ComboFix 11-04-06.03 - Administrator 07.04.2011 12:20:34.6.1 - x86Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1029.18.511.219 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-07 to 2011-04-07 )))))))))))))))))))))))))))))))
.
.
2011-04-07 09:48 . 2011-04-07 09:48 -------- d-----w- c:\program files\trend micro
2011-04-07 09:48 . 2011-04-07 09:48 -------- d-----w- C:\rsit
2011-04-06 14:53 . 2011-04-06 14:53 -------- d-----w- c:\program files\C-Media
2011-04-06 14:05 . 2011-04-06 14:05 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-04-06 13:48 . 2010-12-14 12:39 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-04-06 07:08 . 2011-04-06 07:08 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-04-06 06:49 . 2011-04-06 06:49 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-04-05 22:18 . 2011-04-05 22:17 92672 ----a-w- c:\windows\system32\KillBox.exe
2011-04-05 22:05 . 2011-04-07 09:38 -------- d-----w- c:\program files\WinClamAVShield
2011-04-05 21:13 . 2011-04-05 21:13 -------- d-----w- c:\program files\Common Files\Java
2011-04-05 21:13 . 2011-04-05 21:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-05 21:00 . 2011-04-05 21:00 -------- d-----w- c:\program files\Crawler
2011-04-05 20:59 . 2011-04-05 20:59 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-04-05 20:59 . 2011-04-07 07:23 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Spyware Terminator
2011-04-05 20:59 . 2011-04-07 09:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2011-04-05 20:59 . 2011-04-07 09:54 -------- d-----w- c:\program files\Spyware Terminator
2011-04-05 20:51 . 2011-04-05 20:51 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Secunia PSI
2011-04-05 20:50 . 2011-04-05 20:50 -------- d-----w- c:\program files\Secunia
2011-04-05 20:11 . 2011-04-05 20:11 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-04-05 19:52 . 2011-03-18 18:05 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-04-05 19:52 . 2011-03-18 18:05 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-04-05 19:52 . 2011-03-18 18:05 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-04-05 19:52 . 2011-03-18 18:05 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-04-05 19:52 . 2011-03-18 18:05 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-04-05 19:52 . 2011-03-18 18:05 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-04-05 19:52 . 2011-03-18 18:05 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-04-05 19:52 . 2011-03-18 18:05 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-04-05 19:33 . 2011-04-05 19:33 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-04-05 19:28 . 2011-04-05 19:30 -------- d-----w- c:\windows\system32\cs-CZ
2011-04-05 19:28 . 2011-04-05 19:29 -------- dc-h--w- c:\windows\ie8
2011-04-04 11:46 . 2011-04-05 21:25 -------- d-----w- c:\program files\ESET
2011-04-01 08:36 . 2011-04-01 08:36 -------- d-----w- c:\windows\XXLGS
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-05 21:11 . 2010-08-02 15:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-06 17:06 . 2011-03-06 16:46 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-03-06 17:01 . 2010-09-26 23:31 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-02-26 13:06 . 2011-02-26 13:06 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2011-03-18 18:05 . 2011-04-05 19:52 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-04-05_20.26.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-07 07:07 . 2011-04-07 07:07 16384 c:\windows\temp\Perflib_Perfdata_560.dat
- 2008-08-26 06:28 . 2011-03-21 11:04 2176 c:\windows\system32\d3d9caps.dat
+ 2008-08-26 06:28 . 2011-04-06 09:38 2176 c:\windows\system32\d3d9caps.dat
+ 2008-07-30 16:16 . 2011-04-06 13:27 224924 c:\windows\system32\Restore\rstrlog.dat
+ 2011-04-05 21:20 . 2011-04-05 21:20 235168 c:\windows\system32\Macromed\Flash\FlashUtil10o_Plugin.exe
+ 2011-04-05 20:59 . 2011-04-05 20:59 235168 c:\windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe
+ 2011-04-05 20:59 . 2011-04-05 20:59 311456 c:\windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.dll
+ 2011-04-05 21:13 . 2011-04-05 21:11 157472 c:\windows\system32\javaws.exe
+ 2011-04-05 21:13 . 2011-04-05 21:11 145184 c:\windows\system32\javaw.exe
- 2010-08-02 15:22 . 2010-08-02 15:22 145184 c:\windows\system32\javaw.exe
+ 2011-04-05 21:13 . 2011-04-05 21:11 145184 c:\windows\system32\java.exe
- 2010-08-02 15:22 . 2010-08-02 15:22 145184 c:\windows\system32\java.exe
+ 2011-04-05 21:13 . 2011-04-05 21:13 180224 c:\windows\Installer\556a25.msi
+ 2011-04-05 21:10 . 2011-04-05 21:10 677376 c:\windows\Installer\556a13.msi
+ 2010-01-27 01:07 . 2011-04-05 21:20 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2011-04-05 2216960]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"d:\\hry\\Nová složka (2)\\age2_x1.exe"=
.
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [5.4.2011 22:59 142592]
R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.SYS [14.5.2007 10:26 508288]
R3 S3SAVAGE4M;S3SAVAGE4M;c:\windows\system32\drivers\s3sav4m.sys [7.7.2008 18:00 77824]
S0 mfemhvrxogcp;mfemhvrxogcp; [x]
S1 SASDIFSV;SASDIFSV;\??\e:\my download files\antispywer\SASDIFSV.SYS --> e:\my download files\antispywer\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\e:\my download files\antispywer\SASKUTIL.sys --> e:\my download files\antispywer\SASKUTIL.sys [?]
S1 zmcadvafppwy5;zmcadvafppwy5;c:\windows\system32\drivers\zmcadvafppwy5.sys --> c:\windows\system32\drivers\zmcadvafppwy5.sys [?]
S2 AMService;AMService;c:\windows\TEMP\gerx\setup.exe run --> c:\windows\TEMP\gerx\setup.exe run [?]
S2 Secunia Update Agent;Secunia Update Agent;"c:\program files\Secunia\PSI\sua.exe" --start-service --> c:\program files\Secunia\PSI\sua.exe [?]
S3 ATE_PROCMON;ATE_PROCMON;\??\d:\my download files\trojan\Anti Trojan Elite\ATEPMon.sys --> d:\my download files\trojan\Anti Trojan Elite\ATEPMon.sys [?]
S3 SASENUM;SASENUM;\??\e:\my download files\antispywer\SASENUM.SYS --> e:\my download files\antispywer\SASENUM.SYS [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://pobox.sk/
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: Crawler Search - tbr:iemenu
IE: Download with Star Downloader - e:\my download files\ACCELELATOR PLUS\Star Downloader\sdie.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\sa3oy8yh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2463487&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - pobox.sk
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60076&qkw=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-VLC media player - e:\vlc media\VLC\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-07 12:29
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1957994488-1677128483-854245398-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,57,fe,94,e8,f9,a9,65,49,b0,f4,f4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,57,fe,94,e8,f9,a9,65,49,b0,f4,f4,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,57,fe,94,e8,f9,a9,65,49,b0,f4,f4,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3948)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-04-07 12:33:13
ComboFix-quarantined-files.txt 2011-04-07 10:33
ComboFix2.txt 2011-04-07 07:22
ComboFix3.txt 2011-04-06 12:39
ComboFix4.txt 2011-04-06 11:28
ComboFix5.txt 2011-04-07 10:19
.
Pre-Run: 2 695 766 016
Post-Run: 2 688 671 744
.
Current=7 Default=7 Failed=6 LastKnownGood=2 Sets=1,2,4,5,6,7
- - End Of File - - A5FC473C6AB899AAC75F15404019C34F
- pokračujte tam
Přispějete na provoz fóra?