ComboFix 10-01-04.01 - Owner 06.01.2010 18:36:04.2.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3322.2800 [GMT 1:00]
Spuštěný z: c:\documents and settings\Owner\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ICQ6.5\ICQLRun.exe
c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\program files\Security Central
c:\program files\Security Central\Security Central.exe
c:\windows\cookies.ini
c:\windows\system32\_004524_.tmp.dll
c:\windows\system32\_004525_.tmp.dll
c:\windows\system32\_004526_.tmp.dll
c:\windows\system32\_004527_.tmp.dll
c:\windows\system32\_004534_.tmp.dll
c:\windows\system32\_004535_.tmp.dll
c:\windows\system32\_004536_.tmp.dll
c:\windows\system32\_004537_.tmp.dll
c:\windows\system32\_004539_.tmp.dll
c:\windows\system32\_004540_.tmp.dll
c:\windows\system32\_004543_.tmp.dll
c:\windows\system32\_004544_.tmp.dll
c:\windows\system32\_004546_.tmp.dll
c:\windows\system32\_004547_.tmp.dll
c:\windows\system32\_004548_.tmp.dll
c:\windows\system32\_004550_.tmp.dll
c:\windows\system32\_004553_.tmp.dll
c:\windows\system32\_004554_.tmp.dll
c:\windows\system32\_004558_.tmp.dll
c:\windows\system32\_004559_.tmp.dll
c:\windows\system32\_004561_.tmp.dll
c:\windows\system32\_004564_.tmp.dll
c:\windows\system32\_004566_.tmp.dll
c:\windows\system32\_004567_.tmp.dll
c:\windows\system32\_004568_.tmp.dll
c:\windows\system32\_004569_.tmp.dll
c:\windows\system32\_004570_.tmp.dll
c:\windows\system32\_004573_.tmp.dll
c:\windows\system32\_004574_.tmp.dll
c:\windows\system32\_004575_.tmp.dll
c:\windows\system32\_004576_.tmp.dll
c:\windows\system32\_004577_.tmp.dll
c:\windows\system32\_004582_.tmp.dll
c:\windows\system32\_004796_.tmp.dll
c:\windows\system32\_004797_.tmp.dll
c:\windows\system32\_004798_.tmp.dll
c:\windows\system32\_004799_.tmp.dll
c:\windows\system32\_004806_.tmp.dll
c:\windows\system32\_004807_.tmp.dll
c:\windows\system32\_004808_.tmp.dll
c:\windows\system32\_004810_.tmp.dll
c:\windows\system32\_004811_.tmp.dll
c:\windows\system32\_004814_.tmp.dll
c:\windows\system32\_004815_.tmp.dll
c:\windows\system32\_004817_.tmp.dll
c:\windows\system32\_004818_.tmp.dll
c:\windows\system32\_004819_.tmp.dll
c:\windows\system32\_004821_.tmp.dll
c:\windows\system32\_004824_.tmp.dll
c:\windows\system32\_004825_.tmp.dll
c:\windows\system32\_004829_.tmp.dll
c:\windows\system32\_004830_.tmp.dll
c:\windows\system32\_004832_.tmp.dll
c:\windows\system32\_004835_.tmp.dll
c:\windows\system32\_004837_.tmp.dll
c:\windows\system32\_004838_.tmp.dll
c:\windows\system32\_004839_.tmp.dll
c:\windows\system32\_004840_.tmp.dll
c:\windows\system32\_004843_.tmp.dll
c:\windows\system32\_004844_.tmp.dll
c:\windows\system32\_004845_.tmp.dll
c:\windows\system32\_004846_.tmp.dll
c:\windows\system32\_004847_.tmp.dll
c:\windows\system32\_004852_.tmp.dll
c:\windows\system32\_005523_.tmp.dll
c:\windows\system32\_005524_.tmp.dll
c:\windows\system32\_005525_.tmp.dll
c:\windows\system32\_005526_.tmp.dll
c:\windows\system32\_005533_.tmp.dll
c:\windows\system32\_005534_.tmp.dll
c:\windows\system32\_005535_.tmp.dll
c:\windows\system32\_005537_.tmp.dll
c:\windows\system32\_005538_.tmp.dll
c:\windows\system32\_005541_.tmp.dll
c:\windows\system32\_005542_.tmp.dll
c:\windows\system32\_005544_.tmp.dll
c:\windows\system32\_005545_.tmp.dll
c:\windows\system32\_005546_.tmp.dll
c:\windows\system32\_005548_.tmp.dll
c:\windows\system32\_005551_.tmp.dll
c:\windows\system32\_005552_.tmp.dll
c:\windows\system32\_005556_.tmp.dll
c:\windows\system32\_005557_.tmp.dll
c:\windows\system32\_005559_.tmp.dll
c:\windows\system32\_005562_.tmp.dll
c:\windows\system32\_005564_.tmp.dll
c:\windows\system32\_005565_.tmp.dll
c:\windows\system32\_005566_.tmp.dll
c:\windows\system32\_005567_.tmp.dll
c:\windows\system32\_005570_.tmp.dll
c:\windows\system32\_005571_.tmp.dll
c:\windows\system32\_005572_.tmp.dll
c:\windows\system32\_005573_.tmp.dll
c:\windows\system32\_005574_.tmp.dll
c:\windows\system32\_005579_.tmp.dll
c:\windows\system32\0019.DLL
c:\windows\system32\ccqfrpxe.ini
c:\windows\system32\ldamjrkj.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\rtbntvrg.ini
c:\windows\system32\sgarlnuc.ini
c:\windows\system32\uxbddfii.ini
c:\windows\system32\uxbddfii.ini2
c:\windows\system32\WORK.DAT
c:\windows\system32\yayXQKDV.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-06 do 2010-01-06 )))))))))))))))))))))))))))))))
.
2010-01-06 17:24 . 2010-01-06 17:24 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-06 16:02 . 2010-01-06 16:02 -------- d-sh--w- c:\documents and settings\honza\IETldCache
2010-01-06 15:21 . 2010-01-06 15:21 0 ---ha-w- c:\windows\system32\wupd.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 17:38 . 2009-07-19 18:43 -------- d-----w- c:\program files\ICQ6.5
2010-01-06 17:38 . 2009-04-28 21:22 -------- d-----w- c:\program files\pdfforge Toolbar
2010-01-06 17:04 . 2008-10-18 11:43 8560 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-10 10:27 . 2006-03-02 12:00 78052 ----a-w- c:\windows\system32\perfc005.dat
2009-12-10 10:27 . 2006-03-02 12:00 429024 ----a-w- c:\windows\system32\perfh005.dat
2009-12-01 20:44 . 2009-09-08 13:32 -------- d-----w- c:\program files\Microsoft Games
2009-11-13 16:28 . 2009-11-13 16:28 -------- d-----w- c:\program files\Common Files\STORMWARE Shared
2009-11-13 16:28 . 2009-11-13 16:28 -------- d-----w- c:\program files\STORMWARE
2009-11-11 11:14 . 2009-11-11 11:14 -------- d-----w- c:\program files\Opera
2009-11-11 10:25 . 2009-05-09 13:12 -------- d-----w- c:\program files\rajce
2009-10-29 07:43 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2006-03-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2006-03-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-03-02 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2006-03-02 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2006-03-02 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2006-03-02 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-03-19 1267040]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-01-30 13:12 650752 ----a-w- c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll" [2009-01-30 650752]
[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2008-06-20 2887680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SigmatelSysTrayApp"="sttray.exe" [2007-09-26 303104]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2008-07-11 90112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-28 185872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-01-30 992256]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-10 406016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-15 07:20 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\docume~1\ALLUSE~1\DATAAP~1\SPYWAR~1\sp_rsdel.exe \??\c:\docume~1\ALLUSE~1\DATAAP~1\SPYWAR~1\sp_rsdel.dat\0lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II Trial\\EMPIRES2.EXE"=
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [30.5.2008 21:56 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [30.5.2008 21:56 108552]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\drivers\wfcxacap.sys [6.3.2008 15:14 9856]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [4.7.2008 8:33 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4.7.2008 8:33 297752]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [19.7.2009 19:51 222968]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [6.3.2008 15:14 31744]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [6.3.2008 15:14 167040]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [6.3.2008 15:14 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [6.3.2008 15:14 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [6.3.2008 15:14 10496]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys --> c:\windows\system32\DRIVERS\CnxEtP.sys [?]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys --> c:\windows\system32\DRIVERS\CnxEtU.sys [?]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNP.sys --> c:\windows\system32\DRIVERS\CnxTgNP.sys [?]
S3 CnxTgNW;Conexant AccessRunner ADSL WAN PPPoA Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNW.sys --> c:\windows\system32\DRIVERS\CnxTgNW.sys [?]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://
www.seznam.cz/
uDefault_Search_URL = hxxp://
www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://
www.google.com/ie
uSearchURL,(Default) = hxxp://
www.google.com/search?q=%s
IE: &Search -
http://edits.mywebsearch.com/toolbaredi ... p=ZUfox000
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Data aplikací\Mozilla\Firefox\Profiles\74az6lo4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://
www.google.com
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\
search@searchsettings.com\components\SearchSettingsFF.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{057DD898-4AA5-4417-86B8-E839CA8022EF} - c:\windows\system32\iifddbxu.dll
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
HKCU-Run-WeatherClock - c:\program files\Weather Clock\WeatherClock.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-Security Central - c:\program files\Security Central\Security Central.exe
Notify-yayXQKDV - yayXQKDV.dll
AddRemove-Chcete být milionářem_is1 - c:\program files\Chcete být milionářem\unins000.exe
AddRemove-Flashpoint - c:\program files\Codemasters\UnInstall.exe
AddRemove-Pepovy šachy_is1 - c:\program files\Pepovy šachy\unins000.exe
AddRemove-PhotoImage Digital 2.1 (build 1.0, zkušební verze) - c:\program files\PhotoImage Digital\DeIsL2.isu
AddRemove-Weather Clock_is1 - c:\program files\Weather Clock\unins000.exe
AddRemove-Čtyřka 3.30_is1 - c:\program files\Ctyrka\unins001.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-01-06 18:42
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(6984)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\sttray.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
c:\windows\system32\STacSV.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Celkový čas: 2010-01-06 18:49:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-06 17:49
Před spuštěním: Volných bajtů: 429 568 856 064
Po spuštění: Volných bajtů: 428 201 480 192
- - End Of File - - B545641D46BF78A1845D8AAC29E6E5D9