ComboFix 13-09-16.01 - Administrator 16.09.2013 23:32:09.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.510.119 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: E:\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-16 do 2013-09-16 )))))))))))))))))))))))))))))))
.
.
2013-09-15 18:15 . 2013-09-15 18:15 -------- d-----w- c:\program files\trend micro
2013-09-15 16:33 . 2013-09-15 17:29 -------- d-----w- C:\AdwCleaner
2013-09-15 15:24 . 2013-09-15 15:24 388096 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-09-15 15:24 . 2013-09-15 15:24 -------- d-----w- c:\program files\hij
2013-09-15 11:19 . 2013-09-15 11:19 -------- d---a-w- c:\windows\VDLL.DLL
2013-09-15 11:19 . 2013-09-15 11:19 -------- d---a-w- c:\windows\system32\runouce.exe
2013-09-15 11:19 . 2013-09-15 11:19 -------- d---a-w- c:\windows\RUNDL132.EXE
2013-09-15 11:19 . 2013-09-15 11:19 -------- d---a-w- c:\windows\logo_1.exe
2013-09-15 08:57 . 2013-09-15 08:57 343456 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-09-15 08:57 . 2013-09-15 08:57 572928 ----a-w- c:\windows\system32\msvcp90.dll
2013-09-15 08:57 . 2013-09-15 08:57 655872 ----a-w- c:\windows\system32\msvcr90.dll
2013-09-15 08:57 . 2013-09-15 08:57 34048 ----a-w- c:\windows\system32\eEmpty.exe
2013-09-15 08:57 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\T.COM
2013-09-15 08:57 . 2008-04-14 03:22 147968 ----a-w- c:\windows\R.COM
2013-09-15 08:57 . 2013-09-15 08:57 -------- d-----w- c:\program files\Common Files\MicroWorld
2013-09-15 08:57 . 2013-09-15 08:57 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-15 02:15 . 2013-03-08 19:59 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-15 02:15 . 2011-11-18 15:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-09 01:56 . 2004-08-17 12:49 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:09 . 2005-03-02 17:08 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 06:05 . 2004-08-17 12:49 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2004-08-17 12:49 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2004-08-17 12:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2004-08-17 12:49 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 00:02 . 2004-08-17 12:44 385024 ----a-w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2005-04-28 18:32 1289216 ----a-w- c:\windows\system32\ole32.dll
2013-08-02 23:48 . 2006-10-18 20:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-10 10:37 . 2004-08-17 12:49 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 07:34 . 2005-03-02 17:08 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 07:33 . 2005-03-02 17:08 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2006-03-20 12:37 . 2008-02-22 15:52 5689344 ----a-w- c:\program files\mplayerc.exe
2009-08-31 15:55 . 2013-07-03 09:12 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\DllCache\atapi.sys
[-] 2008-04-13 18:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-03 19603048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-03-23 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-03-23 13881448]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"Intel AppUp(R) center"="c:\program files\Intel\IntelAppStore\bin\ismagent.exe" [2013-05-17 156000]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-17 44544]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Nikon Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Nikon Monitor.lnk
backup=c:\windows\pss\Nikon Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Philips GoGear VIBE Device Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Philips GoGear VIBE Device Manager.lnk
backup=c:\windows\pss\Philips GoGear VIBE Device Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-27 18:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-10-23 13:18 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-03-12 21:43 81920 ----a-w- c:\program files\D-Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intel AppUp(R) center Systray]
2013-05-17 21:57 927968 ----a-w- c:\program files\Intel\IntelAppStore\bin\AppUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-17 06:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-17 06:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
2003-08-19 09:43 57344 ----a-w- c:\program files\Lexmark X1100 Series\lxbkbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-09-20 07:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-03-23 22:42 13881448 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-03-23 22:42 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-08-11 13:43 1519616 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-07-05 08:08 16380416 ------r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"NMIndexingService"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"MDM"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intel\\IntelAppStore\\bin\\ismagent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [8.3.2008 16:18 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [8.3.2008 16:18 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.2.2008 18:41 685816]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [21.12.2012 22:10 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7.4.2008 18:26 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7.4.2008 18:26 21256]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [14.8.2013 11:10 3291008]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3.6.2013 16:21 162408]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-06 07:54 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-08 02:15]
.
2013-09-16 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-12-21 22:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://
www.google.com/
uDefault_Search_URL = hxxp://
www.google.com
uInternet Connection Wizard,ShellNext = hxxp://
www.google.com/
uSearchAssistant = hxxp://
www.google.com
uSearchURL,(Default) = hxxp://
www.google.com
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\zz48cv4d.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://
www.seznam.cz/
FF - ExtSQL: !HIDDEN! 2011-11-20 10:17; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2013-09-16 23:49
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3064)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Celkový čas: 2013-09-16 23:56:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-09-16 21:56
ComboFix2.txt 2013-09-16 20:09
.
Před spuštěním: 4 249 161 728
Po spuštění: 4 368 203 776
.
- - End Of File - - 357413B85D88BFC696EEB1EC570C0846
413FC2A0C716421B3158746D63736515
Přispějete na provoz fóra?