Dobrý den. Tady je log z HJT, protože mi nejde Skype (poradil mi to Blue Spirit) Momentálně mám skype nainstalovanej.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:19:41, on 30.12.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Documents and Settings\Owner\Templates\MsCtfMonitor.exe
C:\Documents and Settings\Owner\Templates\CertPolEng.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\vajeqv.exe
C:\Program Files\Ralink\Common\RaUI.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Documents and Settings\Owner\Local Settings\Temp\panmap.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
C:\Program Files\Ralink\Common\RaRegistry.exe
C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\JiJackThis\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://domredi.com/1/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=falco&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: Shell=explorer.exe C:\Documents and Settings\Owner\Application Data\Microsoft\taskmgr.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [KMPlayer] C:\WINDOWS\system32\nivida\KMPlayer.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [XIV Start] C:\WINDOWS\system32\OGUBSK\XIV.exe
O4 - HKCU\..\Run: [KMPlayer] C:\WINDOWS\system32\nivida\KMPlayer.exe
O4 - HKCU\..\Run: [wmwmimn] C:\Documents and Settings\Owner\Local Settings\Application Data\vajeqv.exe
O4 - HKCU\..\Run: [Activex Application Updater] C:\Documents and Settings\Owner\Templates\MsCtfMonitor.exe
O4 - HKCU\..\Run: [Certificate Policy Engine] C:\Documents and Settings\Owner\Templates\CertPolEng.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\install\server.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\install\server.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: tnyve.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\Ralink\Common\RaUI.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: RalinkRegistryWriter - Ralink Technology, Corp. - C:\Program Files\Ralink\Common\RaRegistry.exe
O23 - Service: RaMediaServer - Unknown owner - C:\Program Files\Ralink\Common\RaMediaServer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 7745 bytes
Nejde mi Skype - LOG
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Nejde mi Skype - LOG
Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://domredi.com/1/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=falco&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: Shell=explorer.exe C:\Documents and Settings\Owner\Application Data\Microsoft\taskmgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [XIV Start] C:\WINDOWS\system32\OGUBSK\XIV.exe
O4 - HKCU\..\Run: [wmwmimn] C:\Documents and Settings\Owner\Local Settings\Application Data\vajeqv.exe
O4 - HKCU\..\Run: [Activex Application Updater] C:\Documents and Settings\Owner\Templates\MsCtfMonitor.exe
O4 - HKCU\..\Run: [Certificate Policy Engine] C:\Documents and Settings\Owner\Templates\CertPolEng.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\install\server.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\install\server.exe
O4 - Startup: tnyve.exe
*****************************************************************************************************************************************************************************************
Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
*****************************************************************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti: Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko Konec.
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje a poté kliknutím na OK spusť program
- nech vybranou možnost Rychlá kontrola a klikni na tlačítko Prohledat
Bude-li nalezen problém:
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost Uložit protokol a ulož si log na Plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
- výsledný log mi sem zkopíruj
(zatím nic nemaž!).
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://domredi.com/1/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=falco&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: Shell=explorer.exe C:\Documents and Settings\Owner\Application Data\Microsoft\taskmgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [XIV Start] C:\WINDOWS\system32\OGUBSK\XIV.exe
O4 - HKCU\..\Run: [wmwmimn] C:\Documents and Settings\Owner\Local Settings\Application Data\vajeqv.exe
O4 - HKCU\..\Run: [Activex Application Updater] C:\Documents and Settings\Owner\Templates\MsCtfMonitor.exe
O4 - HKCU\..\Run: [Certificate Policy Engine] C:\Documents and Settings\Owner\Templates\CertPolEng.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\install\server.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\install\server.exe
O4 - Startup: tnyve.exe
*****************************************************************************************************************************************************************************************
Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
*****************************************************************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti: Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko Konec.
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje a poté kliknutím na OK spusť program
- nech vybranou možnost Rychlá kontrola a klikni na tlačítko Prohledat
Bude-li nalezen problém:
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost Uložit protokol a ulož si log na Plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
- výsledný log mi sem zkopíruj
(zatím nic nemaž!).
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Nejde mi Skype - LOG
# AdwCleaner v2.104 - Logfile created 12/30/2012 at 11:37:09
# Updated 29/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - ANONYMOUS
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Folder Found : C:\DOCUME~1\Owner\LOCALS~1\Temp\Software
Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Found : C:\Documents and Settings\Owner\Application Data\Babylon
Folder Found : C:\Documents and Settings\Owner\Application Data\facemoods.com
Folder Found : C:\Program Files\Smartdl
***** [Registry] *****
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\PIP
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SweetIM
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\SweetIM
Key Found : HKU\S-1-5-21-839522115-790525478-1417001333-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKU\S-1-5-21-839522115-790525478-1417001333-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-839522115-790525478-1417001333-1003\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v17.0.1 (cs)
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\chiyuixb.default\prefs.js
Found : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=112185&tt=4512_4&babsrc=NT_ss&mntr[...]
Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112185&tt=4512_[...]
Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=112185&tt=4512_4&babsrc=KW_ss&mntrId=9827[...]
-\\ Google Chrome v23.0.1271.97
File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
Found [l.12] : homepage = "hxxp://start.facemoods.com/?a=falco",
Found [l.16] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=112185&tt=4512_4&babsrc=HP_ss&mntrId=9827874f000000000000243c20079db9" ]
Found [l.64] : icon_url = "hxxp://facemoods.com/favicon.ico",
Found [l.67] : keyword = "facemoods.com",
Found [l.70] : search_url = "hxxp://start.facemoods.com/?a=falco&s={searchTerms}&f=4",
Found [l.2064] : homepage = "hxxp://start.facemoods.com/?a=falco",
Found [l.2589] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=112185&tt=4512_4&babsrc=HP_ss&mntrId=9827874f000000000000243c20079db9" ]
*************************
AdwCleaner[R1].txt - [5378 octets] - [30/12/2012 11:37:09]
########## EOF - C:\AdwCleaner[R1].txt - [5438 octets] ##########
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Verze databáze: v2012.11.23.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: ANONYMOUS [administrátor]
30.12.2012 11:46:20
Log od MW.txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 214283
Uplynulý čas: 21 minut, 16 sekund
Nalezené procesy v paměti: 1
C:\Documents and Settings\Owner\Templates\MsCtfMonitor.exe (Backdoor.Agent.DC) -> 2272 -> Žádná instrukce nebyla provedena.
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 4
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{VX24I44T-IXGA-2P5A-2L1U-01M8855044L2} (Backdoor.Agent) -> Žádná instrukce nebyla provedena.
HKCR\CLSID\{VX24I44T-IXGA-2P5A-2L1U-01M8855044L2} (Backdoor.Agent) -> Žádná instrukce nebyla provedena.
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\XTREMERAT (Malware.Trace) -> Žádná instrukce nebyla provedena.
Nalezené hodnoty v registru: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Activex Application Updater (Backdoor.Agent.DC) -> Data: C:\Documents and Settings\Owner\Templates\MsCtfMonitor.exe -> Žádná instrukce nebyla provedena.
HKCU\Software\XtremeRAT|Mutex (Malware.Trace) -> Data: h0zMgUiAj -> Žádná instrukce nebyla provedena.
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 7
C:\WINDOWS\system32\install\server.exe (Backdoor.Agent) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\Owner\My Documents\downloads\DFH Download Manager.exe (Affiliate.Downloader) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\Owner\Application Data\svchost.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\Owner\Application Data\install\server.exe (Backdoor.Bot.M) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\Owner\Local Settings\Temp\teste.vbs (Trojan.VBS) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\Owner\Application Data\Microsoft\taskmgr.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\Owner\Templates\MsCtfMonitor.exe (Backdoor.Agent.DC) -> Žádná instrukce nebyla provedena.
(konec)
# Updated 29/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - ANONYMOUS
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Folder Found : C:\DOCUME~1\Owner\LOCALS~1\Temp\Software
Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Found : C:\Documents and Settings\Owner\Application Data\Babylon
Folder Found : C:\Documents and Settings\Owner\Application Data\facemoods.com
Folder Found : C:\Program Files\Smartdl
***** [Registry] *****
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\PIP
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SweetIM
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\SweetIM
Key Found : HKU\S-1-5-21-839522115-790525478-1417001333-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKU\S-1-5-21-839522115-790525478-1417001333-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-839522115-790525478-1417001333-1003\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v17.0.1 (cs)
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\chiyuixb.default\prefs.js
Found : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=112185&tt=4512_4&babsrc=NT_ss&mntr[...]
Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112185&tt=4512_[...]
Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=112185&tt=4512_4&babsrc=KW_ss&mntrId=9827[...]
-\\ Google Chrome v23.0.1271.97
File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
Found [l.12] : homepage = "hxxp://start.facemoods.com/?a=falco",
Found [l.16] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=112185&tt=4512_4&babsrc=HP_ss&mntrId=9827874f000000000000243c20079db9" ]
Found [l.64] : icon_url = "hxxp://facemoods.com/favicon.ico",
Found [l.67] : keyword = "facemoods.com",
Found [l.70] : search_url = "hxxp://start.facemoods.com/?a=falco&s={searchTerms}&f=4",
Found [l.2064] : homepage = "hxxp://start.facemoods.com/?a=falco",
Found [l.2589] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=112185&tt=4512_4&babsrc=HP_ss&mntrId=9827874f000000000000243c20079db9" ]
*************************
AdwCleaner[R1].txt - [5378 octets] - [30/12/2012 11:37:09]
########## EOF - C:\AdwCleaner[R1].txt - [5438 octets] ##########
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Verze databáze: v2012.11.23.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: ANONYMOUS [administrátor]
30.12.2012 11:46:20
Log od MW.txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 214283
Uplynulý čas: 21 minut, 16 sekund
Nalezené procesy v paměti: 1
C:\Documents and Settings\Owner\Templates\MsCtfMonitor.exe (Backdoor.Agent.DC) -> 2272 -> Žádná instrukce nebyla provedena.
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 4
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{VX24I44T-IXGA-2P5A-2L1U-01M8855044L2} (Backdoor.Agent) -> Žádná instrukce nebyla provedena.
HKCR\CLSID\{VX24I44T-IXGA-2P5A-2L1U-01M8855044L2} (Backdoor.Agent) -> Žádná instrukce nebyla provedena.
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\XTREMERAT (Malware.Trace) -> Žádná instrukce nebyla provedena.
Nalezené hodnoty v registru: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Activex Application Updater (Backdoor.Agent.DC) -> Data: C:\Documents and Settings\Owner\Templates\MsCtfMonitor.exe -> Žádná instrukce nebyla provedena.
HKCU\Software\XtremeRAT|Mutex (Malware.Trace) -> Data: h0zMgUiAj -> Žádná instrukce nebyla provedena.
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 7
C:\WINDOWS\system32\install\server.exe (Backdoor.Agent) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\Owner\My Documents\downloads\DFH Download Manager.exe (Affiliate.Downloader) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\Owner\Application Data\svchost.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\Owner\Application Data\install\server.exe (Backdoor.Bot.M) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\Owner\Local Settings\Temp\teste.vbs (Trojan.VBS) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\Owner\Application Data\Microsoft\taskmgr.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\Owner\Templates\MsCtfMonitor.exe (Backdoor.Agent.DC) -> Žádná instrukce nebyla provedena.
(konec)
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Nejde mi Skype - LOG
Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“).
Klikni na „ Delete“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.
*****************************************************************************************************************************************************************************************
Spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec
*****************************************************************************************************************************************************************************************
Vypni rezidentní štít antiviru.
Stáhni si ComboFix (by sUBs) nebo ComboFix (subs) a ulož si ho na Plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Klikni na „ Delete“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.
*****************************************************************************************************************************************************************************************
Spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec
*****************************************************************************************************************************************************************************************
Vypni rezidentní štít antiviru.
Stáhni si ComboFix (by sUBs) nebo ComboFix (subs) a ulož si ho na Plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Nejde mi Skype - LOG
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Owner\Application Data\facemoods.com
Folder Deleted : C:\Program Files\Smartdl
***** [Registry] *****
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SweetIM
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v17.0.1 (cs)
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\chiyuixb.default\prefs.js
Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=112185&tt=4512_4&babsrc=NT_ss&mntr[...]
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112185&tt=4512_[...]
Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=112185&tt=4512_4&babsrc=KW_ss&mntrId=9827[...]
-\\ Google Chrome v23.0.1271.97
File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
Deleted [l.12] : homepage = "hxxp://start.facemoods.com/?a=falco",
Deleted [l.16] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=112185&tt=4512_4&babsrc=H[...]
Deleted [l.64] : icon_url = "hxxp://facemoods.com/favicon.ico",
Deleted [l.67] : keyword = "facemoods.com",
Deleted [l.70] : search_url = "hxxp://start.facemoods.com/?a=falco&s={searchTerms}&f=4",
Deleted [l.2064] : homepage = "hxxp://start.facemoods.com/?a=falco",
Deleted [l.2589] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=112185&tt=4512_4&babsrc=HP_s[...]
*************************
AdwCleaner[R1].txt - [5507 octets] - [30/12/2012 11:37:09]
AdwCleaner[S1].txt - [5006 octets] - [30/12/2012 12:40:53]
########## EOF - C:\AdwCleaner[S1].txt - [5066 octets] ##########
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Verze databáze: v2012.11.23.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: ANONYMOUS [administrátor]
30.12.2012 12:52:17
mbam-log-2012-12-30 (12-52-17).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 214213
Uplynulý čas: 12 minut, 33 sekund
Nalezené procesy v paměti: 1
C:\Documents and Settings\Owner\Templates\MsCtfMonitor.exe (Backdoor.Agent.DC) -> 672 -> Bude smazán při restartu.
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 4
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{VX24I44T-IXGA-2P5A-2L1U-01M8855044L2} (Backdoor.Agent) -> Umístnění do karantény a smazání se zdařilo.
HKCR\CLSID\{VX24I44T-IXGA-2P5A-2L1U-01M8855044L2} (Backdoor.Agent) -> Umístnění do karantény a smazání se zdařilo.
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Umístnění do karantény a smazání se zdařilo.
HKCU\SOFTWARE\XTREMERAT (Malware.Trace) -> Umístnění do karantény a smazání se zdařilo.
Nalezené hodnoty v registru: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Policies (Backdoor.Agent) -> Data: C:\WINDOWS\system32\install\server.exe -> Umístnění do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Policies (Backdoor.Agent) -> Data: C:\WINDOWS\system32\install\server.exe -> Umístnění do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Activex Application Updater (Backdoor.Agent.DC) -> Data: C:\Documents and Settings\Owner\Templates\MsCtfMonitor.exe -> Umístnění do karantény a smazání se zdařilo.
HKCU\Software\XtremeRAT|Mutex (Malware.Trace) -> Data: h0zMgUiAj -> Umístnění do karantény a smazání se zdařilo.
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 7
C:\WINDOWS\system32\install\server.exe (Backdoor.Agent) -> Umístnění do karantény a smazání se zdařilo.
C:\Documents and Settings\Owner\My Documents\downloads\DFH Download Manager.exe (Affiliate.Downloader) -> Umístnění do karantény a smazání se zdařilo.
C:\Documents and Settings\Owner\Application Data\svchost.exe (Trojan.Agent) -> Umístnění do karantény a smazání se zdařilo.
C:\Documents and Settings\Owner\Application Data\install\server.exe (Backdoor.Bot.M) -> Umístnění do karantény a smazání se zdařilo.
C:\Documents and Settings\Owner\Local Settings\Temp\teste.vbs (Trojan.VBS) -> Umístnění do karantény a smazání se zdařilo.
C:\Documents and Settings\Owner\Application Data\Microsoft\taskmgr.exe (Trojan.Agent) -> Umístnění do karantény a smazání se zdařilo.
C:\Documents and Settings\Owner\Templates\MsCtfMonitor.exe (Backdoor.Agent.DC) -> Bude smazán při restartu.
(konec)
ComboFix 12-12-30.01 - Owner 30.12.2012 13:22:57.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.581 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\Application Data\chrtmp
c:\documents and settings\Owner\Application Data\M2Fish 4.2 Setup.exe
c:\documents and settings\Owner\Application Data\Microsoft\Windows\h0zMgUiAj.dat
c:\documents and settings\Owner\Application Data\Microsoft\Windows\h0zMgUiAj.xtr
c:\documents and settings\Owner\Application Data\Ownerlog.dat
c:\documents and settings\Owner\Local Settings\Application Data\vajeqv.exe
c:\documents and settings\Owner\Start Menu\Programs\Startup\tnyve.exe
c:\documents and settings\Owner\Templates\CertPolEng.exe
C:\torrent.exe
c:\windows\PCGWIN32.LI5
c:\windows\system\VB40032.DLL
c:\windows\system32\ccrpTmr6.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\install
c:\windows\system32\install\server.exe
c:\windows\system32\kbiwkmlog.dat
c:\windows\system32\MUI\0405\tourstart.exe
c:\windows\system32\nivida\KMPlayer.exe
c:\windows\system32\OGUBSK\AKV.exe
c:\windows\system32\OGUBSK\Dec_20_2012__12_35_41.005
c:\windows\system32\OGUBSK\Dec_20_2012__12_35_43.006
c:\windows\system32\OGUBSK\Dec_20_2012__12_37_43.008
c:\windows\system32\OGUBSK\Dec_20_2012__13_19_30.009
c:\windows\system32\OGUBSK\Dec_20_2012__13_21_22.008
c:\windows\system32\OGUBSK\Dec_20_2012__20_42_30.008
c:\windows\system32\OGUBSK\Dec_21_2012__10_57_52.008
c:\windows\system32\OGUBSK\Dec_21_2012__13_41_45.008
c:\windows\system32\OGUBSK\Dec_21_2012__18_22_11.008
c:\windows\system32\OGUBSK\Dec_21_2012__21_34_42.008
c:\windows\system32\OGUBSK\Dec_22_2012__08_32_43.008
c:\windows\system32\OGUBSK\Dec_23_2012__12_50_25.008
c:\windows\system32\OGUBSK\Dec_23_2012__17_01_54.008
c:\windows\system32\OGUBSK\Dec_24_2012__07_48_22.008
c:\windows\system32\OGUBSK\Dec_24_2012__12_09_12.008
c:\windows\system32\OGUBSK\Dec_24_2012__12_10_05.008
c:\windows\system32\OGUBSK\Dec_24_2012__12_13_46.008
c:\windows\system32\OGUBSK\Dec_24_2012__15_03_33.008
c:\windows\system32\OGUBSK\Dec_25_2012__09_06_55.008
c:\windows\system32\OGUBSK\Dec_25_2012__16_46_03.008
c:\windows\system32\OGUBSK\Dec_26_2012__08_44_34.008
c:\windows\system32\OGUBSK\Dec_26_2012__09_01_11.008
c:\windows\system32\OGUBSK\Dec_26_2012__10_01_37.008
c:\windows\system32\OGUBSK\Dec_26_2012__18_49_18.008
c:\windows\system32\OGUBSK\Dec_27_2012__09_09_38.008
c:\windows\system32\OGUBSK\Dec_27_2012__22_58_46.008
c:\windows\system32\OGUBSK\Dec_28_2012__08_45_17.008
c:\windows\system32\OGUBSK\Dec_28_2012__12_47_04.008
c:\windows\system32\OGUBSK\Dec_28_2012__16_08_30.008
c:\windows\system32\OGUBSK\Dec_29_2012__08_46_38.008
c:\windows\system32\OGUBSK\Dec_29_2012__12_57_02.008
c:\windows\system32\OGUBSK\Dec_30_2012__08_11_50.008
c:\windows\system32\OGUBSK\XIV.001
c:\windows\system32\OGUBSK\XIV.002
c:\windows\system32\OGUBSK\XIV.004
c:\windows\system32\OGUBSK\XIV.008
c:\windows\system32\systeminfo.dll
c:\windows\system32\WLGGBN\AKV.exe
c:\windows\system32\WLGGBN\BCR.001
c:\windows\system32\WLGGBN\BCR.002
c:\windows\system32\WLGGBN\BCR.004
c:\windows\system32\WLGGBN\BCR.005
c:\windows\system32\WLGGBN\BCR.008
c:\windows\system32\WLGGBN\Dec_20_2012__12_36_06.005
c:\windows\system32\WLGGBN\Dec_20_2012__12_36_08.006
c:\windows\system32\WLGGBN\Dec_20_2012__12_37_18.008
c:\windows\system32\WLGGBN\Dec_20_2012__12_40_32.006
c:\windows\system32\WLGGBN\Dec_20_2012__12_41_18.006
c:\windows\system32\WLGGBN\Dec_20_2012__12_42_22.006
c:\windows\system32\WLGGBN\Dec_20_2012__12_43_47.008
c:\windows\system32\WLGGBN\Dec_20_2012__12_44_13.009
.
.
((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-30 )))))))))))))))))))))))))))))))
.
.
2012-12-27 22:00 . 2012-12-28 07:50 -------- d-----w- c:\program files\Common Files\Skype
2012-12-27 22:00 . 2012-12-29 19:16 -------- d-----r- c:\program files\Skype
2012-12-22 15:47 . 2012-12-22 15:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2012-12-21 13:01 . 2012-12-21 13:01 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2012-12-21 13:01 . 2012-12-21 13:01 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2012-12-21 13:01 . 2012-12-21 13:01 -------- d-----w- c:\program files\OpenAL
2012-12-21 12:47 . 2012-12-28 18:47 -------- d-----w- c:\program files\City Interactive
2012-12-21 12:31 . 2012-12-21 12:31 -------- d-----w- c:\program files\TopCD
2012-12-21 12:25 . 2012-12-21 12:25 -------- d-----w- c:\program files\Toxic Games
2012-12-20 11:36 . 2012-12-30 12:32 -------- d-sh--w- c:\windows\system32\WLGGBN
2012-12-20 11:35 . 2012-12-30 12:32 -------- d-sh--w- c:\windows\system32\OGUBSK
2012-12-16 07:20 . 2012-12-16 07:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-15 21:12 . 2012-12-15 21:12 -------- d-----w- c:\documents and settings\Owner\Application Data\JAM Software
2012-12-15 21:12 . 2012-12-15 21:12 -------- d-----w- c:\program files\JAM Software
2012-12-15 09:23 . 2012-12-15 09:23 15728568 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-12-15 08:26 . 2012-12-15 09:24 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 11:10 . 2012-10-03 04:57 991744 ------w- c:\windows\system32\dllcache\kernel32.dll
2012-12-12 11:10 . 2012-12-16 12:23 290560 ------w- c:\windows\system32\dllcache\atmfd.dll
2012-12-12 11:10 . 2012-11-02 02:02 375296 ------w- c:\windows\system32\dllcache\dpnet.dll
2012-12-11 18:26 . 2012-12-30 12:06 -------- d-----w- c:\documents and settings\Owner\Application Data\install
2012-12-05 06:31 . 2012-12-05 06:31 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-12-04 14:09 . 2012-12-04 14:10 -------- d-----w- c:\program files\QuickTime
2012-12-04 14:09 . 2012-12-04 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2012-12-04 14:08 . 2012-12-04 14:08 -------- d-----w- c:\program files\Common Files\Apple
2012-12-04 14:08 . 2012-12-04 14:08 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple
2012-12-04 14:07 . 2012-12-04 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2012-12-04 14:04 . 2012-12-04 14:04 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
2012-12-03 18:11 . 2012-12-03 18:12 -------- d-----w- c:\program files\Helic
2012-12-02 20:15 . 2012-12-02 20:16 -------- d-----w- c:\program files\TornTV.com
2012-12-02 18:38 . 2008-04-14 02:42 56832 ----a-w- c:\windows\system32\msdvbnp.ax
2012-12-02 18:38 . 2008-04-14 02:42 33280 ----a-w- c:\windows\system32\psisrndr.ax
2012-12-02 18:38 . 2008-04-14 02:42 363520 ----a-w- c:\windows\system32\psisdecd.dll
2012-12-02 18:38 . 2008-04-14 02:42 363520 ----a-w- c:\windows\system32\dllcache\psisdecd.dll
2012-12-02 18:38 . 2007-12-01 01:10 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2012-12-02 18:38 . 2012-12-02 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD X Studios
2012-12-02 18:38 . 2012-12-02 18:38 -------- d-----w- c:\program files\Aviosoft
2012-12-02 18:22 . 2012-12-02 18:22 -------- d-----w- c:\program files\GNU
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2011-02-15 13:05 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-15 09:24 . 2011-06-28 22:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 11:20 . 2011-06-02 14:07 1875456 ----a-w- c:\windows\system32\win32k.sys
2012-11-07 16:14 . 2009-03-18 21:35 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-11-06 15:48 . 2011-07-14 00:50 218624 ----a-w- c:\windows\system32\uxtheme.dll
2012-11-02 02:02 . 2008-04-14 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:15 . 2011-04-25 16:09 920064 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:15 . 2012-08-20 14:24 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 12:15 . 2011-04-25 16:09 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-10-31 23:39 . 2011-04-25 11:28 385024 ----a-w- c:\windows\system32\html.iec
2012-10-09 20:09 . 2012-10-09 20:09 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-02 18:04 . 2008-04-14 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-03 01:45 . 2012-09-03 01:45 102400 ----a-w- c:\program files\PDFCreator-1_5_0_setup.exe
2009-09-04 23:01 . 2009-09-04 23:01 525656 ----a-w- c:\program files\DXSETUP.exe
2009-09-04 23:01 . 2009-09-04 23:01 94024 ----a-w- c:\program files\DSETUP.dll
2009-09-04 23:01 . 2009-09-04 23:01 1691464 ----a-w- c:\program files\dsetup32.dll
2012-12-19 10:33 . 2012-12-19 10:32 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-07-14 . F738697D2AA60AC4BA9B9DED1412D4B2 . 361600 . . [5.1.2600.6009] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
.
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
.
c:\windows\System32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17888944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2012-11-7 624416]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2012-8-21 12909928]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"62.75.206.182,255.255.255.255,192.168.1.85,1"=""
"173.245.61.58,255.255.255.255,192.168.1.85,1"=""
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, credssp.dll, digest.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\Program Files\\LogMeIn Hamachi\\Metin2\\metin2client.bin"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Sentinell\\Sentinell\\metin2client.bin"=
"c:\\Documents and Settings\\Owner\\Desktop\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Sony\\Vegas Pro 9.0\\VegSrv90.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\AppLaunch.exe"=
"c:\\Program Files\\Toxic Games\\QUBE Demo\\Binaries\\Win32\\QUBE_Demo.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PanProcess.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [14.7.2011 1:56 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [14.7.2011 1:56 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [14.7.2011 1:56 13616]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [20.8.2012 9:59 16640]
R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [10.11.2012 21:32 625304]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [21.8.2012 4:35 19072]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10.10.2012 4:11 22856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10.10.2012 4:11 676936]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.11.2012 12:12 160944]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\Owner\LOCALS~1\Temp\GPU-Z.sys --> c:\docume~1\Owner\LOCALS~1\Temp\GPU-Z.sys [?]
S3 RaMediaServer;RaMediaServer;c:\program files\Ralink\Common\RaMediaServer.exe [21.8.2012 4:35 621632]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-15 09:24]
.
2012-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-790525478-1417001333-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-21 12:45]
.
2012-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-790525478-1417001333-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-21 12:45]
.
2012-12-30 c:\windows\Tasks\User_Feed_Synchronization-{633A74A8-9673-4C76-A73F-96A937CB2564}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 20:31]
.
.
------- Supplementary Scan -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.8.0.158 10.254.2.2
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\chiyuixb.default\
FF - prefs.js: browser.startup.homepage - hxxp://domredi.com/1/
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-KMPlayer - c:\windows\system32\nivida\KMPlayer.exe
HKCU-Run-Certificate Policy Engine - c:\documents and settings\Owner\Templates\CertPolEng.exe
HKCU-Run-wmwmimn - c:\documents and settings\Owner\Local Settings\Application Data\vajeqv.exe
HKLM-Run-KMPlayer - c:\windows\system32\nivida\KMPlayer.exe
SafeBoot-81316327.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-30 13:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-12-30 13:38:42
ComboFix-quarantined-files.txt 2012-12-30 12:38
.
Pre-Run: 29 062 602 752 bytes free
Post-Run: 29 210 087 424 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - FAECBC8545D6253B208F09B594B5044F
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Owner\Application Data\facemoods.com
Folder Deleted : C:\Program Files\Smartdl
***** [Registry] *****
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SweetIM
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v17.0.1 (cs)
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\chiyuixb.default\prefs.js
Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=112185&tt=4512_4&babsrc=NT_ss&mntr[...]
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112185&tt=4512_[...]
Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=112185&tt=4512_4&babsrc=KW_ss&mntrId=9827[...]
-\\ Google Chrome v23.0.1271.97
File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
Deleted [l.12] : homepage = "hxxp://start.facemoods.com/?a=falco",
Deleted [l.16] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=112185&tt=4512_4&babsrc=H[...]
Deleted [l.64] : icon_url = "hxxp://facemoods.com/favicon.ico",
Deleted [l.67] : keyword = "facemoods.com",
Deleted [l.70] : search_url = "hxxp://start.facemoods.com/?a=falco&s={searchTerms}&f=4",
Deleted [l.2064] : homepage = "hxxp://start.facemoods.com/?a=falco",
Deleted [l.2589] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=112185&tt=4512_4&babsrc=HP_s[...]
*************************
AdwCleaner[R1].txt - [5507 octets] - [30/12/2012 11:37:09]
AdwCleaner[S1].txt - [5006 octets] - [30/12/2012 12:40:53]
########## EOF - C:\AdwCleaner[S1].txt - [5066 octets] ##########
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Verze databáze: v2012.11.23.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: ANONYMOUS [administrátor]
30.12.2012 12:52:17
mbam-log-2012-12-30 (12-52-17).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 214213
Uplynulý čas: 12 minut, 33 sekund
Nalezené procesy v paměti: 1
C:\Documents and Settings\Owner\Templates\MsCtfMonitor.exe (Backdoor.Agent.DC) -> 672 -> Bude smazán při restartu.
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 4
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{VX24I44T-IXGA-2P5A-2L1U-01M8855044L2} (Backdoor.Agent) -> Umístnění do karantény a smazání se zdařilo.
HKCR\CLSID\{VX24I44T-IXGA-2P5A-2L1U-01M8855044L2} (Backdoor.Agent) -> Umístnění do karantény a smazání se zdařilo.
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Umístnění do karantény a smazání se zdařilo.
HKCU\SOFTWARE\XTREMERAT (Malware.Trace) -> Umístnění do karantény a smazání se zdařilo.
Nalezené hodnoty v registru: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Policies (Backdoor.Agent) -> Data: C:\WINDOWS\system32\install\server.exe -> Umístnění do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Policies (Backdoor.Agent) -> Data: C:\WINDOWS\system32\install\server.exe -> Umístnění do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Activex Application Updater (Backdoor.Agent.DC) -> Data: C:\Documents and Settings\Owner\Templates\MsCtfMonitor.exe -> Umístnění do karantény a smazání se zdařilo.
HKCU\Software\XtremeRAT|Mutex (Malware.Trace) -> Data: h0zMgUiAj -> Umístnění do karantény a smazání se zdařilo.
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 7
C:\WINDOWS\system32\install\server.exe (Backdoor.Agent) -> Umístnění do karantény a smazání se zdařilo.
C:\Documents and Settings\Owner\My Documents\downloads\DFH Download Manager.exe (Affiliate.Downloader) -> Umístnění do karantény a smazání se zdařilo.
C:\Documents and Settings\Owner\Application Data\svchost.exe (Trojan.Agent) -> Umístnění do karantény a smazání se zdařilo.
C:\Documents and Settings\Owner\Application Data\install\server.exe (Backdoor.Bot.M) -> Umístnění do karantény a smazání se zdařilo.
C:\Documents and Settings\Owner\Local Settings\Temp\teste.vbs (Trojan.VBS) -> Umístnění do karantény a smazání se zdařilo.
C:\Documents and Settings\Owner\Application Data\Microsoft\taskmgr.exe (Trojan.Agent) -> Umístnění do karantény a smazání se zdařilo.
C:\Documents and Settings\Owner\Templates\MsCtfMonitor.exe (Backdoor.Agent.DC) -> Bude smazán při restartu.
(konec)
ComboFix 12-12-30.01 - Owner 30.12.2012 13:22:57.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.581 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\Application Data\chrtmp
c:\documents and settings\Owner\Application Data\M2Fish 4.2 Setup.exe
c:\documents and settings\Owner\Application Data\Microsoft\Windows\h0zMgUiAj.dat
c:\documents and settings\Owner\Application Data\Microsoft\Windows\h0zMgUiAj.xtr
c:\documents and settings\Owner\Application Data\Ownerlog.dat
c:\documents and settings\Owner\Local Settings\Application Data\vajeqv.exe
c:\documents and settings\Owner\Start Menu\Programs\Startup\tnyve.exe
c:\documents and settings\Owner\Templates\CertPolEng.exe
C:\torrent.exe
c:\windows\PCGWIN32.LI5
c:\windows\system\VB40032.DLL
c:\windows\system32\ccrpTmr6.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\install
c:\windows\system32\install\server.exe
c:\windows\system32\kbiwkmlog.dat
c:\windows\system32\MUI\0405\tourstart.exe
c:\windows\system32\nivida\KMPlayer.exe
c:\windows\system32\OGUBSK\AKV.exe
c:\windows\system32\OGUBSK\Dec_20_2012__12_35_41.005
c:\windows\system32\OGUBSK\Dec_20_2012__12_35_43.006
c:\windows\system32\OGUBSK\Dec_20_2012__12_37_43.008
c:\windows\system32\OGUBSK\Dec_20_2012__13_19_30.009
c:\windows\system32\OGUBSK\Dec_20_2012__13_21_22.008
c:\windows\system32\OGUBSK\Dec_20_2012__20_42_30.008
c:\windows\system32\OGUBSK\Dec_21_2012__10_57_52.008
c:\windows\system32\OGUBSK\Dec_21_2012__13_41_45.008
c:\windows\system32\OGUBSK\Dec_21_2012__18_22_11.008
c:\windows\system32\OGUBSK\Dec_21_2012__21_34_42.008
c:\windows\system32\OGUBSK\Dec_22_2012__08_32_43.008
c:\windows\system32\OGUBSK\Dec_23_2012__12_50_25.008
c:\windows\system32\OGUBSK\Dec_23_2012__17_01_54.008
c:\windows\system32\OGUBSK\Dec_24_2012__07_48_22.008
c:\windows\system32\OGUBSK\Dec_24_2012__12_09_12.008
c:\windows\system32\OGUBSK\Dec_24_2012__12_10_05.008
c:\windows\system32\OGUBSK\Dec_24_2012__12_13_46.008
c:\windows\system32\OGUBSK\Dec_24_2012__15_03_33.008
c:\windows\system32\OGUBSK\Dec_25_2012__09_06_55.008
c:\windows\system32\OGUBSK\Dec_25_2012__16_46_03.008
c:\windows\system32\OGUBSK\Dec_26_2012__08_44_34.008
c:\windows\system32\OGUBSK\Dec_26_2012__09_01_11.008
c:\windows\system32\OGUBSK\Dec_26_2012__10_01_37.008
c:\windows\system32\OGUBSK\Dec_26_2012__18_49_18.008
c:\windows\system32\OGUBSK\Dec_27_2012__09_09_38.008
c:\windows\system32\OGUBSK\Dec_27_2012__22_58_46.008
c:\windows\system32\OGUBSK\Dec_28_2012__08_45_17.008
c:\windows\system32\OGUBSK\Dec_28_2012__12_47_04.008
c:\windows\system32\OGUBSK\Dec_28_2012__16_08_30.008
c:\windows\system32\OGUBSK\Dec_29_2012__08_46_38.008
c:\windows\system32\OGUBSK\Dec_29_2012__12_57_02.008
c:\windows\system32\OGUBSK\Dec_30_2012__08_11_50.008
c:\windows\system32\OGUBSK\XIV.001
c:\windows\system32\OGUBSK\XIV.002
c:\windows\system32\OGUBSK\XIV.004
c:\windows\system32\OGUBSK\XIV.008
c:\windows\system32\systeminfo.dll
c:\windows\system32\WLGGBN\AKV.exe
c:\windows\system32\WLGGBN\BCR.001
c:\windows\system32\WLGGBN\BCR.002
c:\windows\system32\WLGGBN\BCR.004
c:\windows\system32\WLGGBN\BCR.005
c:\windows\system32\WLGGBN\BCR.008
c:\windows\system32\WLGGBN\Dec_20_2012__12_36_06.005
c:\windows\system32\WLGGBN\Dec_20_2012__12_36_08.006
c:\windows\system32\WLGGBN\Dec_20_2012__12_37_18.008
c:\windows\system32\WLGGBN\Dec_20_2012__12_40_32.006
c:\windows\system32\WLGGBN\Dec_20_2012__12_41_18.006
c:\windows\system32\WLGGBN\Dec_20_2012__12_42_22.006
c:\windows\system32\WLGGBN\Dec_20_2012__12_43_47.008
c:\windows\system32\WLGGBN\Dec_20_2012__12_44_13.009
.
.
((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-30 )))))))))))))))))))))))))))))))
.
.
2012-12-27 22:00 . 2012-12-28 07:50 -------- d-----w- c:\program files\Common Files\Skype
2012-12-27 22:00 . 2012-12-29 19:16 -------- d-----r- c:\program files\Skype
2012-12-22 15:47 . 2012-12-22 15:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2012-12-21 13:01 . 2012-12-21 13:01 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2012-12-21 13:01 . 2012-12-21 13:01 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2012-12-21 13:01 . 2012-12-21 13:01 -------- d-----w- c:\program files\OpenAL
2012-12-21 12:47 . 2012-12-28 18:47 -------- d-----w- c:\program files\City Interactive
2012-12-21 12:31 . 2012-12-21 12:31 -------- d-----w- c:\program files\TopCD
2012-12-21 12:25 . 2012-12-21 12:25 -------- d-----w- c:\program files\Toxic Games
2012-12-20 11:36 . 2012-12-30 12:32 -------- d-sh--w- c:\windows\system32\WLGGBN
2012-12-20 11:35 . 2012-12-30 12:32 -------- d-sh--w- c:\windows\system32\OGUBSK
2012-12-16 07:20 . 2012-12-16 07:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-15 21:12 . 2012-12-15 21:12 -------- d-----w- c:\documents and settings\Owner\Application Data\JAM Software
2012-12-15 21:12 . 2012-12-15 21:12 -------- d-----w- c:\program files\JAM Software
2012-12-15 09:23 . 2012-12-15 09:23 15728568 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-12-15 08:26 . 2012-12-15 09:24 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 11:10 . 2012-10-03 04:57 991744 ------w- c:\windows\system32\dllcache\kernel32.dll
2012-12-12 11:10 . 2012-12-16 12:23 290560 ------w- c:\windows\system32\dllcache\atmfd.dll
2012-12-12 11:10 . 2012-11-02 02:02 375296 ------w- c:\windows\system32\dllcache\dpnet.dll
2012-12-11 18:26 . 2012-12-30 12:06 -------- d-----w- c:\documents and settings\Owner\Application Data\install
2012-12-05 06:31 . 2012-12-05 06:31 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-12-04 14:09 . 2012-12-04 14:10 -------- d-----w- c:\program files\QuickTime
2012-12-04 14:09 . 2012-12-04 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2012-12-04 14:08 . 2012-12-04 14:08 -------- d-----w- c:\program files\Common Files\Apple
2012-12-04 14:08 . 2012-12-04 14:08 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple
2012-12-04 14:07 . 2012-12-04 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2012-12-04 14:04 . 2012-12-04 14:04 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
2012-12-03 18:11 . 2012-12-03 18:12 -------- d-----w- c:\program files\Helic
2012-12-02 20:15 . 2012-12-02 20:16 -------- d-----w- c:\program files\TornTV.com
2012-12-02 18:38 . 2008-04-14 02:42 56832 ----a-w- c:\windows\system32\msdvbnp.ax
2012-12-02 18:38 . 2008-04-14 02:42 33280 ----a-w- c:\windows\system32\psisrndr.ax
2012-12-02 18:38 . 2008-04-14 02:42 363520 ----a-w- c:\windows\system32\psisdecd.dll
2012-12-02 18:38 . 2008-04-14 02:42 363520 ----a-w- c:\windows\system32\dllcache\psisdecd.dll
2012-12-02 18:38 . 2007-12-01 01:10 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2012-12-02 18:38 . 2012-12-02 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD X Studios
2012-12-02 18:38 . 2012-12-02 18:38 -------- d-----w- c:\program files\Aviosoft
2012-12-02 18:22 . 2012-12-02 18:22 -------- d-----w- c:\program files\GNU
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2011-02-15 13:05 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-15 09:24 . 2011-06-28 22:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 11:20 . 2011-06-02 14:07 1875456 ----a-w- c:\windows\system32\win32k.sys
2012-11-07 16:14 . 2009-03-18 21:35 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-11-06 15:48 . 2011-07-14 00:50 218624 ----a-w- c:\windows\system32\uxtheme.dll
2012-11-02 02:02 . 2008-04-14 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:15 . 2011-04-25 16:09 920064 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:15 . 2012-08-20 14:24 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 12:15 . 2011-04-25 16:09 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-10-31 23:39 . 2011-04-25 11:28 385024 ----a-w- c:\windows\system32\html.iec
2012-10-09 20:09 . 2012-10-09 20:09 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-02 18:04 . 2008-04-14 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-03 01:45 . 2012-09-03 01:45 102400 ----a-w- c:\program files\PDFCreator-1_5_0_setup.exe
2009-09-04 23:01 . 2009-09-04 23:01 525656 ----a-w- c:\program files\DXSETUP.exe
2009-09-04 23:01 . 2009-09-04 23:01 94024 ----a-w- c:\program files\DSETUP.dll
2009-09-04 23:01 . 2009-09-04 23:01 1691464 ----a-w- c:\program files\dsetup32.dll
2012-12-19 10:33 . 2012-12-19 10:32 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-07-14 . F738697D2AA60AC4BA9B9DED1412D4B2 . 361600 . . [5.1.2600.6009] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
.
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
.
c:\windows\System32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17888944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2012-11-7 624416]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2012-8-21 12909928]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"62.75.206.182,255.255.255.255,192.168.1.85,1"=""
"173.245.61.58,255.255.255.255,192.168.1.85,1"=""
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, credssp.dll, digest.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\Program Files\\LogMeIn Hamachi\\Metin2\\metin2client.bin"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Sentinell\\Sentinell\\metin2client.bin"=
"c:\\Documents and Settings\\Owner\\Desktop\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Sony\\Vegas Pro 9.0\\VegSrv90.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\AppLaunch.exe"=
"c:\\Program Files\\Toxic Games\\QUBE Demo\\Binaries\\Win32\\QUBE_Demo.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PanProcess.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [14.7.2011 1:56 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [14.7.2011 1:56 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [14.7.2011 1:56 13616]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [20.8.2012 9:59 16640]
R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [10.11.2012 21:32 625304]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [21.8.2012 4:35 19072]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10.10.2012 4:11 22856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10.10.2012 4:11 676936]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.11.2012 12:12 160944]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\Owner\LOCALS~1\Temp\GPU-Z.sys --> c:\docume~1\Owner\LOCALS~1\Temp\GPU-Z.sys [?]
S3 RaMediaServer;RaMediaServer;c:\program files\Ralink\Common\RaMediaServer.exe [21.8.2012 4:35 621632]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-15 09:24]
.
2012-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-790525478-1417001333-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-21 12:45]
.
2012-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-790525478-1417001333-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-21 12:45]
.
2012-12-30 c:\windows\Tasks\User_Feed_Synchronization-{633A74A8-9673-4C76-A73F-96A937CB2564}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 20:31]
.
.
------- Supplementary Scan -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.8.0.158 10.254.2.2
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\chiyuixb.default\
FF - prefs.js: browser.startup.homepage - hxxp://domredi.com/1/
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-KMPlayer - c:\windows\system32\nivida\KMPlayer.exe
HKCU-Run-Certificate Policy Engine - c:\documents and settings\Owner\Templates\CertPolEng.exe
HKCU-Run-wmwmimn - c:\documents and settings\Owner\Local Settings\Application Data\vajeqv.exe
HKLM-Run-KMPlayer - c:\windows\system32\nivida\KMPlayer.exe
SafeBoot-81316327.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-30 13:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-12-30 13:38:42
ComboFix-quarantined-files.txt 2012-12-30 12:38
.
Pre-Run: 29 062 602 752 bytes free
Post-Run: 29 210 087 424 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - FAECBC8545D6253B208F09B594B5044F
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Nejde mi Skype - LOG
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený červeně:
KillAll::
File::
c:\windows\system32\drivers\EagleXNt.sys
c:\docume~1\Owner\LOCALS~1\Temp\GPU-Z.sys
Folder::
c:\windows\system32\WLGGBN
c:\windows\system32\OGUBSK
c:\documents and settings\Owner\Application Data\install
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update
C:\Documents and Settings\Owner\Templates
Driver::
EagleXNt
GPU-Z
FileZilla Server
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\msiexec.exe"=-
Firefox::
FF - prefs.js: browser.startup.homepage - hxxp://domredi.com/1/
Restore::
c:\windows\System32\wscntfy.exe
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu
Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.
Zkopíruj do něj následující celý text označený červeně:
KillAll::
File::
c:\windows\system32\drivers\EagleXNt.sys
c:\docume~1\Owner\LOCALS~1\Temp\GPU-Z.sys
Folder::
c:\windows\system32\WLGGBN
c:\windows\system32\OGUBSK
c:\documents and settings\Owner\Application Data\install
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update
C:\Documents and Settings\Owner\Templates
Driver::
EagleXNt
GPU-Z
FileZilla Server
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\msiexec.exe"=-
Firefox::
FF - prefs.js: browser.startup.homepage - hxxp://domredi.com/1/
Restore::
c:\windows\System32\wscntfy.exe
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu
Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Nejde mi Skype - LOG
Ahoj Super Skype už jede 
jsem strašně rád že už běží. Tady je ještě ten log:
ComboFix 12-12-30.01 - Owner 30.12.2012 14:19:54.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.551 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
.
FILE ::
"c:\docume~1\Owner\LOCALS~1\Temp\GPU-Z.sys"
"c:\windows\system32\drivers\EagleXNt.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\Application Data\install
c:\documents and settings\Owner\Application Data\Ownerlog.dat
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\GoogleUpdate.exe
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\GoogleUpdateBroker.exe
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\GoogleUpdateHelper.msi
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\GoogleUpdateSetup.exe
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdate.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_am.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_ar.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_bg.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_bn.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_ca.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_cs.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_da.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_de.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_el.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_en-GB.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_en.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_es-419.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_es.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_et.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_fa.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_fi.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_fil.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_fr.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_gu.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_hi.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_hr.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_hu.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_id.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_is.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_it.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_iw.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_ja.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_kn.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_ko.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_lt.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_lv.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_ml.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_mr.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_ms.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_nl.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_no.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_pl.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_pt-BR.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_pt-PT.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_ro.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_ru.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_sk.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_sl.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_sr.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_sv.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_sw.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_ta.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_te.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_th.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_tr.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_uk.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_ur.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_vi.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_zh-CN.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_zh-TW.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\psmachine.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\psuser.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.125\GoogleUpdateB6998767.exe
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\23.0.1271.97\23.0.1271.97_23.0.1271.95_chrome_updater.exe
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\23.0.1271.97\23.0.1271.97_chrome_installer.exe
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
c:\windows\system32\OGUBSK
c:\windows\system32\OGUBSK\App_Dec_20_2012__12_37_43.html
c:\windows\system32\OGUBSK\App_Dec_20_2012__13_21_22.html
c:\windows\system32\OGUBSK\App_Dec_20_2012__20_42_30.html
c:\windows\system32\OGUBSK\App_Dec_21_2012__10_57_52.html
c:\windows\system32\OGUBSK\App_Dec_21_2012__13_41_45.html
c:\windows\system32\OGUBSK\App_Dec_21_2012__18_22_11.html
c:\windows\system32\OGUBSK\App_Dec_21_2012__21_34_42.html
c:\windows\system32\OGUBSK\App_Dec_22_2012__08_32_43.html
c:\windows\system32\OGUBSK\App_Dec_23_2012__12_50_25.html
c:\windows\system32\OGUBSK\App_Dec_23_2012__17_01_54.html
c:\windows\system32\OGUBSK\App_Dec_24_2012__07_48_22.html
c:\windows\system32\OGUBSK\App_Dec_24_2012__12_09_12.html
c:\windows\system32\OGUBSK\App_Dec_24_2012__12_10_05.html
c:\windows\system32\OGUBSK\App_Dec_24_2012__12_13_46.html
c:\windows\system32\OGUBSK\App_Dec_24_2012__15_03_33.html
c:\windows\system32\OGUBSK\App_Dec_25_2012__09_06_55.html
c:\windows\system32\OGUBSK\App_Dec_25_2012__16_46_03.html
c:\windows\system32\OGUBSK\App_Dec_26_2012__08_44_34.html
c:\windows\system32\OGUBSK\App_Dec_26_2012__09_01_11.html
c:\windows\system32\OGUBSK\App_Dec_26_2012__10_01_37.html
c:\windows\system32\OGUBSK\App_Dec_26_2012__18_49_18.html
c:\windows\system32\OGUBSK\App_Dec_27_2012__09_09_38.html
c:\windows\system32\OGUBSK\App_Dec_27_2012__22_58_46.html
c:\windows\system32\OGUBSK\App_Dec_28_2012__08_45_17.html
c:\windows\system32\OGUBSK\App_Dec_28_2012__12_47_04.html
c:\windows\system32\OGUBSK\App_Dec_28_2012__16_08_30.html
c:\windows\system32\OGUBSK\App_Dec_29_2012__08_46_38.html
c:\windows\system32\OGUBSK\App_Dec_29_2012__12_57_02.html
c:\windows\system32\OGUBSK\App_Dec_30_2012__08_11_50.html
c:\windows\system32\OGUBSK\Keys_Dec_20_2012__12_35_41.html
c:\windows\system32\OGUBSK\Screen_Dec_20_2012__13_19_29.jpg
c:\windows\system32\OGUBSK\Screen_Dec_20_2012__13_19_30.html
c:\windows\system32\OGUBSK\Web_Dec_20_2012__12_35_43.html
c:\windows\system32\OGUBSK\XIV.exe
c:\windows\system32\WLGGBN
c:\windows\system32\WLGGBN\BCR.exe
.
c:\windows\System32\wscntfy.exe . . . is infected!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EAGLEXNT
-------\Legacy_FILEZILLA_SERVER
-------\Legacy_GPU-Z
-------\Service_EagleXNt
-------\Service_FileZilla Server
-------\Service_GPU-Z
.
.
((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-30 )))))))))))))))))))))))))))))))
.
.
2012-12-30 13:41 . 2012-12-30 13:41 -------- d-----w- C:\found.001
2012-12-27 22:00 . 2012-12-28 07:50 -------- d-----w- c:\program files\Common Files\Skype
2012-12-27 22:00 . 2012-12-29 19:16 -------- d-----r- c:\program files\Skype
2012-12-22 15:47 . 2012-12-22 15:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2012-12-21 13:01 . 2012-12-21 13:01 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2012-12-21 13:01 . 2012-12-21 13:01 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2012-12-21 13:01 . 2012-12-21 13:01 -------- d-----w- c:\program files\OpenAL
2012-12-21 12:47 . 2012-12-28 18:47 -------- d-----w- c:\program files\City Interactive
2012-12-21 12:31 . 2012-12-21 12:31 -------- d-----w- c:\program files\TopCD
2012-12-21 12:25 . 2012-12-21 12:25 -------- d-----w- c:\program files\Toxic Games
2012-12-16 07:20 . 2012-12-16 07:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-15 21:12 . 2012-12-15 21:12 -------- d-----w- c:\documents and settings\Owner\Application Data\JAM Software
2012-12-15 21:12 . 2012-12-15 21:12 -------- d-----w- c:\program files\JAM Software
2012-12-15 09:23 . 2012-12-15 09:23 15728568 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-12-15 08:26 . 2012-12-15 09:24 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 11:10 . 2012-10-03 04:57 991744 ------w- c:\windows\system32\dllcache\kernel32.dll
2012-12-12 11:10 . 2012-12-16 12:23 290560 ------w- c:\windows\system32\dllcache\atmfd.dll
2012-12-12 11:10 . 2012-11-02 02:02 375296 ------w- c:\windows\system32\dllcache\dpnet.dll
2012-12-05 06:31 . 2012-12-05 06:31 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-12-04 14:09 . 2012-12-04 14:10 -------- d-----w- c:\program files\QuickTime
2012-12-04 14:09 . 2012-12-04 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2012-12-04 14:08 . 2012-12-04 14:08 -------- d-----w- c:\program files\Common Files\Apple
2012-12-04 14:08 . 2012-12-04 14:08 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple
2012-12-04 14:07 . 2012-12-04 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2012-12-04 14:04 . 2012-12-04 14:04 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
2012-12-03 18:11 . 2012-12-03 18:12 -------- d-----w- c:\program files\Helic
2012-12-02 20:15 . 2012-12-02 20:16 -------- d-----w- c:\program files\TornTV.com
2012-12-02 18:38 . 2008-04-14 02:42 56832 ----a-w- c:\windows\system32\msdvbnp.ax
2012-12-02 18:38 . 2008-04-14 02:42 33280 ----a-w- c:\windows\system32\psisrndr.ax
2012-12-02 18:38 . 2008-04-14 02:42 363520 ----a-w- c:\windows\system32\psisdecd.dll
2012-12-02 18:38 . 2008-04-14 02:42 363520 ----a-w- c:\windows\system32\dllcache\psisdecd.dll
2012-12-02 18:38 . 2007-12-01 01:10 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2012-12-02 18:38 . 2012-12-02 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD X Studios
2012-12-02 18:38 . 2012-12-02 18:38 -------- d-----w- c:\program files\Aviosoft
2012-12-02 18:22 . 2012-12-02 18:22 -------- d-----w- c:\program files\GNU
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2011-02-15 13:05 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-15 09:24 . 2011-06-28 22:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 11:20 . 2011-06-02 14:07 1875456 ----a-w- c:\windows\system32\win32k.sys
2012-11-07 16:14 . 2009-03-18 21:35 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-11-06 15:48 . 2011-07-14 00:50 218624 ----a-w- c:\windows\system32\uxtheme.dll
2012-11-02 02:02 . 2008-04-14 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:15 . 2011-04-25 16:09 920064 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:15 . 2012-08-20 14:24 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 12:15 . 2011-04-25 16:09 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-10-31 23:39 . 2011-04-25 11:28 385024 ----a-w- c:\windows\system32\html.iec
2012-10-09 20:09 . 2012-10-09 20:09 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-02 18:04 . 2008-04-14 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-03 01:45 . 2012-09-03 01:45 102400 ----a-w- c:\program files\PDFCreator-1_5_0_setup.exe
2009-09-04 23:01 . 2009-09-04 23:01 525656 ----a-w- c:\program files\DXSETUP.exe
2009-09-04 23:01 . 2009-09-04 23:01 94024 ----a-w- c:\program files\DSETUP.dll
2009-09-04 23:01 . 2009-09-04 23:01 1691464 ----a-w- c:\program files\dsetup32.dll
2012-12-19 10:33 . 2012-12-19 10:32 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-07-14 . F738697D2AA60AC4BA9B9DED1412D4B2 . 361600 . . [5.1.2600.6009] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17888944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2012-11-7 624416]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2012-8-21 12909928]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"62.75.206.182,255.255.255.255,192.168.1.85,1"=""
"173.245.61.58,255.255.255.255,192.168.1.85,1"=""
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, credssp.dll, digest.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\Program Files\\LogMeIn Hamachi\\Metin2\\metin2client.bin"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Sentinell\\Sentinell\\metin2client.bin"=
"c:\\Documents and Settings\\Owner\\Desktop\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Sony\\Vegas Pro 9.0\\VegSrv90.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\AppLaunch.exe"=
"c:\\Program Files\\Toxic Games\\QUBE Demo\\Binaries\\Win32\\QUBE_Demo.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PanProcess.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [14.7.2011 1:56 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [14.7.2011 1:56 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [14.7.2011 1:56 13616]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [20.8.2012 9:59 16640]
R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [10.11.2012 21:32 625304]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [21.8.2012 4:35 19072]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10.10.2012 4:11 22856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10.10.2012 4:11 676936]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.11.2012 12:12 160944]
S3 RaMediaServer;RaMediaServer;c:\program files\Ralink\Common\RaMediaServer.exe [21.8.2012 4:35 621632]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-15 09:24]
.
2012-12-30 c:\windows\Tasks\User_Feed_Synchronization-{633A74A8-9673-4C76-A73F-96A937CB2564}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 20:31]
.
.
------- Supplementary Scan -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.8.0.158 10.254.2.2
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\chiyuixb.default\
FF - prefs.js: browser.startup.homepage - hxxp://domredi.com/1/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-30 14:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2616)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Ralink\Common\RaRegistry.exe
c:\program files\PANDORA.TV\PanService\PanProcess.exe
c:\windows\SOUNDMAN.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2012-12-30 14:51:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-30 13:51
ComboFix2.txt 2012-12-30 12:38
.
Pre-Run: 29 214 154 752 bytes free
Post-Run: 29 087 449 088 bytes free
.
- - End Of File - - 455393F73E141DFD8AD97E6A53B25223
jsem strašně rád že už běží. Tady je ještě ten log:ComboFix 12-12-30.01 - Owner 30.12.2012 14:19:54.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.551 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
.
FILE ::
"c:\docume~1\Owner\LOCALS~1\Temp\GPU-Z.sys"
"c:\windows\system32\drivers\EagleXNt.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\Application Data\install
c:\documents and settings\Owner\Application Data\Ownerlog.dat
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\GoogleUpdate.exe
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\GoogleUpdateBroker.exe
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\GoogleUpdateHelper.msi
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\GoogleUpdateSetup.exe
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdate.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_am.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_ar.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_bg.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_bn.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_ca.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_cs.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_da.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_de.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_el.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_en-GB.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_en.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_es-419.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_es.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_et.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_fa.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_fi.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_fil.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_fr.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_gu.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_hi.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_hr.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_hu.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_id.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_is.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_it.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_iw.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_ja.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_kn.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_ko.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_lt.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_lv.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_ml.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_mr.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_ms.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_nl.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_no.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_pl.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_pt-BR.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_pt-PT.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_ro.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_ru.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_sk.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_sl.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_sr.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_sv.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_sw.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_ta.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_te.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_th.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_tr.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_uk.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_ur.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_vi.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_zh-CN.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\goopdateres_zh-TW.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\psmachine.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\psuser.dll
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.125\GoogleUpdateB6998767.exe
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\23.0.1271.97\23.0.1271.97_23.0.1271.95_chrome_updater.exe
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\23.0.1271.97\23.0.1271.97_chrome_installer.exe
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
c:\windows\system32\OGUBSK
c:\windows\system32\OGUBSK\App_Dec_20_2012__12_37_43.html
c:\windows\system32\OGUBSK\App_Dec_20_2012__13_21_22.html
c:\windows\system32\OGUBSK\App_Dec_20_2012__20_42_30.html
c:\windows\system32\OGUBSK\App_Dec_21_2012__10_57_52.html
c:\windows\system32\OGUBSK\App_Dec_21_2012__13_41_45.html
c:\windows\system32\OGUBSK\App_Dec_21_2012__18_22_11.html
c:\windows\system32\OGUBSK\App_Dec_21_2012__21_34_42.html
c:\windows\system32\OGUBSK\App_Dec_22_2012__08_32_43.html
c:\windows\system32\OGUBSK\App_Dec_23_2012__12_50_25.html
c:\windows\system32\OGUBSK\App_Dec_23_2012__17_01_54.html
c:\windows\system32\OGUBSK\App_Dec_24_2012__07_48_22.html
c:\windows\system32\OGUBSK\App_Dec_24_2012__12_09_12.html
c:\windows\system32\OGUBSK\App_Dec_24_2012__12_10_05.html
c:\windows\system32\OGUBSK\App_Dec_24_2012__12_13_46.html
c:\windows\system32\OGUBSK\App_Dec_24_2012__15_03_33.html
c:\windows\system32\OGUBSK\App_Dec_25_2012__09_06_55.html
c:\windows\system32\OGUBSK\App_Dec_25_2012__16_46_03.html
c:\windows\system32\OGUBSK\App_Dec_26_2012__08_44_34.html
c:\windows\system32\OGUBSK\App_Dec_26_2012__09_01_11.html
c:\windows\system32\OGUBSK\App_Dec_26_2012__10_01_37.html
c:\windows\system32\OGUBSK\App_Dec_26_2012__18_49_18.html
c:\windows\system32\OGUBSK\App_Dec_27_2012__09_09_38.html
c:\windows\system32\OGUBSK\App_Dec_27_2012__22_58_46.html
c:\windows\system32\OGUBSK\App_Dec_28_2012__08_45_17.html
c:\windows\system32\OGUBSK\App_Dec_28_2012__12_47_04.html
c:\windows\system32\OGUBSK\App_Dec_28_2012__16_08_30.html
c:\windows\system32\OGUBSK\App_Dec_29_2012__08_46_38.html
c:\windows\system32\OGUBSK\App_Dec_29_2012__12_57_02.html
c:\windows\system32\OGUBSK\App_Dec_30_2012__08_11_50.html
c:\windows\system32\OGUBSK\Keys_Dec_20_2012__12_35_41.html
c:\windows\system32\OGUBSK\Screen_Dec_20_2012__13_19_29.jpg
c:\windows\system32\OGUBSK\Screen_Dec_20_2012__13_19_30.html
c:\windows\system32\OGUBSK\Web_Dec_20_2012__12_35_43.html
c:\windows\system32\OGUBSK\XIV.exe
c:\windows\system32\WLGGBN
c:\windows\system32\WLGGBN\BCR.exe
.
c:\windows\System32\wscntfy.exe . . . is infected!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EAGLEXNT
-------\Legacy_FILEZILLA_SERVER
-------\Legacy_GPU-Z
-------\Service_EagleXNt
-------\Service_FileZilla Server
-------\Service_GPU-Z
.
.
((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-30 )))))))))))))))))))))))))))))))
.
.
2012-12-30 13:41 . 2012-12-30 13:41 -------- d-----w- C:\found.001
2012-12-27 22:00 . 2012-12-28 07:50 -------- d-----w- c:\program files\Common Files\Skype
2012-12-27 22:00 . 2012-12-29 19:16 -------- d-----r- c:\program files\Skype
2012-12-22 15:47 . 2012-12-22 15:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2012-12-21 13:01 . 2012-12-21 13:01 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2012-12-21 13:01 . 2012-12-21 13:01 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2012-12-21 13:01 . 2012-12-21 13:01 -------- d-----w- c:\program files\OpenAL
2012-12-21 12:47 . 2012-12-28 18:47 -------- d-----w- c:\program files\City Interactive
2012-12-21 12:31 . 2012-12-21 12:31 -------- d-----w- c:\program files\TopCD
2012-12-21 12:25 . 2012-12-21 12:25 -------- d-----w- c:\program files\Toxic Games
2012-12-16 07:20 . 2012-12-16 07:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-15 21:12 . 2012-12-15 21:12 -------- d-----w- c:\documents and settings\Owner\Application Data\JAM Software
2012-12-15 21:12 . 2012-12-15 21:12 -------- d-----w- c:\program files\JAM Software
2012-12-15 09:23 . 2012-12-15 09:23 15728568 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-12-15 08:26 . 2012-12-15 09:24 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 11:10 . 2012-10-03 04:57 991744 ------w- c:\windows\system32\dllcache\kernel32.dll
2012-12-12 11:10 . 2012-12-16 12:23 290560 ------w- c:\windows\system32\dllcache\atmfd.dll
2012-12-12 11:10 . 2012-11-02 02:02 375296 ------w- c:\windows\system32\dllcache\dpnet.dll
2012-12-05 06:31 . 2012-12-05 06:31 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-12-04 14:09 . 2012-12-04 14:10 -------- d-----w- c:\program files\QuickTime
2012-12-04 14:09 . 2012-12-04 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2012-12-04 14:08 . 2012-12-04 14:08 -------- d-----w- c:\program files\Common Files\Apple
2012-12-04 14:08 . 2012-12-04 14:08 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple
2012-12-04 14:07 . 2012-12-04 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2012-12-04 14:04 . 2012-12-04 14:04 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
2012-12-03 18:11 . 2012-12-03 18:12 -------- d-----w- c:\program files\Helic
2012-12-02 20:15 . 2012-12-02 20:16 -------- d-----w- c:\program files\TornTV.com
2012-12-02 18:38 . 2008-04-14 02:42 56832 ----a-w- c:\windows\system32\msdvbnp.ax
2012-12-02 18:38 . 2008-04-14 02:42 33280 ----a-w- c:\windows\system32\psisrndr.ax
2012-12-02 18:38 . 2008-04-14 02:42 363520 ----a-w- c:\windows\system32\psisdecd.dll
2012-12-02 18:38 . 2008-04-14 02:42 363520 ----a-w- c:\windows\system32\dllcache\psisdecd.dll
2012-12-02 18:38 . 2007-12-01 01:10 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2012-12-02 18:38 . 2012-12-02 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD X Studios
2012-12-02 18:38 . 2012-12-02 18:38 -------- d-----w- c:\program files\Aviosoft
2012-12-02 18:22 . 2012-12-02 18:22 -------- d-----w- c:\program files\GNU
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2011-02-15 13:05 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-15 09:24 . 2011-06-28 22:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 11:20 . 2011-06-02 14:07 1875456 ----a-w- c:\windows\system32\win32k.sys
2012-11-07 16:14 . 2009-03-18 21:35 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-11-06 15:48 . 2011-07-14 00:50 218624 ----a-w- c:\windows\system32\uxtheme.dll
2012-11-02 02:02 . 2008-04-14 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:15 . 2011-04-25 16:09 920064 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:15 . 2012-08-20 14:24 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 12:15 . 2011-04-25 16:09 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-10-31 23:39 . 2011-04-25 11:28 385024 ----a-w- c:\windows\system32\html.iec
2012-10-09 20:09 . 2012-10-09 20:09 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-02 18:04 . 2008-04-14 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-03 01:45 . 2012-09-03 01:45 102400 ----a-w- c:\program files\PDFCreator-1_5_0_setup.exe
2009-09-04 23:01 . 2009-09-04 23:01 525656 ----a-w- c:\program files\DXSETUP.exe
2009-09-04 23:01 . 2009-09-04 23:01 94024 ----a-w- c:\program files\DSETUP.dll
2009-09-04 23:01 . 2009-09-04 23:01 1691464 ----a-w- c:\program files\dsetup32.dll
2012-12-19 10:33 . 2012-12-19 10:32 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-07-14 . F738697D2AA60AC4BA9B9DED1412D4B2 . 361600 . . [5.1.2600.6009] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17888944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2012-11-7 624416]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2012-8-21 12909928]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"62.75.206.182,255.255.255.255,192.168.1.85,1"=""
"173.245.61.58,255.255.255.255,192.168.1.85,1"=""
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, credssp.dll, digest.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\Program Files\\LogMeIn Hamachi\\Metin2\\metin2client.bin"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Sentinell\\Sentinell\\metin2client.bin"=
"c:\\Documents and Settings\\Owner\\Desktop\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Sony\\Vegas Pro 9.0\\VegSrv90.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\AppLaunch.exe"=
"c:\\Program Files\\Toxic Games\\QUBE Demo\\Binaries\\Win32\\QUBE_Demo.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PanProcess.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [14.7.2011 1:56 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [14.7.2011 1:56 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [14.7.2011 1:56 13616]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [20.8.2012 9:59 16640]
R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [10.11.2012 21:32 625304]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [21.8.2012 4:35 19072]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10.10.2012 4:11 22856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10.10.2012 4:11 676936]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.11.2012 12:12 160944]
S3 RaMediaServer;RaMediaServer;c:\program files\Ralink\Common\RaMediaServer.exe [21.8.2012 4:35 621632]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-15 09:24]
.
2012-12-30 c:\windows\Tasks\User_Feed_Synchronization-{633A74A8-9673-4C76-A73F-96A937CB2564}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 20:31]
.
.
------- Supplementary Scan -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.8.0.158 10.254.2.2
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\chiyuixb.default\
FF - prefs.js: browser.startup.homepage - hxxp://domredi.com/1/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-30 14:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2616)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Ralink\Common\RaRegistry.exe
c:\program files\PANDORA.TV\PanService\PanProcess.exe
c:\windows\SOUNDMAN.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2012-12-30 14:51:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-30 13:51
ComboFix2.txt 2012-12-30 12:38
.
Pre-Run: 29 214 154 752 bytes free
Post-Run: 29 087 449 088 bytes free
.
- - End Of File - - 455393F73E141DFD8AD97E6A53B25223
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Nejde mi Skype - LOG
Běží, běží, aby neutekl... měl by proč...
Na Virustotalu nechej zkontrolovat tyto soubory:
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ERDNT\cache\wscntfy.exe
C:\WINDOWS\ServicePackFiles\i386\wscntfy.exe
Pokud by VT namítal, že soubor již kontroloval, nech ho zkontrolovat znova.
Pro každý soubor mi sem vlož odkaz na výsledek testu.
Na Virustotalu nechej zkontrolovat tyto soubory:
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ERDNT\cache\wscntfy.exe
C:\WINDOWS\ServicePackFiles\i386\wscntfy.exe
Pokud by VT namítal, že soubor již kontroloval, nech ho zkontrolovat znova.
Pro každý soubor mi sem vlož odkaz na výsledek testu.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Nejde mi Skype - LOG
Bohužel u prvních dvou mi to nenašlo a u toho třetího mi to nenašlo ani tu složku :( (ServicePackFiles)
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Nejde mi Skype - LOG
Tak zkusíme najít nějakej starší. Skype si ještě nepouštěj, máš tam ještě nějaký svinstvo. Ať to pak nemusíme dělat celý znova
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený červeně:
FileLook::
c:\windows\System32\wscntfy.exe
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu
Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený červeně:
FileLook::
c:\windows\System32\wscntfy.exe
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu
Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Nejde mi Skype - LOG
ComboFix 12-12-30.01 - Owner 30.12.2012 19:43:29.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.633 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-30 )))))))))))))))))))))))))))))))
.
.
2012-12-30 13:46 . 2012-12-30 18:40 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2012-12-30 13:41 . 2012-12-30 13:41 -------- d-----w- C:\found.001
2012-12-27 22:00 . 2012-12-28 07:50 -------- d-----w- c:\program files\Common Files\Skype
2012-12-27 22:00 . 2012-12-29 19:16 -------- d-----r- c:\program files\Skype
2012-12-22 15:47 . 2012-12-22 15:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2012-12-21 13:01 . 2012-12-21 13:01 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2012-12-21 13:01 . 2012-12-21 13:01 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2012-12-21 13:01 . 2012-12-21 13:01 -------- d-----w- c:\program files\OpenAL
2012-12-21 12:47 . 2012-12-28 18:47 -------- d-----w- c:\program files\City Interactive
2012-12-21 12:31 . 2012-12-21 12:31 -------- d-----w- c:\program files\TopCD
2012-12-21 12:25 . 2012-12-21 12:25 -------- d-----w- c:\program files\Toxic Games
2012-12-16 07:20 . 2012-12-16 07:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-15 21:12 . 2012-12-15 21:12 -------- d-----w- c:\documents and settings\Owner\Application Data\JAM Software
2012-12-15 21:12 . 2012-12-15 21:12 -------- d-----w- c:\program files\JAM Software
2012-12-15 09:23 . 2012-12-15 09:23 15728568 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-12-15 08:26 . 2012-12-15 09:24 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 11:10 . 2012-10-03 04:57 991744 ------w- c:\windows\system32\dllcache\kernel32.dll
2012-12-12 11:10 . 2012-12-16 12:23 290560 ------w- c:\windows\system32\dllcache\atmfd.dll
2012-12-12 11:10 . 2012-11-02 02:02 375296 ------w- c:\windows\system32\dllcache\dpnet.dll
2012-12-05 06:31 . 2012-12-05 06:31 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-12-04 14:09 . 2012-12-04 14:10 -------- d-----w- c:\program files\QuickTime
2012-12-04 14:09 . 2012-12-04 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2012-12-04 14:08 . 2012-12-04 14:08 -------- d-----w- c:\program files\Common Files\Apple
2012-12-04 14:08 . 2012-12-04 14:08 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple
2012-12-04 14:07 . 2012-12-04 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2012-12-04 14:04 . 2012-12-04 14:04 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
2012-12-03 18:11 . 2012-12-03 18:12 -------- d-----w- c:\program files\Helic
2012-12-02 20:15 . 2012-12-02 20:16 -------- d-----w- c:\program files\TornTV.com
2012-12-02 18:38 . 2008-04-14 02:42 56832 ----a-w- c:\windows\system32\msdvbnp.ax
2012-12-02 18:38 . 2008-04-14 02:42 33280 ----a-w- c:\windows\system32\psisrndr.ax
2012-12-02 18:38 . 2008-04-14 02:42 363520 ----a-w- c:\windows\system32\psisdecd.dll
2012-12-02 18:38 . 2008-04-14 02:42 363520 ----a-w- c:\windows\system32\dllcache\psisdecd.dll
2012-12-02 18:38 . 2007-12-01 01:10 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2012-12-02 18:38 . 2012-12-02 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD X Studios
2012-12-02 18:38 . 2012-12-02 18:38 -------- d-----w- c:\program files\Aviosoft
2012-12-02 18:22 . 2012-12-02 18:22 -------- d-----w- c:\program files\GNU
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2011-02-15 13:05 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-15 09:24 . 2011-06-28 22:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 11:20 . 2011-06-02 14:07 1875456 ----a-w- c:\windows\system32\win32k.sys
2012-11-07 16:14 . 2009-03-18 21:35 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-11-06 15:48 . 2011-07-14 00:50 218624 ----a-w- c:\windows\system32\uxtheme.dll
2012-11-02 02:02 . 2008-04-14 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:15 . 2011-04-25 16:09 920064 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:15 . 2012-08-20 14:24 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 12:15 . 2011-04-25 16:09 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-10-31 23:39 . 2011-04-25 11:28 385024 ----a-w- c:\windows\system32\html.iec
2012-10-09 20:09 . 2012-10-09 20:09 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-02 18:04 . 2008-04-14 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-03 01:45 . 2012-09-03 01:45 102400 ----a-w- c:\program files\PDFCreator-1_5_0_setup.exe
2009-09-04 23:01 . 2009-09-04 23:01 525656 ----a-w- c:\program files\DXSETUP.exe
2009-09-04 23:01 . 2009-09-04 23:01 94024 ----a-w- c:\program files\DSETUP.dll
2009-09-04 23:01 . 2009-09-04 23:01 1691464 ----a-w- c:\program files\dsetup32.dll
2012-12-19 10:33 . 2012-12-19 10:32 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-07-14 . F738697D2AA60AC4BA9B9DED1412D4B2 . 361600 . . [5.1.2600.6009] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17888944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2012-11-7 624416]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2012-8-21 12909928]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"62.75.206.182,255.255.255.255,192.168.1.85,1"=""
"173.245.61.58,255.255.255.255,192.168.1.85,1"=""
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, credssp.dll, digest.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\Program Files\\LogMeIn Hamachi\\Metin2\\metin2client.bin"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Sentinell\\Sentinell\\metin2client.bin"=
"c:\\Documents and Settings\\Owner\\Desktop\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Sony\\Vegas Pro 9.0\\VegSrv90.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\AppLaunch.exe"=
"c:\\Program Files\\Toxic Games\\QUBE Demo\\Binaries\\Win32\\QUBE_Demo.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PanProcess.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [14.7.2011 1:56 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [14.7.2011 1:56 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [14.7.2011 1:56 13616]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [20.8.2012 9:59 16640]
R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [10.11.2012 21:32 625304]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [21.8.2012 4:35 19072]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10.10.2012 4:11 22856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10.10.2012 4:11 676936]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.11.2012 12:12 160944]
S3 RaMediaServer;RaMediaServer;c:\program files\Ralink\Common\RaMediaServer.exe [21.8.2012 4:35 621632]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-15 09:24]
.
2012-12-30 c:\windows\Tasks\User_Feed_Synchronization-{633A74A8-9673-4C76-A73F-96A937CB2564}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 20:31]
.
.
------- Supplementary Scan -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.8.0.158 10.254.2.2
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\chiyuixb.default\
FF - prefs.js: browser.startup.homepage - hxxp://domredi.com/1/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-30 19:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1088)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-12-30 19:57:33
ComboFix-quarantined-files.txt 2012-12-30 18:57
ComboFix2.txt 2012-12-30 13:52
ComboFix3.txt 2012-12-30 12:38
.
Pre-Run: 29 081 174 016 bytes free
Post-Run: 29 076 340 736 bytes free
.
- - End Of File - - 36AD03D85FDEDE511B18719C17F9A0A7
Systém Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.633 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-30 )))))))))))))))))))))))))))))))
.
.
2012-12-30 13:46 . 2012-12-30 18:40 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2012-12-30 13:41 . 2012-12-30 13:41 -------- d-----w- C:\found.001
2012-12-27 22:00 . 2012-12-28 07:50 -------- d-----w- c:\program files\Common Files\Skype
2012-12-27 22:00 . 2012-12-29 19:16 -------- d-----r- c:\program files\Skype
2012-12-22 15:47 . 2012-12-22 15:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2012-12-21 13:01 . 2012-12-21 13:01 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2012-12-21 13:01 . 2012-12-21 13:01 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2012-12-21 13:01 . 2012-12-21 13:01 -------- d-----w- c:\program files\OpenAL
2012-12-21 12:47 . 2012-12-28 18:47 -------- d-----w- c:\program files\City Interactive
2012-12-21 12:31 . 2012-12-21 12:31 -------- d-----w- c:\program files\TopCD
2012-12-21 12:25 . 2012-12-21 12:25 -------- d-----w- c:\program files\Toxic Games
2012-12-16 07:20 . 2012-12-16 07:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-15 21:12 . 2012-12-15 21:12 -------- d-----w- c:\documents and settings\Owner\Application Data\JAM Software
2012-12-15 21:12 . 2012-12-15 21:12 -------- d-----w- c:\program files\JAM Software
2012-12-15 09:23 . 2012-12-15 09:23 15728568 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-12-15 08:26 . 2012-12-15 09:24 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 11:10 . 2012-10-03 04:57 991744 ------w- c:\windows\system32\dllcache\kernel32.dll
2012-12-12 11:10 . 2012-12-16 12:23 290560 ------w- c:\windows\system32\dllcache\atmfd.dll
2012-12-12 11:10 . 2012-11-02 02:02 375296 ------w- c:\windows\system32\dllcache\dpnet.dll
2012-12-05 06:31 . 2012-12-05 06:31 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-12-04 14:10 . 2012-12-04 14:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-12-04 14:09 . 2012-12-04 14:10 -------- d-----w- c:\program files\QuickTime
2012-12-04 14:09 . 2012-12-04 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2012-12-04 14:08 . 2012-12-04 14:08 -------- d-----w- c:\program files\Common Files\Apple
2012-12-04 14:08 . 2012-12-04 14:08 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple
2012-12-04 14:07 . 2012-12-04 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2012-12-04 14:04 . 2012-12-04 14:04 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
2012-12-03 18:11 . 2012-12-03 18:12 -------- d-----w- c:\program files\Helic
2012-12-02 20:15 . 2012-12-02 20:16 -------- d-----w- c:\program files\TornTV.com
2012-12-02 18:38 . 2008-04-14 02:42 56832 ----a-w- c:\windows\system32\msdvbnp.ax
2012-12-02 18:38 . 2008-04-14 02:42 33280 ----a-w- c:\windows\system32\psisrndr.ax
2012-12-02 18:38 . 2008-04-14 02:42 363520 ----a-w- c:\windows\system32\psisdecd.dll
2012-12-02 18:38 . 2008-04-14 02:42 363520 ----a-w- c:\windows\system32\dllcache\psisdecd.dll
2012-12-02 18:38 . 2007-12-01 01:10 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2012-12-02 18:38 . 2012-12-02 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD X Studios
2012-12-02 18:38 . 2012-12-02 18:38 -------- d-----w- c:\program files\Aviosoft
2012-12-02 18:22 . 2012-12-02 18:22 -------- d-----w- c:\program files\GNU
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2011-02-15 13:05 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-15 09:24 . 2011-06-28 22:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 11:20 . 2011-06-02 14:07 1875456 ----a-w- c:\windows\system32\win32k.sys
2012-11-07 16:14 . 2009-03-18 21:35 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-11-06 15:48 . 2011-07-14 00:50 218624 ----a-w- c:\windows\system32\uxtheme.dll
2012-11-02 02:02 . 2008-04-14 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:15 . 2011-04-25 16:09 920064 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:15 . 2012-08-20 14:24 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 12:15 . 2011-04-25 16:09 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-10-31 23:39 . 2011-04-25 11:28 385024 ----a-w- c:\windows\system32\html.iec
2012-10-09 20:09 . 2012-10-09 20:09 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-02 18:04 . 2008-04-14 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-03 01:45 . 2012-09-03 01:45 102400 ----a-w- c:\program files\PDFCreator-1_5_0_setup.exe
2009-09-04 23:01 . 2009-09-04 23:01 525656 ----a-w- c:\program files\DXSETUP.exe
2009-09-04 23:01 . 2009-09-04 23:01 94024 ----a-w- c:\program files\DSETUP.dll
2009-09-04 23:01 . 2009-09-04 23:01 1691464 ----a-w- c:\program files\dsetup32.dll
2012-12-19 10:33 . 2012-12-19 10:32 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-07-14 . F738697D2AA60AC4BA9B9DED1412D4B2 . 361600 . . [5.1.2600.6009] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17888944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2012-11-7 624416]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2012-8-21 12909928]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"62.75.206.182,255.255.255.255,192.168.1.85,1"=""
"173.245.61.58,255.255.255.255,192.168.1.85,1"=""
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, credssp.dll, digest.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\Program Files\\LogMeIn Hamachi\\Metin2\\metin2client.bin"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Sentinell\\Sentinell\\metin2client.bin"=
"c:\\Documents and Settings\\Owner\\Desktop\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Sony\\Vegas Pro 9.0\\VegSrv90.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\AppLaunch.exe"=
"c:\\Program Files\\Toxic Games\\QUBE Demo\\Binaries\\Win32\\QUBE_Demo.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PanProcess.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [14.7.2011 1:56 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [14.7.2011 1:56 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [14.7.2011 1:56 13616]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [20.8.2012 9:59 16640]
R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [10.11.2012 21:32 625304]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [21.8.2012 4:35 19072]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10.10.2012 4:11 22856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10.10.2012 4:11 676936]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.11.2012 12:12 160944]
S3 RaMediaServer;RaMediaServer;c:\program files\Ralink\Common\RaMediaServer.exe [21.8.2012 4:35 621632]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-15 09:24]
.
2012-12-30 c:\windows\Tasks\User_Feed_Synchronization-{633A74A8-9673-4C76-A73F-96A937CB2564}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 20:31]
.
.
------- Supplementary Scan -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.8.0.158 10.254.2.2
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\chiyuixb.default\
FF - prefs.js: browser.startup.homepage - hxxp://domredi.com/1/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-30 19:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1088)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-12-30 19:57:33
ComboFix-quarantined-files.txt 2012-12-30 18:57
ComboFix2.txt 2012-12-30 13:52
ComboFix3.txt 2012-12-30 12:38
.
Pre-Run: 29 081 174 016 bytes free
Post-Run: 29 076 340 736 bytes free
.
- - End Of File - - 36AD03D85FDEDE511B18719C17F9A0A7
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Nejde mi Skype - LOG
Zajímavé je, že nyní ten soubor nenašel.
Zkus vyhledat v PC soubor "wscntfy.exe" a pokud ho najde, tak mi napiš v jakém umístění se nachází.
Zkus vyhledat v PC soubor "wscntfy.exe" a pokud ho najde, tak mi napiš v jakém umístění se nachází.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Kdo je online
Uživatelé prohlížející si toto fórum: DotNetDotCom.org [Bot] a 136 hostů