ComboFix 10-07-23.02 - svm . 07. 2010 10:21:52.1.1 - x86 Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.502.272 [GMT 2:00] Spuštěný z: c:\documents and settings\svm\Plocha\ComboFix.exe AV: avast! antivirus 4.8.1368 [VPS 100724-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} * Vytvořen nový Bod Obnovení VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !! . ((((((((((((((((((((((((((((((((((((((( Ostatní výmazy ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\9d6tpg.exe C:\Autorun.inf c:\docume~1\svm\LOCALS~1\Temp\herss.exe C:\Thumbs.db c:\windows\system32\ReadMe.txt c:\windows\system32\Thumbs.db c:\windows\Temp\log.txt D:\9d6tpg.exe D:\autorun.inf . ((((((((((((((((((((((((( Soubory vytvořené od 2010-06-24 do 2010-07-24 ))))))))))))))))))))))))))))))) . 2010-07-18 22:12 . 2009-11-24 22:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-07-18 22:12 . 2009-11-24 22:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-07-18 22:12 . 2009-11-24 22:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-07-18 22:12 . 2009-11-24 22:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-07-18 22:12 . 2009-11-24 22:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-07-18 22:12 . 2009-11-24 22:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-07-18 22:12 . 2009-11-24 22:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-07-18 22:12 . 2009-11-24 22:47 97480 ----a-w- c:\windows\system32\AvastSS.scr 2010-07-18 22:11 . 2009-11-24 22:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe 2010-07-18 11:26 . 2010-07-18 11:26 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-07-17 22:46 . 2010-07-17 22:46 -------- d-----w- c:\windows\system32\LogFiles 2010-07-17 17:14 . 2010-07-17 17:14 0 ----a-w- c:\windows\nsreg.dat 2010-07-16 06:57 . 2010-07-16 06:57 -------- d-----w- c:\program files\Alwil Software . (((((((((((((((((((((((((((((((((((((((( Find3M výpis )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-24 08:00 . 2007-08-14 06:53 92982 ----a-w- c:\windows\system32\perfc005.dat 2010-07-24 08:00 . 2007-08-14 06:53 449992 ----a-w- c:\windows\system32\perfh005.dat 2010-07-24 05:40 . 2010-01-21 14:20 -------- d-----w- c:\program files\Full Tilt Poker 2010-07-24 01:57 . 2008-08-02 08:04 -------- d-----w- c:\program files\PokerStars 2010-07-19 07:55 . 2008-03-20 18:12 -------- d-----w- c:\program files\totalcmd 2010-07-16 08:05 . 2008-03-21 11:36 -------- d-----w- c:\program files\Google 2010-07-16 06:52 . 2009-05-18 13:00 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-07-13 15:11 . 2009-08-28 10:09 -------- d-----w- c:\program files\SeekService 2010-06-13 12:27 . 2010-06-13 12:27 -------- d-----w- c:\program files\Microsoft Silverlight . (((((((((((((((((((((((((((((((((( Spouštěcí body v registru ))))))))))))))))))))))))))))))))))))))))))))) . . *Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "preload"="c:\windows\RUNXMLPL.exe" [2007-04-21 20480] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945] "RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2007-02-20 61440] "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360] c:\documents and settings\x\Start Menu\Programs\Startup\ MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-10-28 576000] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [19. 7. 2010 0:12 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19. 7. 2010 0:12 20560] S3 esiasdrv;esiasdrv;\??\c:\docume~1\svm\LOCALS~1\Temp\esiasdrv.sys --> c:\docume~1\svm\LOCALS~1\Temp\esiasdrv.sys [?] . . ------- Doplňkový sken ------- . uStart Page = hxxp://cs.intl.acer.yahoo.com mStart Page = hxxp://cs.intl.acer.yahoo.com uInternet Connection Wizard,ShellNext = hxxp://cs.intl.acer.yahoo.com/ uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {02808B9A-8A78-4220-B496-C6200F793126} = 192.168.1.1 TCP: {B4751879-46E2-4A20-A952-C20E75391AD0} = 10.0.0.2 FF - ProfilePath - c:\documents and settings\svm\Data aplikací\Mozilla\Firefox\Profiles\z0x5d260.default\ FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll ---- NASTAVENÍ FIREFOXU ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk"); . - - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - - HKLM-Run-eDataSecurity Loader - c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-24 10:28 Windows 5.1.2600 Service Pack 2 NTFS skenování skrytých procesů ... skenování skrytých položek 'Po spuštění' ... skenování skrytých souborů ... sken byl úspešně dokončen skryté soubory: 0 ************************************************************************** . Celkový čas: 2010-07-24 10:30:38 ComboFix-quarantined-files.txt 2010-07-24 08:30 Před spuštěním: 3 388 645 376 Po spuštění: 3 816 775 680 - - End Of File - - ED150846BD24D5C4558D483CA33304EF