Prosim jeste druhy pocitac,zasilam rovnou combofix.Dekuji
Napsal: 16 zář 2010 11:17
ComboFix 10-09-15.01 - pajik 16.09.2010 11:34:43.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.564 [GMT 2:00]
Spuštěný z: d:\paja\ComboFix.exe
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\d.ini
c:\windows\SNMPAPI.DLL
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-16 do 2010-09-16 )))))))))))))))))))))))))))))))
.
2010-09-15 06:30 . 2010-09-16 07:50 -------- d--h--w- c:\windows\$hf_mig$
2010-09-15 06:24 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-09-15 06:24 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-09-14 10:01 . 2010-09-14 10:01 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-09-14 10:01 . 2010-09-14 10:01 -------- d-----w- c:\program files\Windows Live
2010-09-14 09:59 . 2010-09-14 09:59 -------- d-----w- c:\program files\Common Files\Windows Live
2010-08-31 10:44 . 2010-08-31 10:44 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-31 10:43 . 2010-09-14 09:49 -------- d-----w- c:\program files\Google
2010-08-31 10:43 . 2010-08-31 10:43 -------- d-----w- c:\program files\Common Files\Skype
2010-08-28 17:01 . 2008-04-14 03:21 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-08-28 17:01 . 2008-04-14 03:21 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-08-28 17:01 . 2008-04-14 02:29 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-08-28 17:01 . 2008-04-14 02:29 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-08-28 07:40 . 2010-08-28 07:40 -------- d-sh--w- c:\documents and settings\pajik\UserData
2010-08-23 14:34 . 2010-09-14 09:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-22 14:28 . 2010-08-22 14:28 -------- d-sh--w- c:\documents and settings\pajik\PrivacIE
2010-08-22 14:28 . 2010-08-22 14:28 -------- d-sh--w- c:\documents and settings\pajik\IECompatCache
2010-08-22 08:49 . 2010-08-22 08:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-22 08:36 . 2010-08-22 08:36 -------- d-----w- c:\program files\CCleaner
2010-08-21 15:42 . 2010-08-21 15:42 -------- d-sh--w- c:\documents and settings\pajik\IETldCache
2010-08-17 13:17 . 2010-08-17 13:17 58880 -c----w- c:\windows\system32\dllcache\spoolsv.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-17 13:17 . 2004-08-17 13:49 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-14 09:43 . 2010-08-14 09:43 -------- d-----w- c:\program files\XXCLONE
2010-08-12 13:36 . 2006-11-13 12:10 53248 ----a-w- c:\windows\system32\PAStiSvc.exe
2010-08-12 08:25 . 2001-10-25 14:00 82372 ----a-w- c:\windows\system32\perfc005.dat
2010-08-12 08:25 . 2001-10-25 14:00 437558 ----a-w- c:\windows\system32\perfh005.dat
2010-08-10 10:17 . 2006-11-11 16:29 1243680 ----a-w- c:\windows\system32\AutoPartNt.exe
2010-08-04 12:27 . 2009-07-10 08:47 -------- d-----w- c:\program files\ESET
2010-07-22 15:46 . 2004-08-17 13:49 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:33 . 2004-08-17 13:49 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 08:00 . 2010-06-30 09:14 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-06-24 12:27 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2004-08-17 13:44 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-03 21:14 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 17:47 . 2004-08-17 13:49 293376 ----a-w- c:\windows\system32\winsrv.dll
2006-05-03 10:06 . 2008-02-12 11:21 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2008-02-12 11:21 31232 --sh--r- c:\windows\system32\msfDX.dll
2007-12-17 13:43 . 2008-02-12 11:22 27648 --sh--w- c:\windows\system32\Smab0.dll
2008-02-04 19:26 . 2008-02-12 11:22 151040 --sh--w- c:\windows\system32\VistaUltm.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="d:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-19 1188456]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-17 87584]
"AcronisTimounterMonitor"="d:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-19 1962896]
"c:\windows\system32\winlogon.exe"="c:\windows\system32\winlogon.exe" [2008-04-14 507904]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-03-30 917504]
"HybridTM_A"="c:\program files\HybridTM_IR(A)\RC620_A.exe" [2006-04-18 118784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
TMMonitor.lnk - d:\program files\ArcSoft\TotalMedia 3\TMMonitor.exe [2010-7-4 245760]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk autopartntautopartnt
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\"C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\"C:\WINDOWS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\"c:\windows\Installer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\"c:\windows\Installer\{A1350B64-1AF8-497B-AC07-307DF67FB8D4}
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\"c:\windows\Installer\{A1350B64-1AF8-497B-AC07-307DF67FB8D4}\egui.exe" /hide /waitservice]
2009-07-11 14:30 140544 ----a-r- c:\windows\Installer\{A1350B64-1AF8-497B-AC07-307DF67FB8D4}\egui.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\strong\\StrongDC.exe"=
"d:\\Program Files\\Miranda IM\\miranda32.exe"=
"d:\\TOTALCMD\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\skype\\Skype.exe"=
"d:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Program Files\\skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"27598:TCP"= 27598:TCP:BitComet 27598 TCP
"27598:UDP"= 27598:UDP:BitComet 27598 UDP
"8635:TCP"= 8635:TCP:BitComet 8635 TCP
"8635:UDP"= 8635:UDP:BitComet 8635 UDP
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [10.12.2006 14:03 76373]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [10.12.2006 14:03 32631]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [10.12.2006 14:03 10005]
S2 SPAMfighter Update Service;SPAMfighter Update Service; [x]
S3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\pfc027.sys [8.4.2005 11:46 162176]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21.6.2007 17:21 30720]
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4; [x]
S3 WFIOCTL;WFIOCTL; [x]
.
Obsah adresáře 'Naplánované úlohy'
2007-12-15 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\defrag.exe [2004-08-17 03:22]
2010-09-16 c:\windows\Tasks\User_Feed_Synchronization-{DB840A68-7C4D-43C1-A6B8-4409DF16EDC0}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/
uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: imon.dll
TCP: {B4D0CC8B-D071-4EF4-9393-8CB0754F2390} = 10.93.0.2,10.93.0.1
DPF: {0A6112F2-F9D1-4FBF-A6EC-B67B22915873} - hxxp://foto.ihned.cz/snadno-vlozit-fotografie/ilt/ilikethisPhotoUploader2.dll
DPF: {CCA0B877-CB5E-4ADC-AD30-457C379512DD} - hxxp://192.168.1.12/xplugLite.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-16 11:42
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(1184)
c:\windows\system32\relog_ap.dll
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(3208)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Eset\nod32krn.exe
c:\windows\System32\PAStiSvc.exe
c:\program files\strong\StrongDC.exe
d:\program files\TightVNC\WinVNC.exe
.
**************************************************************************
.
Celkový čas: 2010-09-16 11:45:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-16 09:45
Před spuštěním: Volných bajtů: 64 979 898 368
Po spuštění: Volných bajtů: 66 257 821 696
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - C6C840B407D482783EF2B2A98048163D
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.564 [GMT 2:00]
Spuštěný z: d:\paja\ComboFix.exe
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\d.ini
c:\windows\SNMPAPI.DLL
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-16 do 2010-09-16 )))))))))))))))))))))))))))))))
.
2010-09-15 06:30 . 2010-09-16 07:50 -------- d--h--w- c:\windows\$hf_mig$
2010-09-15 06:24 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-09-15 06:24 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-09-14 10:01 . 2010-09-14 10:01 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-09-14 10:01 . 2010-09-14 10:01 -------- d-----w- c:\program files\Windows Live
2010-09-14 09:59 . 2010-09-14 09:59 -------- d-----w- c:\program files\Common Files\Windows Live
2010-08-31 10:44 . 2010-08-31 10:44 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-31 10:43 . 2010-09-14 09:49 -------- d-----w- c:\program files\Google
2010-08-31 10:43 . 2010-08-31 10:43 -------- d-----w- c:\program files\Common Files\Skype
2010-08-28 17:01 . 2008-04-14 03:21 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-08-28 17:01 . 2008-04-14 03:21 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-08-28 17:01 . 2008-04-14 02:29 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-08-28 17:01 . 2008-04-14 02:29 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-08-28 07:40 . 2010-08-28 07:40 -------- d-sh--w- c:\documents and settings\pajik\UserData
2010-08-23 14:34 . 2010-09-14 09:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-22 14:28 . 2010-08-22 14:28 -------- d-sh--w- c:\documents and settings\pajik\PrivacIE
2010-08-22 14:28 . 2010-08-22 14:28 -------- d-sh--w- c:\documents and settings\pajik\IECompatCache
2010-08-22 08:49 . 2010-08-22 08:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-22 08:36 . 2010-08-22 08:36 -------- d-----w- c:\program files\CCleaner
2010-08-21 15:42 . 2010-08-21 15:42 -------- d-sh--w- c:\documents and settings\pajik\IETldCache
2010-08-17 13:17 . 2010-08-17 13:17 58880 -c----w- c:\windows\system32\dllcache\spoolsv.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-17 13:17 . 2004-08-17 13:49 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-14 09:43 . 2010-08-14 09:43 -------- d-----w- c:\program files\XXCLONE
2010-08-12 13:36 . 2006-11-13 12:10 53248 ----a-w- c:\windows\system32\PAStiSvc.exe
2010-08-12 08:25 . 2001-10-25 14:00 82372 ----a-w- c:\windows\system32\perfc005.dat
2010-08-12 08:25 . 2001-10-25 14:00 437558 ----a-w- c:\windows\system32\perfh005.dat
2010-08-10 10:17 . 2006-11-11 16:29 1243680 ----a-w- c:\windows\system32\AutoPartNt.exe
2010-08-04 12:27 . 2009-07-10 08:47 -------- d-----w- c:\program files\ESET
2010-07-22 15:46 . 2004-08-17 13:49 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:33 . 2004-08-17 13:49 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 08:00 . 2010-06-30 09:14 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-06-24 12:27 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2004-08-17 13:44 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-03 21:14 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 17:47 . 2004-08-17 13:49 293376 ----a-w- c:\windows\system32\winsrv.dll
2006-05-03 10:06 . 2008-02-12 11:21 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2008-02-12 11:21 31232 --sh--r- c:\windows\system32\msfDX.dll
2007-12-17 13:43 . 2008-02-12 11:22 27648 --sh--w- c:\windows\system32\Smab0.dll
2008-02-04 19:26 . 2008-02-12 11:22 151040 --sh--w- c:\windows\system32\VistaUltm.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="d:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-19 1188456]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-17 87584]
"AcronisTimounterMonitor"="d:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-19 1962896]
"c:\windows\system32\winlogon.exe"="c:\windows\system32\winlogon.exe" [2008-04-14 507904]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-03-30 917504]
"HybridTM_A"="c:\program files\HybridTM_IR(A)\RC620_A.exe" [2006-04-18 118784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
TMMonitor.lnk - d:\program files\ArcSoft\TotalMedia 3\TMMonitor.exe [2010-7-4 245760]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk autopartntautopartnt
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\"C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\"C:\WINDOWS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\"c:\windows\Installer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\"c:\windows\Installer\{A1350B64-1AF8-497B-AC07-307DF67FB8D4}
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\"c:\windows\Installer\{A1350B64-1AF8-497B-AC07-307DF67FB8D4}\egui.exe" /hide /waitservice]
2009-07-11 14:30 140544 ----a-r- c:\windows\Installer\{A1350B64-1AF8-497B-AC07-307DF67FB8D4}\egui.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\strong\\StrongDC.exe"=
"d:\\Program Files\\Miranda IM\\miranda32.exe"=
"d:\\TOTALCMD\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\skype\\Skype.exe"=
"d:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Program Files\\skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"27598:TCP"= 27598:TCP:BitComet 27598 TCP
"27598:UDP"= 27598:UDP:BitComet 27598 UDP
"8635:TCP"= 8635:TCP:BitComet 8635 TCP
"8635:UDP"= 8635:UDP:BitComet 8635 UDP
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [10.12.2006 14:03 76373]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [10.12.2006 14:03 32631]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [10.12.2006 14:03 10005]
S2 SPAMfighter Update Service;SPAMfighter Update Service; [x]
S3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\pfc027.sys [8.4.2005 11:46 162176]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21.6.2007 17:21 30720]
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4; [x]
S3 WFIOCTL;WFIOCTL; [x]
.
Obsah adresáře 'Naplánované úlohy'
2007-12-15 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\defrag.exe [2004-08-17 03:22]
2010-09-16 c:\windows\Tasks\User_Feed_Synchronization-{DB840A68-7C4D-43C1-A6B8-4409DF16EDC0}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/
uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: imon.dll
TCP: {B4D0CC8B-D071-4EF4-9393-8CB0754F2390} = 10.93.0.2,10.93.0.1
DPF: {0A6112F2-F9D1-4FBF-A6EC-B67B22915873} - hxxp://foto.ihned.cz/snadno-vlozit-fotografie/ilt/ilikethisPhotoUploader2.dll
DPF: {CCA0B877-CB5E-4ADC-AD30-457C379512DD} - hxxp://192.168.1.12/xplugLite.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-16 11:42
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(1184)
c:\windows\system32\relog_ap.dll
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(3208)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Eset\nod32krn.exe
c:\windows\System32\PAStiSvc.exe
c:\program files\strong\StrongDC.exe
d:\program files\TightVNC\WinVNC.exe
.
**************************************************************************
.
Celkový čas: 2010-09-16 11:45:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-16 09:45
Před spuštěním: Volných bajtů: 64 979 898 368
Po spuštění: Volných bajtů: 66 257 821 696
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - C6C840B407D482783EF2B2A98048163D