Dle Avastu: win32 injected-BA (PUP), projeto Combofixem...
Napsal: 23 lis 2011 19:56
...prosím o kontrolu logu. Nevím jestli to má souvislost, ale mám dojem, že se postupně omezuje připojení k netu, již funguje pouze IE ze 3 prohlížečů, strong se nepřipojí apod.. Nedávno jsem ale rozšiřoval oddíl C: disku přes partition magic (formát E:) tak možná to souvisí spíš s tím..? No moc nevím co s tím. 
Díky
ComboFix 11-11-23.01 - dan 23.11.2011 19:08:46.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1214.544 [GMT 1:00]
Spuštěný z: c:\documents and settings\dan\Plocha\STAŽENÉ SOUBORY\Likvidatorhaveti.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\dan\WINDOWS
c:\windows\CSC\d6
c:\windows\IsUn0405.exe
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\CF14435.exe
c:\windows\system32\embedded
c:\windows\system32\embedded\CompiledCode.bin
c:\windows\system32\embedded\License.txt
c:\windows\system32\embedded\WizardImage.bmp
c:\windows\system32\embedded\WizardSmallImage.bmp
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-23 do 2011-11-23 )))))))))))))))))))))))))))))))
.
.
2011-11-22 18:51 . 2011-11-22 18:51 -------- d-----w- c:\documents and settings\dan\Local Settings\Data aplikací\VS Revo Group
2011-11-22 18:51 . 2009-12-30 11:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-11-22 18:50 . 2011-11-22 18:50 -------- d-----w- c:\program files\VS Revo Group
2011-11-22 17:49 . 2011-11-22 17:49 -------- d-----w- c:\program files\Smoky City Design
2011-11-22 17:47 . 2011-11-22 17:47 -------- d-----w- c:\program files\ACD Systems
2011-11-22 17:18 . 2011-11-22 17:35 -------- d-----w- c:\program files\VLC
2011-11-21 20:41 . 2011-11-21 20:55 -------- d-----w- c:\documents and settings\dan\Local Settings\Data aplikací\Facebook
2011-11-15 20:04 . 2011-11-15 20:04 -------- dc----w- C:\Nová složka
2011-11-15 19:54 . 2011-11-15 19:54 -------- dc----we C:\Nové místo
2011-11-15 19:46 . 2011-11-15 19:47 -------- dc----w- c:\documents and settings\Administrator
2011-11-15 18:43 . 2011-11-15 18:43 -------- dc----w- c:\documents and settings\All Users\Data aplikací\deletepart
2011-11-15 18:42 . 2011-11-15 18:42 -------- dc----w- c:\documents and settings\All Users\Data aplikací\redistpart
2011-11-15 18:42 . 2011-11-15 18:42 -------- dc----w- c:\documents and settings\All Users\Data aplikací\explauncher
2011-11-15 18:42 . 2011-11-15 18:42 -------- dc----w- c:\documents and settings\All Users\Data aplikací\launcher
2011-11-15 18:36 . 2010-05-18 10:25 40560 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2011-11-01 19:20 . 2011-11-18 20:39 -------- dc----w- c:\documents and settings\dan\Rossmann Foto-Shop
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 09:41 . 2008-07-29 17:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-10-25 14:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-10-25 14:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-12 18:57 . 2011-06-11 06:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12 . 2002-09-20 18:03 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 20:45 . 2010-11-14 17:15 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2008-07-17 14:47 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-09-12 17:28 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-09-06 20:38 . 2011-06-15 13:46 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2008-07-17 14:47 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:37 . 2011-09-12 17:28 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-09-06 20:36 . 2008-07-17 14:48 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2008-07-17 14:48 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2008-07-17 14:47 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2008-07-17 14:47 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2008-07-17 14:47 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2008-07-17 14:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 14:10 . 2002-09-20 17:41 1858944 ------w- c:\windows\system32\win32k.sys
2011-11-05 07:07 . 2011-11-21 20:59 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-24 1916928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTrayp"="VTtrayp.exe" [2005-10-31 163840]
"C-Media Echo Control"="c:\program files\PCI Audio Applications\Bin\EchoCtrl.exe" [2001-12-05 147456]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-01-26 694008]
"VTTimer"="VTTimer.exe" [2005-03-07 53248]
"C-Media Mixer"="Mixer.exe" [2002-03-04 1454080]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-16 91432]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\dan\Nabídka Start\Programy\Po spuštění\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\dan\Nabídka Start\Programy\Po spuštění\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\dan\Nabídka Start\Programy\Po spuštění\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
.
c:\documents and settings\dan\Nabídka Start\Programy\Po spuštění\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="e:\program files\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [8.11.2010 19:04 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [8.11.2010 19:04 5248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [15.6.2011 14:46 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17.7.2008 15:47 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.7.2008 15:47 20568]
R2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [22.10.2007 17:21 9728]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [18.4.2009 10:50 14976]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [9.3.2011 11:07 238592]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [9.3.2011 11:18 1060864]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [9.3.2011 11:16 484352]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [12.9.2011 18:28 111320]
S2 AutoPower;Auto Power-on;c:\program files\Auto Power-on\AutoPower.exe [14.11.2008 0:33 544768]
S2 avast! Firewall;avast! Firewall;"c:\program files\Alwil Software\Avast5\afwServ.exe" --> c:\program files\Alwil Software\Avast5\afwServ.exe [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [14.3.2011 22:27 23456]
S3 gtcdcmdm;GTRAN USB CDC Driver (PID 3196);c:\windows\system32\DRIVERS\gtusbmdm_gpc6400.sys --> c:\windows\system32\DRIVERS\gtusbmdm_gpc6400.sys [?]
S3 ipw_bus;IPWireless;c:\windows\system32\drivers\ipw_bus.sys [22.10.2007 17:21 58320]
S3 ipw_mdfl;Wireless Broadband Modem Filter;c:\windows\system32\drivers\ipw_mdfl.sys [22.10.2007 17:21 8272]
S3 ipw_mdm;Wireless Broadband Modem (WDM);c:\windows\system32\drivers\ipw_mdm.sys [22.10.2007 17:21 95440]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PORTTALK.SYS [14.11.2008 0:32 3567]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [22.11.2011 19:51 27064]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [31.10.2008 15:17 23600]
S3 Vsp;Vsp;c:\windows\system32\drivers\vsp.sys [20.7.2008 18:27 3351]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [4.10.2011 20:19 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xport to Microsoft Excel - e:\progra~1\office\Office12\EXCEL.EXE/3000
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
Trusted Zone: csob.cz\ib24
TCP: DhcpNameServer = 10.109.255.34 10.109.255.254
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\dan\Data aplikací\Mozilla\Firefox\Profiles\xwor2bk8.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-CTFMON - (no file)
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-VIA Audio Driver Setup Program - c:\program files\VIA Technologies
AddRemove-Winamp Detect - e:\program files\Winamp Detect\UninstWaDetect.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-23 19:27
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\e:\program files\POWER DVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1085031214-1417001333-839522115-1003\Software\Zepter Software\RegLib*84ab797b\AnyDVD/1]
"1"=dword:4741f246
"2"=dword:47558dde
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\ACPI\PNP0F13\3&13c0b0c5&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
Celkový čas: 2011-11-23 19:34:34
ComboFix-quarantined-files.txt 2011-11-23 18:34
.
Před spuštěním: Volných bajtů: 69 772 685 312
Po spuštění: Volných bajtů: 69 836 591 104
.
- - End Of File - - 9D65A4A8DEDA7C6348EF02B13050A000
Díky
ComboFix 11-11-23.01 - dan 23.11.2011 19:08:46.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1214.544 [GMT 1:00]
Spuštěný z: c:\documents and settings\dan\Plocha\STAŽENÉ SOUBORY\Likvidatorhaveti.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\dan\WINDOWS
c:\windows\CSC\d6
c:\windows\IsUn0405.exe
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\CF14435.exe
c:\windows\system32\embedded
c:\windows\system32\embedded\CompiledCode.bin
c:\windows\system32\embedded\License.txt
c:\windows\system32\embedded\WizardImage.bmp
c:\windows\system32\embedded\WizardSmallImage.bmp
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-23 do 2011-11-23 )))))))))))))))))))))))))))))))
.
.
2011-11-22 18:51 . 2011-11-22 18:51 -------- d-----w- c:\documents and settings\dan\Local Settings\Data aplikací\VS Revo Group
2011-11-22 18:51 . 2009-12-30 11:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-11-22 18:50 . 2011-11-22 18:50 -------- d-----w- c:\program files\VS Revo Group
2011-11-22 17:49 . 2011-11-22 17:49 -------- d-----w- c:\program files\Smoky City Design
2011-11-22 17:47 . 2011-11-22 17:47 -------- d-----w- c:\program files\ACD Systems
2011-11-22 17:18 . 2011-11-22 17:35 -------- d-----w- c:\program files\VLC
2011-11-21 20:41 . 2011-11-21 20:55 -------- d-----w- c:\documents and settings\dan\Local Settings\Data aplikací\Facebook
2011-11-15 20:04 . 2011-11-15 20:04 -------- dc----w- C:\Nová složka
2011-11-15 19:54 . 2011-11-15 19:54 -------- dc----we C:\Nové místo
2011-11-15 19:46 . 2011-11-15 19:47 -------- dc----w- c:\documents and settings\Administrator
2011-11-15 18:43 . 2011-11-15 18:43 -------- dc----w- c:\documents and settings\All Users\Data aplikací\deletepart
2011-11-15 18:42 . 2011-11-15 18:42 -------- dc----w- c:\documents and settings\All Users\Data aplikací\redistpart
2011-11-15 18:42 . 2011-11-15 18:42 -------- dc----w- c:\documents and settings\All Users\Data aplikací\explauncher
2011-11-15 18:42 . 2011-11-15 18:42 -------- dc----w- c:\documents and settings\All Users\Data aplikací\launcher
2011-11-15 18:36 . 2010-05-18 10:25 40560 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2011-11-01 19:20 . 2011-11-18 20:39 -------- dc----w- c:\documents and settings\dan\Rossmann Foto-Shop
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 09:41 . 2008-07-29 17:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-10-25 14:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-10-25 14:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-12 18:57 . 2011-06-11 06:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12 . 2002-09-20 18:03 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 20:45 . 2010-11-14 17:15 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2008-07-17 14:47 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-09-12 17:28 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-09-06 20:38 . 2011-06-15 13:46 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2008-07-17 14:47 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:37 . 2011-09-12 17:28 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-09-06 20:36 . 2008-07-17 14:48 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2008-07-17 14:48 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2008-07-17 14:47 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2008-07-17 14:47 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2008-07-17 14:47 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2008-07-17 14:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 14:10 . 2002-09-20 17:41 1858944 ------w- c:\windows\system32\win32k.sys
2011-11-05 07:07 . 2011-11-21 20:59 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-24 1916928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTrayp"="VTtrayp.exe" [2005-10-31 163840]
"C-Media Echo Control"="c:\program files\PCI Audio Applications\Bin\EchoCtrl.exe" [2001-12-05 147456]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-01-26 694008]
"VTTimer"="VTTimer.exe" [2005-03-07 53248]
"C-Media Mixer"="Mixer.exe" [2002-03-04 1454080]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-16 91432]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\dan\Nabídka Start\Programy\Po spuštění\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\dan\Nabídka Start\Programy\Po spuštění\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\dan\Nabídka Start\Programy\Po spuštění\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
.
c:\documents and settings\dan\Nabídka Start\Programy\Po spuštění\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="e:\program files\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [8.11.2010 19:04 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [8.11.2010 19:04 5248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [15.6.2011 14:46 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17.7.2008 15:47 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.7.2008 15:47 20568]
R2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [22.10.2007 17:21 9728]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [18.4.2009 10:50 14976]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [9.3.2011 11:07 238592]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [9.3.2011 11:18 1060864]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [9.3.2011 11:16 484352]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [12.9.2011 18:28 111320]
S2 AutoPower;Auto Power-on;c:\program files\Auto Power-on\AutoPower.exe [14.11.2008 0:33 544768]
S2 avast! Firewall;avast! Firewall;"c:\program files\Alwil Software\Avast5\afwServ.exe" --> c:\program files\Alwil Software\Avast5\afwServ.exe [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [14.3.2011 22:27 23456]
S3 gtcdcmdm;GTRAN USB CDC Driver (PID 3196);c:\windows\system32\DRIVERS\gtusbmdm_gpc6400.sys --> c:\windows\system32\DRIVERS\gtusbmdm_gpc6400.sys [?]
S3 ipw_bus;IPWireless;c:\windows\system32\drivers\ipw_bus.sys [22.10.2007 17:21 58320]
S3 ipw_mdfl;Wireless Broadband Modem Filter;c:\windows\system32\drivers\ipw_mdfl.sys [22.10.2007 17:21 8272]
S3 ipw_mdm;Wireless Broadband Modem (WDM);c:\windows\system32\drivers\ipw_mdm.sys [22.10.2007 17:21 95440]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PORTTALK.SYS [14.11.2008 0:32 3567]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [22.11.2011 19:51 27064]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [31.10.2008 15:17 23600]
S3 Vsp;Vsp;c:\windows\system32\drivers\vsp.sys [20.7.2008 18:27 3351]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [4.10.2011 20:19 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xport to Microsoft Excel - e:\progra~1\office\Office12\EXCEL.EXE/3000
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
Trusted Zone: csob.cz\ib24
TCP: DhcpNameServer = 10.109.255.34 10.109.255.254
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\dan\Data aplikací\Mozilla\Firefox\Profiles\xwor2bk8.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-CTFMON - (no file)
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-VIA Audio Driver Setup Program - c:\program files\VIA Technologies
AddRemove-Winamp Detect - e:\program files\Winamp Detect\UninstWaDetect.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-23 19:27
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\e:\program files\POWER DVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1085031214-1417001333-839522115-1003\Software\Zepter Software\RegLib*84ab797b\AnyDVD/1]
"1"=dword:4741f246
"2"=dword:47558dde
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\ACPI\PNP0F13\3&13c0b0c5&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
Celkový čas: 2011-11-23 19:34:34
ComboFix-quarantined-files.txt 2011-11-23 18:34
.
Před spuštěním: Volných bajtů: 69 772 685 312
Po spuštění: Volných bajtů: 69 836 591 104
.
- - End Of File - - 9D65A4A8DEDA7C6348EF02B13050A000