ComboFix 10-02-09.04 - Administrator 11.02.2010 14:51:20.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1659 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100121-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
FILE ::
"c:\docume~1\ADMINI~1\LOCALS~1\Temp\DMSKSSRh.sys"
"c:\windows\system32\C3.tmp"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DMSKSSRH
-------\Legacy_memsweep2
-------\Service_dmskssrh
-------\Service_memsweep2
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-11 do 2010-02-11 )))))))))))))))))))))))))))))))
.
2010-02-11 12:49 . 2010-02-11 12:49 -------- d-----w- c:\program files\trend micro
2010-02-11 12:49 . 2010-02-11 12:49 -------- d-----w- C:\rsit
2010-02-11 09:32 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-11 09:32 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-11 09:32 . 2010-02-11 09:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-10 13:49 . 2009-07-15 18:38 -------- d-----w- c:\program files\ICQ6.5
2010-01-21 15:17 . 2009-04-04 07:03 -------- d-----w- c:\program files\Crawler
2010-01-09 17:47 . 2006-10-18 11:21 -------- d-----w- c:\program files\Spyware Terminator
2010-01-06 17:46 . 2010-01-06 17:46 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-03 18:58 . 2009-12-27 13:58 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-12-27 19:18 . 2009-07-03 12:10 -------- d-----w- c:\program files\Nokia
2009-12-27 19:17 . 2009-12-05 21:01 -------- d-----w- c:\program files\Common Files\Nokia
2009-12-27 18:37 . 2007-11-11 20:13 -------- d---a-w- c:\program files\Ancestry1.0.18b
2009-12-22 23:59 . 2009-12-22 23:59 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-24 23:54 . 2008-11-15 08:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-11-15 08:55 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-11-15 08:55 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-11-15 08:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-11-15 08:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-11-15 08:55 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-11-15 08:55 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-11-15 08:55 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-11-15 08:55 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-23 16:19 . 2008-02-01 11:13 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-11-23 16:19 . 2008-02-01 11:13 109080 ----a-w- c:\windows\system32\OpenAL32.dll
.
------- Sigcheck -------
[-] 2007-01-13 . 27A5959C94EE173A063CA06BD14F021A . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\TCPIP.SYS
[-] 2007-01-13 . 27A5959C94EE173A063CA06BD14F021A . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\TCPIP.SYS
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2001-10-25 . E7774698BB0D14B0710A9A31E209F9B6 . 327168 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2006-11-07 972432]
"OEXPRESS"="c:\windows\OETRN.EXE" [2007-06-05 26624]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]
"UIWatcher"="c:\program files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe" [2007-11-06 1741184]
"Steam"="c:\hry\steam\steam.exe" [2009-10-24 1217808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 90112]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-08-16 1783808]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"nwiz"="nwiz.exe" [2007-04-19 1626112]
"C-Media Mixer"="Mixer.exe" [2002-03-04 1454080]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"VX1000"="c:\windows\vVX1000.exe" [2006-12-05 707360]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-01-13 275800]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\backburner\\server.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Hry\\Steam\\steamapps\\common\\dawn of war 2\\DOW2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Hry\\SEGA\\Medieval II Total War\\medieval2.exe"=
"c:\\Hry\\Xfire\\Xfire.exe"=
"c:\\Hry\\Techland\\Call of Juarez\\CoJ.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Hry\\LucasArts\\Star Wars JK II Jedi Outcast\\GameData\\jk2mp.exe"=
"c:\\Hry\\Dragon Age Origins Character Creator\\bin_ship\\DAOCharacterCreator.exe"=
"c:\\Hry\\Dragon Age Origins Character Creator\\DAOriginsLauncher.exe"=
"c:\\Hry\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Hry\\Pazaak Cantina\\PazaakCantina.exe"=
"c:\\Hry\\Metin2_CZ\\metin2client.bin"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10293:TCP"= 10293:TCP:BitComet 10293 TCP
"10293:UDP"= 10293:UDP:BitComet 10293 UDP
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.11.2006 17:09 682232]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15.11.2008 9:55 114768]
R1 prodrv04;Star Force copy protection driver v4;c:\windows\system32\drivers\prodrv04.sys [22.10.2006 21:17 114496]
R1 savrkboottasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [14.9.2009 21:40 18816]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [24.6.2007 20:31 141312]
R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [18.2.2007 17:50 120320]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [19.2.2007 17:26 78848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15.11.2008 9:55 20560]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12.8.2009 21:08 133104]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
2010-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-12 20:08]
2010-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-12 20:08]
.
.
------- Doplňkový sken -------
.
uSearch Page = hxxp://
www.google.com
uStart Page = hxxp://zpravy.idnes.cz/
uSearch Bar = hxxp://
www.google.com/ie
mDefault_Search_URL = hxxp://
www.google.com/ie
uSearchAssistant = hxxp://
www.google.com/ie
uSearchURL,(Default) = hxxp://
www.google.com/search?q=%s
mSearchAssistant = hxxp://
www.google.com/ie
IE: Crawler Search - tbr:iemenu
IE: download all links using bitcomet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: download all videos using bitcomet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: download link using &bitcomet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: google sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\atncm4cd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-02-11 15:04
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys sfsync04.sys >>UNKNOWN [0x89B9F1E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bfc3
\Driver\ACPI -> ACPI.sys @ 0xf74aecb8
\Driver\atapi -> prosync1.sys @ 0xf798f661
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7b3bbc3
PacketIndicateHandler -> NDIS.sys @ 0xf7b29a0b
SendHandler -> NDIS.sys @ 0xf7b3db31
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1060284298-1767777339-839522115-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1060284298-1767777339-839522115-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:cf,68,83,1c,d2,2f,19,25,9d,8b,e1,34,00,7d,58,11,67,da,9c,ad,99,32,94,
6c,eb,95,a2,e3,96,9e,03,51,2a,4b,3d,b6,b5,93,42,8f,53,b0,4e,cb,6e,c5,dd,83,\
"??"=hex:4e,5b,94,3c,fd,7c,e9,4e,cd,39,69,eb,e3,76,76,ba
[HKEY_USERS\S-1-5-21-1060284298-1767777339-839522115-500\Software\SecuROM\license information*]
"datasecu"=hex:55,df,7b,26,cc,54,cf,fc,a8,bd,1c,88,8c,0a,48,04,b0,5d,97,56,ea,
1e,c5,c1,ad,56,56,33,1a,d5,91,45,ba,eb,bb,fe,01,a1,20,dd,20,e2,af,d8,b9,dc,\
"rkeysecu"=hex:4a,13,4c,d1,e3,39,43,f0,b9,65,ff,42,72,6d,8a,f9
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(1148)
c:\windows\TrnOEH.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\SOUNDMAN.EXE
c:\windows\Mixer.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\HP\hpcoretech\comp\hptskmgr.exe
.
**************************************************************************
.
Celkový čas: 2010-02-11 15:14:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-11 14:14
ComboFix2.txt 2010-02-10 14:07
Před spuštěním: Volných bajtů: 33 922 154 496
Po spuštění: Volných bajtů: 33 891 811 328
- - End Of File - - E4699E8C4735FDA7CCF6EC09998DD208
V PC žádná viditelné změna.
Pokud nemáte, přesuňte Combofix na plochu
Přispějete na provoz fóra?