Log:ComboFix 12-01-30.02 - Martin 31.01.2012 21:24:26.10.4 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.421.1033.18.3326.2996 [GMT 1:00]
Running from: c:\documents and settings\Martin\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Martin\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
file zipped: c:\documents and settings\Martin\Application Data\Vumemz.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Martin\Application Data\A43.exe
c:\documents and settings\Martin\Application Data\B.exe
c:\documents and settings\Martin\Application Data\Vumemz.exe
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 )))))))))))))))))))))))))))))))
.
.
2012-01-31 14:29 . 2012-01-31 14:29 -------- d-----w- C:\rsit
2012-01-02 15:37 . 2012-01-02 15:37 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-02 15:37 . 2012-01-02 15:37 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-02 15:37 . 2012-01-02 15:37 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-02 15:37 . 2012-01-02 15:37 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 20:34 . 2009-05-07 12:19 16608 ----a-w- c:\windows\gdrv.sys
2011-12-21 15:38 . 2011-12-02 21:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 14:24 . 2010-12-20 18:51 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-02 15:37 . 2011-04-29 14:36 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-28 09:18 . CB75214525D36F923D3948DA3CD1562D . 1390080 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-04-28 . A55B8899D2EA2E800061BCFD456E34DC . 547328 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-03-20 . F92D8964B5286DE225BD2B6BF89764BE . 578560 . . [5.1.2600.5508] . . c:\windows\system32\user32.dll
.
[-] 2008-08-18 . 4A90F51B778FA0157F60D206E8B37D2A . 1616384 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-13 . 18B0915F58A5342AB0F3D01D57261E32 . 267264 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2008-03-20 . 31653CDF039C3F415B8D33F2D133E6AB . 1287168 . . [5.1.2600.5508] . . c:\windows\system32\ole32.dll
.
[-] 2008-04-28 . B5E8782D4AF1B3756F38E11E7C157BBE . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2008-04-26 . BC298B78B311397B421D4D52B44B49EC . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[-] 2008-04-28 . A913E1FF4C0BDA15FC542430182EB7B6 . 368640 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
.
.
[-] 2011-07-12 . 83199EF88D691E730B80666E29F90D58 . 17408 . . [6.0.6002.18005] . . c:\windows\system32\midimap.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-01-31_16.08.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-31 20:34 . 2012-01-31 20:34 16384 c:\windows\temp\Perflib_Perfdata_7fc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ESET"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-31 2145000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Visual Task Tips"="c:\program files\Windows7\VisualTaskTips\VisualTaskTips.exe" [2007-09-05 36352]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-27 16875008]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"D-Link AirPlus XtremeG DWL-G122"="c:\program files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe" [2008-12-18 1556480]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 76304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
.
c:\documents and settings\Martin\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-7-12 0]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-31 809488]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-18 22:30 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
TPSvc.dll [BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnalogClock]
2005-11-05 06:10 480256 ----a-w- c:\program files\Windows7\Analog Clock\AnalogClock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pie Dock]
2007-09-02 06:12 586240 ----a-w- c:\program files\Windows7\Windows 7 Pie Dock\Windows 7 Pie Dock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2008-06-18 10:01 77824 ------r- c:\windows\SoundMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopDesk]
2007-06-20 08:21 1912832 ----a-w- c:\program files\Windows7\TopDesk\topdesk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UberIcon]
2006-05-21 03:43 180224 ----a-w- c:\program files\Windows7\UberIcon\UberIcon Manager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Viena Explorer]
2006-11-18 10:31 581632 ----a-w- c:\program files\Windows7\Vienna Explorer\Vienna Explorer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindServiceAE"=2 (0x2)
"wuauserv"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"gupdate1c9cf1520895eca"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\patchget.dat"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Documents and Settings\\Martin\\Desktop\\Hry\\WoW\\WotLK\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Documents and Settings\\Martin\\Desktop\\Hry\\WoW\\WotLK\\Launcher.exe"=
"c:\\Documents and Settings\\Martin\\Desktop\\Programy\\Internet\\Fake IP\\FakeIP\\DC_IS.EXE"=
"c:\\Program Files\\ACSPMonitor\\ASMonitor.exe"=
"c:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\backburner\\server.exe"=
"c:\\Program Files\\EA GAMES\\Command and Conquer Generals\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
"c:\\Program Files\\EA GAMES\\Command & Conquer Generals Zero Hour\\game.dat"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Pyro Studios\\Imperial Glory\\ImperialGlory.exe"=
"c:\\Documents and Settings\\Martin\\Desktop\\Hry\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\\Program Files\\keyclone\\keyclone.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.5.2009 16:48 685816]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [7.12.2009 16:59 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [12.5.2010 17:01 59280]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [31.3.2010 7:22 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [31.3.2010 7:23 95872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [31.3.2010 7:23 810120]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [7.5.2009 13:19 80392]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [20.12.2010 19:51 652360]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [21.12.2009 14:46 4096]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20.12.2010 19:51 20464]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [24.5.2009 10:12 47360]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [7.12.2009 16:59 61328]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [19.8.2010 22:56 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [19.8.2010 22:56 8456]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 13:49 227232]
S3 wip0202;Wippien Network Adapter;c:\windows\system32\drivers\wip0202.sys [22.9.2011 10:50 23904]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 1:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 1:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 1:28 369688]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do programu Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\prrbkrkl.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-PService - c:\documents and settings\Martin\Application Data\B.exe
HKLM-Run-PService - c:\documents and settings\Martin\Application Data\B.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-31 21:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\SETUPAPI.dll
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\sfc_os.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(892)
c:\windows\system32\setupapi.dll
.
- - - - - - - > 'explorer.exe'(3140)
c:\program files\Windows7\VisualTaskTips\VttHooks.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2012-01-31 21:40:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-31 20:40
ComboFix2.txt 2012-01-31 16:10
.
Pre-Run: 279 320 260 608 bytes free
Post-Run: 279 295 672 320 bytes free
.
- - End Of File - - 8EECDDFC9EABB5A6ACAC8517A8D6A6FC
Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)
Přispějete na provoz fóra?