Ufffff....
ComboFix 09-07-14.08 - Petruška 18.07.2009 14:42.3.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.767.468 [GMT 2:00]
Spuštěný z: c:\documents and settings\Petruška\Plocha\ComboFix.exe
AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\etb
c:\windows\etb\etb.ini
c:\windows\Installer\28dd7e9.msp
c:\windows\Installer\3356aa.msi
c:\windows\Installer\8e34a5.msi
c:\windows\system32\drivers\etc\lmhosts
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-18 do 2009-07-18 )))))))))))))))))))))))))))))))
.
2036-02-07 00:58 . 2036-02-07 00:58 71680 ----a-w- c:\windows\ST5UNST.EXE
2009-07-18 11:25 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-18 11:25 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-18 11:25 . 2009-07-18 11:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-17 07:52 . 2009-07-17 07:52 -------- d-----w- c:\windows\system32\wbem\Repository
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2036-02-07 00:58 . 2004-01-10 08:31 26936078 ----a-w- c:\program files\Setup_MoorhuhnKartExtra-XS-V10.exe
2009-06-27 06:18 . 2008-01-12 08:27 20654830 ------w- c:\windows\Internet Logs\tvDebug.zip
2009-06-16 14:40 . 1979-12-31 22:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 1979-12-31 22:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-08 21:00 . 2009-06-08 21:00 -------- d-----w- c:\program files\Common Files\PCSuite
2009-06-08 20:52 . 2009-06-08 20:52 -------- d-----w- c:\program files\PC Connectivity Solution
2009-06-05 19:41 . 2009-06-05 19:41 -------- d-----w- c:\program files\MSECache
2009-06-03 19:11 . 2004-07-09 17:43 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:33 . 1979-12-31 22:00 346624 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:47 . 2005-06-17 22:25 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:47 . 2004-08-17 22:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 19:52 . 1979-12-31 22:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2005-12-22 21:23 . 2004-07-05 15:24 606 ---ha-w- c:\program files\hpothb07.dat
2005-12-22 21:23 . 2004-07-05 15:24 1271 ---ha-w- c:\program files\hpothb07.tif
2004-07-05 15:30 . 2004-07-05 15:30 958 ---ha-w- c:\program files\Common Files\hpothb07.dat
2004-07-05 15:30 . 2004-07-05 15:30 1493 ---ha-w- c:\program files\Common Files\hpothb07.tif
2000-12-16 15:58 . 2004-02-01 15:00 398976 ----a-w- c:\program files\STAHUJ.EXE
2000-12-08 16:21 . 2004-02-01 14:59 420682 ----a-w- c:\program files\Postel.exe
1999-06-30 04:37 . 2004-02-01 15:00 191488 ----a-w- c:\program files\MAN_TEST.EXE
1999-04-07 18:39 . 1999-04-07 18:39 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 03:53 . 1998-12-09 03:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 03:53 . 1998-12-09 03:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 03:53 . 1998-12-09 03:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 03:53 . 1998-12-09 03:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 03:53 . 1998-12-09 03:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
2009-06-13 17:56 . 2008-08-26 13:07 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2005-10-13 19:27 . 2005-10-13 19:27 422400 --sha-r- c:\windows\x2.64.exe
2005-05-13 15:12 . 2005-05-13 15:12 217073 --sha-r- c:\windows\meta4.exe
2005-10-24 09:13 . 2005-10-24 09:13 66560 --sha-r- c:\windows\MOTA113.exe
2005-06-26 13:32 . 2005-06-26 13:32 616448 --sha-r- c:\windows\system32\cygwin1.dll
2005-06-21 20:37 . 2005-06-21 20:37 45568 --sha-r- c:\windows\system32\cygz.dll
2005-10-07 17:14 . 2005-10-07 17:14 308224 --sha-r- c:\windows\system32\avisynth.dll
2004-01-24 22:00 . 2004-01-24 22:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2004-01-24 22:00 . 2004-01-24 22:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll
2005-02-28 11:16 . 2005-02-28 11:16 240128 --sha-r- c:\windows\system32\x.264.exe
2005-07-14 10:31 . 2005-07-14 10:31 27648 --sha-r- c:\windows\system32\AVSredirect.dll
2006-04-27 08:24 . 2006-04-27 08:24 2945024 --sha-r- c:\windows\system32\Smab.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 10:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JAJC"="c:\program files\jajc\jajc.exe" [2004-06-07 5337600]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-02-27 921600]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-12-02 111928]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-07-28 49152]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Port pro program Symantec Fax Starter Edition.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Port pro program Symantec Fax Starter Edition.lnk
backup=c:\windows\pss\Port pro program Symantec Fax Starter Edition.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Windows\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Windows\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [29.8.2007 3:04 116264]
R1 CloneCD;CloneCD I/O Driver;c:\windows\system32\drivers\CloneCD.sys [20.12.2003 18:01 4840]
R3 PhTVTune;MuchTV Plus TVTuner;c:\windows\system32\drivers\PhTVTune.sys [3.12.2003 18:13 24000]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys --> c:\windows\system32\DRIVERS\CnxEtP.sys [?]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys --> c:\windows\system32\DRIVERS\CnxEtU.sys [?]
S3 CnxTgNW;Conexant AccessRunner ADSL WAN PPPoA Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNW.sys --> c:\windows\system32\DRIVERS\CnxTgNW.sys [?]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);c:\windows\system32\drivers\SE31bus.sys [5.5.2007 17:52 61600]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;c:\windows\system32\drivers\SE31mdfl.sys [5.5.2007 17:53 9360]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;c:\windows\system32\drivers\SE31mdm.sys [5.5.2007 17:53 97184]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE31mgmt.sys [5.5.2007 17:57 88688]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);c:\windows\system32\drivers\se31nd5.sys [5.5.2007 18:00 18704]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;c:\windows\system32\drivers\SE31obex.sys [5.5.2007 17:56 86560]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);c:\windows\system32\drivers\se31unic.sys [5.5.2007 17:59 90800]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-ICQ - ~c:\program files\ICQ6.5\ICQ.exe
.
------- Doplňkový sken -------
.
uStart Page =
hxxp://www.atlas.cz/?from=icqhpmStart Page =
hxxp://home.sweetim.comuInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Download with Go!Zilla -
file://c:\program files\Go!Zilla\download-with-gozilla.html
LSP: c:\windows\system32\imon.dll
DPF: {03C0000A-CF6D-4EF4-A2D6-376622318018} -
hxxp://90.178.196.192:5841/WatSearCtrl.cabFF - ProfilePath - c:\documents and settings\Petruška\Data aplikací\Mozilla\Firefox\Profiles\7wz42br1.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.sweetim.com/search.asp?src=2&q=FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage -
hxxp://www.seznam.cz/FF - prefs.js: keyword.URL -
hxxp://search.icq.com/search/afe_result ... id=afex&q=FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-07-18 14:46
Windows 5.1.2600 Service Pack 3 FAT NTAPI
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(888)
c:\windows\system32\imon.dll
.
Celkový čas: 2009-07-18 14:50
ComboFix-quarantined-files.txt 2009-07-18 12:50
Před spuštěním: Volných bajtů: 11 135 582 208
Po spuštění: Volných bajtů: 11 352 244 224
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn /bootlog
Current=4 Default=4 Failed=3 LastKnownGood=1 Sets=1,3,4,5
188 --- E O F --- 2009-07-17 08:09
