Prominte.
ComboFix 10-03-25.06 - OTA 26.03.2010 13:33:16.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.617 [GMT 1:00]
Spuštěný z: c:\documents and settings\OTA\Dokumenty\Stažené soubory\abc.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\regedit.com
c:\windows\system32\ieuinit.inf
c:\windows\system32\taskmgr.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-26 do 2010-03-26 )))))))))))))))))))))))))))))))
.
2010-03-26 07:55 . 2010-03-26 07:55 -------- d-----w- c:\program files\ESET
2010-03-26 07:02 . 2010-03-26 07:02 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-03-25 19:06 . 2010-03-25 19:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-16 09:44 . 2010-03-26 07:48 -------- dc----w- c:\windows\system32\DRVSTORE
2010-03-16 09:43 . 2010-03-26 07:49 -------- d-----w- c:\program files\Lavasoft
2010-03-10 23:45 . 2010-03-10 23:45 -------- d-----w- c:\documents and settings\OTA\.netbeans-derby
2010-03-10 22:24 . 2010-03-26 06:23 -------- d-----w- c:\documents and settings\OTA\.netbeans
2010-03-10 22:24 . 2010-03-10 22:24 -------- d-----w- c:\documents and settings\OTA\.netbeans-registration
2010-03-10 22:01 . 2010-03-26 06:24 -------- d-----w- c:\program files\NetBeans 6.8
2010-03-10 22:00 . 2010-03-26 06:25 -------- d-----w- c:\documents and settings\OTA\.nbi
2010-03-10 21:59 . 2010-03-10 21:59 -------- d-----w- c:\program files\Sun
2010-03-10 21:56 . 2010-03-10 21:58 -------- d-----w- c:\program files\Java
2010-03-09 09:13 . 2010-03-09 09:13 95872 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-03-09 09:13 . 2010-03-09 09:13 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-03-09 09:11 . 2010-03-09 09:11 139192 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-03-03 18:56 . 2010-03-03 18:56 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-02 18:54 . 2004-08-17 14:49 18944 ----a-w- c:\windows\system32\wbem\wbemprox(5).dll
2010-03-02 18:53 . 2004-08-17 14:49 98816 ----a-w- c:\windows\system32\winscard(5).dll
2010-03-02 13:18 . 2004-08-03 22:08 26624 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-03-02 13:12 . 2010-03-02 13:12 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-03-01 10:49 . 1998-11-13 11:58 307200 ----a-w- c:\windows\IsUn0405.exe
2010-03-01 10:46 . 2010-03-01 10:46 -------- d-----w- c:\program files\VIA Technologies, Inc
2010-03-01 10:46 . 2003-10-03 15:28 45056 ----a-w- c:\windows\system32\vusetup.dll
2010-03-01 10:46 . 2003-08-04 14:29 6912 ----a-w- c:\windows\system32\drivers\vulfnth.sys
2010-03-01 10:46 . 2003-08-04 14:29 11392 ----a-w- c:\windows\system32\drivers\vulfntr.sys
2010-03-01 10:46 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-03-01 10:36 . 2004-08-17 14:44 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys
2010-03-01 10:29 . 2010-03-01 10:29 -------- d-----w- C:\Ibmtools
2010-02-25 19:01 . 2008-07-29 06:04 545 ----a-w- c:\windows\UC.PIF
2010-02-25 19:01 . 2008-07-29 06:04 545 ----a-w- c:\windows\RAR.PIF
2010-02-25 19:01 . 2008-07-29 06:04 545 ----a-w- c:\windows\PKZIP.PIF
2010-02-25 19:01 . 2008-07-29 06:04 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-02-25 19:01 . 2008-07-29 06:04 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-02-25 19:01 . 2008-07-29 06:04 545 ----a-w- c:\windows\LHA.PIF
2010-02-25 19:01 . 2008-07-29 06:04 545 ----a-w- c:\windows\ARJ.PIF
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-26 06:19 . 2009-11-26 14:49 -------- d-----w- c:\program files\Seznam.cz
2010-03-10 21:58 . 2008-12-12 16:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-03 18:21 . 2008-03-30 07:32 1606 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-03-02 19:26 . 2007-03-03 20:59 80007 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-03-02 19:26 . 2007-03-03 20:59 2410 ----a-w- c:\windows\PCHealth\HelpCtr\PackageStore\SkuStore.bin
2010-03-01 14:14 . 2007-03-03 21:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-01 10:51 . 2007-03-03 21:12 120 ----a-w- C:\nvdata.dat
2010-01-30 13:07 . 2008-01-12 17:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-19 17:53 . 2009-08-19 17:53 4523520 ----a-w- c:\program files\WDSync_v7_1_020.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-18 5562368]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-09 2140880]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lavasoft ad-aware service]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"NvMediaCenter"=RUNDLL32.EXE c:\windows\System32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\System32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"SW20"=c:\windows\System32\sw20.exe
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.3.2010 10:13 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9.3.2010 10:13 95872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9.3.2010 10:13 810120]
S3 rsusbstor;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys --> c:\windows\system32\Drivers\RtsUStor.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
2009-12-18 c:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-21 16:54]
.
.
------- Doplňkový sken -------
.
uStart Page =
hxxp://www.seznam.cz/TCP: {92FB3F5C-CE57-4B9A-B586-77DB58A438BD} = 192.168.1.1
DPF: DirectAnimation Java Classes -
file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\OTA\Data aplikací\Mozilla\Firefox\Profiles\z9j23i4a.default\
FF - prefs.js: browser.startup.homepage -
www.seznam.czFF - plugin: d:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: d:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-03-26 13:41
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(136)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-03-26 13:44:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-26 12:44
Před spuštěním: 8 181 108 736
Po spuštění: 8 169 517 056
- - End Of File - - B29684237217ED0EF8083B1C71C7948D
