c:\winnt\system32\comres.dll . . . je infikován
Napsal: 06 kvě 2010 16:40
ComboFix 10-05-05.0D - Administrator 06.05.2010 17:31:30.15.1 - x86
Microsoft Windows 2000 Professional 5.0.2195.4.1250.1.1029.18.1279.861 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
* Rezidentní štít AV je zapnutý
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\winnt\system32\comres.dll . . . je infikován!!
c:\winnt\system32\comres.dll . . . je infikován!!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-06 do 2010-05-06 )))))))))))))))))))))))))))))))
.
2010-05-06 14:59 . 2010-05-06 14:59 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_30c.dat
2010-05-06 14:55 . 2010-05-06 14:55 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_250.dat
2010-04-15 06:41 . 2010-02-18 12:14 1736576 -c--a-w- c:\winnt\system32\dllcache\NTKRPAMP.EXE
2010-04-15 06:41 . 2010-02-18 12:14 1715264 -c--a-w- c:\winnt\system32\dllcache\NTKRNLMP.EXE
2010-04-14 17:22 . 2010-04-14 17:22 37027 ----a-w- c:\winnt\atmoUn.exe
2010-04-14 17:22 . 2010-04-14 17:22 -------- d-----w- c:\program files\Viewpoint
2010-04-12 08:00 . 2006-10-12 03:57 14336 ----a-r- c:\winnt\system32\P207USD.DLL
2010-04-12 08:00 . 2010-04-12 08:00 -------- d-----w- c:\winnt\PixArt
2010-04-12 08:00 . 2007-10-25 10:31 616064 ----a-r- c:\winnt\system32\drivers\PFC027.SYS
2010-04-12 08:00 . 2000-03-08 18:35 45840 -c--a-w- c:\winnt\system32\dllcache\iyuv_32.dll
2010-04-12 08:00 . 2000-03-08 18:35 45840 ----a-w- c:\winnt\system32\iyuv_32.dll
2010-04-12 08:00 . 2003-06-19 10:05 51984 -c--a-w- c:\winnt\system32\dllcache\vfwwdm32.dll
2010-04-12 08:00 . 2003-06-19 10:05 51984 ----a-w- c:\winnt\system32\vfwwdm32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-24 10:14 . 2003-01-20 12:53 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-12 09:14 . 2002-02-26 14:58 401408 ----a-w- c:\winnt\system32\vbscript.dll
2010-03-05 08:33 . 2010-03-05 08:33 579072 ----a-w- c:\winnt\system32\WININET.DLL
2010-02-24 06:46 . 2001-06-14 00:00 416304 ----a-w- c:\winnt\system32\drivers\mrxsmb.sys
2010-02-18 12:14 . 2001-06-14 00:00 1691648 ----a-w- c:\winnt\system32\NTOSKRNL.EXE
2010-02-18 12:14 . 2001-04-14 06:32 1714368 ----a-w- c:\winnt\system32\NTKRNLPA.EXE
2010-02-16 04:28 . 2001-06-14 00:00 170800 ----a-w- c:\winnt\system32\drivers\rdbss.sys
2010-02-15 12:52 . 2010-02-15 12:52 167696 ----a-w- c:\winnt\system32\WINTRUST.DLL
2003-01-20 19:35 . 2003-01-20 19:35 22034 ---h--w- c:\program files\folder.htt
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [2001-06-14 20752]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunTasktray"="c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe --regkeypath=Software\Hewlett-Packard\HP Easy Printer Care\HPPRun --valuename=InstallTTM" [X]
"Synchronization Manager"="mobsync.exe" [2003-06-19 111888]
"pdfFactory Dispatcher v1"="c:\winnt\System32\spool\DRIVERS\W32X86\2\fppdis1.exe" [2001-10-01 352256]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"KnexStarter"="c:\program files\Common Files\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe" [2008-04-22 73728]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\winnt\system32\NvMcTray.dll" [2006-10-22 86016]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [2001-06-14 20752]
R1 ehdrv;ehdrv;c:\winnt\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwndhk;epfwndhk;c:\winnt\system32\drivers\epfwndhk.sys [6.2.2009 14:24 35680]
R1 prodrv03;Star Force copy protection driver v3;c:\winnt\system32\drivers\prodrv03.sys [3.10.2003 15:24 115968]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [6.2.2009 14:23 727720]
R3 openhci;Ovladač otevřeného hostitelského řadiče USB;c:\winnt\system32\drivers\openhci.sys [14.6.2001 02:00 24784]
R3 usbhub20;Podpora rozbočovače sběrnice USB;c:\winnt\system32\drivers\usbhub20.sys [26.1.2005 12:07 49776]
S3 ADPTEHCD;Adaptec USB 2.0 Enhanced Host Controller Driver;c:\winnt\system32\drivers\asusehcd.sys [20.1.2003 14:43 34288]
S3 atirage;atirage;c:\winnt\system32\drivers\atiragem.sys [30.8.2007 16:28 70352]
S3 AUSBD_FilterService;Adaptec USB 2.0 Port Enumeration Driver;c:\winnt\system32\drivers\asususbd.sys [20.1.2003 14:43 22448]
S3 EL90BC;3Com EtherLink XL B/C Adapter Driver;c:\winnt\system32\drivers\el90xbc5.sys [8.2.2008 16:54 61712]
S3 esiasdrv;esiasdrv;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\esiasdrv.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\esiasdrv.sys [?]
S3 qic157;qic157;c:\winnt\system32\drivers\qic157.sys [8.2.2008 16:54 5008]
S3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\winnt\system32\drivers\sis7012.sys [2.10.2008 09:40 820229]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'
2010-04-01 c:\winnt\Tasks\{D34F18B0-576E-11D0-B28C-00C04FD7CD22}_CATSERVER_Administrator.job
- c:\winnt\system32\mobsync.exe [2005-01-26 11:05]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\msafd.dll
Trusted Zone: hp.com
TCP: {B0052129-3AF4-4F8A-BBCD-E162DBF66ADA} = 195.250.128.34,195.250.128.38
TCP: {F3C808EE-0316-4EB0-8430-35C8B7A512ED} = 192.168.1.100
Handler: HPDCS - {ba135f49-a12c-4e26-a2c4-6ea945999072} - c:\program files\Common Files\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll
Handler: hppfile - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
Handler: hppsam - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
Handler: hppzip - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\vgeqbsif.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-06 17:36
Windows 5.0.2195 Service Pack 4 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(188)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL
- - - - - - - > 'explorer.exe'(1720)
c:\winnt\system32\SHDOCVW.DLL
.
Celkový čas: 2010-05-06 17:38:37
ComboFix-quarantined-files.txt 2010-05-06 15:38
ComboFix2.txt 2010-05-06 15:08
ComboFix3.txt 2010-05-06 14:43
ComboFix4.txt 2009-04-04 14:15
Před spuštěním: Volných bajtů: 54 103 515 136
Po spuštění: Volných bajtů: 54 084 722 688
- - End Of File - - F986BAB93195F85B178B2FB13858F34B
Microsoft Windows 2000 Professional 5.0.2195.4.1250.1.1029.18.1279.861 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
* Rezidentní štít AV je zapnutý
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\winnt\system32\comres.dll . . . je infikován!!
c:\winnt\system32\comres.dll . . . je infikován!!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-06 do 2010-05-06 )))))))))))))))))))))))))))))))
.
2010-05-06 14:59 . 2010-05-06 14:59 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_30c.dat
2010-05-06 14:55 . 2010-05-06 14:55 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_250.dat
2010-04-15 06:41 . 2010-02-18 12:14 1736576 -c--a-w- c:\winnt\system32\dllcache\NTKRPAMP.EXE
2010-04-15 06:41 . 2010-02-18 12:14 1715264 -c--a-w- c:\winnt\system32\dllcache\NTKRNLMP.EXE
2010-04-14 17:22 . 2010-04-14 17:22 37027 ----a-w- c:\winnt\atmoUn.exe
2010-04-14 17:22 . 2010-04-14 17:22 -------- d-----w- c:\program files\Viewpoint
2010-04-12 08:00 . 2006-10-12 03:57 14336 ----a-r- c:\winnt\system32\P207USD.DLL
2010-04-12 08:00 . 2010-04-12 08:00 -------- d-----w- c:\winnt\PixArt
2010-04-12 08:00 . 2007-10-25 10:31 616064 ----a-r- c:\winnt\system32\drivers\PFC027.SYS
2010-04-12 08:00 . 2000-03-08 18:35 45840 -c--a-w- c:\winnt\system32\dllcache\iyuv_32.dll
2010-04-12 08:00 . 2000-03-08 18:35 45840 ----a-w- c:\winnt\system32\iyuv_32.dll
2010-04-12 08:00 . 2003-06-19 10:05 51984 -c--a-w- c:\winnt\system32\dllcache\vfwwdm32.dll
2010-04-12 08:00 . 2003-06-19 10:05 51984 ----a-w- c:\winnt\system32\vfwwdm32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-24 10:14 . 2003-01-20 12:53 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-12 09:14 . 2002-02-26 14:58 401408 ----a-w- c:\winnt\system32\vbscript.dll
2010-03-05 08:33 . 2010-03-05 08:33 579072 ----a-w- c:\winnt\system32\WININET.DLL
2010-02-24 06:46 . 2001-06-14 00:00 416304 ----a-w- c:\winnt\system32\drivers\mrxsmb.sys
2010-02-18 12:14 . 2001-06-14 00:00 1691648 ----a-w- c:\winnt\system32\NTOSKRNL.EXE
2010-02-18 12:14 . 2001-04-14 06:32 1714368 ----a-w- c:\winnt\system32\NTKRNLPA.EXE
2010-02-16 04:28 . 2001-06-14 00:00 170800 ----a-w- c:\winnt\system32\drivers\rdbss.sys
2010-02-15 12:52 . 2010-02-15 12:52 167696 ----a-w- c:\winnt\system32\WINTRUST.DLL
2003-01-20 19:35 . 2003-01-20 19:35 22034 ---h--w- c:\program files\folder.htt
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [2001-06-14 20752]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunTasktray"="c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe --regkeypath=Software\Hewlett-Packard\HP Easy Printer Care\HPPRun --valuename=InstallTTM" [X]
"Synchronization Manager"="mobsync.exe" [2003-06-19 111888]
"pdfFactory Dispatcher v1"="c:\winnt\System32\spool\DRIVERS\W32X86\2\fppdis1.exe" [2001-10-01 352256]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"KnexStarter"="c:\program files\Common Files\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe" [2008-04-22 73728]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\winnt\system32\NvMcTray.dll" [2006-10-22 86016]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [2001-06-14 20752]
R1 ehdrv;ehdrv;c:\winnt\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwndhk;epfwndhk;c:\winnt\system32\drivers\epfwndhk.sys [6.2.2009 14:24 35680]
R1 prodrv03;Star Force copy protection driver v3;c:\winnt\system32\drivers\prodrv03.sys [3.10.2003 15:24 115968]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [6.2.2009 14:23 727720]
R3 openhci;Ovladač otevřeného hostitelského řadiče USB;c:\winnt\system32\drivers\openhci.sys [14.6.2001 02:00 24784]
R3 usbhub20;Podpora rozbočovače sběrnice USB;c:\winnt\system32\drivers\usbhub20.sys [26.1.2005 12:07 49776]
S3 ADPTEHCD;Adaptec USB 2.0 Enhanced Host Controller Driver;c:\winnt\system32\drivers\asusehcd.sys [20.1.2003 14:43 34288]
S3 atirage;atirage;c:\winnt\system32\drivers\atiragem.sys [30.8.2007 16:28 70352]
S3 AUSBD_FilterService;Adaptec USB 2.0 Port Enumeration Driver;c:\winnt\system32\drivers\asususbd.sys [20.1.2003 14:43 22448]
S3 EL90BC;3Com EtherLink XL B/C Adapter Driver;c:\winnt\system32\drivers\el90xbc5.sys [8.2.2008 16:54 61712]
S3 esiasdrv;esiasdrv;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\esiasdrv.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\esiasdrv.sys [?]
S3 qic157;qic157;c:\winnt\system32\drivers\qic157.sys [8.2.2008 16:54 5008]
S3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\winnt\system32\drivers\sis7012.sys [2.10.2008 09:40 820229]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'
2010-04-01 c:\winnt\Tasks\{D34F18B0-576E-11D0-B28C-00C04FD7CD22}_CATSERVER_Administrator.job
- c:\winnt\system32\mobsync.exe [2005-01-26 11:05]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\msafd.dll
Trusted Zone: hp.com
TCP: {B0052129-3AF4-4F8A-BBCD-E162DBF66ADA} = 195.250.128.34,195.250.128.38
TCP: {F3C808EE-0316-4EB0-8430-35C8B7A512ED} = 192.168.1.100
Handler: HPDCS - {ba135f49-a12c-4e26-a2c4-6ea945999072} - c:\program files\Common Files\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll
Handler: hppfile - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
Handler: hppsam - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
Handler: hppzip - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\vgeqbsif.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-06 17:36
Windows 5.0.2195 Service Pack 4 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(188)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL
- - - - - - - > 'explorer.exe'(1720)
c:\winnt\system32\SHDOCVW.DLL
.
Celkový čas: 2010-05-06 17:38:37
ComboFix-quarantined-files.txt 2010-05-06 15:38
ComboFix2.txt 2010-05-06 15:08
ComboFix3.txt 2010-05-06 14:43
ComboFix4.txt 2009-04-04 14:15
Před spuštěním: Volných bajtů: 54 103 515 136
Po spuštění: Volných bajtů: 54 084 722 688
- - End Of File - - F986BAB93195F85B178B2FB13858F34B
