ComboFix 11-07-08.03 - Tester 09.07.2011 12:49:21.16.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.616 [GMT 2:00]
Spuštěný z: c:\documents and settings\Tester\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Tester\Plocha\CFScript.txt
AV: avast! Internet Security *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1644491937-1177238915-1004.job"
"c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1644491937-1177238915-1005.job"
"c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1644491937-1177238915-1004.job"
"c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1644491937-1177238915-1005.job"
"c:\windows\Tasks\User_Feed_Synchronization-{C9CF8B0A-117E-4894-B44F-6AF8EDF5C2CD}.job"
.
file zipped: c:\windows\system32\drivers\96370731.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\96370731.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_96370731
-------\Service_96370731
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-09 do 2011-07-09 )))))))))))))))))))))))))))))))
.
.
2011-07-07 11:16 . 2011-07-07 11:16 -------- d-----w- c:\program files\Magical Jelly Bean
2011-07-06 18:22 . 2011-02-23 13:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-06 18:22 . 2011-02-23 13:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-06 18:22 . 2011-02-23 13:57 101976 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-07-06 18:19 . 2011-02-23 13:56 192728 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-07-06 18:19 . 2011-02-23 13:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-06 18:19 . 2011-02-23 13:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-06 18:19 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-06 18:19 . 2011-02-23 13:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-06 18:19 . 2011-02-23 13:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-06 18:19 . 2011-02-23 13:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-06 18:15 . 2011-02-23 12:34 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2011-07-06 18:15 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr
2011-07-06 18:15 . 2011-02-23 14:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-06 18:06 . 2011-07-06 18:06 -------- d-----w- c:\documents and settings\Tester\Data aplikací\SiteRanker
2011-07-01 12:21 . 2011-07-01 12:23 -------- d-----w- c:\documents and settings\Tomáš\Data aplikací\PCPowerSpeed
2011-07-01 12:21 . 2011-07-01 12:21 -------- d-----w- c:\documents and settings\Tomáš\Data aplikací\SiteRanker
2011-07-01 12:21 . 2011-07-06 11:00 -------- d-----w- c:\program files\SiteRanker
2011-07-01 12:20 . 2011-07-01 12:20 -------- d-----w- c:\documents and settings\Tomáš\Data aplikací\Inbox Toolbar
2011-06-30 12:43 . 2011-07-06 18:03 -------- d-----w- c:\program files\Free Screen Recorder
2011-06-29 18:21 . 2011-06-30 08:05 -------- d-----w- c:\program files\PokerStars
2011-06-25 16:39 . 2011-06-25 17:08 -------- d-----w- c:\program files\Rail Simulator Demo
2011-06-22 18:50 . 2011-06-22 18:50 -------- d-----w- c:\program files\Team17
2011-06-19 21:21 . 2011-06-19 21:21 -------- d-----w- c:\program files\Garena
2011-06-15 14:32 . 2011-06-15 14:33 -------- d-----w- c:\documents and settings\Tester\Data aplikací\Mozilla-Cache
2011-06-15 14:31 . 2011-06-29 20:05 -------- d-----w- c:\program files\PartyGaming
2011-06-15 08:17 . 2011-06-15 08:19 -------- d-----w- c:\program files\TableNinjaFT
2011-06-14 10:56 . 2011-06-14 10:56 -------- d-----w- C:\Games
2011-06-13 14:39 . 2011-06-13 15:01 -------- d-----w- C:\HMArchive
2011-06-13 14:36 . 2011-06-13 14:36 -------- d-----w- c:\documents and settings\postgres
2011-06-13 13:59 . 2011-06-13 13:59 -------- d-----w- c:\documents and settings\Tester\Local Settings\Data aplikací\In_The_Money_LLC
2011-06-13 13:58 . 2011-06-13 13:58 -------- d-----w- c:\program files\In The Money
2011-06-10 12:01 . 2011-06-10 12:01 -------- d-----w- C:\valve
2011-06-10 12:01 . 2011-06-10 12:01 -------- d-----w- C:\steam
2011-06-10 12:01 . 2011-06-10 12:01 -------- d-----w- C:\reslists
2011-06-10 12:00 . 2011-06-10 12:01 -------- d-----w- C:\platform
2011-06-10 12:00 . 2011-06-10 12:00 -------- d-----w- C:\gldrv
2011-06-10 12:00 . 2011-06-10 12:01 -------- d-----w- C:\cstrike
2011-06-10 12:00 . 2011-06-10 12:00 -------- d-----w- C:\config
2011-06-09 14:17 . 2011-06-09 14:17 15872 ----a-r- c:\documents and settings\Tester\Data aplikací\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-08 10:45 . 2009-09-14 06:14 788992 ----a-w- C:\unins000.exe
2011-07-08 10:44 . 2009-08-31 09:15 221184 ----a-w- C:\hltv.exe
2011-07-08 10:44 . 2009-08-31 09:15 389120 ----a-w- C:\hlds.exe
2011-07-08 10:44 . 2009-08-25 15:06 110080 ----a-w- C:\Counter-Strike.exe
2011-06-08 16:41 . 2011-06-08 14:00 73096 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\bdinstall.bin
2011-04-28 14:50 . 2010-01-28 23:07 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2005-12-05 16:00 . 2005-12-05 16:00 74448 ------w- c:\program files\DSETUP.dll
2005-12-05 16:00 . 2005-12-05 16:00 484560 ------w- c:\program files\DXSETUP.exe
2005-12-05 16:00 . 2005-12-05 16:00 2247888 ------w- c:\program files\dsetup32.dll
2011-06-24 13:36 . 2011-06-20 06:44 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-06-12 . C71BB4782833750BF4C02AC30ED670B7 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2011-05-31 21:21 351448 ----a-w- c:\progra~1\SITERA~1\SiteRank.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-08-15 30003200]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-13 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-13 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-13 135680]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Tester\Nabˇdka Start\Programy\Po spuçtŘnˇ\
_uninst_08372636.lnk - c:\documents and settings\Tester\Local Settings\temp\_uninst_08372636.bat [N/A]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^DynDNS Updater Tray Icon.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\DynDNS Updater Tray Icon.lnk
backup=c:\windows\pss\DynDNS Updater Tray Icon.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-01-13 09:46 134656 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44 70936 ----a-w- c:\documents and settings\Tester\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteRanker]
2011-05-31 21:20 319488 ----a-w- c:\program files\SiteRanker\SiteRankTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemKey]
2006-04-07 07:58 339968 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\SystemKey\SystemKey.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Tester\\QIP\\qip.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\rullers\\condition zero\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\rullers\\counter-strike\\hl.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"6112:TCP"= 6112:TCP:Warcraft III
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [6.7.2011 20:15 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [6.7.2011 20:19 192728]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [6.7.2011 20:22 101976]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [4.4.2011 11:46 218688]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6.7.2011 20:19 371544]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6.7.2011 20:22 301528]
S1 SysTool;SysTool Overclocking Utility;c:\windows\system32\drivers\SysTool.sys [10.11.2006 15:08 24064]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.7.2008 7:51 277736]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6.7.2011 20:22 19544]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [6.7.2011 20:15 121000]
S2 DynDNS Updater;DynDNS Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [16.4.2010 18:19 103800]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w --> C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18.12.2009 11:58 11336]
S3 fsbl;F-Secure BlackLight Engine Driver;\??\c:\program files\F-Secure\Anti-Virus\fsbldrv.sys --> c:\program files\F-Secure\Anti-Virus\fsbldrv.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [7.2.2010 20:10 36608]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 22:22 34064]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [6.11.2009 12:10 845184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1644491937-1177238915-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
2011-07-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1644491937-1177238915-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
2011-07-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1644491937-1177238915-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
2011-07-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1644491937-1177238915-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
2011-07-09 c:\windows\Tasks\User_Feed_Synchronization-{C9CF8B0A-117E-4894-B44F-6AF8EDF5C2CD}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = astroburn-search.com
uSearchAssistant =
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
TCP: Interfaces\{D565CCAF-82C2-40AF-87DA-241A93E820F1}: NameServer = 216.146.35.35,216.146.36.36
FF - ProfilePath - c:\documents and settings\Tester\Data aplikací\Mozilla\Firefox\Profiles\zwlq49d7.default\
FF - prefs.js: browser.startup.homepage - hxxp://
www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-07-09 13:28
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1676)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Celkový čas: 2011-07-09 13:36:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-09 11:36
ComboFix2.txt 2011-07-09 09:22
ComboFix3.txt 2011-06-07 07:50
ComboFix4.txt 2011-04-20 21:45
ComboFix5.txt 2011-07-09 10:46
.
Před spuštěním: Volných bajtů: 25 493 794 816
Po spuštění: Volných bajtů: 25 395 437 568
.
- - End Of File - - 88408F3358E74B776E94F819D760B690
Nahr nˇ probŘhlo ŁspŘçnŘ
Pokud nemate, tak presunte Combofix na plochu
Přispějete na provoz fóra?