ComboFix 10-07-01.02 - abc 03.07.2010 18:34:40.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1789.1326 [GMT 2:00]
Spuštěný z: c:\documents and settings\abc\Plocha\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Aryvab.exe
c:\windows\system32\sshnas21.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
-------\Service_SSHNAS
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-03 do 2010-07-03 )))))))))))))))))))))))))))))))
.
2010-07-03 12:08 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-03 12:08 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-01 20:39 . 2010-07-03 16:25 -------- d-----w- c:\program files\trend micro
2010-06-28 20:19 . 2010-06-28 20:19 -------- d-----w- c:\program files\MSXML 4.0
2010-06-19 12:16 . 2010-06-19 12:16 -------- d-----w- c:\program files\Cyberlink
2010-06-19 12:16 . 2010-06-19 12:16 -------- d-----w- c:\program files\Common Files\CyberLink
2010-06-19 09:17 . 2010-06-19 09:17 -------- d-----w- C:\DOWNLOAD
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-01 18:04 . 2010-05-30 19:01 -------- d-----w- c:\program files\kikin
2010-07-01 07:12 . 2010-01-31 17:12 -------- d-----w- c:\program files\totalcmd
2010-06-28 20:28 . 2008-04-14 12:00 79464 ----a-w- c:\windows\system32\perfc005.dat
2010-06-28 20:28 . 2008-04-14 12:00 432572 ----a-w- c:\windows\system32\perfh005.dat
2010-06-19 12:16 . 2010-01-31 16:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-19 12:12 . 2009-10-29 04:48 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-06-19 12:12 . 2009-10-29 04:48 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-06-19 12:07 . 2010-02-20 13:15 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-06-19 12:07 . 2010-02-20 13:15 -------- d-----w- c:\program files\AVS4YOU
2010-05-30 11:33 . 2010-05-30 11:33 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-05-12 08:43 . 2010-02-03 18:31 139336 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-12 08:42 . 2010-02-03 18:31 214720 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-05-12 08:34 . 2010-02-03 18:31 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-05-12 08:34 . 2010-02-03 18:31 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2010-05-04 17:18 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:18 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:18 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 08:09 . 2008-04-14 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:32 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-08-31 16:55 . 2010-02-02 17:21 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
.
------- Sigcheck -------
[-] 2008-10-17 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-12-11 1044480]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-29 1545512]
"Adobe Reader Speed Launcher"="d:\pavel\programy\adobe reader 9\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-04-02 75048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\abc\Nabˇdka Start\Programy\Po spuçtŘnˇ\
édr§ba datab ze BUILDpower.lnk - c:\program files\RTS\BUILDpower\BPStartUp.exe [2010-2-1 367616]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-2-3 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-5-12 576104]
TrekStor NDAS Device Management.lnk - c:\program files\NDAS\System\ndasmgmt.exe [2006-5-17 220160]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-08 15:33 1238352 ----a-w- d:\pavel\GameS\steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Pavel\\programy\\QIPold\\QIP\\qip.exe"=
"d:\\Pavel\\programy\\Opera\\opera.exe"=
"d:\\Pavel\\GameS\\steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Pavel\\programy\\utorrent\\uTorrent.exe"=
"d:\\Pavel\\GameS\\Garena\\Garena.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Pavel\\GameS\\steam\\steamapps\\dj_l4m4\\counter-strike\\hl.exe"=
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [28.3.2008 11:14 24064]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/06/19 14:16];d:\pavel\programy\powerdvd\PowerDVD10\NavFilter\000.fcl [2.4.2010 9:11 87536]
R2 DisplayLinkService;DisplayLink Service;c:\program files\DisplayLink Core Software\DisplayLinkService.exe [24.10.2008 13:19 443752]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [31.1.2010 18:50 228408]
R3 DisplayLinkGA;DisplayLinkGA;c:\windows\system32\drivers\DisplayLinkGAport.sys [24.10.2008 13:19 20736]
R3 DisplayLinkmirror;DisplayLinkmirror;c:\windows\system32\drivers\DisplayLinkmirrorport.sys [24.10.2008 13:19 18816]
S2 ATE_PROCMON;ATE_PROCMON;\??\d:\pavel\programy\Anti Trojan Elite\ATEPMon.sys --> d:\pavel\programy\Anti Trojan Elite\ATEPMon.sys [?]
S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\drivers\DisplayLinkUsbPort.sys [15.3.2010 9:01 20992]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\abc\LOCALS~1\Temp\YXD873.tmp --> c:\docume~1\abc\LOCALS~1\Temp\YXD873.tmp [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.2.2010 19:25 691696]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://
www.gogole.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
FF - ProfilePath - c:\documents and settings\abc\Data aplikací\Mozilla\Firefox\Profiles\3wxsbd00.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://
www.newversionchecker.com/?redr=www.easiestutils.com
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\documents and settings\abc\Data aplikací\Mozilla\Firefox\Profiles\3wxsbd00.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\components\kikin_3_0.dll
FF - component: c:\documents and settings\abc\Data aplikací\Mozilla\Firefox\Profiles\3wxsbd00.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\components\kikin_3_6.dll
FF - component: c:\program files\Mozilla Firefox\components\qippipe.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: d:\pavel\programy\adobe reader 9\Reader\browser\nppdf32.dll
FF - plugin: d:\pavel\programy\Opera\program\plugins\npdsplay.dll
FF - plugin: d:\pavel\programy\Opera\program\plugins\NPJava11.dll
FF - plugin: d:\pavel\programy\Opera\program\plugins\NPJava32.dll
FF - plugin: d:\pavel\programy\Opera\program\plugins\NPSWF32.dll
FF - plugin: d:\pavel\programy\Opera\program\plugins\npwmsdrm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-07-03 18:40
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\abc\LOCALS~1\Temp\YXD873.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\d:\pavel\programy\powerdvd\PowerDVD10\NavFilter\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1692)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2856)
c:\windows\system32\btmmhook.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\program files\DisplayLink Core Software\DisplayLinkManager.exe
c:\program files\DisplayLink Core Software\DisplayLinkUI.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NDAS\System\ndassvc.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2010-07-03 18:44:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-03 16:44
Před spuštěním: Volných bajtů: 27 598 520 320
Po spuštění: Volných bajtů: 27 480 719 360
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - 603AF725D31E6B5325C8A23FECE45B5B
Pokud nemáte, přesuňte Combofix na plochu
Což je hlavní problém který byl.
Přispějete na provoz fóra?
