ComboFix 10-07-28.03 - Mirko 29.07.2010 16:40:01.1.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.191.46 [GMT 2:00]
Running from: c:\documents and settings\Mirko\My Documents\Downloads\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\hpe3B.dll
c:\documents and settings\Mirko\Application Data\Dealio
c:\documents and settings\Mirko\Application Data\Dealio\res\widgets.xml
c:\documents and settings\Mirko\Application Data\inst.exe
c:\documents and settings\Mirko\Application Data\wiaserva.log
c:\program files\INSTALL.LOG
c:\program files\Search Settings
c:\program files\Search Settings\SearchSettings.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Search Settings\SearchSettingsRes409.dll
C:\u.bat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ACPI32
-------\Legacy_ATI64SI
-------\Legacy_FIPS32CUP
-------\Legacy_I386SI
-------\Legacy_KSI32SK
-------\Legacy_NETSIK
-------\Legacy_NICSK32
-------\Legacy_PORT135SIK
-------\Legacy_SYSTEMNTMI
-------\Legacy_WS2_32SIK
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-29 )))))))))))))))))))))))))))))))
.
2010-07-27 19:01 . 2010-07-28 09:11 -------- d-----w- c:\program files\trend micro
2010-07-27 19:00 . 2010-07-27 19:06 -------- d-----w- C:\rsit
2010-07-14 14:25 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-29 09:37 . 2010-06-29 09:28 -------- d-----w- c:\program files\Windows Live
2010-06-06 18:21 . 2010-06-06 18:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-27 07:44 . 2006-12-25 15:42 34936 -c--a-w- c:\documents and settings\Mirko\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
.
------- Sigcheck -------
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 16:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12d1bab3-ca0c-1a48-87ef-15efe2fbd238}]
2010-01-28 18:38 1253376 ----a-w- c:\windows\system32\HiUUL-U1.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Google Update"="c:\documents and settings\Mirko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-07-19 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="c:\program files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe Microcom\ADSL DeskPorte USB" [X]
"VTTimer"="VTTimer.exe" [2005-03-08 53248]
"S3Trayp"="S3Trayp.exe" [2005-04-05 159744]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-11-21 35328]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-12-14 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-12-14 217088]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"CHotkey"="zHotkey.exe" [2004-12-08 550912]
"ShowWnd"="ShowWnd.exe" [2003-09-18 36864]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-21 149280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NSSInstallation"="c:\windows\system32\Adobe\Shockwave 11\nssstub.exe" [2010-02-04 497016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-04-23 15:45 22058792 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Translator\\TRANSLAT\\WEBTRANS.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\VTTimer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Sony Ericsson\\SEMC OMSI Module\\SEMC OMSI Module.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [4.1.2007 14:32 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [4.1.2007 14:32 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16.8.2009 17:09 114768]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.1.2010 0:51 380928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.8.2009 17:09 20560]
R2 EmmaDevMgmtSvc;Emma Device Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [27.4.2010 14:51 306296]
R2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [27.4.2010 14:51 162936]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [6.7.2008 17:23 220920]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [6.5.2010 10:23 90112]
R3 S3G700;S3G700;c:\windows\system32\drivers\S3G700m.sys [30.11.2006 3:41 792576]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [16.3.2010 18:49 27632]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [26.12.2006 10:46 131072]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [26.12.2006 10:46 614272]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\drivers\CnxTgNP.sys [26.12.2006 10:46 60416]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [6.5.2010 10:25 89256]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [6.5.2010 10:25 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [6.5.2010 10:25 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [6.5.2010 10:25 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [6.5.2010 10:25 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [6.5.2010 10:25 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [6.5.2010 10:25 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [6.5.2010 10:25 109736]
.
Contents of the 'Scheduled Tasks' folder
2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-274422049-4048213268-3885904513-1007Core.job
- c:\documents and settings\Mirko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-19 14:16]
2010-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-274422049-4048213268-3885904513-1007UA.job
- c:\documents and settings\Mirko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-19 14:16]
2010-07-29 c:\windows\Tasks\Install_NSS.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-11-19 12:46]
2010-02-04 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-11-19 12:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.gametop.com/?utm_source=Azteca&utm_medium=start
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Mirko\Application Data\Mozilla\Firefox\Profiles\puv3lylt.default\
FF - plugin: c:\documents and settings\Mirko\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
HKCU-Run-DLD.EXE - (no file)
HKLM-Run-Alcohol.exe Autorun - c:\program files\Alcohol Soft\Alcohol 120\Alcohol.exe
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
MSConfigStartUp-ICQ Lite - c:\program files\ICQLite\ICQLite.exe
MSConfigStartUp-msnmsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
AddRemove-Math Blaster Ages 5-7 - c:\program files\Common Files\Knowledge Adventure\Uninstall\UNMB5-7.exe
AddRemove-Update Service - c:\documents and settings\Mirko\Desktop\Update Service\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-29 16:54
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\TEMP\SEP7.tmp
scan completed successfully
hidden files: 1
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x81B5DAE8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xfab70f28
\Driver\ACPI -> ACPI.sys @ 0xfa9dbcb8
\Driver\atapi -> 0x81b5dae8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
NDIS: VIA Rhine II Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xfa874bb0
PacketIndicateHandler -> NDIS.sys @ 0xfa881a21
SendHandler -> NDIS.sys @ 0xfa85f87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2616)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\VTTimer.exe
c:\windows\system32\S3Trayp.exe
c:\program files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe
c:\windows\RTHDCPL.EXE
c:\windows\zHotkey.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\documents and settings\Mirko\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2010-07-29 17:20:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-29 15:19
Pre-Run: 4 252 028 928 bytes free
Post-Run: 8 472 150 016 voľných bajtov
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 0894A50A4876BE26D8025B7C9634E066
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Ree:combo fix?
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Ree:combo fix?
Zdravím 
Nezakládejte prosím duplicitní témata, pokračujte zde: http://www.viry.cz/forum/viewtopic.php? ... 43#p884343
Moderátory prosím o
Nezakládejte prosím duplicitní témata, pokračujte zde: http://www.viry.cz/forum/viewtopic.php? ... 43#p884343
Moderátory prosím o
Přispějete na provoz fóra?