Pomale PC, občas se vypina. Pls zkontrolovat.
Napsal: 16 dub 2012 12:33
Dobrý den, chtěl bych vás poprosit o kontrolu mého logu z NTB. Projel jsem to Combofixem, ale i tak se to seká. Mám zde nainstalované také 7čky, ale těch se chci zbavit. Prosil bych o radu a návod.
Předem díky za včasné vyřízení. Stano
ComboFix 12-04-16.01 - Start 16.04.2012 13:17:15.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3037.2323 [GMT 2:00]
Spuštěný z: c:\documents and settings\Start\Plocha\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Start\WINDOWS
c:\windows\IsUn0413.exe
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\regedit.com
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\opengl32.dll.tmp
c:\windows\system32\taskmgr.com
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PASSWORD
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-16 do 2012-04-16 )))))))))))))))))))))))))))))))
.
.
2072-04-03 12:13 . 2008-03-21 13:46 607296 ------w- c:\program files\Microsoft Games\Age of Empires III\deformerdllyD.dll
2012-04-16 10:55 . 2012-04-16 10:56 -------- d-----w- c:\documents and settings\Start\Data aplikací\GHISLER
2012-04-16 10:55 . 2012-04-16 10:55 -------- d-----w- C:\totalcmd
2012-04-16 10:55 . 2012-03-09 05:57 545 ----a-w- c:\windows\UC.PIF
2012-04-16 10:55 . 2012-03-09 05:57 545 ----a-w- c:\windows\RAR.PIF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-12 10:01 . 2010-09-29 13:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-06 23:15 . 2012-01-26 10:14 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2012-01-26 10:14 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2012-01-26 10:14 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2012-01-26 10:14 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-01-26 10:14 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2012-01-26 10:14 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2012-01-26 10:14 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-06 23:01 . 2012-01-26 10:14 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-06 23:01 . 2012-01-26 10:14 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 22:58 . 2012-01-26 10:14 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-02-17 23:14 . 2009-08-13 17:13 138264 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-02-17 23:14 . 2010-04-10 11:12 234768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-02-17 23:14 . 2009-08-13 17:13 234768 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-01-29 20:59 . 2011-08-30 10:20 235 ----a-w- c:\windows\system32\nxEuUninstall.bat
2012-01-29 20:59 . 2011-05-11 17:08 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2012-01-26 20:33 . 2009-09-10 15:22 138056 ----a-w- c:\documents and settings\Start\Data aplikací\PnkBstrK.sys
2012-01-26 20:33 . 2009-08-13 17:13 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-03-30 10:40 . 2011-03-30 10:40 517976 ----a-w- c:\program files\DXSETUP.exe
2011-03-30 10:40 . 2011-03-30 10:40 95576 ----a-w- c:\program files\DSETUP.dll
2011-03-30 10:40 . 2011-03-30 10:40 1566040 ----a-w- c:\program files\dsetup32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-05-22 . D624FBF20A2D2CC6C5C88FA4FD792B14 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-07-29 17361032]
"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2012-01-29 438272]
"Akamai NetSession Interface"="c:\documents and settings\Start\Local Settings\Data aplikací\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-03-05 805384]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-05 1434920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-11 13594624]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-07-08 466944]
"Boot"="c:\program files\Acer\Empowering Technology\ePower\Boot.exe" [2007-12-25 579584]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\Start\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-2-16 384512]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-23 603488]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acer Empowering Technology.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Acer Empowering Technology.lnk
backup=c:\windows\pss\Acer Empowering Technology.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Start^Nabídka Start^Programy^Po spuštění^Xfire.lnk]
path=c:\documents and settings\Start\Nabídka Start\Programy\Po spuštění\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"MDM"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Gameforge4D\\4Story\\4Story.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\FlatOut2\\flatout2.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Start\\Local Settings\\Data aplikací\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1091:TCP"= 1091:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31.12.2009 13:55 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [26.1.2012 12:14 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [26.1.2012 12:14 337880]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [14.4.2008 8:52 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26.1.2012 12:14 20696]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [15.6.2011 17:33 249648]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [8.5.2010 10:45 247608]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [12.8.2009 7:45 39424]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2.3.2010 17:05 133104]
S3 1394hub;1394 Enabled Hub;c:\windows\system32\svchost.exe -k netsvcs [14.4.2008 8:52 14336]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7.7.2011 19:31 195336]
S3 CEDRIVER55;CEDRIVER55; [x]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GGSAFERDriver;GGSAFER Driver; [x]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2.3.2010 17:05 133104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [27.4.2010 10:52 164864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 15:05]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 15:05]
.
2012-04-16 c:\windows\Tasks\User_Feed_Synchronization-{8156EF30-EA9C-4818-96AE-837D0EA0BF69}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://www.superhry.cz/
uInternet Connection Wizard,ShellNext = hxxp://www.codecguide.com/
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-PlayNC Launcher - (no file)
MSConfigStartUp-ICQ - c:\program files\ICQ6.5\ICQ.exe
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0413.EXE
AddRemove-{EE74D039-45D7-44E9-BF95-B9CFB015964F}_is1 - c:\program files\JoWooD Entertainment AG\ArcaniA - Gothic 4\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-16 13:24
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\windows\TEMP\_asw_aisI.tm~a03320
c:\windows\TEMP\_asw_aisI.tm~a03320\onefile 0 bytes
c:\windows\TEMP\_asw_aisI.tm~a03320\setup.lok 0 bytes
.
sken byl úspešně dokončen
skryté soubory: 3
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1957994488-725345543-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,97,3b,7b,71,cd,a8,72,49,b5,c8,6f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,97,3b,7b,71,cd,a8,72,49,b5,c8,6f,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,02,03,12,96,1f,29,5d,49,ac,92,ec,\
.
[HKEY_USERS\S-1-5-21-1957994488-725345543-682003330-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:af,64,83,15,fe,23,c1,1c,ba,11,1a,4a,6a,ca,a6,53,61,4e,81,ed,0f,94,45,
87,ea,ab,f3,48,d3,0c,48,f5,43,41,a2,27,1f,6f,23,e6,e6,02,21,1d,46,f3,84,72,\
"??"=hex:94,0d,62,d3,1f,8e,bc,75,70,3a,1b,6b,95,f7,a2,dd
.
[HKEY_USERS\S-1-5-21-1957994488-725345543-682003330-500\Software\SecuROM\License information*]
"datasecu"=hex:97,1e,92,38,16,65,5d,43,20,da,64,c0,40,a0,cf,de,5a,10,6b,0b,2b,
08,b2,8a,34,bf,ae,4d,6b,65,a1,38,c8,16,43,8a,36,16,5d,1b,aa,85,12,c2,0a,da,\
"rkeysecu"=hex:9f,d7,ea,ad,e2,76,0f,79,0f,7e,89,91,6f,a3,90,62
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3380)
c:\windows\system32\btmmhook.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Acer\Empowering Technology\ePower\SysHook.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Celkový čas: 2012-04-16 13:28:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-16 11:28
.
Před spuštěním: Volných bajtů: 25 376 776 192
Po spuštění: Volných bajtů: 26 573 529 088
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT
.
- - End Of File - - 97924636EBC8A1956BC4294DAC1CA372
Předem díky za včasné vyřízení. Stano
ComboFix 12-04-16.01 - Start 16.04.2012 13:17:15.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3037.2323 [GMT 2:00]
Spuštěný z: c:\documents and settings\Start\Plocha\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Start\WINDOWS
c:\windows\IsUn0413.exe
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\regedit.com
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\opengl32.dll.tmp
c:\windows\system32\taskmgr.com
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PASSWORD
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-16 do 2012-04-16 )))))))))))))))))))))))))))))))
.
.
2072-04-03 12:13 . 2008-03-21 13:46 607296 ------w- c:\program files\Microsoft Games\Age of Empires III\deformerdllyD.dll
2012-04-16 10:55 . 2012-04-16 10:56 -------- d-----w- c:\documents and settings\Start\Data aplikací\GHISLER
2012-04-16 10:55 . 2012-04-16 10:55 -------- d-----w- C:\totalcmd
2012-04-16 10:55 . 2012-03-09 05:57 545 ----a-w- c:\windows\UC.PIF
2012-04-16 10:55 . 2012-03-09 05:57 545 ----a-w- c:\windows\RAR.PIF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-12 10:01 . 2010-09-29 13:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-06 23:15 . 2012-01-26 10:14 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2012-01-26 10:14 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2012-01-26 10:14 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2012-01-26 10:14 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-01-26 10:14 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2012-01-26 10:14 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2012-01-26 10:14 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-06 23:01 . 2012-01-26 10:14 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-06 23:01 . 2012-01-26 10:14 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 22:58 . 2012-01-26 10:14 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-02-17 23:14 . 2009-08-13 17:13 138264 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-02-17 23:14 . 2010-04-10 11:12 234768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-02-17 23:14 . 2009-08-13 17:13 234768 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-01-29 20:59 . 2011-08-30 10:20 235 ----a-w- c:\windows\system32\nxEuUninstall.bat
2012-01-29 20:59 . 2011-05-11 17:08 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2012-01-26 20:33 . 2009-09-10 15:22 138056 ----a-w- c:\documents and settings\Start\Data aplikací\PnkBstrK.sys
2012-01-26 20:33 . 2009-08-13 17:13 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-03-30 10:40 . 2011-03-30 10:40 517976 ----a-w- c:\program files\DXSETUP.exe
2011-03-30 10:40 . 2011-03-30 10:40 95576 ----a-w- c:\program files\DSETUP.dll
2011-03-30 10:40 . 2011-03-30 10:40 1566040 ----a-w- c:\program files\dsetup32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-05-22 . D624FBF20A2D2CC6C5C88FA4FD792B14 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-07-29 17361032]
"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2012-01-29 438272]
"Akamai NetSession Interface"="c:\documents and settings\Start\Local Settings\Data aplikací\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-03-05 805384]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-05 1434920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-11 13594624]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-07-08 466944]
"Boot"="c:\program files\Acer\Empowering Technology\ePower\Boot.exe" [2007-12-25 579584]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\Start\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-2-16 384512]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-23 603488]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acer Empowering Technology.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Acer Empowering Technology.lnk
backup=c:\windows\pss\Acer Empowering Technology.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Start^Nabídka Start^Programy^Po spuštění^Xfire.lnk]
path=c:\documents and settings\Start\Nabídka Start\Programy\Po spuštění\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"MDM"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Gameforge4D\\4Story\\4Story.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\FlatOut2\\flatout2.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Start\\Local Settings\\Data aplikací\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1091:TCP"= 1091:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31.12.2009 13:55 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [26.1.2012 12:14 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [26.1.2012 12:14 337880]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [14.4.2008 8:52 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26.1.2012 12:14 20696]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [15.6.2011 17:33 249648]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [8.5.2010 10:45 247608]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [12.8.2009 7:45 39424]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2.3.2010 17:05 133104]
S3 1394hub;1394 Enabled Hub;c:\windows\system32\svchost.exe -k netsvcs [14.4.2008 8:52 14336]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7.7.2011 19:31 195336]
S3 CEDRIVER55;CEDRIVER55; [x]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GGSAFERDriver;GGSAFER Driver; [x]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2.3.2010 17:05 133104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [27.4.2010 10:52 164864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 15:05]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 15:05]
.
2012-04-16 c:\windows\Tasks\User_Feed_Synchronization-{8156EF30-EA9C-4818-96AE-837D0EA0BF69}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://www.superhry.cz/
uInternet Connection Wizard,ShellNext = hxxp://www.codecguide.com/
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-PlayNC Launcher - (no file)
MSConfigStartUp-ICQ - c:\program files\ICQ6.5\ICQ.exe
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0413.EXE
AddRemove-{EE74D039-45D7-44E9-BF95-B9CFB015964F}_is1 - c:\program files\JoWooD Entertainment AG\ArcaniA - Gothic 4\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-16 13:24
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\windows\TEMP\_asw_aisI.tm~a03320
c:\windows\TEMP\_asw_aisI.tm~a03320\onefile 0 bytes
c:\windows\TEMP\_asw_aisI.tm~a03320\setup.lok 0 bytes
.
sken byl úspešně dokončen
skryté soubory: 3
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1957994488-725345543-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,97,3b,7b,71,cd,a8,72,49,b5,c8,6f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,97,3b,7b,71,cd,a8,72,49,b5,c8,6f,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,02,03,12,96,1f,29,5d,49,ac,92,ec,\
.
[HKEY_USERS\S-1-5-21-1957994488-725345543-682003330-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:af,64,83,15,fe,23,c1,1c,ba,11,1a,4a,6a,ca,a6,53,61,4e,81,ed,0f,94,45,
87,ea,ab,f3,48,d3,0c,48,f5,43,41,a2,27,1f,6f,23,e6,e6,02,21,1d,46,f3,84,72,\
"??"=hex:94,0d,62,d3,1f,8e,bc,75,70,3a,1b,6b,95,f7,a2,dd
.
[HKEY_USERS\S-1-5-21-1957994488-725345543-682003330-500\Software\SecuROM\License information*]
"datasecu"=hex:97,1e,92,38,16,65,5d,43,20,da,64,c0,40,a0,cf,de,5a,10,6b,0b,2b,
08,b2,8a,34,bf,ae,4d,6b,65,a1,38,c8,16,43,8a,36,16,5d,1b,aa,85,12,c2,0a,da,\
"rkeysecu"=hex:9f,d7,ea,ad,e2,76,0f,79,0f,7e,89,91,6f,a3,90,62
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3380)
c:\windows\system32\btmmhook.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Acer\Empowering Technology\ePower\SysHook.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Celkový čas: 2012-04-16 13:28:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-16 11:28
.
Před spuštěním: Volných bajtů: 25 376 776 192
Po spuštění: Volných bajtů: 26 573 529 088
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT
.
- - End Of File - - 97924636EBC8A1956BC4294DAC1CA372
