a tu je druhy log:
ComboFix 09-07-23.04 - xxxxxxxxxxxxxxxxx 24.07.2009 20:41.1.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.511.233 [GMT 2:00]
Running from: c:\documents and settings\xxxxxxxxxxxxxxxxx\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\0xf9.exe
C:\data
c:\data\mzdy0001.mdb
c:\data\mzdy0002.mdb
c:\documents and settings\xxxxxxxxxxxxxxxxx\Local Settings\Temporary Internet Files\_tm130.tmp
c:\documents and settings\xxxxxxxxxxxxxxxxx\Local Settings\Temporary Internet Files\_tm1579.tmp
c:\documents and settings\xxxxxxxxxxxxxxxxx\Local Settings\Temporary Internet Files\_tm20D.tmp
c:\documents and settings\xxxxxxxxxxxxxxxxx\Local Settings\Temporary Internet Files\_tm230.tmp
c:\documents and settings\xxxxxxxxxxxxxxxxx\Local Settings\Temporary Internet Files\_tm293.tmp
c:\documents and settings\xxxxxxxxxxxxxxxxx\Local Settings\Temporary Internet Files\_tm31.tmp
c:\documents and settings\xxxxxxxxxxxxxxxxx\Local Settings\Temporary Internet Files\_tm32.tmp
c:\documents and settings\xxxxxxxxxxxxxxxxx\Local Settings\Temporary Internet Files\_tm5A.tmp
c:\documents and settings\xxxxxxxxxxxxxxxxx\Local Settings\Temporary Internet Files\_tm80.tmp
c:\documents and settings\xxxxxxxxxxxxxxxxx\Local Settings\Temporary Internet Files\_tm9CD.tmp
c:\documents and settings\xxxxxxxxxxxxxxxxx\Local Settings\Temporary Internet Files\stb06759.tmp
c:\program files\INSTALL.LOG
c:\windows\system32\MSPRPSK.DLL
.
((((((((((((((((((((((((( Files Created from 2009-06-24 to 2009-07-24 )))))))))))))))))))))))))))))))
.
2009-07-24 11:37 . 2009-07-24 11:37 -------- d-----w- c:\documents and settings\xxxxxxxxxxxxxxxxx\Application Data\Malwarebytes
2009-07-24 11:37 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-24 11:37 . 2009-07-24 11:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-24 11:37 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-24 11:37 . 2009-07-24 11:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-24 09:37 . 2009-07-24 09:37 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-07-24 09:37 . 2009-07-24 09:37 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-07-24 03:48 . 2009-07-24 03:48 -------- d-----w- c:\documents and settings\xxxxxxxxxxxxxxxxx\Local Settings\Application Data\ESET
2009-07-24 00:10 . 2009-07-24 00:10 -------- d-----w- c:\documents and settings\xxxxxxxxxxxxxxxxx\Application Data\TrojanHunter
2009-07-23 22:11 . 2009-07-24 09:22 -------- d-----w- c:\program files\TrojanHunter 5.0
2009-07-23 18:05 . 2009-07-24 18:36 117760 ----a-w- c:\documents and settings\xxxxxxxxxxxxxxxxx\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-23 18:03 . 2009-07-23 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-23 18:02 . 2009-07-23 18:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-23 18:02 . 2009-07-23 18:02 -------- d-----w- c:\documents and settings\xxxxxxxxxxxxxxxxx\Application Data\SUPERAntiSpyware.com
2009-07-23 18:02 . 2009-07-23 18:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-07 09:46 . 2009-07-24 11:36 -------- d-----w- c:\documents and settings\xxxxxxxxxxxxxxxxx\Local Settings\Application Data\Internet Saving Optimizer
2009-07-07 09:45 . 2009-07-13 11:47 -------- d-----w- c:\documents and settings\xxxxxxxxxxxxxxxxx\Local Settings\Application Data\Media Access Startup
2009-07-07 09:43 . 2009-07-07 09:43 -------- d-----w- c:\documents and settings\xxxxxxxxxxxxxxxxx\Local Settings\Application Data\DoubleD
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-24 10:02 . 2005-05-06 22:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-24 10:02 . 2005-05-06 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-24 09:27 . 2008-02-27 23:46 -------- d-----w- c:\program files\Kate's Video Converter
2009-07-24 09:27 . 2003-09-20 09:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-23 07:42 . 2005-02-01 20:29 -------- d-----w- c:\documents and settings\xxxxxxxxxxxxxxxxx\Application Data\Skype
2009-07-22 22:33 . 2007-08-22 10:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-21 01:50 . 2009-03-09 10:07 -------- d-----w- c:\documents and settings\xxxxxxxxxxxxxxxxx\Application Data\uTorrent
2009-07-21 01:24 . 2004-12-20 21:15 -------- d-----w- c:\program files\MSN Messenger
2009-06-16 14:55 . 2001-08-23 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:27 . 2002-08-29 03:41 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-26 11:29 . 2006-10-08 10:45 -------- d-----w- c:\program files\Google
2009-05-07 15:44 . 2002-08-29 03:41 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-08-23 18:32 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-12-05 17:29 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-22 22:08 . 2008-09-07 09:54 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2006-09-28 19:21 . 2006-09-27 18:23 56 --sh--r- c:\windows\system32\B47C9A38FC.sys
2006-09-28 19:21 . 2006-09-27 18:02 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-10-13 20058152]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-12-14 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-12-14 217088]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 222208]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-24 1451264]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Network Assistant\\Nassi.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23.6.2009 11:01 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23.6.2009 11:01 72944]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [22.3.2007 14:11 51072]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [24.10.2008 20:51 468224]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23.6.2009 11:01 7408]
S2 gupdate1c9b0631bca1850;Služba Google Update (gupdate1c9b0631bca1850);c:\program files\Google\Update\GoogleUpdate.exe [29.3.2009 13:40 133104]
S3 TNET1130;IEEE 802.11g Wireless Cardbus/PCI Adapter;c:\windows\system32\drivers\TNET1130.sys [12.11.2004 13:18 385792]
.
Contents of the 'Scheduled Tasks' folder
2009-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 11:39]
2009-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 11:39]
2009-07-24 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-25 21:18]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL =
hxxp://www.google.com/ieuSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {7F01BD21-6B8B-4C6C-A518-3CA6590DC878} = 172.16.0.2,62.168.96.4
DPF: DirectAnimation Java Classes -
file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\xxxxxxxxxxxxxxxxx\Application Data\Mozilla\Firefox\Profiles\q0j42ncw.Nepojmenovaný\
FF - prefs.js: browser.startup.homepage -
hxxp://www.gmail.com/FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-07-24 20:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(600)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-07-24 20:55
ComboFix-quarantined-files.txt 2009-07-24 18:54
Pre-Run: 59 785 019 392 bytes free
Post-Run: 25 adresárov, 60 479 139 840 voľných bajtov
202 --- E O F --- 2009-07-15 20:03
