ComboFix 13-10-23.02 - Správca 23.10.2013 20:23:56.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1023.511 [GMT 2:00]
Running from: c:\documents and settings\Správca\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active
.
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((( Files Created from 2013-09-23 to 2013-10-23 )))))))))))))))))))))))))))))))
.
.
2013-10-23 11:36 . 2013-10-23 11:36 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2013-10-23 11:36 . 2013-10-23 11:36 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2013-10-23 11:33 . 2013-10-23 11:33 -------- d-----w- c:\windows\system32\wbem\Repository
2013-10-19 17:24 . 2013-10-21 16:55 -------- d-----w- C:\AdwCleaner
2013-10-19 10:38 . 2013-10-19 10:38 -------- d-----w- c:\documents and settings\LocalService\Application Data\iolo
2013-10-19 10:37 . 2013-10-19 10:37 74703 ----a-w- c:\windows\system32\mfc45.dll
2013-10-19 10:37 . 2013-10-19 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2013-10-19 10:37 . 2013-10-19 11:08 -------- d-----w- c:\documents and settings\Správca\Application Data\iolo
2013-09-26 18:00 . 2013-09-26 18:00 208760 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-09-26 15:33 . 2013-09-26 15:33 -------- d-----w- c:\program files\IBoot
2013-09-26 11:28 . 2013-09-26 11:28 -------- d-----w- c:\windows\system32\NtmsData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-16 07:28 . 2013-08-16 07:28 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-08-16 07:28 . 2013-08-16 07:28 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-08-16 07:27 . 2013-08-16 07:28 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-08-16 07:27 . 2012-04-21 15:55 789416 ----a-w- c:\windows\system32\deployJava1.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-02-11 . 679A7259741F6A09994F02CE261B5F2E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-08 3076144]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2012-10-01 07:22 66360 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-11 21:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 01:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 04:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2007-09-06 13:08 136136 ----a-w- c:\program files\DAEMON Tools Pro\DTProAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2012-11-04 17:43 1851192 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 14:50 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
2005-03-18 11:18 98304 ----a-r- c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-07-16 11:20 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNPSTD2]
2004-08-30 15:37 286720 ----a-w- c:\windows\vsnpstd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 13:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-03 21:21 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-10-10 05:28 36352 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Webteh\\BSplayer\\bsplayer.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.1.2011 14:54 685816]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.7.2008 7:51 277736]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [8.9.2011 7:34 974944]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [27.7.2012 14:26 12216]
R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [26.1.2010 13:25 686080]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [1.12.2008 12:30 47360]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [28.1.2010 19:32 4134]
S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\drivers\OXSDIDRV_x32.sys [28.9.2009 9:55 52656]
S3 OXUDIDRV;OXUDIDRV;c:\windows\system32\drivers\OXUDIDRV_x32.sys [9.10.2011 17:48 24880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-08 14:13 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-25 11:43]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Previesť cieľ odkazu do formátu Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Previesť do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Pridať cieľ odkazu do existujúceho súboru PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Pridať do existujúceho súboru PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.1.34
TCP: Interfaces\{D2207C53-5B2E-4296-A0E6-C2E9A2E178D7}: NameServer = 10.10.10.1,8.8.8.8
FF - ProfilePath - c:\documents and settings\Správca\Application Data\Mozilla\Firefox\Profiles\fen7fee5.default\
FF - prefs.js: browser.startup.homepage - hxxp://
www.google.cz/
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
AddRemove-{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1 - c:\program files\Euro Truck Simulator 2\unins000.exe
AddRemove-MyFreeCodec - c:\program files\MyFree Codec\1.0b beta\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2013-10-23 20:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1957994488-1450960922-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1957994488-1450960922-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E7AE2132-7CDA-7231-4C1B-CD57AA2E1242}*]
"jalpolnpjhiijlfelhdl"=hex:62,61,70,66,00,00
"jalpolnpjhiijlfelhpk"=hex:62,61,6d,66,00,00
.
[HKEY_USERS\S-1-5-21-1957994488-1450960922-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1957994488-1450960922-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:2b,c4,c5,61,d5,5e,b9,45,a5,f8,34,19,64,92,4f,75,ce,6b,7b,98,67,
80,33,6b,ce,a8,5a,6f,2a,d1,a4,99,6f,53,be,be,6b,f8,73,0d,63,e5,ae,43,cc,b1,\
"rkeysecu"=hex:2b,6c,89,86,bf,f5,63,d5,78,16,5d,17,66,72,18,b6
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1812)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(900)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
Completion time: 2013-10-23 20:36:08
ComboFix-quarantined-files.txt 2013-10-23 18:36
.
Pre-Run: 39 803 744 256 bytes free
Post-Run: 32 adresárov, 39 851 491 328 voľných bajtov
.
- - End Of File - - 6D57D62272927D20759829DCC580DC28
8F558EB6672622401DA993E1E865C861
