Ještě log z CF
ComboFix 10-06-02.01 - Jarra 03.06.2010 0:55.3.1 - x86
Spuštěný z: c:\documents and settings\Jarra\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Jarra\LOCALS~1\Temp\tmp1.tmp
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-02 do 2010-06-02 )))))))))))))))))))))))))))))))
.
2010-06-02 22:47 . 2010-06-02 22:47 -------- d-----w- c:\windows\LastGood
2010-06-02 22:47 . 2010-06-02 22:47 -------- d-----w- c:\program files\Zone Labs
2010-06-02 22:30 . 2010-06-02 22:30 -------- d-----w- C:\rsit
2010-06-02 21:54 . 2010-06-02 21:54 -------- d-----w- c:\program files\ESET
2010-06-02 21:43 . 2010-06-02 22:55 -------- d-----w- c:\windows\Internet Logs
2010-06-01 19:33 . 2004-08-03 21:00 20736 -c--a-w- c:\windows\system32\dllcache\ramdisk.sys
2010-06-01 19:32 . 2004-08-17 13:49 32256 -c--a-w- c:\windows\system32\dllcache\gzip.dll
2010-06-01 19:31 . 2004-08-17 13:49 68608 -c--a-w- c:\windows\system32\dllcache\isatq.dll
2010-06-01 19:30 . 2001-10-25 14:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-06-01 18:53 . 2004-08-17 13:49 26624 ----a-w- c:\windows\system32\irmon.dll
2010-06-01 18:53 . 2004-08-17 13:49 153088 ----a-w- c:\windows\system32\irftp.exe
2010-06-01 18:53 . 2004-08-17 13:49 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-06-01 18:53 . 2004-08-03 21:00 87424 ----a-w- c:\windows\system32\drivers\irda.sys
2010-06-01 17:04 . 2001-08-17 19:51 18688 ----a-w- c:\windows\system32\drivers\irsir.sys
2010-06-01 16:38 . 2001-08-17 19:51 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2010-06-01 16:36 . 2001-10-25 14:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-06-01 16:36 . 2001-10-25 14:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-06-01 16:36 . 2001-10-25 14:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-06-01 16:36 . 2001-10-25 14:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-05-28 18:07 . 2010-05-28 18:07 -------- d-----w- c:\program files\CheckPoint
2010-05-18 11:15 . 2007-12-15 07:07 90112 ----a-w- c:\windows\system32\ccrpTmr6.dll
2010-05-18 11:15 . 2010-05-18 11:15 -------- d-----w- c:\program files\Cool Timer
2010-05-05 15:58 . 2010-05-05 15:58 -------- d-----w- c:\temp\Psychokatka publikovat
2010-05-04 12:45 . 2010-05-04 12:45 -------- d-----w- c:\program files\Common Files\Protexis
2010-05-04 10:55 . 2010-05-04 10:55 -------- d-----w- c:\program files\Corel
2010-05-04 10:30 . 2010-05-04 10:30 -------- d-----w- c:\program files\Common Files\Corel
2010-05-04 09:18 . 2009-05-05 13:41 -------- d-----w- c:\temp\FONTS
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-02 22:46 . 2010-03-23 22:51 -------- d-----w- c:\program files\Alwil Software
2010-06-02 22:44 . 2001-10-25 14:00 79040 ----a-w- c:\windows\system32\perfc005.dat
2010-06-02 22:44 . 2001-10-25 14:00 431998 ----a-w- c:\windows\system32\perfh005.dat
2010-06-02 20:34 . 2010-04-26 21:21 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-06-01 19:28 . 2010-03-16 19:31 22916 ----a-w- c:\windows\system32\emptyregdb.dat
2010-05-31 05:25 . 2010-03-18 22:01 -------- d-----r- c:\program files\Skype
2010-05-28 18:07 . 2010-05-28 18:07 -------- d-----w- c:\program files\CheckPoint
2010-05-28 18:07 . 2010-03-16 20:13 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-05-21 12:14 . 2010-03-16 22:48 221568 ----a-w- c:\windows\system32\MpSigStub.exe
2010-05-06 10:49 . 2010-04-05 09:45 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-04-28 08:32 . 2010-04-28 08:32 -------- d-----w- c:\program files\FileZilla FTP Client
2010-04-26 20:15 . 2010-04-26 20:11 -------- d-----w- c:\program files\Windows Live Safety Center
2010-04-26 14:39 . 2010-03-23 22:51 -------- d-----w- c:\program files\Google
2010-04-09 06:44 . 2010-04-09 06:44 -------- d-----w- c:\program files\Xmarks
2010-04-05 10:06 . 2010-03-16 19:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-24 07:01 . 2010-03-24 07:01 390144 ----a-w- c:\windows\system32\CF23627.exe
2010-03-18 22:45 . 2010-03-18 22:45 315392 ----a-w- c:\windows\HideWin.exe
2010-03-18 22:13 . 2010-03-18 22:13 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-03-17 19:47 . 2010-03-16 19:33 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-17 19:47 . 2010-03-16 19:33 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-03-17 19:46 . 2010-03-16 19:34 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-03-16 22:39 . 2010-03-16 22:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-16 21:11 . 2010-03-16 21:11 0 ----a-w- c:\windows\nsreg.dat
2010-03-16 20:02 . 2010-03-16 20:02 0 ----a-w- c:\windows\ativpsrm.bin
2010-03-10 08:07 . 2004-08-17 13:49 417792 ----a-w- c:\windows\system32\vbscript.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-17 44544]
c:\documents and settings\Jarra\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office Outlook 2007.lnk - c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe [2010-3-23 845584]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sprestrt
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\CNAC4RPK.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FLASHSYS.sys [2007-12-14 9216]
R3 SetupNTGLM7X;SetupNTGLM7X; [x]
S0 phmcd;phmcd;c:\windows\system32\DRIVERS\phmcd.sys [2008-11-06 44696]
S2 pcdservice;pcdservice;c:\program files\PeaZip\Virtual mech\Phantom CD\pcdservice.exe [2008-11-06 266424]
.
Obsah adresáře 'Naplánované úlohy'
2010-06-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 16:02]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://
www.google.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google...
FF - ProfilePath - c:\documents and settings\Jarra\Data aplikací\Mozilla\Firefox\Profiles\jtq6eao6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://
www.google.cz/firefox?client=firefox-a& ... s:official
FF - plugin: c:\program files\PDF Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-06-03 00:59
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Drivers32]
@Denied: (Read) (Administrators)
@Denied: (B E 1 4 5) (Administrators)
"midimapper"="midimap.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.trspch"="tssoft32.acm"
"vidc.cvid"="iccvid.dll"
"vidc.I420"="msh263.drv"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"vidc.iv41"="ir41_32.ax"
"vidc.iyuv"="iyuv_32.dll"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"vidc.uyvy"="msyuv.dll"
"vidc.yuy2"="msyuv.dll"
"vidc.yvu9"="tsbyuv.dll"
"vidc.yvyu"="msyuv.dll"
"wavemapper"="msacm32.drv"
"msacm.msg723"="msg723.acm"
"vidc.M263"="msh263.drv"
"vidc.M261"="msh261.drv"
"msacm.msaudio1"="msaud32.acm"
"msacm.sl_anet"="sl_anet.acm"
"msacm.iac2"="c:\\WINDOWS\\system32\\iac25_32.ax"
"vidc.iv50"="ir50_32.dll"
"msacm.l3acm"="c:\\WINDOWS\\system32\\l3codeca.acm"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"
"aux"="wdmaud.drv"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-06-03 01:00:54
ComboFix-quarantined-files.txt 2010-06-02 23:00
ComboFix2.txt 2010-04-02 20:44
ComboFix3.txt 2010-03-24 07:34
Před spuštěním: Volných bajtů: 107 763 830 784
Po spuštění: Volných bajtů: 111 243 776 000
- - End Of File - - C6F47B3B844CEC650F0D0F89CD271E39
.
Stáhněte Gmer