ComboFix 10-09-17.04 - Administrator 18.09.2010 16:48:59.1.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.821 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\Potvora.com
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-18 do 2010-09-18 )))))))))))))))))))))))))))))))
.
2010-09-17 15:25 . 2010-09-17 15:25 -------- d-----w- c:\program files\trend micro
2010-09-17 15:25 . 2010-09-17 15:25 -------- d-----w- C:\rsit
2010-09-17 14:49 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-17 14:49 . 2010-09-17 14:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-17 14:49 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-17 14:23 . 2010-09-17 14:23 -------- d---a-w- c:\windows\VDLL.DLL
2010-09-17 14:23 . 2010-09-17 14:23 -------- d---a-w- c:\windows\system32\runouce.exe
2010-09-17 14:23 . 2010-09-17 14:23 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-09-17 14:23 . 2010-09-17 14:23 -------- d---a-w- c:\windows\logo_1.exe
2010-09-17 14:21 . 2010-09-17 14:21 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-09-17 14:21 . 2010-09-17 14:21 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-09-17 14:21 . 2010-09-17 14:21 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-09-17 14:21 . 2008-04-14 12:00 147968 ----a-w- c:\windows\R.COM
2010-09-17 14:21 . 2008-04-14 12:00 137216 ----a-w- c:\windows\system32\T.COM
2010-09-17 14:21 . 2010-09-17 14:21 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-09-17 14:10 . 2010-09-17 14:10 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-09-17 13:57 . 2010-09-17 13:57 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2010-09-07 16:01 . 2010-09-07 16:01 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-07 16:01 . 2010-09-07 16:01 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-07 16:01 . 2010-09-07 16:01 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-07 16:01 . 2010-09-07 16:01 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-07 16:01 . 2010-09-14 09:07 -------- d-----w- c:\windows\system32\drivers\Avg
2010-09-07 16:00 . 2010-09-07 16:00 -------- d-----w- c:\program files\AVG
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 10:01 . 2010-03-21 14:32 -------- d-----w- c:\program files\lg_fwupdate
2010-08-04 19:00 . 2010-08-04 18:59 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-08-04 18:24 . 2010-05-29 16:40 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-18 13:28 . 2010-07-18 13:28 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-14 08:00 . 2010-08-04 18:59 108032 ----a-w- c:\windows\system32\ff_vfw.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-05-30 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-05-25 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-05-25 126976]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2010-03-21 557056]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-07 2065760]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-09-07 16:01 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7.9.2010 18:01 243024]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7.9.2010 18:01 216400]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7.9.2010 18:00 308136]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [17.9.2010 16:49 38224]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://
www.seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Administrator\Nabídka Start\Programy\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\7p87rc1t.default\
FF - prefs.js: browser.startup.homepage - hxxp://
www.seznam.cz/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-09-18 16:55
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1078081533-1482476501-1644491937-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1b,e4,25,9f,c2,01,0b,40,86,8e,32,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1b,e4,25,9f,c2,01,0b,40,86,8e,32,\
[HKEY_USERS\S-1-5-21-1078081533-1482476501-1644491937-500\Software\SecuROM\License information*]
"datasecu"=hex:c3,16,97,a2,c6,d6,e6,25,ca,f1,00,23,87,11,66,0b,aa,98,5e,db,6a,
25,38,8d,9b,4d,e9,90,0f,45,19,4c,ba,ff,0f,c1,10,d1,ce,3a,e3,c1,51,36,2c,3c,\
"rkeysecu"=hex:fc,fd,46,79,ea,ea,a0,4b,16,c5,35,5c,af,d1,cc,aa
.
Celkový čas: 2010-09-18 16:57:38
ComboFix-quarantined-files.txt 2010-09-18 14:57
Před spuštěním: Volných bajtů: 43 153 727 488
Po spuštění: Volných bajtů: 43 346 898 944
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 9C66919F24D7CA96285002CE47E415B5