ComboFix 09-08-19.0C - Ludek 20.08.2009 16:45.1.1 - NTFSx86 Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.382.181 [GMT 2:00] Spuštěný z: c:\documents and settings\Ludek\Plocha\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ((((((((((((((((((((((((( Soubory vytvořené od 2009-07-20 do 2009-08-20 ))))))))))))))))))))))))))))))) . 2009-08-19 17:38 . 2009-08-19 17:38 -------- d-----w- c:\program files\AVG 2009-08-19 16:34 . 2009-08-19 16:34 -------- d-----w- c:\program files\CCleaner 2009-08-19 15:23 . 2009-08-19 15:23 -------- d-----w- c:\documents and settings\Ludek\DoctorWeb 2009-08-19 14:45 . 2008-04-14 03:21 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll 2009-08-19 14:45 . 2008-04-14 03:21 21504 ----a-w- c:\windows\system32\hidserv.dll 2009-08-19 14:43 . 2008-04-14 02:29 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2009-08-19 14:43 . 2008-04-14 02:29 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2009-08-15 12:47 . 2009-07-10 13:28 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-05 09:01 . 2009-08-05 09:01 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll 2009-08-01 08:14 . 2009-08-01 08:14 -------- d-----w- c:\program files\ESET 2009-07-29 13:19 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-07-29 13:19 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-07-25 18:25 . 2009-07-25 18:25 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-07-25 16:59 . 2009-07-25 16:59 -------- d-----w- c:\windows\l2schemas 2009-07-25 16:59 . 2009-07-25 16:59 -------- d-----w- c:\windows\system32\cs 2009-07-25 16:59 . 2009-07-25 16:59 -------- d-----w- c:\windows\system32\bits 2009-07-25 16:50 . 2009-07-25 17:01 -------- d-----w- c:\windows\ServicePackFiles 2009-07-23 20:36 . 2003-03-18 19:20 1060864 ----a-w- c:\windows\system32\MFC71.dll 2009-07-23 20:36 . 2009-07-23 20:36 -------- d-----w- c:\program files\Alwil Software . (((((((((((((((((((((((((((((((((((((((( Find3M výpis )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-15 17:17 . 2009-07-01 12:19 -------- d-----w- c:\program files\rajce 2009-08-05 09:01 . 2006-03-02 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-25 18:29 . 2006-03-02 12:00 46196 ----a-w- c:\windows\system32\perfc005.dat 2009-07-25 18:29 . 2006-03-02 12:00 309990 ----a-w- c:\windows\system32\perfh005.dat 2009-07-25 17:05 . 2009-06-30 21:37 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-07-25 17:05 . 2009-06-30 21:36 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin 2009-07-17 19:04 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-12 10:21 . 2006-03-02 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-04 15:59 . 2009-06-30 21:37 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin 2009-07-04 05:27 . 2009-07-04 05:20 -------- d-----w- c:\program files\Panasonic 2009-07-04 05:27 . 2009-07-01 08:22 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-04 05:26 . 2009-07-04 05:26 -------- d-----w- c:\program files\ISL 2009-07-04 05:24 . 2009-07-04 05:24 -------- d-----w- c:\program files\ArcSoft 2009-07-04 04:47 . 2009-07-04 04:41 -------- d-----w- c:\program files\Canon 2009-07-04 04:39 . 2009-07-01 08:22 -------- d-----w- c:\program files\Common Files\InstallShield 2009-07-03 16:59 . 2006-03-02 12:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-02 13:49 . 2009-07-02 13:49 -------- d-----w- c:\program files\MSXML 4.0 2009-07-01 19:48 . 2009-07-01 19:18 175768 ----a-w- c:\windows\hpoins27.dat 2009-07-01 19:41 . 2009-07-01 19:26 -------- d-----w- c:\program files\HP 2009-07-01 19:29 . 2009-07-01 19:29 -------- d-----w- c:\program files\Hewlett-Packard 2009-07-01 19:28 . 2009-07-01 19:28 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2009-07-01 19:28 . 2009-07-01 19:28 -------- d-----w- c:\program files\Common Files\HP 2009-07-01 18:57 . 2009-07-01 18:52 -------- d-----w- c:\program files\ICQ6.5 2009-07-01 18:54 . 2009-07-01 18:54 -------- d-----w- c:\program files\ICQ6Toolbar 2009-07-01 18:40 . 2009-07-01 18:40 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-07-01 18:37 . 2009-07-01 18:37 -------- d-----r- c:\program files\Skype 2009-07-01 18:37 . 2009-07-01 18:37 -------- d-----w- c:\program files\Common Files\Skype 2009-07-01 15:19 . 2009-07-01 15:18 -------- d-----w- c:\program files\Common Files\Adobe 2009-07-01 14:38 . 2009-07-01 14:38 232075 ----a-w- c:\windows\Burn4Free_Toolbar_Uninstaller_6072.exe 2009-07-01 14:38 . 2009-07-01 14:38 -------- d-----w- c:\program files\Burn4Free Toolbar 2009-07-01 14:38 . 2009-07-01 14:38 -------- d-----w- c:\program files\Burn4Free 2009-07-01 14:30 . 2009-07-01 14:30 -------- d-----w- c:\program files\7-Zip 2009-07-01 14:21 . 2009-07-01 14:17 -------- d-----w- c:\program files\The KMPlayer 2009-07-01 14:05 . 2009-07-01 14:05 -------- d-----w- c:\program files\RealVNC 2009-07-01 13:50 . 2009-07-01 13:50 -------- d-----w- c:\program files\Lavalys 2009-07-01 13:44 . 2009-07-01 13:34 -------- d-----w- c:\program files\Common Files\Ahead 2009-07-01 13:34 . 2009-07-01 13:34 -------- d-----w- c:\program files\Nero 2009-07-01 12:05 . 2009-07-01 12:04 -------- d-----w- c:\program files\QuickTime 2009-07-01 12:04 . 2009-07-01 12:04 -------- d-----w- c:\program files\Apple Software Update 2009-07-01 11:49 . 2009-07-01 11:49 -------- d-----w- c:\program files\Common Files\Canon 2009-07-01 11:31 . 2009-07-01 11:25 -------- d-----w- c:\program files\Picasa2 2009-07-01 11:15 . 2009-07-01 11:15 -------- d-----w- c:\program files\Microsoft.NET 2009-07-01 10:06 . 2009-07-01 08:56 -------- d-----w- c:\program files\Musicmatch 2009-07-01 08:54 . 2009-07-01 08:54 -------- d-----w- c:\program files\IrfanView 2009-07-01 08:49 . 2009-07-01 08:48 -------- d-----w- c:\program files\DVD Shrink 2009-07-01 08:44 . 2009-07-01 08:44 -------- d-----w- c:\program files\Codec Pack - All In 1 2009-07-01 08:44 . 2009-07-01 08:44 737280 ----a-w- c:\windows\iun6002.exe 2009-07-01 08:42 . 2009-07-01 08:42 0 ----a-w- c:\windows\nsreg.dat 2009-07-01 08:28 . 2009-07-01 08:28 -------- d-----w- c:\program files\Staccato 2009-07-01 08:28 . 2009-07-01 08:28 -------- d-----w- c:\program files\Analog Devices 2009-07-01 08:25 . 2009-07-01 08:23 -------- d-----w- c:\program files\Intel 2009-06-30 21:39 . 2009-06-30 21:39 -------- d-----w- c:\program files\microsoft frontpage 2009-06-30 21:33 . 2009-06-30 21:33 21812 ----a-w- c:\windows\system32\emptyregdb.dat 2009-06-16 14:40 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:40 . 2006-03-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 10:45 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\telnet.exe 2009-06-15 10:45 . 2006-03-02 12:00 81408 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-10 14:15 . 2006-03-02 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:21 . 2009-06-30 21:32 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:16 . 2006-03-02 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 19:11 . 2006-03-02 12:00 1293824 ----a-w- c:\windows\system32\quartz.dll . (((((((((((((((((((((((((((((((((( Spouštěcí body v registru ))))))))))))))))))))))))))))))))))))))))))))) . . *Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-05-26 24264488] "ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2001-10-12 143360] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2001-10-12 90112] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400] "Smapp"="Smtray.exe" - c:\windows\system32\SMTray.exe [2001-09-20 221696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2009-7-4 57344] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "\\\\SHARKJD-PC64\\F\\Ludek PC\\C\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"= "c:\\Program Files\\ICQ6.5\\ICQ.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6.2.2009 14:24 93336] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720] R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [1.7.2009 20:54 222456] R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?] --- Ostatní služby/ovladače v paměti --- *Deregistered* - AvgLdx86 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . . ------- Doplňkový sken ------- . uStart Page = hxxp://www.centrum.cz/skinit/icq/ IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: musicmatch.com\online FF - ProfilePath - c:\documents and settings\Ludek\Data aplikací\Mozilla\Firefox\Profiles\5kmo2edh.default\ FF - prefs.js: browser.search.selectedEngine - ICQ Search FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/ FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q= FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll ---- NASTAVENÍ FIREFOXU ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-20 16:51 Windows 5.1.2600 Service Pack 3 NTFS skenování skrytých procesů ... skenování skrytých položek 'Po spuštění' ... skenování skrytých souborů ... sken byl úspešně dokončen skryté soubory: 0 ************************************************************************** . --------------------- Knihovny navázané na běžící procesy --------------------- - - - - - - - > 'explorer.exe'(9572) c:\windows\system32\webcheck.dll . Celkový čas: 2009-08-20 16:53 ComboFix-quarantined-files.txt 2009-08-20 14:53 Před spuštěním: 7 718 236 160 Po spuštění: 8 624 652 288 WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 222 --- E O F --- 2009-08-15 19:23