Re: vypinanie pc
Napsal: 03 čer 2014 20:45
ComboFix 14-06-03.01 - Admin 03.06.2014 21:34:09.1.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.2047.873 [GMT 2:00]
Running from: c:\documents and settings\Admin\My Documents\Preberanie\ComboFix.exe
AV: ESET Smart Security 7.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\MUI\041b\tourstart.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-05-03 to 2014-06-03 )))))))))))))))))))))))))))))))
.
.
2014-06-03 18:08 . 2014-06-03 18:08 -------- d-----w- c:\windows\LastGood
2014-05-22 17:57 . 2014-06-03 19:02 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-22 17:57 . 2014-05-22 17:57 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-05-22 17:57 . 2014-05-22 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-05-22 17:57 . 2014-05-12 05:26 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-22 17:57 . 2014-05-12 05:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-21 20:19 . 2014-05-21 20:19 -------- d-----w- c:\windows\system32\NtmsData
2014-05-20 20:39 . 2014-05-20 20:39 -------- d-----w- C:\rsit
2014-05-17 20:34 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-05-17 20:33 . 2014-05-17 20:35 -------- d-----w- C:\AdwCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-15 18:31 . 2013-09-27 11:10 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-15 18:31 . 2013-09-27 11:10 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-24 20:22 . 2014-04-24 20:22 933888 ----a-w- c:\windows\system32\o2cAreas.ocx
2014-04-24 20:22 . 2014-04-24 20:22 1208320 ----a-w- c:\windows\system32\O2CPlayer.OCX
2014-03-31 20:46 . 2014-03-31 20:46 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2014-03-31 20:46 . 2014-03-31 20:46 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-03-07 17:53 . 2014-03-07 17:53 3081354 ----a-w- c:\program files\MGControl65.EXE
2014-03-06 17:59 . 2008-04-14 03:42 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:59 . 2008-04-14 03:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-03-06 17:59 . 2008-04-14 03:41 43520 ------w- c:\windows\system32\licmgr10.dll
2014-03-06 17:59 . 2008-04-14 03:41 18944 ------w- c:\windows\system32\corpol.dll
2014-03-06 00:46 . 2008-04-13 22:07 385024 ------w- c:\windows\system32\html.iec
2013-09-30 16:30 . 2013-09-30 16:26 23242440 ----a-w- c:\program files\Firefox Setup 24.0.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-02-23 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2013-06-24 20145368]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"CardDetectorHUAWEIX70"="c:\program files\CardDetector\HUAWEIX70\CardDetector.exe" [2008-02-04 278528]
"BEWINTERNET-SKSessionManager"="c:\program files\OrangeBS\BEWInternetSK\SessionManager\SessionManager.exe" [2008-02-01 107248]
"Mobile Partner"="c:\program files\Hi Suite\Hi Suite.exe" [2013-10-13 518656]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5110672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"bgsmsnd.exe"="c:\windows\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe" [2006-06-01 106496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Admin\Start Menu\Programs\Startup\
Orezávač obrazovky a spúšťač programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ALFA plus - rýchle spustenie.lnk - c:\program files\KROS\ALFA plus\!System\ALFAplus.exe /StartUp [2014-3-12 3369272]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\OrangeBS\\BEWInternetSK\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20400:TCP"= 20400:TCP:KrosPort20400
"20401:TCP"= 20401:TCP:KrosPort20401
"20402:TCP"= 20402:TCP:KrosPort20402
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [27.9.2013 13:43 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [27.9.2013 13:43 177864]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.9.2013 17:15 134248]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12.9.2013 12:06 1337752]
R2 FirebirdServerKROS_20400;Firebird Server - KROS_20400;c:\program files\KROS\KROS FBServer\Firebird001\bin\fbserver.exe [20.2.2014 11:06 3764224]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [22.5.2014 19:57 860472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22.5.2014 19:57 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [22.5.2014 19:57 110296]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [27.9.2013 12:47 1691480]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-21 20:15 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-27 18:31]
.
2014-06-03 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-21 01:59]
.
2014-04-10 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-21 01:59]
.
2014-06-03 c:\windows\Tasks\User_Feed_Synchronization-{31E1E16B-21FE-47CC-9ECA-B2688F134664}.job
- c:\windows\system32\msfeedssync.exe [2013-09-27 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.168.1.2 8.8.8.8
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\yszu4gs5.default\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{41545534-2D56-3743-00A7-7A786E7484D7} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-03 21:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-06-03 21:38:09
ComboFix-quarantined-files.txt 2014-06-03 19:38
.
Pre-Run: 402 651 111 424 bytes free
Post-Run: 402 612 654 080 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 76DD3F8D9F4B4E75CE4992D347B66960
8F558EB6672622401DA993E1E865C861
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.2047.873 [GMT 2:00]
Running from: c:\documents and settings\Admin\My Documents\Preberanie\ComboFix.exe
AV: ESET Smart Security 7.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\MUI\041b\tourstart.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-05-03 to 2014-06-03 )))))))))))))))))))))))))))))))
.
.
2014-06-03 18:08 . 2014-06-03 18:08 -------- d-----w- c:\windows\LastGood
2014-05-22 17:57 . 2014-06-03 19:02 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-22 17:57 . 2014-05-22 17:57 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-05-22 17:57 . 2014-05-22 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-05-22 17:57 . 2014-05-12 05:26 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-22 17:57 . 2014-05-12 05:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-21 20:19 . 2014-05-21 20:19 -------- d-----w- c:\windows\system32\NtmsData
2014-05-20 20:39 . 2014-05-20 20:39 -------- d-----w- C:\rsit
2014-05-17 20:34 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-05-17 20:33 . 2014-05-17 20:35 -------- d-----w- C:\AdwCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-15 18:31 . 2013-09-27 11:10 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-15 18:31 . 2013-09-27 11:10 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-24 20:22 . 2014-04-24 20:22 933888 ----a-w- c:\windows\system32\o2cAreas.ocx
2014-04-24 20:22 . 2014-04-24 20:22 1208320 ----a-w- c:\windows\system32\O2CPlayer.OCX
2014-03-31 20:46 . 2014-03-31 20:46 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2014-03-31 20:46 . 2014-03-31 20:46 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-03-07 17:53 . 2014-03-07 17:53 3081354 ----a-w- c:\program files\MGControl65.EXE
2014-03-06 17:59 . 2008-04-14 03:42 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:59 . 2008-04-14 03:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-03-06 17:59 . 2008-04-14 03:41 43520 ------w- c:\windows\system32\licmgr10.dll
2014-03-06 17:59 . 2008-04-14 03:41 18944 ------w- c:\windows\system32\corpol.dll
2014-03-06 00:46 . 2008-04-13 22:07 385024 ------w- c:\windows\system32\html.iec
2013-09-30 16:30 . 2013-09-30 16:26 23242440 ----a-w- c:\program files\Firefox Setup 24.0.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-02-23 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2013-06-24 20145368]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"CardDetectorHUAWEIX70"="c:\program files\CardDetector\HUAWEIX70\CardDetector.exe" [2008-02-04 278528]
"BEWINTERNET-SKSessionManager"="c:\program files\OrangeBS\BEWInternetSK\SessionManager\SessionManager.exe" [2008-02-01 107248]
"Mobile Partner"="c:\program files\Hi Suite\Hi Suite.exe" [2013-10-13 518656]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5110672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"bgsmsnd.exe"="c:\windows\System32\spool\DRIVERS\W32X86\2\bgsmsnd.exe" [2006-06-01 106496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Admin\Start Menu\Programs\Startup\
Orezávač obrazovky a spúšťač programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ALFA plus - rýchle spustenie.lnk - c:\program files\KROS\ALFA plus\!System\ALFAplus.exe /StartUp [2014-3-12 3369272]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\OrangeBS\\BEWInternetSK\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20400:TCP"= 20400:TCP:KrosPort20400
"20401:TCP"= 20401:TCP:KrosPort20401
"20402:TCP"= 20402:TCP:KrosPort20402
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [27.9.2013 13:43 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [27.9.2013 13:43 177864]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.9.2013 17:15 134248]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12.9.2013 12:06 1337752]
R2 FirebirdServerKROS_20400;Firebird Server - KROS_20400;c:\program files\KROS\KROS FBServer\Firebird001\bin\fbserver.exe [20.2.2014 11:06 3764224]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [22.5.2014 19:57 860472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22.5.2014 19:57 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [22.5.2014 19:57 110296]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [27.9.2013 12:47 1691480]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-21 20:15 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-27 18:31]
.
2014-06-03 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-21 01:59]
.
2014-04-10 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-21 01:59]
.
2014-06-03 c:\windows\Tasks\User_Feed_Synchronization-{31E1E16B-21FE-47CC-9ECA-B2688F134664}.job
- c:\windows\system32\msfeedssync.exe [2013-09-27 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.168.1.2 8.8.8.8
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\yszu4gs5.default\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{41545534-2D56-3743-00A7-7A786E7484D7} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-03 21:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-06-03 21:38:09
ComboFix-quarantined-files.txt 2014-06-03 19:38
.
Pre-Run: 402 651 111 424 bytes free
Post-Run: 402 612 654 080 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 76DD3F8D9F4B4E75CE4992D347B66960
8F558EB6672622401DA993E1E865C861
