log:
ComboFix 10-11-12.06 - Jakub 14.11.2010 16:22:39.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1535.1104 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jakub\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Kerio Personal Firewall *disabled* {532EFE70-19BC-4F0F-8F50-D5F15C243133}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\WinAntispyware2008
c:\program files\WinAntispyware2008\comp.dat
c:\program files\WinAntispyware2008\data\daily.cvd
c:\program files\WinAntispyware2008\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\WinAntispyware2008\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\WinAntispyware2008\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\WinAntispyware2008\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\WinAntispyware2008\mxfilerelatedcache.mxc2
c:\program files\WinAntispyware2008\pthreadVC2.dll
C:\test.txt
c:\windows\msettings.ini
c:\windows\system32\vbzlib1.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-14 do 2010-11-14 )))))))))))))))))))))))))))))))
.
2010-11-14 14:35 . 2010-11-14 14:35 -------- d-----w- C:\rsit
2010-11-14 14:35 . 2010-11-14 14:35 -------- d-----w- c:\program files\trend micro
2010-11-13 17:04 . 2010-09-08 12:59 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-11-13 13:17 . 2010-11-13 13:17 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-11-13 13:09 . 2010-09-08 12:59 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-11-13 12:34 . 2010-11-13 12:35 -------- dc-h--w- c:\documents and settings\All Users\Data aplikací\{437292BE-95BD-4B12-B699-6D217A03ACAF}
2010-11-13 12:34 . 2010-11-14 14:32 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-11-13 12:34 . 2010-11-14 12:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-13 12:34 . 2010-11-13 12:34 -------- d-----w- c:\program files\Lavasoft
2010-11-13 12:34 . 2010-11-13 13:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
2010-11-04 15:17 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-04 15:17 . 2010-11-04 15:17 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-10-20 17:53 . 2010-10-20 17:53 -------- d-----w- c:\program files\DVD Decrypter
2010-10-20 17:49 . 2010-10-20 17:49 -------- d-----w- c:\program files\DVDFab 7
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-20 17:49 . 2009-12-10 19:24 87608 ----a-w- c:\documents and settings\Jakub\Data aplikací\inst.exe
2010-10-20 17:49 . 2009-12-10 19:24 87608 ----a-w- c:\documents and settings\Jakub\Data aplikací\inst.exe
2010-10-20 17:49 . 2009-12-10 19:24 87608 ----a-w- c:\documents and settings\Jakub\Data aplikací\inst.exe
2010-10-20 17:49 . 2009-12-10 19:24 87608 ----a-w- c:\documents and settings\Jakub\Data aplikací\inst.exe
2010-10-20 17:49 . 2009-12-10 19:24 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-10-20 17:49 . 2009-12-10 19:24 47360 ----a-w- c:\documents and settings\Jakub\Data aplikací\pcouffin.sys
2010-10-20 17:49 . 2009-12-10 19:24 47360 ----a-w- c:\documents and settings\Jakub\Data aplikací\pcouffin.sys
2010-10-20 17:49 . 2009-12-10 19:24 47360 ----a-w- c:\documents and settings\Jakub\Data aplikací\pcouffin.sys
2010-10-20 17:49 . 2009-12-10 19:24 47360 ----a-w- c:\documents and settings\Jakub\Data aplikací\pcouffin.sys
2010-10-06 16:01 . 2010-10-06 16:10 42718176 ----a-w- C:\setup_av_free_cze.exe
2010-09-07 16:11 . 2008-03-20 16:50 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 15:52 . 2008-03-20 16:50 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 15:52 . 2008-04-20 13:07 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 15:47 . 2008-03-20 16:50 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 15:47 . 2008-03-20 16:50 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 15:47 . 2008-03-20 16:50 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 15:47 . 2008-04-20 13:07 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 15:46 . 2008-03-20 16:50 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-01 13:16 . 2010-09-01 13:16 483200 ----a-w- c:\windows\system32\drivers\AF15BDA.sys
2010-09-01 13:16 . 2010-09-01 13:17 28672 ----a-w- c:\windows\system32\AF15BDAEX.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]
"nwiz"="nwiz.exe" [2005-06-15 1519616]
"shutTask"="c:\program files\IR\shutTask.exe" [2010-01-05 110592]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Program Files\\Opera\\opera.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8022:TCP"= 8022:TCP:BitComet 8022 TCP
"8022:UDP"= 8022:UDP:BitComet 8022 UDP
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13.11.2010 14:09 64288]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.3.2007 19:31 717296]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.4.2008 14:07 165584]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [21.3.2005 15:39 270336]
R2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [24.4.2008 20:49 110304]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.4.2008 14:07 17744]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8.9.2010 13:59 1355928]
S3 axvbusx;axvbusx;c:\windows\system32\drivers\axvbusx.sys [27.12.2002 19:14 8384]
S3 axvscsi;axvscsi;c:\windows\system32\drivers\axvscsi.sys [27.12.2002 19:14 98560]
S3 EraserUtilDrv11010;EraserUtilDrv11010;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [27.6.2010 14:21 102448]
S3 jfdcd;jfdcd;\??\c:\docume~1\Jakub\LOCALS~1\Temp\jfdcd.sys --> c:\docume~1\Jakub\LOCALS~1\Temp\jfdcd.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8.9.2010 13:59 15008]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21.6.2007 16:21 30720]
S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [24.4.2008 20:47 544768]
.
Obsah adresáře 'Naplánované úlohy'
2010-11-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-08 12:59]
2010-11-14 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 13:23]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=15383&l=dis
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://
www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Stáhnout FlashGetem - c:\progra~1\FlashGet\jc_link.htm
IE: &Stáhnout všechno FlashGetem - c:\progra~1\FlashGet\jc_all.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
Trusted Zone: mojebanka.cz.
TCP: {D077EDB3-2191-434D-BF42-72AB1CCDABF4} = 192.168.200.4,212.24.128.8
FF - ProfilePath - c:\documents and settings\Jakub\Data aplikací\Mozilla\Firefox\Profiles\azar3836.default\
FF - component: c:\documents and settings\Jakub\Data aplikací\Mozilla\Firefox\Profiles\azar3836.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Jakub\Data aplikací\Mozilla\Firefox\Profiles\azar3836.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: d:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: d:\program files\Opera\program\plugins\npdsplay.dll
FF - plugin: d:\program files\Opera\program\plugins\NPSWF32.dll
FF - plugin: d:\program files\Opera\program\plugins\npwmsdrm.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-11-14 16:25
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1078081533-1364589140-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1078081533-1364589140-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:e8,93,48,40,a6,27,b0,80,40,13,6f,1e,14,9a,e9,3f,65,e4,dd,29,ee,
b5,c3,50,64,83,bb,ad,1b,c2,89,d8,c5,7c,bb,22,f5,cf,a4,80,74,41,59,70,aa,79,\
"rkeysecu"=hex:1a,e4,34,ae,ae,51,b1,25,bc,10,f7,0b,20,e0,d7,bd
.
Celkový čas: 2010-11-14 16:27:40
ComboFix-quarantined-files.txt 2010-11-14 15:27
Před spuštěním: 896 696 320
Po spuštění: 856 051 712
- - End Of File - - 7B4CB442F83F9390307E141C5D633AD0
Tento program a soubor znáte?c:\program files\IR\shutTask.exe
. Je tu možnost že je to něco ke klávesnici, neměnil ji bratr? Program byl nainstalovaný v květnu.