PCTuning fórum

Zdravím,
Mám problém s rootkity. Používám Win XP HE SP3 a antivirový program AVG 8.5. Pokaždé, když AVG dokončí test celého počítače, je nalezen 1 skrytý ovladač, vždy v adresáři:
C:\Windows\System32\Drivers
A pokaždé má jiný název (ale vždy má příponu .SYS). Vždycky ho smažu, ale pokaždé je při dalším testu nalezen další. Zatím jsem nezaregistroval nějaké problémy s PC, ale rád bych se škodlivého software konečně zbavil. Problém se objevil po výměně grafické karty.

Mimochodem, mám pocit, že už jsem tu dřívě psal pod jiným nickem, když jsem se ptal na barevné pruhy při načítání Windows (ano, problém byl v dosluhující grafické kartě), ale nemohl jsem se teď pod tamtím nickem přihlásit, tak jsem se zaregistroval znova. Vidím, že jsou tu samí IT odborníci, jistě s rootkity budete mít zkušenosti. Tak doufám, že existuje i jiná možnost než reinstall Windowsu.

A čo Spybot? Alebo Ad Aware od Lavasoftu? Skús použiť niektorý najlepšie oba...

Tady je výsledek kontroly Spybot S&D.

Mám tu chybu opravit?

můžeš, ale to neřeší tvůj problém. pustil bych na to ComboFix, pak se uvidí

doplňující otázka: Daemon či Alcohol 120% máš?? nebo podobný soft)

dál: můžeš sem dát info přímo z AVG-čka o výsledku testu? Případně, pokud máš placené nebo trial (ne free) verzi, tak prosím napiš k nám na techsupport, koukneme na to

Daemon Tools mám (ale spouštím ho pouze když si chci namountovat image CD/DVD, jinak je deaktivovaný).

AVG 8.5 mám placenou verzi.

Vyzkouším ten ComboFix.

Zkusil jsem ComboFix, problém přetrvává. Zde je log z ComboFixu:

ComboFix 09-08-10.06 - User 15.08.2009 0:14:23.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.633 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\User\Plocha\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\SpeedBit Video Downloader\Toolbar\tbhelper.dll


.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-14 do 2009-08-14 )))))))))))))))))))))))))))))))
.

2009-07-31 20:30:41 . 2009-07-31 20:35:28 0 d-----w- C:\Program Files\Spybot - Search & Destroy
2009-07-27 11:31:32 . 2002-08-29 17:33:56 319488 ----a-r- C:\WINDOWS\system32\MafiaSetup.exe
2009-07-17 10:21:52 . 2009-07-17 10:21:52 0 d-----w- C:\WINDOWS\system32\wbem\Repository
2009-07-17 09:53:53 . 2009-07-17 09:53:53 0 d-----w- C:\Program Files\Microsoft Games for Windows - LIVE
2009-07-15 22:58:53 . 2009-07-15 22:59:05 0 d-----w- C:\Program Files\Autoruns

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-05 09:01:14 . 2008-04-14 12:00:00 205312 ----a-w- C:\WINDOWS\system32\mswebdvd.dll
2009-07-31 09:02:28 . 2009-03-25 15:42:42 11952 ----a-w- C:\WINDOWS\system32\avgrsstx.dll
2009-07-31 09:02:28 . 2009-03-25 15:42:39 335240 ----a-w- C:\WINDOWS\system32\drivers\avgldx86.sys
2009-07-31 09:02:28 . 2009-03-25 15:42:38 27784 ----a-w- C:\WINDOWS\system32\drivers\avgmfx86.sys
2009-07-30 13:31:19 . 2009-05-23 23:11:06 0 d-----w- C:\Program Files\Seznam.cz
2009-07-24 18:30:14 . 2009-03-25 14:14:34 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-07-17 19:04:02 . 2008-04-14 12:00:00 58880 ----a-w- C:\WINDOWS\system32\atl.dll
2009-07-17 10:21:31 . 2009-03-26 18:24:07 0 d-----w- C:\Program Files\ICQ6.5
2009-07-13 21:43:24 . 2008-04-14 12:00:00 286208 ----a-w- C:\WINDOWS\system32\wmpdxm.dll
2009-07-12 20:06:29 . 2009-07-12 20:06:29 0 d-----w- C:\Program Files\Centauri
2009-07-11 17:38:22 . 2009-07-11 17:38:22 0 d-----w- C:\Program Files\Argente Software
2009-07-08 22:56:30 . 2009-07-08 22:56:30 0 d-----w- C:\Program Files\Common Files\xing shared
2009-07-08 22:56:23 . 2009-03-26 15:33:33 0 d-----w- C:\Program Files\Common Files\Real
2009-07-08 22:56:07 . 2009-03-26 15:33:37 499712 ----a-w- C:\WINDOWS\system32\msvcp71.dll
2009-07-08 22:56:07 . 2009-03-26 15:33:37 348160 ----a-w- C:\WINDOWS\system32\msvcr71.dll
2009-07-08 21:33:21 . 2009-04-19 15:55:59 0 d-----w- C:\Program Files\SpeedBit Video Accelerator
2009-07-08 21:32:27 . 2009-04-19 15:51:18 0 d-----w- C:\Program Files\DAP
2009-07-03 19:49:41 . 2009-03-30 15:12:06 0 d-----w- C:\Program Files\CCleaner
2009-07-03 16:59:42 . 2008-04-14 12:00:00 915456 ----a-w- C:\WINDOWS\system32\wininet.dll
2009-07-01 12:26:01 . 2009-03-25 19:00:50 0 d-----w- C:\Program Files\Pandora Recovery
2009-06-30 20:22:31 . 2009-06-30 20:22:31 0 d-----w- C:\Program Files\SystemRequirementsLab
2009-06-25 17:06:21 . 2009-06-25 17:06:21 0 d-----r- C:\Program Files\EVEREST Ultimate Edition
2009-06-25 08:27:37 . 2008-04-14 12:00:00 729088 ----a-w- C:\WINDOWS\system32\lsasrv.dll
2009-06-25 08:27:37 . 2008-04-14 12:00:00 56832 ----a-w- C:\WINDOWS\system32\secur32.dll
2009-06-25 08:27:37 . 2008-04-14 12:00:00 54272 ----a-w- C:\WINDOWS\system32\wdigest.dll
2009-06-25 08:27:37 . 2008-04-14 12:00:00 301568 ----a-w- C:\WINDOWS\system32\kerberos.dll
2009-06-25 08:27:37 . 2008-04-14 12:00:00 147456 ----a-w- C:\WINDOWS\system32\schannel.dll
2009-06-25 08:27:37 . 2008-04-14 12:00:00 136192 ----a-w- C:\WINDOWS\system32\msv1_0.dll
2009-06-24 18:04:50 . 2009-06-24 15:14:47 0 d-----w- C:\Program Files\DAEMON Tools Lite
2009-06-24 15:14:50 . 2009-06-24 15:14:50 0 d-----w- C:\Program Files\DAEMON Tools Toolbar
2009-06-24 12:22:47 . 2009-06-24 12:22:07 0 d-----w- C:\Program Files\CyberLink
2009-06-24 12:22:38 . 2009-06-24 12:22:38 0 d-----w- C:\Program Files\Common Files\CyberLink
2009-06-24 12:21:13 . 2009-06-24 12:21:47 29480 ----a-w- C:\WINDOWS\system32\msxml3a.dll
2009-06-24 11:18:41 . 2008-04-14 12:00:00 92928 ----a-w- C:\WINDOWS\system32\drivers\ksecdd.sys
2009-06-24 10:41:15 . 2009-03-27 15:10:50 721904 ----a-w- C:\WINDOWS\system32\drivers\sptd.sys
2009-06-17 15:12:14 . 2009-04-19 15:29:36 138464 ----a-w- C:\WINDOWS\system32\drivers\PnkBstrK.sys
2009-06-17 15:12:07 . 2009-04-19 15:29:14 111928 ----a-w- C:\WINDOWS\system32\PnkBstrB.exe
2009-06-16 14:40:17 . 2008-04-14 12:00:00 81920 ----a-w- C:\WINDOWS\system32\fontsub.dll
2009-06-16 14:40:17 . 2008-04-14 12:00:00 119808 ----a-w- C:\WINDOWS\system32\t2embed.dll
2009-06-15 10:45:30 . 2008-04-14 12:00:00 78336 ----a-w- C:\WINDOWS\system32\telnet.exe
2009-06-10 16:33:00 . 2009-06-10 16:33:00 1580550 ----a-w- C:\WINDOWS\system32\nvdata.bin
2009-06-10 16:33:00 . 2009-06-10 16:33:00 1310720 ----a-w- C:\WINDOWS\system32\nvcuvenc.dll
2009-06-10 16:33:00 . 2009-03-25 16:24:30 457248 ----a-w- C:\WINDOWS\system32\nvudisp.exe
2009-06-10 16:33:00 . 2009-03-25 12:21:07 8087712 ----a-w- C:\WINDOWS\system32\drivers\nv4_mini.sys
2009-06-10 16:33:00 . 2009-03-25 12:21:07 5908608 ----a-w- C:\WINDOWS\system32\nv4_disp.dll
2009-06-10 16:33:00 . 2009-02-18 13:44:00 9998336 ----a-w- C:\WINDOWS\system32\nvoglnt.dll
2009-06-10 16:33:00 . 2009-02-18 13:44:00 815104 ----a-w- C:\WINDOWS\system32\nvapi.dll
2009-06-10 16:33:00 . 2009-02-18 13:44:00 671744 ----a-w- C:\WINDOWS\system32\nvcuvid.dll
2009-06-10 16:33:00 . 2009-02-18 13:44:00 1720320 ----a-w- C:\WINDOWS\system32\nvcuda.dll
2009-06-10 16:33:00 . 2009-02-18 13:44:00 151552 ----a-w- C:\WINDOWS\system32\nvcodins.dll
2009-06-10 16:33:00 . 2009-02-18 13:44:00 151552 ----a-w- C:\WINDOWS\system32\nvcod.dll
2009-06-10 14:15:22 . 2008-04-14 12:00:00 84992 ----a-w- C:\WINDOWS\system32\avifil32.dll
2009-06-10 07:21:56 . 2009-03-25 13:40:44 2066432 ----a-w- C:\WINDOWS\system32\mstscax.dll
2009-06-10 06:28:58 . 2009-06-10 06:28:58 3510272 ----a-w- C:\WINDOWS\system32\nvgames.dll
2009-06-10 06:28:56 . 2009-06-10 06:28:56 5890048 ----a-w- C:\WINDOWS\system32\nvdispsr.dll
2009-06-10 06:28:52 . 2009-06-10 06:28:52 4022272 ----a-w- C:\WINDOWS\system32\nvdisps.dll
2009-06-10 06:28:50 . 2009-06-10 06:28:50 86016 ----a-w- C:\WINDOWS\system32\nvmctray.dll
2009-06-10 06:28:50 . 2009-06-10 06:28:50 168004 ----a-w- C:\WINDOWS\system32\nvsvc32.exe
2009-06-10 06:28:50 . 2009-06-10 06:28:50 143360 ----a-w- C:\WINDOWS\system32\nvcolor.exe
2009-06-10 06:28:50 . 2009-06-10 06:28:50 13758464 ----a-w- C:\WINDOWS\system32\nvcpl.dll
2009-06-10 06:28:48 . 2009-06-10 06:28:48 229376 ----a-w- C:\WINDOWS\system32\nvmccs.dll
2009-06-10 06:16:20 . 2008-04-14 12:00:00 132096 ----a-w- C:\WINDOWS\system32\wkssvc.dll
2009-06-04 14:39:54 . 2009-03-25 16:19:37 457248 ----a-w- C:\WINDOWS\system32\NVUNINST.EXE
2009-06-03 19:11:22 . 2008-04-14 12:00:00 1293824 ----a-w- C:\WINDOWS\system32\quartz.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-15 11:59:16 333192 ----a-w- C:\Program Files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-10-15 11:59:16 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-10-15 11:59:16 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 12:32:12 94208]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2009-04-19 15:51:20 2811392]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 14:07:20 2260480]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-25 20:18:44 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2009-08-13 10:46:59 2007832]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 05:55:14 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 05:52:00 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 05:55:58 118784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2009-03-25 19:00:16 77824]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40:44 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 16:10:28 35696]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 15:15:22 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 15:15:20 81920]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2007-03-30 16:44:20 262144]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-18 13:12:12 843776]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2009-06-10 06:28:50 13758464]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2009-06-10 06:28:50 86016]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2009-07-08 22:56:03 198160]
"RTHDCPL"="RTHDCPL.EXE" - C:\WINDOWS\RTHDCPL.exe [2006-07-21 08:56:38 16261632]
"SkyTel"="SkyTel.EXE" - C:\WINDOWS\SkyTel.exe [2006-05-16 10:04:26 2879488]
"nwiz"="nwiz.exe" - C:\WINDOWS\system32\nwiz.exe [2009-06-10 06:29:34 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 12:00:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 09:02:28 11952 ----a-w- C:\WINDOWS\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VSS"=3 (0x3)
"VideoAcceleratorService"=2 (0x2)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"TapiSrv"=3 (0x3)
"SwPrv"=3 (0x3)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"RichVideo"=2 (0x2)
"PnkBstrA"=2 (0x2)
"KodakCCS"=3 (0x3)
"ICQ Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\ICQ6.5\\ICQ.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"D:\\Program Files\\Ubisoft\\Tom Clancy's EndWar\\Binaries\\EndWar.exe"=
"D:\\Program Files\\Ubisoft\\Tom Clancy's EndWar\\Tom Clancy's EndWar Launcher.exe"=
"D:\\Program Files\\Ubisoft\\Tom Clancy's H.A.W.X\\HAWX.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"D:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\sdc-100rc10\\StrongDC.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1:UDP"= 1:UDP:uTorrent port
"1:TCP"= 1:TCP:uTorrent port
"51277:TCP"= 51277:TCP:port
"51277:UDP"= 51277:UDP:port

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\drivers\avgrkx86.sys [25.3.2009 17:42:42 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\drivers\avgldx86.sys [25.3.2009 17:42:39 335240]
R1 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\drivers\avgtdix.sys [25.3.2009 17:42:42 108552]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/06/24 14:22:47];C:\Program Files\CyberLink\PowerDVD9\000.fcl [7.5.2009 21:05:22 87536]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [26.3.2009 13:56:30 908056]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [26.3.2009 13:56:32 297752]
S2 gupdate1c9ad875981354;Služba Google Update (gupdate1c9ad875981354);C:\Program Files\Google\Update\GoogleUpdate.exe [25.3.2009 22:19:37 133104]
S4 ICQ Service;ICQ Service;C:\Program Files\ICQ6Toolbar\ICQ Service.exe [26.3.2009 20:25:15 222456]
S4 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm --> C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-07-30 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-25 20:19:37 . 2009-03-25 20:19:31]

2009-07-30 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-25 20:19:37 . 2009-03-25 20:19:31]

2009-07-31 C:\WINDOWS\Tasks\User_Feed_Synchronization-{90EB3983-263A-482C-978C-18FCA5B801CF}.job
- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 17:36:40 . 2009-03-08 03:31:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
IE: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
IE: E&xportovat do aplikace Microsoft Office Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/s ... ab_nvd.cab
FF - ProfilePath - C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\gq49jdtf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - component: C:\Program Files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: C:\Program Files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-15 00:19:24
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(704)
C:\WINDOWS\system32\igfxdev.dll

- - - - - - - > 'winlogon.exe'(2596)
C:\WINDOWS\system32\igfxdev.dll
.
Celkový čas: 2009-08-14 0:21:15
ComboFix-quarantined-files.txt 2009-08-14 22:21:13

Před spuštěním: Volných bajtů: 26 583 154 688
Po spuštění: Volných bajtů: 27 014 750 208

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

292 --- E O F --- 2009-08-13 10:49:14