Kód: Vybrat vše
ComboFix 10-01-21.08 - Administrator 22.01.2010 22:51:48.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.635 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\ntcheck3232jewm.dll
c:\windows\regedit.com
c:\windows\system32\nt32200jewm.dll
c:\windows\system32\SIntf16.dll
c:\windows\system32\taskmgr.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-22 do 2010-01-22 )))))))))))))))))))))))))))))))
.
2010-01-22 21:25 . 2010-01-22 21:25 -------- d-----w- c:\program files\trend micro
2010-01-22 21:25 . 2010-01-22 21:25 -------- d-----w- C:\rsit
2010-01-22 19:19 . 2010-01-22 19:19 -------- d---a-w- c:\windows\rundll16.exe
2010-01-22 19:19 . 2010-01-22 19:19 -------- d---a-w- c:\windows\logo1_.exe
2010-01-22 15:11 . 2010-01-22 15:11 -------- d---a-w- c:\windows\VDLL.DLL
2010-01-22 15:11 . 2010-01-22 15:11 -------- d---a-w- c:\windows\system32\runouce.exe
2010-01-22 15:11 . 2010-01-22 15:11 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-01-22 15:11 . 2010-01-22 15:11 -------- d---a-w- c:\windows\logo_1.exe
2010-01-21 18:21 . 2010-01-21 18:21 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-01-21 18:21 . 2010-01-21 18:21 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-01-21 18:21 . 2010-01-21 18:21 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-01-21 18:21 . 2008-04-14 06:52 137216 ----a-w- c:\windows\system32\T.COM
2010-01-21 18:21 . 2008-04-14 06:52 147968 ----a-w- c:\windows\R.COM
2010-01-21 18:21 . 2010-01-22 19:17 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-01-21 17:47 . 2010-01-21 17:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-21 17:41 . 2010-01-21 17:41 -------- d-----w- c:\program files\FileHippo.com
2010-01-12 18:02 . 2010-01-22 20:16 -------- d-----w- c:\program files\JME_WM
2010-01-04 14:57 . 2010-01-04 14:57 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-01-04 14:57 . 2010-01-04 14:57 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-01-04 14:57 . 2010-01-04 14:57 171552 ----a-w- c:\windows\system32\guard32.dll
2010-01-04 14:57 . 2010-01-04 14:57 133064 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-01-04 14:57 . 2010-01-04 14:57 -------- d-----w- c:\program files\COMODO
2009-12-30 20:14 . 2009-12-30 20:15 -------- d-----w- c:\windows\Globalization
2009-12-30 06:30 . 2009-12-30 06:33 -------- d-----w- c:\program files\MOBILedit!
2009-12-29 06:36 . 2009-12-29 06:36 -------- d-----w- c:\program files\Garmin
2009-12-29 06:33 . 2009-12-29 06:36 -------- d-----w- C:\Garmin
2009-12-26 09:34 . 2009-12-26 09:34 10454 ----a-w- c:\windows\system32\drivers\parldr2k.sys
2009-12-26 08:37 . 2009-12-26 08:37 -------- d-----w- c:\program files\MSXML 6.0
2009-12-25 15:36 . 2006-08-29 14:56 32377 ----a-w- c:\windows\system32\drivers\prodigy.sys
2009-12-25 15:36 . 2009-12-26 09:22 -------- d-----w- c:\program files\NSS
2009-12-25 14:34 . 2009-12-25 14:34 -------- d-----w- c:\documents and settings\All Users\Data aplikacĂ
2009-12-25 14:20 . 2009-10-06 10:56 136704 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2009-12-25 14:20 . 2009-10-06 10:56 8320 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2009-12-25 14:20 . 2009-10-06 10:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-12-25 14:20 . 2009-10-06 10:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-12-25 14:20 . 2009-10-06 10:52 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-12-25 14:20 . 2009-10-06 10:55 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-12-25 14:20 . 2009-10-06 10:52 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-12-25 14:20 . 2009-10-06 10:52 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-12-25 14:00 . 2009-12-25 14:00 -------- d-----w- c:\program files\Common Files\PCSuite
2009-12-25 14:00 . 2009-12-30 20:14 -------- d-----w- c:\program files\Common Files\Nokia
2009-12-25 13:53 . 2008-04-13 23:15 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2009-12-25 13:53 . 2008-04-13 23:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-12-25 13:53 . 2008-03-21 12:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-22 21:48 . 2001-10-25 12:00 87312 ----a-w- c:\windows\system32\perfc005.dat
2010-01-22 21:48 . 2001-10-25 12:00 449238 ----a-w- c:\windows\system32\perfh005.dat
2010-01-20 19:24 . 2009-11-28 15:54 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-03 09:56 . 2009-02-24 17:42 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-01-02 10:51 . 2009-02-24 17:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-30 20:14 . 2009-02-24 18:47 -------- d-----w- c:\program files\Nokia
2009-12-29 06:36 . 2009-02-24 18:48 -------- d-----w- c:\program files\DIFX
2009-12-26 19:38 . 2009-02-24 17:29 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-25 15:30 . 2009-12-25 15:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-12-25 14:20 . 2009-04-20 14:16 -------- d-----w- c:\program files\PC Connectivity Solution
2009-12-25 13:54 . 2009-12-25 13:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-12-25 13:54 . 2009-12-25 13:54 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-12-25 13:53 . 2009-12-25 13:53 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-12-25 13:53 . 2009-12-25 13:53 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-12-21 19:08 . 2008-04-14 06:52 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 10:47 . 2009-03-14 20:58 162816 ----a-w- c:\windows\system32\fmod.dll
2009-12-12 20:38 . 2009-10-25 20:07 -------- d-----w- c:\program files\Softick
2009-12-02 16:52 . 2009-02-24 18:09 -------- d-----w- c:\program files\CDBurnerXP
2009-11-21 16:03 . 2008-04-14 06:51 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-08 10:38 . 2009-11-08 10:38 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-07 13:43 . 2009-11-07 13:43 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-11-07 13:03 . 2009-11-07 12:14 33977 ----a-w- c:\windows\DIIUnin.dat
2009-11-07 12:52 . 2009-11-07 12:52 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2009-11-07 12:52 . 2009-11-07 12:52 17212 ----a-w- c:\windows\system32\SIntf32.dll
2009-11-07 12:14 . 2009-11-07 12:14 94208 ----a-w- c:\windows\DIIUnin.exe
2009-11-07 12:14 . 2009-11-07 12:14 2829 ----a-w- c:\windows\DIIUnin.pif
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-04 1800464]
c:\documents and settings\Rodina\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Skype - telefon.lnk - d:\programy\Skype\skype-start.exe [2008-1-27 211407]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-09-29 21:13 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"
"<NO NAME>"=
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"BigDogPath326VMSnap"=c:\windows\VMSnap26.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"NVRaidService"=c:\windows\system32\nvraidservice.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"SweetIM"=c:\program files\SweetIM\Messenger\SweetIM.exe
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" -systray -startup
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\ICQ6\\ICQ6.5\\ICQ.exe"=
"d:\\Programy\\Opera\\opera.exe"=
"g:\\Programy\\Skype\\Phone\\Skype.exe"=
"d:\\Programy\\Skype-S\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"g:\\Data\\Hry\\Diablo II\\D2Loader-1.12.exe"=
"g:\\Programy\\uTorrentPortable\\App\\utorrent\\utorrent.exe"=
"g:\\Programy\\Opera10usb\\OperaUSB.exe"=
"g:\\Programy\\Opera10usb\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Programy\\Skype\\Phone\\Skype.exe"=
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [4.1.2010 15:57 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [4.1.2010 15:57 25160]
R2 PARLDR2K;ParLdr2k;c:\windows\system32\drivers\parldr2k.sys [26.12.2009 10:34 10454]
R3 usbvm328;A4 TECH USB2.0 PC Camera G;c:\windows\system32\drivers\vmcam326av.sys [26.2.2009 20:57 104960]
R3 vvftav326_a4;VC0326 Camera Filter Service A4 TECH;c:\windows\system32\drivers\vvftav326.sys [26.2.2009 20:57 480128]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 gupdate1c9aa2bf5c373b4;Služba Google Update (gupdate1c9aa2bf5c373b4);c:\program files\Google\Update\GoogleUpdate.exe [21.3.2009 14:50 133104]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27.8.2009 16:05 92008]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [25.12.2009 15:20 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [25.12.2009 15:20 8320]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [25.12.2009 16:36 32377]
S3 usb2vcom;Nokia CA-42 USB;c:\windows\system32\drivers\usb2vcom.sys [24.2.2009 19:59 22760]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-21 04:36]
2010-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 13:50]
2010-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 13:50]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - d:\programy\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - d:\progra~1\MSOFFI~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
---- NASTAVENÍ FIREFOXU ----
d:\programy\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-22 22:55
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose, ZwOpenFile
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1606980848-1960408961-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,71,3b,9d,ac,1a,3f,48,a3,d2,3d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,71,3b,9d,ac,1a,3f,48,a3,d2,3d,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-01-22 22:58:10
ComboFix-quarantined-files.txt 2010-01-22 21:58
Před spuštěním: 8 080 957 440
Po spuštění: 8 109 277 184
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 7A265EF5E66DF399A93ADD1245B4E05C