tak tu sú konečné výsledky :
Combofix:ComboFix 09-04-01.01 - Traktor 2009-04-02 18:36:53.2 - NTFSx86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1033.18.3071.2510 [GMT 2:00]
Running from: c:\documents and settings\Traktor\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Traktor\Desktop\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated)
FW: Kerio Personal Firewall *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 33
Systém nemôže nájsť zadanú cestu.
Systém nemôže nájsť zadanú cestu.
Systém nemôže nájsť zadanú cestu.
Systém nemôže nájsť zadanú cestu.
Could Not Find c:\combofix\temp03
Proces nemôže získať prístup k súboru, pretože daný súbor práve používa iný proces.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\SxsCaPendDel
c:\windows\system32\runouce.exe
.
((((((((((((((((((((((((( Files Created from 2009-03-02 to 2009-04-02 )))))))))))))))))))))))))))))))
.
2009-04-02 15:46 . 2009-04-02 15:46 <DIR> d-------- c:\program files\HyCam2
2009-04-02 14:08 . 2009-04-02 14:08 <DIR> d-------- c:\documents and settings\Traktor\Application Data\Malwarebytes
2009-04-02 14:07 . 2009-04-02 14:08 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-02 14:07 . 2009-04-02 14:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-02 14:07 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-02 14:07 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-02 13:33 . 2009-04-02 13:33 <DIR> d-------- c:\documents and settings\Traktor\DoctorWeb
2009-04-02 13:20 . 2009-04-02 13:20 <DIR> d-------- c:\program files\Trend Micro
2009-04-02 04:04 . 2009-04-02 04:04 85 --a------ c:\windows\system32\drivers\fwdrv.err
2009-04-02 02:31 . 2009-04-02 04:36 54 --a------ c:\windows\Lic.xxx
2009-04-02 02:30 . 2009-04-02 02:30 <DIR> d-------- c:\program files\Common Files\MicroWorld
2009-04-02 02:30 . 2009-04-02 02:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\MicroWorld
2009-04-02 02:30 . 2008-04-14 02:12 146,432 --a------ c:\windows\R.COM
2009-04-02 02:30 . 2008-04-14 02:12 135,680 --a------ c:\windows\system32\T.COM
2009-04-02 02:30 . 2009-04-02 02:30 28,672 --a------ c:\windows\system32\eEmpty.exe
2009-04-02 02:30 . 2005-09-22 23:22 522 --a------ c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-04-01 20:02 . 2009-04-01 20:02 <DIR> d-------- c:\documents and settings\Traktor\Application Data\Uniblue
2009-04-01 17:47 . 2009-04-01 17:47 <DIR> d-------- c:\windows\Logs
2009-04-01 17:47 . 2009-04-01 17:47 <DIR> d-------- c:\program files\EA Sports
2009-04-01 17:44 . 2009-04-01 17:44 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2009-03-31 04:25 . 1998-06-26 04:12 159,744 --a------ c:\windows\system32\Ksiad.dll
2009-03-31 04:25 . 1999-02-04 15:21 53,248 --a------ c:\windows\system32\Opcenum.exe
2009-03-31 02:31 . 2009-03-31 02:31 <DIR> d--h----- c:\windows\PIF
2009-03-31 02:31 . 2009-01-09 21:19 1,089,593 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-03-31 02:30 . 2009-03-31 02:30 <DIR> d-------- c:\documents and settings\Traktor\Application Data\Windows Search
2009-03-31 02:11 . 2009-03-31 02:25 <DIR> d-------- c:\windows\NV21201768.TMP
2009-03-31 02:11 . 2008-09-17 23:55 201,050 --a------ c:\windows\system32\nvapps.nvb
2009-03-31 02:10 . 2009-03-31 02:10 <DIR> d-------- c:\windows\system32\sk-SK
2009-03-31 02:09 . 2008-12-21 01:15 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-03-31 02:09 . 2007-04-17 11:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-31 02:09 . 2007-03-08 07:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-31 02:09 . 2008-12-21 01:15 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-03-31 02:09 . 2008-12-21 01:15 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-31 02:09 . 2008-12-21 01:15 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-03-31 02:09 . 2008-12-21 01:15 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-03-31 02:09 . 2008-12-21 01:15 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-31 02:09 . 2008-12-19 11:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-03-31 02:03 . 2009-03-31 02:47 <DIR> d-------- c:\program files\Windows Desktop Search
2009-03-31 02:03 . 2008-03-07 19:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2009-03-31 02:03 . 2008-03-07 19:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2009-03-31 02:03 . 2008-03-07 19:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2009-03-26 00:51 . 2009-03-30 14:39 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-23 21:11 . 2009-03-23 21:11 <DIR> d-------- c:\program files\Lavasoft RegHance
2009-03-23 21:07 . 2009-03-23 21:07 <DIR> d-------- c:\program files\Lavasoft
2009-03-19 16:00 . 2009-03-19 16:00 <DIR> d-------- c:\program files\UltraISO
2009-03-19 16:00 . 2009-03-19 16:00 <DIR> d-------- c:\program files\Common Files\EZB Systems
2009-03-18 14:35 . 2009-03-18 19:03 <DIR> d-------- c:\documents and settings\Traktor\Application Data\ICQ
2009-03-18 14:34 . 2009-03-18 14:37 <DIR> d-------- c:\program files\ICQ6.5
2009-03-18 13:20 . 2009-03-27 00:01 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-17 11:19 . 2009-03-17 17:33 <DIR> d-------- c:\program files\DefenseWall
2009-03-17 11:19 . 2008-07-25 22:41 86,016 --a------ c:\windows\system32\defensewall_serv.exe
2009-03-17 11:19 . 2009-03-17 11:19 375 --a------ c:\windows\ActiveSkin.ini
2009-03-17 09:46 . 2009-03-17 09:46 <DIR> d-------- c:\documents and settings\Traktor\Application Data\QIP
2009-03-17 09:45 . 2009-03-17 09:45 <DIR> d-------- c:\program files\QIP Infium
2009-03-16 21:04 . 2009-03-16 21:04 <DIR> d-------- c:\windows\system32\NtmsData
2009-03-16 19:29 . 2009-03-16 19:29 66 --a------ c:\windows\wininit.ini
2009-03-12 16:16 . 2009-03-19 10:11 <DIR> d-------- c:\program files\ICQ6Toolbar
2009-03-12 16:16 . 2009-03-18 14:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\ICQ
2009-03-10 13:20 . 2009-03-10 13:20 <DIR> d-------- c:\program files\IrfanView
2009-03-10 00:02 . 2009-03-10 00:03 <DIR> d-------- c:\program files\Common Files\Adobe
2009-03-02 18:56 . 2009-03-02 18:56 <DIR> d---s---- c:\documents and settings\Traktor\UserData
2009-03-02 18:38 . 2009-03-02 18:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Macrovision
2009-03-02 18:15 . 2009-03-02 18:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\IsolatedStorage
2009-03-02 18:11 . 2006-06-28 05:37 1,009,336 --------- c:\windows\system32\mschrt20.ocx
2009-03-02 18:11 . 2005-03-03 22:09 389,120 --------- c:\windows\system32\Codejock.DockingPane.Unicode.9601.ocx
2009-03-02 18:11 . 2001-07-30 17:40 24,576 --------- c:\windows\system32\msxml3a.dll
2009-03-02 18:09 . 2009-03-02 18:21 <DIR> d-------- c:\program files\ANSYS Inc
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 12:10 --------- d-----w c:\program files\Totalcmd
2009-04-02 10:37 189,072 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-02 10:19 138,920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-02 00:30 626,688 ----a-w c:\windows\system32\msvcr80.dll
2009-04-02 00:30 548,864 ----a-w c:\windows\system32\msvcp80.dll
2009-04-01 19:34 --------- d-----w c:\documents and settings\Traktor\Application Data\BSplayer Pro
2009-04-01 18:12 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-01 07:42 --------- d-----w c:\program files\Java
2009-03-25 04:30 --------- d-----w c:\documents and settings\Traktor\Application Data\SolidWorks
2009-03-24 20:56 --------- d-----w c:\documents and settings\Traktor\Application Data\Skype
2009-03-24 00:18 --------- d-----w c:\program files\SolidWorks
2009-03-23 19:09 --------- d-----w c:\documents and settings\Traktor\Application Data\Lavasoft
2009-03-19 14:21 --------- d-----w c:\program files\Alcohol 120
2009-03-12 14:10 --------- d-----w c:\program files\ICQ6
2009-03-09 22:10 --------- d-----w c:\program files\Opera
2009-03-09 03:19 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-02 16:39 --------- d-----w c:\documents and settings\Traktor\Application Data\Ansys
2009-03-02 16:21 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-01 08:53 75,064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-02-28 13:04 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-28 13:01 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-25 19:28 --------- d-----w c:\program files\ICQToolbar
2009-02-25 12:06 --------- d-----w c:\documents and settings\Traktor\Application Data\Autodesk
2009-02-24 08:08 --------- d-----w c:\documents and settings\Traktor\Application Data\CyberLink
2009-02-18 20:39 --------- d-----w c:\program files\Mv2Player
2009-02-17 15:50 --------- d-----w c:\program files\Activision
2009-02-17 09:09 --------- d-----w c:\documents and settings\All Users\Application Data\COSMOS Applications
2009-02-17 09:04 --------- d-----w c:\program files\Common Files\SolidWorks Shared
2009-02-17 09:03 --------- d-----w c:\program files\DWGeditor
2009-02-17 09:03 --------- d-----w c:\documents and settings\Traktor\Application Data\DWGeditor
2009-02-17 09:02 --------- d-----w c:\program files\SolidWorks Installation Manager
2009-02-17 09:01 --------- d-----w c:\program files\Common Files\eDrawings2007
2009-02-17 08:54 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-17 08:43 --------- d-----w c:\program files\Common Files\Solidworks Data
2009-02-17 08:35 --------- d-----w c:\program files\ARPR
2009-02-17 08:27 --------- d-----w c:\program files\AGEIA Technologies
2009-02-17 01:32 --------- d-----w c:\documents and settings\Traktor\Application Data\SolidWorks 2009
2009-02-17 00:04 --------- d-----w c:\documents and settings\All Users\Application Data\SolidWorks
2009-02-13 18:20 --------- d-----w c:\program files\BSplayerPro
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-03 21:22 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-03 16:58 --------- d-----w c:\program files\CCleaner
2009-02-03 13:35 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2009-01-05 16:43 316 ----a-w C:\drmHeader.bin
2008-11-16 10:38 22,328 ----a-w c:\documents and settings\Traktor\Application Data\PnkBstrK.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-04-02_15.08.19.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-02 13:03:45 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_19c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-05-01 949376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-06-15 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"vidc.X264"= x264vfw.dll
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Akcelerátor spuštění AutoCADu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Akcelerátor spuštění AutoCADu.lnk
backup=c:\windows\pss\Akcelerátor spuštění AutoCADu.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 03:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-06-25 08:47 1057064 c:\program files\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-08-23 17:36 455968 c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-03 20:02 98304 c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 c:\program files\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-06-25 08:47 1629480 c:\program files\Nero\Nero 7\InCD\NBHGui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
--------- 2006-03-07 00:52 36864 c:\program files\Ulead VideoStudio 10\uvPL.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\BPFTP Server\\bpftpserver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Install\\Napalene\\utorrent_1.6.exe"=
"c:\\Program Files\\ANSYS Inc\\v110\\RSM\\bin\\JobManagerService.exe"=
"c:\\Program Files\\ANSYS Inc\\v110\\RSM\\bin\\JMAdmin.exe"=
"c:\\Program Files\\ANSYS Inc\\v110\\RSM\\bin\\JMPassword.exe"=
"c:\\Program Files\\ANSYS Inc\\v110\\RSM\\bin\\ScriptHostService.exe"=
"c:\\Program Files\\ANSYS Inc\\v110\\AISOL\\CommonFiles\\intel\\AnsysWBU.exe"=
"c:\\Program Files\\ANSYS Inc\\v110\\ANSYS\\bin\\intel\\ANSYS.exe"=
"c:\\Program Files\\ANSYS Inc\\v110\\AISOL\\CAD Integration\\intel\\ActivePIMgrU.exe"=
"c:\\Program Files\\ANSYS Inc\\v110\\AISOL\\CAD Integration\\intel\\ReaderHostU.exe"=
"c:\\Program Files\\ANSYS Inc\\v110\\CommonFiles\\TCL\\bin\\intel\\tclsh.exe"=
"c:\\Program Files\\ANSYS Inc\\v110\\CommonFiles\\TCL\\bin\\intel\\wish.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2005-12-15 274432]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2005-12-15 81920]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-05-01 15424]
R2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;c:\progra~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe [2009-03-02 1294336]
R2 JobManagerService110;Ansys JobManager Service V11;c:\program files\ANSYS Inc\v110\RSM\bin\JobManagerService.exe [2007-01-16 20480]
R2 ScriptHostService110;Ansys ScriptHost Service V11;c:\program files\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe [2007-01-16 20480]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2006-02-28 69120]
S3 RTCore;RTCore;\??\d:\install\TRam\RTCore.sys --> d:\install\TRam\RTCore.sys [?]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;c:\program files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE [2005-05-03 323584]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext =
hxxp://adx.allstar.cz/adclick.php?banne ... remium.aspIE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\Translaotr\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\Translaotr\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\Translaotr\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\Translaotr\WEBIE.DLL
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Traktor\Application Data\Mozilla\Firefox\Profiles\5s1wra3o.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL -
hxxp://search.icq.com/search/afe_result ... id=afex&q=FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-02 18:40:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1202660629-261903793-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(868)
c:\windows\system32\imon.dll
.
Completion time: 2009-04-02 18:42:56
ComboFix-quarantined-files.txt 2009-04-02 16:42:52
ComboFix2.txt 2009-04-02 13:10:11
Pre-Run: 5 229 596 672 bytes free
Post-Run: 5,218,275,328 voľných bajtov
270 --- E O F --- 2009-03-31 00:36:05
HJTLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:44:16, on 2.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\ansyslmd.exe
C:\Program Files\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ANSYS Inc\v110\RSM\bin\JobManagerService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe
C:\Program Files\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://adx.allstar.cz/adclick.php?banne ... remium.aspR3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Program Files\Translaotr\WEBIE.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\Translaotr\WEBIE.DLL
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Program Files\Translaotr\WEBIE.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\Translaotr\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\Translaotr\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\Translaotr\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\Translaotr\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\Translaotr\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\Translaotr\WEBIE.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - Autodesk - C:\Program Files\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ansys JobManager Service V11 (JobManagerService110) - Ansys, Inc - C:\Program Files\ANSYS Inc\v110\RSM\bin\JobManagerService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Kerio Firewall\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Ansys ScriptHost Service V11 (ScriptHostService110) - Ansys, Inc. - C:\Program Files\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 8529 bytes
ODKAZY z Virutotal
Prvy súbor
http://www.virustotal.com/cs/analisis/8 ... 0987a3feafDruhý súbor
http://www.virustotal.com/cs/analisis/7 ... cddd38bb89neviem či si chcel odkazy na nwt alebo skopirovane logy? Mám to skopírovane v notepade, ak by to trebalo
Dakujem
.