Nejde spustit internet explrer WINXP
Napsal: 01 črc 2012 09:43
Dobry den, nejde mi spustit internet expl. 8, PROSIM, pomohl by nekdo??? velmi dekuji
-ComboFix 12-06-30.01 - Brave 01.07.2012 10:06:30.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.495.212 [GMT 2:00]
Spuštěný z: c:\documents and settings\Brave\Dokumenty\Sta×enÚ soubory\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Brave\AutoRun.exe
c:\documents and settings\Brave\AUTORUN.INF
c:\documents and settings\Brave\ppk.exe
c:\documents and settings\Brave\WINDOWS
c:\windows\IsUn0405.exe
c:\windows\IsUn0407.exe
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000013_.tmp.dll
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-01 do 2012-07-01 )))))))))))))))))))))))))))))))
.
.
2012-06-30 16:06 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-06-30 16:04 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-06-30 16:01 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-06-30 15:59 . 2012-06-30 16:03 -------- dc-h--w- c:\windows\ie8
2012-06-30 15:59 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-06-30 15:58 . 2012-05-02 13:46 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-06-30 15:41 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-06-30 15:41 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-06-30 15:41 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-06-30 15:40 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-06-30 10:59 . 2012-05-11 14:44 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-30 10:59 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-06-30 10:58 . 2012-05-11 14:44 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-06-30 10:58 . 2012-05-11 14:44 629760 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-06-30 10:58 . 2012-05-11 14:44 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-06-30 10:58 . 2012-05-11 14:44 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-06-30 10:58 . 2012-05-11 14:44 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-06-30 10:58 . 2012-05-11 14:44 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-06-30 10:58 . 2012-05-11 18:14 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-06-29 14:23 . 2012-06-29 14:23 -------- d-----w- c:\windows\l2schemas
2012-06-29 14:23 . 2012-06-29 14:23 -------- d-----w- c:\windows\system32\cs
2012-06-19 01:19 . 2011-02-17 13:18 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2012-06-19 01:04 . 2012-06-19 01:04 -------- d-----w- C:\393fe0541361dc08ce85
2012-06-19 01:02 . 2008-04-14 03:22 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-06-19 01:02 . 2009-01-07 16:20 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2012-06-19 00:51 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-06-19 00:51 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-06-19 00:51 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-06-19 00:49 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2012-06-19 00:49 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2012-06-19 00:43 . 2008-04-14 03:22 208896 -c----w- c:\windows\system32\dllcache\unregmp2.exe
2012-06-19 00:42 . 2009-07-31 09:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2012-06-19 00:41 . 2008-04-14 03:21 6656 -c----w- c:\windows\system32\dllcache\laprxy.dll
2012-06-19 00:40 . 2008-04-14 03:23 695808 -c----w- c:\windows\system32\dllcache\drmv2clt.dll
2012-06-19 00:20 . 2012-06-19 00:20 -------- d-----w- c:\program files\IKEA HomePlanner
2012-06-19 00:20 . 2012-06-19 00:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-06-19 00:20 . 2012-06-19 00:20 -------- d-----w- c:\program files\Pět kouzelných amuletů
2012-06-19 00:19 . 2001-12-31 23:35 -------- d-----w- c:\program files\Medvěd Míša Ostrovy pokladů
2012-06-19 00:19 . 2012-06-19 00:19 -------- d-----w- C:\Snowboard Assassins
2012-06-19 00:19 . 2012-06-19 00:19 -------- d-----w- c:\program files\Defender
2012-06-19 00:19 . 2012-06-19 00:19 -------- d-----w- c:\program files\Abandon 2
2012-06-19 00:19 . 2012-06-19 00:19 -------- d-----w- c:\program files\Buka
2012-06-19 00:19 . 2012-06-19 00:19 -------- d-----w- c:\program files\Ice Wars
2012-06-19 00:19 . 2012-06-19 00:19 -------- d-----w- C:\phenomedia
2012-06-19 00:19 . 2012-06-19 00:19 -------- d-----w- c:\program files\Chaos Core Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-01 08:21 . 2001-12-31 22:01 1409 ----a-w- c:\windows\QTFont.for
2012-06-02 13:19 . 2002-11-10 23:04 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2002-11-10 23:04 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2004-09-01 17:49 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2004-09-01 17:49 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2004-09-01 17:49 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2005-05-26 02:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2004-09-01 17:49 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2003-11-20 13:37 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2002-11-10 23:04 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2002-11-10 23:04 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2002-09-23 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2004-09-01 17:49 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2003-11-20 13:37 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2003-11-21 17:28 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2006-06-23 11:27 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:55 . 2002-09-23 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:44 . 2009-03-08 02:34 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 14:44 . 2002-09-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 11:38 . 2004-08-17 22:44 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 03:14 . 2002-09-23 12:00 2194816 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2002-09-20 17:12 2071296 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2003-11-20 13:37 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
[-] 2002-09-23 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[-] 2002-08-29 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
.
[7] 2008-04-14 . AF6A4BCDE2343E8562D3003A1740CC96 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[7] 2008-04-14 . AF6A4BCDE2343E8562D3003A1740CC96 . 4096 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\ksuser.dll
[-] 2004-08-17 . FC727882241CD48E243868DD8401AB60 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
[-] 2004-08-17 . FC727882241CD48E243868DD8401AB60 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ksuser.dll
[-] 2002-12-11 23:14 . 15914E0BF4DDA56CF797993DCCB637D1 . 4096 . . [5.3.0000000.900 built by: DIRECTX] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ksuser.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"AGRSMMSG"="AGRSMMSG.exe" [2002-09-25 87751]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2003-07-31 1208380]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2001-12-31 77824]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Brave\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 1.1.0.lnk - c:\program files\OpenOffice.org1.1.0\program\quickstart.exe [2003-10-6 61532]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2003-11-22 106496]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12.1.2002 4:11 135664]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12.1.2002 4:11 135664]
S3 ZD1201U;ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB);c:\windows\system32\drivers\ZD1201U.sys [1.1.2002 1:59 38656]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2002-01-12 02:11]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2002-01-12 02:11]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = proxy.hptronic.lan:8000
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 212.96.161.6 212.96.160.7
TCP: Interfaces\{AD0DF3AF-C8C8-45BB-92B9-9D516E26C65E}: NameServer = 195.128.203.2,195.128.203.3
Handler: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - c:\program files\CentrumczToolbar\IEToolbar.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Brave\Data aplikací\Mozilla\Firefox\Profiles\4vyvc6iy.default\
FF - prefs.js: browser.search.selectedEngine - Centrum.cz Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.centrum.cz/index.php?toolbar=centrum-1.0.0&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Lišta Centrum.cz Toolbar em:version=1.203.023.002 em:displayname=Lišta Centrum.cz Toolbar em:iconURL=chrome://cetrumczp/skin/logo.ico em:creator=iGeared LLC em:description=Lišta Centrum.cz Toolbar em:homepageURL=http://www.igeared.com >: Cetrumcz@igeared - c:\program files\CentrumczToolbar\Firefox\Cetrumcz@igeared
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKCU-Run-YAW starten - c:\program files\YAW 3.5\yawguard.exe
HKLM-Run-Tray Temperature - c:\windows\MiniBug\MiniBug.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
HKLM-Run-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0405.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-01 10:21
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2012-07-01 10:25:13
ComboFix-quarantined-files.txt 2012-07-01 08:25
.
Před spuštěním: Volných bajtů: 93 258 207 232
Po spuštění: Volných bajtů: 93 539 389 440
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - E
-ComboFix 12-06-30.01 - Brave 01.07.2012 10:06:30.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.495.212 [GMT 2:00]
Spuštěný z: c:\documents and settings\Brave\Dokumenty\Sta×enÚ soubory\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Brave\AutoRun.exe
c:\documents and settings\Brave\AUTORUN.INF
c:\documents and settings\Brave\ppk.exe
c:\documents and settings\Brave\WINDOWS
c:\windows\IsUn0405.exe
c:\windows\IsUn0407.exe
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000013_.tmp.dll
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-01 do 2012-07-01 )))))))))))))))))))))))))))))))
.
.
2012-06-30 16:06 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-06-30 16:04 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-06-30 16:01 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-06-30 15:59 . 2012-06-30 16:03 -------- dc-h--w- c:\windows\ie8
2012-06-30 15:59 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-06-30 15:58 . 2012-05-02 13:46 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-06-30 15:41 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-06-30 15:41 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-06-30 15:41 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-06-30 15:40 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-06-30 10:59 . 2012-05-11 14:44 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-30 10:59 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-06-30 10:58 . 2012-05-11 14:44 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-06-30 10:58 . 2012-05-11 14:44 629760 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-06-30 10:58 . 2012-05-11 14:44 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-06-30 10:58 . 2012-05-11 14:44 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-06-30 10:58 . 2012-05-11 14:44 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-06-30 10:58 . 2012-05-11 14:44 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-06-30 10:58 . 2012-05-11 18:14 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-06-29 14:23 . 2012-06-29 14:23 -------- d-----w- c:\windows\l2schemas
2012-06-29 14:23 . 2012-06-29 14:23 -------- d-----w- c:\windows\system32\cs
2012-06-19 01:19 . 2011-02-17 13:18 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2012-06-19 01:04 . 2012-06-19 01:04 -------- d-----w- C:\393fe0541361dc08ce85
2012-06-19 01:02 . 2008-04-14 03:22 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-06-19 01:02 . 2009-01-07 16:20 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2012-06-19 00:51 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-06-19 00:51 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-06-19 00:51 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-06-19 00:49 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2012-06-19 00:49 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2012-06-19 00:43 . 2008-04-14 03:22 208896 -c----w- c:\windows\system32\dllcache\unregmp2.exe
2012-06-19 00:42 . 2009-07-31 09:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2012-06-19 00:41 . 2008-04-14 03:21 6656 -c----w- c:\windows\system32\dllcache\laprxy.dll
2012-06-19 00:40 . 2008-04-14 03:23 695808 -c----w- c:\windows\system32\dllcache\drmv2clt.dll
2012-06-19 00:20 . 2012-06-19 00:20 -------- d-----w- c:\program files\IKEA HomePlanner
2012-06-19 00:20 . 2012-06-19 00:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-06-19 00:20 . 2012-06-19 00:20 -------- d-----w- c:\program files\Pět kouzelných amuletů
2012-06-19 00:19 . 2001-12-31 23:35 -------- d-----w- c:\program files\Medvěd Míša Ostrovy pokladů
2012-06-19 00:19 . 2012-06-19 00:19 -------- d-----w- C:\Snowboard Assassins
2012-06-19 00:19 . 2012-06-19 00:19 -------- d-----w- c:\program files\Defender
2012-06-19 00:19 . 2012-06-19 00:19 -------- d-----w- c:\program files\Abandon 2
2012-06-19 00:19 . 2012-06-19 00:19 -------- d-----w- c:\program files\Buka
2012-06-19 00:19 . 2012-06-19 00:19 -------- d-----w- c:\program files\Ice Wars
2012-06-19 00:19 . 2012-06-19 00:19 -------- d-----w- C:\phenomedia
2012-06-19 00:19 . 2012-06-19 00:19 -------- d-----w- c:\program files\Chaos Core Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-01 08:21 . 2001-12-31 22:01 1409 ----a-w- c:\windows\QTFont.for
2012-06-02 13:19 . 2002-11-10 23:04 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2002-11-10 23:04 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2004-09-01 17:49 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2004-09-01 17:49 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2004-09-01 17:49 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2005-05-26 02:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2004-09-01 17:49 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2003-11-20 13:37 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2002-11-10 23:04 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2002-11-10 23:04 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2002-09-23 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2004-09-01 17:49 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2003-11-20 13:37 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2003-11-21 17:28 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2006-06-23 11:27 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:55 . 2002-09-23 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:44 . 2009-03-08 02:34 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 14:44 . 2002-09-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 11:38 . 2004-08-17 22:44 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 03:14 . 2002-09-23 12:00 2194816 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2002-09-20 17:12 2071296 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2003-11-20 13:37 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
[-] 2002-09-23 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[-] 2002-08-29 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
.
[7] 2008-04-14 . AF6A4BCDE2343E8562D3003A1740CC96 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[7] 2008-04-14 . AF6A4BCDE2343E8562D3003A1740CC96 . 4096 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\ksuser.dll
[-] 2004-08-17 . FC727882241CD48E243868DD8401AB60 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
[-] 2004-08-17 . FC727882241CD48E243868DD8401AB60 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ksuser.dll
[-] 2002-12-11 23:14 . 15914E0BF4DDA56CF797993DCCB637D1 . 4096 . . [5.3.0000000.900 built by: DIRECTX] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ksuser.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"AGRSMMSG"="AGRSMMSG.exe" [2002-09-25 87751]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2003-07-31 1208380]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2001-12-31 77824]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Brave\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 1.1.0.lnk - c:\program files\OpenOffice.org1.1.0\program\quickstart.exe [2003-10-6 61532]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2003-11-22 106496]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12.1.2002 4:11 135664]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12.1.2002 4:11 135664]
S3 ZD1201U;ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB);c:\windows\system32\drivers\ZD1201U.sys [1.1.2002 1:59 38656]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2002-01-12 02:11]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2002-01-12 02:11]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = proxy.hptronic.lan:8000
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 212.96.161.6 212.96.160.7
TCP: Interfaces\{AD0DF3AF-C8C8-45BB-92B9-9D516E26C65E}: NameServer = 195.128.203.2,195.128.203.3
Handler: centrumcztoolbar - {61A97628-7C82-4315-957A-C74C2CDD85DF} - c:\program files\CentrumczToolbar\IEToolbar.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Brave\Data aplikací\Mozilla\Firefox\Profiles\4vyvc6iy.default\
FF - prefs.js: browser.search.selectedEngine - Centrum.cz Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.centrum.cz/index.php?toolbar=centrum-1.0.0&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Lišta Centrum.cz Toolbar em:version=1.203.023.002 em:displayname=Lišta Centrum.cz Toolbar em:iconURL=chrome://cetrumczp/skin/logo.ico em:creator=iGeared LLC em:description=Lišta Centrum.cz Toolbar em:homepageURL=http://www.igeared.com >: Cetrumcz@igeared - c:\program files\CentrumczToolbar\Firefox\Cetrumcz@igeared
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKCU-Run-YAW starten - c:\program files\YAW 3.5\yawguard.exe
HKLM-Run-Tray Temperature - c:\windows\MiniBug\MiniBug.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
HKLM-Run-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0405.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-01 10:21
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2012-07-01 10:25:13
ComboFix-quarantined-files.txt 2012-07-01 08:25
.
Před spuštěním: Volných bajtů: 93 258 207 232
Po spuštění: Volných bajtů: 93 539 389 440
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - E