 448,768 -c--a-w c:\windows\inf\EL2K_N64.sys
2003-07-31 09:43 147,456 -c--a-w c:\windows\inf\EL2K_2K.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-02-09_22.27.44.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 10:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\10.2.2009\ERDNT.EXE
+ 2009-02-10 10:08:04 7,794,688 ----a-w c:\windows\ERDNT\AutoBackup\10.2.2009\Users\
00000001\ntuser.dat
+ 2009-02-10 10:08:04 176,128 ----a-w c:\windows\ERDNT\AutoBackup\10.2.2009\Users\
00000002\UsrClass.dat
+ 2005-10-20 10:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\2009-02-10\ERDNT.EXE
+ 2009-02-10 12:56:42 7,794,688 ----a-w c:\windows\ERDNT\AutoBackup\2009-02-10\Users\
00000001\ntuser.dat
+ 2009-02-10 12:56:42 176,128 ----a-w c:\windows\ERDNT\AutoBackup\2009-02-10\Users\
00000002\UsrClass.dat
+ 2009-02-10 10:28:42 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-17 20:13:02 811,008 ----a-w c:\windows\gmer.exe
+ 2009-02-10 10:28:42 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
+ 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2009-02-07 18:06:33 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-02-09 21:44:19 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 335872]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2004-09-21 778240]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-10 385024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-31 136600]
"TCASUTIEXE"="TCAUDIAG.exe" [2003-07-16 c:\windows\system32\TCAUDIAG.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Tomas\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.EM2V"= EtxCodec.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.divxa32"= divxa32.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\
0smrgdf c:\documents and settings\Tomas\Data aplikací\iolo\
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a------ 2002-07-29 10:54 473088 c:\windows\mHotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"g:\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2005-09-26 286720]
S1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2005-09-26 81920]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\documents and settings\All Users\Data aplikací\Spyware Terminator\sp_rsdrv2.sys [2006-06-22 131712]
S2 tcaicchg;tcaicchg;c:\windows\system32\TCAICCHG.SYS [2000-06-06 21233]
S2 TCAITDI;TCAITDI Protocol;c:\windows\system32\drivers\TCAITDI.SYS [2001-09-04 19534]
S3 cpuz129;cpuz129;\??\c:\docume~1\Tomas\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\Tomas\LOCALS~1\Temp\cpuz_x32.sys [?]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2002-08-29 69120]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [2008-08-13 23600]
.
Obsah adresáře 'Naplánované úlohy'
2008-11-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
2007-11-11 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 15:52]
2005-05-09 c:\windows\Tasks\XoftSpy.job
- c:\program files\XoftSpy\XoftSpy.exe [2005-12-09 11:44]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://
www.google.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*
http://www.yahoo.com/ext/search/search.html
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Search -
http://edits.mywebsearch.com/toolbaredi ... xpt119YYCZ
IE: E&xportovat do aplikace Microsoft Excel - g:\office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Najdi na mapě
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\Pc Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\Pc Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\Pc Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\Pc Translator\WEBIE.DLL
LSP: imon.dll
TCP: {728ADE8D-21E8-455B-AF73-D04191D13B19} = 10.3.3.1,212.24.128.8
TCP: {7AA50CCE-3EAD-456C-B0CD-22C3CD3010C6} = 194.228.2.1,194.228.41.113
TCP: {F823DDD0-C493-4146-817D-37F9B756BC26} = 194.228.2.1,194.228.41.113
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {030735DF-13FE-4560-8B57-CE341E8EAAA2} - mk:@MSITStore:d:\html\instal.chm::/Install/Mg3D.cab
DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} - file://c:\program files\AutoCAD 2002 Cz\InstFred.ocx
DPF: {3190CE26-0B6E-4133-A7D3-87D29CB92120} - hxxp://
www.bezpecnyinternet.cz/SBI.cab
DPF: {37B7C7C6-BCD8-11D7-BD5C-00C026104E7F} - hxxp://jav.webreport.cz/sdp/dload/10051_13_CZ_dload.exe
DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} - file://c:\program files\AutoCAD 2002 Cz\InstBanr.ocx
DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} - hxxp://xtraz.icq.com/xtraz/activex/MISBH.cab
FF - ProfilePath - c:\documents and settings\Tomas\Data aplikací\Mozilla\Firefox\Profiles\d9wfof9n.default\
FF - prefs.js: browser.startup.homepage - hxxp://
www.google.cz
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-02-10 20:54:59
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1417001333-1580818891-839522115-1003\Software\Andreas Haak\a*Ű]
"Language"="English"
"Expires"="1/1/3000
"
"Last"="30.9.2007"
[HKEY_USERS\S-1-5-21-1417001333-1580818891-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1417001333-1580818891-839522115-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-1417001333-1580818891-839522115-1003)
@Allowed: (Read) (S-1-5-21-1417001333-1580818891-839522115-1003)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Andreas Haak\a*Ű]
"User"="
sikecxixao@seznam.cz"
"Code"="biyisini27"
"License"=dword:00000001
"Active"=dword:00000001
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(288)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-02-10 20:57:45
ComboFix-quarantined-files.txt 2009-02-10 19:57:43
ComboFix2.txt 2009-02-10 11:55:01
ComboFix3.txt 2009-02-09 22:23:21
ComboFix4.txt 2009-02-09 21:30:15
Před spuštěním: 2,393,260,032
Po spuštění: 2,371,788,800
Current=3 Default=3 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
215 --- E O F --- 2009-01-14 15:05:19
Přispějete na provoz fóra?