LOG:
ComboFix 13-02-13.01 - maxs 06.06.2013 20:10:47.3.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2518 [GMT 2:00]
Spuštěný z: c:\documents and settings\maxs\Dokumenty\Stažené soubory\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-05-06 do 2013-06-06 )))))))))))))))))))))))))))))))
.
.
2013-06-06 18:05 . 2013-06-06 18:06 -------- d-----w- c:\documents and settings\maxs\Data aplikací\GetRightToGo
2013-05-13 19:59 . 2013-05-13 19:59 -------- d-----w- c:\documents and settings\maxs\Local Settings\Data aplikací\Stardock
2013-05-10 18:37 . 2013-05-10 18:38 -------- d-----w- c:\program files\BWMeter
2013-05-10 18:37 . 2013-05-10 18:37 -------- d-----w- c:\documents and settings\maxs\Data aplikací\DeskSoft
2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-05-09 19:51 . 2013-05-09 19:51 -------- d-----w- c:\documents and settings\maxs\Local Settings\Data aplikací\Ironclad Games
2013-05-09 19:49 . 2013-05-09 19:49 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\{0E8E33D8-193A-414A-A909-0F101A142D26}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-17 18:24 . 2012-05-09 13:03 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-17 18:24 . 2011-05-29 07:27 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-16 22:26 . 2008-04-14 06:52 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:26 . 2008-04-14 06:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:26 . 2008-04-14 06:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2008-04-14 05:50 385024 ----a-w- c:\windows\system32\html.iec
2013-04-12 14:01 . 2008-04-14 05:45 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 03:35 . 2013-04-19 08:33 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-05-28 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-08 3076144]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 14:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Codec Update Service]
2007-04-08 16:44 303104 ----a-w- c:\program files\Essentials Codec Pack\update.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7311_Monitor]
2006-11-03 10:01 319488 ----a-w- c:\windows\PixArt\PAC7311\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kane and Lynch Dead Men\\kaneandlynch.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Warcraft III\\gproxy.exe"=
"d:\\_ Install _\\GProxy\\gproxy.exe"=
"d:\\_ Games _\\Diablo-III-8370-enGB-Installer-downloader.exe"=
"d:\\_ Games _\\Diablo 3\\Diablo-III-8370-enGB-Installer-downloader.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.1225\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.1267\\Agent.exe"=
"d:\\_ Games _\\WorldOfTanks\\WorldOfTanks.exe"=
"c:\\Documents and Settings\\maxs\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"d:\\_ Games _\\Defcon.(nukewar)\\defcon.exe"=
"d:\\_ Games _\\Sins of a Solar Empire\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [1.8.2008 0:12 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [1.8.2008 0:12 5248]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [12.2.2013 21:02 13560]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.11.2008 11:06 717296]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [31.7.2008 19:50 12856]
R1 UsbFltr;WayTechUSBFilterDriver;c:\windows\system32\drivers\UsbFltr.sys [31.7.2008 19:50 9291]
R2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [10.1.2011 14:50 91904]
R2 ekrn;ESET Service;c:\program files\Eset\ESET NOD32 Antivirus\ekrn.exe [8.9.2011 7:34 974944]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [25.8.2009 20:59 10384]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [17.8.2008 11:56 98488]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 BWMeterConSvc;BWMeter Connections Service;c:\program files\BWMeter\BWMeterConSvc.exe [10.5.2013 20:37 62464]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28.2.2013 18:45 161384]
S3 dsnpfd;DeskSoft Service;c:\windows\system32\DRIVERS\dsnpfd.sys --> c:\windows\system32\DRIVERS\dsnpfd.sys [?]
S3 dsnpfdMP;dsnpfdMP;c:\windows\system32\DRIVERS\dsnpfd.sys --> c:\windows\system32\DRIVERS\dsnpfd.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\maxs\LOCALS~1\Temp\QMI80E.tmp --> c:\docume~1\maxs\LOCALS~1\Temp\QMI80E.tmp [?]
S3 PAC7311;Trust Webcam Live;c:\windows\system32\drivers\PA707UCM.SYS [14.3.2007 11:57 449024]
S4 DokanMounter;DokanMounter;c:\program files\Dokan\DokanLibrary\mounter.exe [10.1.2011 14:50 25088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-10-18 13:25 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-06-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 18:24]
.
2013-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2013-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 17:45]
.
2013-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 17:45]
.
.
------- Doplňkový sken -------
.
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 8.8.8.8 84.16.96.2
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\maxs\Data aplikací\Mozilla\Firefox\Profiles\gf3ija96.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: !HIDDEN! 2012-02-05 09:46; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-06 20:15
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\maxs\LOCALS~1\Temp\QMI80E.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1152)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Celkový čas: 2013-06-06 20:17:21
ComboFix-quarantined-files.txt 2013-06-06 18:17
ComboFix2.txt 2013-02-13 18:04
ComboFix3.txt 2013-02-13 17:01
.
Před spuštěním: Volných bajtů: 27 043 028 992
Po spuštění: Volných bajtů: 27 303 731 200
.
- - End Of File - - 12D1A7E5184A86402C74BB1FA928B709
Přispějete na provoz fóra?
