Re: Prosím o kontrolu logu z RSIT
Napsal: 12 srp 2010 13:50
log po provedení:
ComboFix 09-03-15.01 - Administrator 2010-08-12 14:40:07.11 - NTFSx86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.511.348 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Dokumenty\Downloads\Nová složka\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: *On-access scanning disabled* (Updated)
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-12 do 2010-08-12 )))))))))))))))))))))))))))))))
.
2010-08-11 15:42 . 2010-08-11 20:15 <DIR> d-------- c:\windows\SxsCaPendDel
2010-08-10 22:46 . 2010-08-10 22:46 <DIR> d-------- c:\program files\Common Files\Skype
2010-08-10 18:38 . 2010-08-10 18:39 664 --a------ c:\windows\system32\d3d9caps.dat
2010-08-07 19:08 . 2010-08-07 22:47 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\GameRanger
2010-08-03 16:17 . 2010-08-03 16:17 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Panda Security
2010-08-03 16:12 . 2010-08-03 16:12 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\SurfSecret Privacy Suite
2010-08-03 16:11 . 2010-08-04 16:26 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\pandasecuritytb
2010-08-03 16:11 . 2010-08-03 16:11 264 --a------ c:\windows\system32\PSUNCpl.dat
2010-08-03 16:09 . 2010-08-03 16:12 <DIR> d-------- c:\program files\Panda Security
2010-08-03 16:09 . 2010-08-03 16:09 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Panda Security
2010-07-23 14:16 . 2010-07-23 14:16 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Ashampoo
2010-07-23 13:52 . 2010-07-23 13:52 <DIR> d-------- c:\windows\Sun
2010-07-23 13:50 . 2010-07-23 13:50 <DIR> d-------- c:\program files\Common Files\Java
2010-07-23 13:47 . 2010-07-23 13:46 423,656 --a------ c:\windows\system32\deployJava1.dll
2010-07-23 13:47 . 2010-07-23 13:46 73,728 --a------ c:\windows\system32\javacpl.cpl
2010-07-23 13:46 . 2010-07-23 13:46 <DIR> d-------- c:\program files\Java
2010-07-23 13:25 . 2010-07-27 13:30 <DIR> d-------- c:\program files\McAfee Security Scan
2010-07-23 13:25 . 2010-07-23 13:25 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\McAfee Security Scan
2010-07-23 13:25 . 2010-07-23 13:25 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\McAfee
2010-07-23 13:13 . 2010-07-25 09:59 <DIR> d-------- c:\program files\YouTube Downloader
2010-07-22 00:16 . 2010-07-22 00:16 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Pinnacle VideoSpin
2010-07-22 00:06 . 2010-07-22 00:06 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\VideoSpin
2010-07-21 23:13 . 2010-07-21 23:13 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Xilisoft
2010-07-21 23:10 . 2010-07-21 23:10 <DIR> d-------- c:\program files\Xilisoft
2010-07-21 09:59 . 2010-07-22 00:16 <DIR> d-------- c:\documents and settings\All Users\Data aplikac
2010-07-21 09:57 . 2010-07-21 09:57 41 --a------ c:\windows\system32\blue.SITENAME
2010-07-20 23:07 . 2010-07-21 10:00 455 --a------ c:\windows\VFO.VST
2010-07-20 22:58 . 2010-07-20 22:58 <DIR> d-------- c:\program files\SmartSound Software
2010-07-20 22:58 . 2010-07-20 22:58 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\SmartSound Software Inc
2010-07-20 22:56 . 2003-11-25 05:02 196,096 --a------ c:\windows\system32\macd32.dll
2010-07-20 22:56 . 2003-11-25 05:02 138,752 --a------ c:\windows\system32\mase32.dll
2010-07-20 22:56 . 2003-11-25 05:02 136,192 --a------ c:\windows\system32\mamc32.dll
2010-07-20 22:56 . 2004-07-02 16:28 84,992 --a------ c:\windows\system32\ATL70.DLL
2010-07-20 22:56 . 2003-11-25 05:02 57,856 --a------ c:\windows\system32\masd32.dll
2010-07-20 22:56 . 2003-11-25 05:02 27,648 --a------ c:\windows\system32\ma32.dll
2010-07-20 22:56 . 2010-07-21 09:57 1,208 --a------ c:\windows\VFO.INI
2010-07-20 22:54 . 2010-07-20 22:55 <DIR> d-------- c:\windows\Downloaded Installations
2010-07-20 22:52 . 2010-07-21 09:58 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Pinnacle Studio
2010-07-20 22:51 . 2010-07-22 00:06 <DIR> d-------- c:\program files\Pinnacle
2010-07-20 22:51 . 2010-07-20 23:02 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Pinnacle
2010-07-20 22:51 . 2005-02-09 11:59 14,165 --a------ c:\windows\system32\drivers\Pclepci.sys
2010-07-18 21:32 . 2010-07-18 21:32 3,156,992 ---hs---- c:\documents and settings\Administrator\DokumentyMuN0Au_save2pc.exe
2010-07-18 20:59 . 2010-07-18 20:59 3,156,992 ---hs---- c:\documents and settings\Administrator\DokumentyDwC3Ov_save2pc.exe
2010-07-18 15:17 . 2010-07-18 15:17 3,156,992 ---hs---- c:\documents and settings\Administrator\DokumentySxW7Yw_save2pc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-11 22:28 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Skype
2010-08-11 22:25 --------- d-----w c:\program files\TrackMania Nations ESWC
2010-08-11 20:41 --------- d-----w c:\documents and settings\Administrator\Data aplikací\skypePM
2010-08-11 18:15 --------- d-----w c:\program files\Google
2010-08-11 14:09 --------- d-----w c:\program files\eMedia Starter Guitar Lessons
2010-08-11 14:09 --------- d-----w c:\program files\EA Sports
2010-08-11 14:08 --------- d-----w c:\program files\Valve
2010-08-11 14:08 --------- d-----w c:\program files\Burn4Free Toolbar
2010-08-11 14:06 --------- d-----w c:\program files\Autodesk
2010-08-11 14:04 --------- d-----w c:\documents and settings\All Users\Data aplikací\Autodesk
2010-08-11 13:41 --------- d-----w c:\program files\Common Files\Apple
2010-08-11 13:40 --------- d-----w c:\program files\Microsoft Games
2010-08-11 13:39 --------- d-----w c:\documents and settings\Administrator\Data aplikací\uTorrent
2010-08-11 13:26 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Hamachi
2010-08-10 20:47 --------- d-----r c:\program files\Skype
2010-08-10 20:46 --------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2010-08-04 14:24 --------- d-----w c:\program files\Speeditup Free
2010-07-26 11:58 --------- d--h--w c:\program files\InstallShield Installation Information
2010-07-25 08:06 --------- d-----w c:\program files\Miranda IM
2010-07-25 07:59 --------- d-----w c:\program files\FDRLab
2010-07-25 07:57 --------- d-----w c:\program files\OGG To MP3 Plus
2010-07-25 07:54 --------- d-----w c:\program files\Resco
2010-07-25 07:54 --------- d-----w c:\program files\Epocware
2010-07-25 07:01 --------- d-----w c:\documents and settings\Administrator\Data aplikací\ICQ
2010-07-23 12:28 --------- d-----w c:\program files\Xvid
2008-08-06 09:36 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
2008-04-23 12:39 47,360 ----a-w c:\documents and settings\Administrator\Data aplikací\pcouffin.sys
2009-05-01 21:02 1,044,480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 200,704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 1,044,480 ----a-w c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 200,704 ----a-w c:\program files\opera\program\plugins\ssldivx.dll
2008-04-23 13:07 80 --sh--r c:\windows\system32\F55912B06A.dll
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r c:\windows\system32\nbDX.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}"= "c:\documents and settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll" [2010-06-09 149968]
[HKEY_CLASSES_ROOT\clsid\{a55f9c95-2bb1-4ea2-bc77-dfaab78832ce}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{45FF696B-5284-4781-B2CA-ECF3A742A17B}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
2010-06-09 17:24 149968 --a------ c:\documents and settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2010-06-15 15:46 86696 --a------ c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-06-15 86696]
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-05-14 15:04 320832 --a------ c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-05-14 15:04 320832 --a------ c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-07-28 1830128]
"QIP2005"="c:\program files\QIP\qip.exe" [2008-12-09 3259392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-24 185896]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]
c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
GameRanger.lnk - c:\documents and settings\Administrator\Data aplikacˇ\GameRanger\GameRanger\GameRanger.exe [2010-06-30 1240800]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-01-15 255536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GO333C~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.MJPG"= pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Miranda IM\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1005MC.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut 2\\flatout2.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Documents and Settings\\Administrator\\Data aplikací\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires 2\\age2_x1.exe"=
"c:\\Program Files\\Microsoft Games\\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]\\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]\\MYTH-Age2_x1.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
S0 AFPAnsi;Alfa File Protector Ansi;c:\windows\system32\Drivers\AFPAnsi.sys --> c:\windows\system32\Drivers\AFPAnsi.sys [?]
S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-06-10 34312]
S1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-05-04 129928]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-07-28 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-07-28 72944]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-06-10 468224]
S2 gupdate1c939e5e31ea460;Google Update Service (gupdate1c939e5e31ea460);c:\program files\Google\Update\GoogleUpdate.exe [2008-10-29 133104]
S2 HWiNFO32;HWiNFO32 Kernel Driver;\??\i:\programy\Hardware\HWiNFO32\HWiNFO32.SYS --> i:\programy\Hardware\HWiNFO32\HWiNFO32.SYS [?]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-04-30 136448]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-10-25 3584]
S2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-05-27 141384]
S2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-04-30 97032]
S2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-04-30 111624]
S2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-05-12 110920]
S2 UserTimeControl;User Time Control service;c:\program files\Kids PC Time Administrator\utccsr.exe --> c:\program files\Kids PC Time Administrator\utccsr.exe [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-07-28 7408]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [2007-06-21 30720]
.
Obsah adresáře 'Naplánované úlohy'
2010-07-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
2010-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-10-29 18:46]
2010-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-10-29 18:46]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-12 14:40:28
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,f1,e2,de,d1,65,
6f,8f,1a,c8,28,51,af,b0,29,a3,98,08,8b,5c,b3,fa,c9,21,82,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,42,d7,2b,6d,94,
d7,1d,e2,71,3b,04,66,8b,46,0d,96,7d,90,03,ed,0e,8f,ae,89,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,4e,85,09,56,d2,
d9,34,d8,25,da,ec,7e,55,20,c9,26,f5,91,b6,b4,c1,d0,d8,86,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,9d,a8,31,5d,33,
a2,53,c8,3e,1e,9e,e0,57,5a,93,61,fe,2e,ad,22,73,21,3a,c3,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,d5,e2,be,f4,fb,
8e,cf,9c,cd,44,cd,b9,a6,33,6c,cd,81,7f,42,15,ad,64,9f,b2,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,11,10,f5,ae,94,
f2,e3,d0,b0,18,ed,a7,3f,8d,37,a4,5d,c1,dd,10,af,f7,43,ff,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,7e,00,2b,5a,8b,
8a,fd,db,31,77,e1,ba,b1,f8,68,02,7f,b7,a1,2d,13,b4,c0,d6,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,2c,0f,08,42,ac,
b6,75,a4,83,6c,56,8b,a0,85,96,ab,a0,c8,76,db,6e,72,71,04,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,ba,99,79,b7,e0,
8b,e8,6f,51,fa,6e,91,28,9e,14,cc,c8,28,b3,89,86,34,be,40,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,c4,5d,e1,df,c8,
f9,e6,0d,b1,cd,45,5a,a8,c4,f8,b9,72,f7,53,80,82,f5,72,c0,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,30,4f,5b,ca,02,
75,1d,2b,e3,0e,66,d5,eb,bc,2f,6b,64,72,a8,8a,24,89,53,c4,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,f2,13,20,81,a3,
3f,6a,47,fa,ea,66,7f,d4,3b,6b,70,9d,d5,1b,d6,06,e4,33,da,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(240)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Celkový čas: 2010-08-12 14:43:09
ComboFix-quarantined-files.txt 2010-08-12 12:41:52
ComboFix2.txt 2009-07-30 14:50:39
Před spuštěním: 4,985,348,096
Po spuštění: 4,974,190,592
322
ComboFix 09-03-15.01 - Administrator 2010-08-12 14:40:07.11 - NTFSx86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.511.348 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Dokumenty\Downloads\Nová složka\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: *On-access scanning disabled* (Updated)
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-12 do 2010-08-12 )))))))))))))))))))))))))))))))
.
2010-08-11 15:42 . 2010-08-11 20:15 <DIR> d-------- c:\windows\SxsCaPendDel
2010-08-10 22:46 . 2010-08-10 22:46 <DIR> d-------- c:\program files\Common Files\Skype
2010-08-10 18:38 . 2010-08-10 18:39 664 --a------ c:\windows\system32\d3d9caps.dat
2010-08-07 19:08 . 2010-08-07 22:47 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\GameRanger
2010-08-03 16:17 . 2010-08-03 16:17 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Panda Security
2010-08-03 16:12 . 2010-08-03 16:12 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\SurfSecret Privacy Suite
2010-08-03 16:11 . 2010-08-04 16:26 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\pandasecuritytb
2010-08-03 16:11 . 2010-08-03 16:11 264 --a------ c:\windows\system32\PSUNCpl.dat
2010-08-03 16:09 . 2010-08-03 16:12 <DIR> d-------- c:\program files\Panda Security
2010-08-03 16:09 . 2010-08-03 16:09 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Panda Security
2010-07-23 14:16 . 2010-07-23 14:16 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Ashampoo
2010-07-23 13:52 . 2010-07-23 13:52 <DIR> d-------- c:\windows\Sun
2010-07-23 13:50 . 2010-07-23 13:50 <DIR> d-------- c:\program files\Common Files\Java
2010-07-23 13:47 . 2010-07-23 13:46 423,656 --a------ c:\windows\system32\deployJava1.dll
2010-07-23 13:47 . 2010-07-23 13:46 73,728 --a------ c:\windows\system32\javacpl.cpl
2010-07-23 13:46 . 2010-07-23 13:46 <DIR> d-------- c:\program files\Java
2010-07-23 13:25 . 2010-07-27 13:30 <DIR> d-------- c:\program files\McAfee Security Scan
2010-07-23 13:25 . 2010-07-23 13:25 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\McAfee Security Scan
2010-07-23 13:25 . 2010-07-23 13:25 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\McAfee
2010-07-23 13:13 . 2010-07-25 09:59 <DIR> d-------- c:\program files\YouTube Downloader
2010-07-22 00:16 . 2010-07-22 00:16 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Pinnacle VideoSpin
2010-07-22 00:06 . 2010-07-22 00:06 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\VideoSpin
2010-07-21 23:13 . 2010-07-21 23:13 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Xilisoft
2010-07-21 23:10 . 2010-07-21 23:10 <DIR> d-------- c:\program files\Xilisoft
2010-07-21 09:59 . 2010-07-22 00:16 <DIR> d-------- c:\documents and settings\All Users\Data aplikac
2010-07-21 09:57 . 2010-07-21 09:57 41 --a------ c:\windows\system32\blue.SITENAME
2010-07-20 23:07 . 2010-07-21 10:00 455 --a------ c:\windows\VFO.VST
2010-07-20 22:58 . 2010-07-20 22:58 <DIR> d-------- c:\program files\SmartSound Software
2010-07-20 22:58 . 2010-07-20 22:58 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\SmartSound Software Inc
2010-07-20 22:56 . 2003-11-25 05:02 196,096 --a------ c:\windows\system32\macd32.dll
2010-07-20 22:56 . 2003-11-25 05:02 138,752 --a------ c:\windows\system32\mase32.dll
2010-07-20 22:56 . 2003-11-25 05:02 136,192 --a------ c:\windows\system32\mamc32.dll
2010-07-20 22:56 . 2004-07-02 16:28 84,992 --a------ c:\windows\system32\ATL70.DLL
2010-07-20 22:56 . 2003-11-25 05:02 57,856 --a------ c:\windows\system32\masd32.dll
2010-07-20 22:56 . 2003-11-25 05:02 27,648 --a------ c:\windows\system32\ma32.dll
2010-07-20 22:56 . 2010-07-21 09:57 1,208 --a------ c:\windows\VFO.INI
2010-07-20 22:54 . 2010-07-20 22:55 <DIR> d-------- c:\windows\Downloaded Installations
2010-07-20 22:52 . 2010-07-21 09:58 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Pinnacle Studio
2010-07-20 22:51 . 2010-07-22 00:06 <DIR> d-------- c:\program files\Pinnacle
2010-07-20 22:51 . 2010-07-20 23:02 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Pinnacle
2010-07-20 22:51 . 2005-02-09 11:59 14,165 --a------ c:\windows\system32\drivers\Pclepci.sys
2010-07-18 21:32 . 2010-07-18 21:32 3,156,992 ---hs---- c:\documents and settings\Administrator\DokumentyMuN0Au_save2pc.exe
2010-07-18 20:59 . 2010-07-18 20:59 3,156,992 ---hs---- c:\documents and settings\Administrator\DokumentyDwC3Ov_save2pc.exe
2010-07-18 15:17 . 2010-07-18 15:17 3,156,992 ---hs---- c:\documents and settings\Administrator\DokumentySxW7Yw_save2pc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-11 22:28 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Skype
2010-08-11 22:25 --------- d-----w c:\program files\TrackMania Nations ESWC
2010-08-11 20:41 --------- d-----w c:\documents and settings\Administrator\Data aplikací\skypePM
2010-08-11 18:15 --------- d-----w c:\program files\Google
2010-08-11 14:09 --------- d-----w c:\program files\eMedia Starter Guitar Lessons
2010-08-11 14:09 --------- d-----w c:\program files\EA Sports
2010-08-11 14:08 --------- d-----w c:\program files\Valve
2010-08-11 14:08 --------- d-----w c:\program files\Burn4Free Toolbar
2010-08-11 14:06 --------- d-----w c:\program files\Autodesk
2010-08-11 14:04 --------- d-----w c:\documents and settings\All Users\Data aplikací\Autodesk
2010-08-11 13:41 --------- d-----w c:\program files\Common Files\Apple
2010-08-11 13:40 --------- d-----w c:\program files\Microsoft Games
2010-08-11 13:39 --------- d-----w c:\documents and settings\Administrator\Data aplikací\uTorrent
2010-08-11 13:26 --------- d-----w c:\documents and settings\Administrator\Data aplikací\Hamachi
2010-08-10 20:47 --------- d-----r c:\program files\Skype
2010-08-10 20:46 --------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2010-08-04 14:24 --------- d-----w c:\program files\Speeditup Free
2010-07-26 11:58 --------- d--h--w c:\program files\InstallShield Installation Information
2010-07-25 08:06 --------- d-----w c:\program files\Miranda IM
2010-07-25 07:59 --------- d-----w c:\program files\FDRLab
2010-07-25 07:57 --------- d-----w c:\program files\OGG To MP3 Plus
2010-07-25 07:54 --------- d-----w c:\program files\Resco
2010-07-25 07:54 --------- d-----w c:\program files\Epocware
2010-07-25 07:01 --------- d-----w c:\documents and settings\Administrator\Data aplikací\ICQ
2010-07-23 12:28 --------- d-----w c:\program files\Xvid
2008-08-06 09:36 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
2008-04-23 12:39 47,360 ----a-w c:\documents and settings\Administrator\Data aplikací\pcouffin.sys
2009-05-01 21:02 1,044,480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 200,704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 1,044,480 ----a-w c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 200,704 ----a-w c:\program files\opera\program\plugins\ssldivx.dll
2008-04-23 13:07 80 --sh--r c:\windows\system32\F55912B06A.dll
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r c:\windows\system32\nbDX.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}"= "c:\documents and settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll" [2010-06-09 149968]
[HKEY_CLASSES_ROOT\clsid\{a55f9c95-2bb1-4ea2-bc77-dfaab78832ce}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{45FF696B-5284-4781-B2CA-ECF3A742A17B}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
2010-06-09 17:24 149968 --a------ c:\documents and settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2010-06-15 15:46 86696 --a------ c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-06-15 86696]
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-05-14 15:04 320832 --a------ c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-05-14 15:04 320832 --a------ c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-07-28 1830128]
"QIP2005"="c:\program files\QIP\qip.exe" [2008-12-09 3259392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-24 185896]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]
c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
GameRanger.lnk - c:\documents and settings\Administrator\Data aplikacˇ\GameRanger\GameRanger\GameRanger.exe [2010-06-30 1240800]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-01-15 255536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GO333C~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.MJPG"= pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Miranda IM\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1005MC.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut 2\\flatout2.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Documents and Settings\\Administrator\\Data aplikací\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires 2\\age2_x1.exe"=
"c:\\Program Files\\Microsoft Games\\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]\\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]\\MYTH-Age2_x1.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
S0 AFPAnsi;Alfa File Protector Ansi;c:\windows\system32\Drivers\AFPAnsi.sys --> c:\windows\system32\Drivers\AFPAnsi.sys [?]
S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-06-10 34312]
S1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-05-04 129928]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-07-28 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-07-28 72944]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-06-10 468224]
S2 gupdate1c939e5e31ea460;Google Update Service (gupdate1c939e5e31ea460);c:\program files\Google\Update\GoogleUpdate.exe [2008-10-29 133104]
S2 HWiNFO32;HWiNFO32 Kernel Driver;\??\i:\programy\Hardware\HWiNFO32\HWiNFO32.SYS --> i:\programy\Hardware\HWiNFO32\HWiNFO32.SYS [?]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-04-30 136448]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-10-25 3584]
S2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-05-27 141384]
S2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-04-30 97032]
S2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-04-30 111624]
S2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-05-12 110920]
S2 UserTimeControl;User Time Control service;c:\program files\Kids PC Time Administrator\utccsr.exe --> c:\program files\Kids PC Time Administrator\utccsr.exe [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-07-28 7408]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [2007-06-21 30720]
.
Obsah adresáře 'Naplánované úlohy'
2010-07-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
2010-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-10-29 18:46]
2010-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-10-29 18:46]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-12 14:40:28
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,f1,e2,de,d1,65,
6f,8f,1a,c8,28,51,af,b0,29,a3,98,08,8b,5c,b3,fa,c9,21,82,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,42,d7,2b,6d,94,
d7,1d,e2,71,3b,04,66,8b,46,0d,96,7d,90,03,ed,0e,8f,ae,89,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,4e,85,09,56,d2,
d9,34,d8,25,da,ec,7e,55,20,c9,26,f5,91,b6,b4,c1,d0,d8,86,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,9d,a8,31,5d,33,
a2,53,c8,3e,1e,9e,e0,57,5a,93,61,fe,2e,ad,22,73,21,3a,c3,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,d5,e2,be,f4,fb,
8e,cf,9c,cd,44,cd,b9,a6,33,6c,cd,81,7f,42,15,ad,64,9f,b2,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,11,10,f5,ae,94,
f2,e3,d0,b0,18,ed,a7,3f,8d,37,a4,5d,c1,dd,10,af,f7,43,ff,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,7e,00,2b,5a,8b,
8a,fd,db,31,77,e1,ba,b1,f8,68,02,7f,b7,a1,2d,13,b4,c0,d6,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,2c,0f,08,42,ac,
b6,75,a4,83,6c,56,8b,a0,85,96,ab,a0,c8,76,db,6e,72,71,04,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,ba,99,79,b7,e0,
8b,e8,6f,51,fa,6e,91,28,9e,14,cc,c8,28,b3,89,86,34,be,40,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,c4,5d,e1,df,c8,
f9,e6,0d,b1,cd,45,5a,a8,c4,f8,b9,72,f7,53,80,82,f5,72,c0,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,30,4f,5b,ca,02,
75,1d,2b,e3,0e,66,d5,eb,bc,2f,6b,64,72,a8,8a,24,89,53,c4,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,f2,13,20,81,a3,
3f,6a,47,fa,ea,66,7f,d4,3b,6b,70,9d,d5,1b,d6,06,e4,33,da,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(240)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Celkový čas: 2010-08-12 14:43:09
ComboFix-quarantined-files.txt 2010-08-12 12:41:52
ComboFix2.txt 2009-07-30 14:50:39
Před spuštěním: 4,985,348,096
Po spuštění: 4,974,190,592
322