vírus FB+ asi aj iné prikládám log z COMBOFIXu.. thanks4help
Napsal: 23 črc 2011 20:18
ComboFix 11-07-23.04 - rr 23.07.2011 20:49:49.1.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.421.1033.18.511.379 [GMT 2:00]
Running from: e:\documents and settings\rr\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\documents and settings\Administrator\Application Data\Mikrotik
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\advtool.crc
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\advtool.dll
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\dhcp.crc
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\dhcp.dll
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\hotspot.crc
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\hotspot.dll
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\ppp.crc
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\ppp.dll
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\roteros.crc
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\roteros.dll
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\roting2.crc
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\roting2.dll
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\secure.crc
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\secure.dll
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\system.crc
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\system.dll
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\wlan2.crc
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\wlan2.dll
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\winbox.cfg
e:\documents and settings\rr\Application Data\Mikrotik
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\advtool.crc
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\advtool.dll
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\dhcp.crc
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\dhcp.dll
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\hotspot.crc
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\hotspot.dll
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\ppp.crc
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\ppp.dll
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\roteros.crc
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\roteros.dll
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\roting2.crc
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\roting2.dll
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\secure.crc
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\secure.dll
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\system.crc
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\system.dll
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\wlan2.crc
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\wlan2.dll
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\winbox.cfg
e:\documents and settings\rr\Application Data\PriceGong
e:\documents and settings\rr\Application Data\PriceGong\Data\1.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\a.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\b.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\c.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\d.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\e.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\f.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\g.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\h.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\i.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\J.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\k.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\l.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\m.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\mru.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\n.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\o.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\p.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\q.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\r.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\s.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\t.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\u.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\v.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\w.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\x.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\y.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\z.xml
e:\documents and settings\rr\My Documents\DPE.DUS
e:\documents and settings\rr\WINDOWS
e:\windows\IsUn0407.exe
e:\windows\TEMP\11422859-loader2.exe
e:\windows\TEMP\83114693-loader2.exe
e:\windows\TEMP\9526500.exe
e:\windows\update.1
e:\windows\update.2
e:\windows\update.5.0
e:\windows\update.5.0\2838.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVIECHECK
-------\Legacy_WXPDRIVERS
.
.
((((((((((((((((((((((((( Files Created from 2011-06-23 to 2011-07-23 )))))))))))))))))))))))))))))))
.
.
2011-07-22 19:22 . 2011-07-22 19:22 -------- d-----w- e:\documents and settings\rr\Application Data\Malwarebytes
2011-07-22 19:22 . 2010-12-20 16:09 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2011-07-22 19:22 . 2011-07-22 19:22 -------- d-----w- e:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-22 19:22 . 2011-07-22 19:22 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2011-07-22 19:22 . 2010-12-20 16:08 19288 ----a-w- e:\windows\system32\drivers\mbam.sys
2011-07-22 18:58 . 2011-07-22 18:58 -------- d-----w- e:\program files\AMD APP
2011-07-22 18:58 . 2011-07-22 18:58 -------- d-----w- e:\program files\ATI
2011-07-22 18:58 . 2011-07-22 18:58 -------- d-----w- e:\program files\ATI Technologies
2011-07-22 18:48 . 2011-07-22 18:55 -------- d-----w- e:\program files\trend micro
2011-07-22 18:48 . 2011-07-22 18:49 -------- d-----w- E:\rsit
2011-07-22 18:47 . 2011-07-22 18:47 -------- d-----w- E:\ATI
2011-07-22 18:35 . 2011-07-22 18:35 -------- d-----w- e:\windows\phoenix
2011-07-22 18:35 . 2011-07-22 18:35 -------- d-----w- e:\windows\ufa
2011-07-21 12:03 . 2011-07-21 12:03 -------- d-----w- e:\windows\av_ico
2011-07-21 11:15 . 2011-07-22 18:35 246272 ----a-w- e:\windows\unrar.exe
2011-07-21 11:02 . 2011-07-22 20:47 -------- d--h--w- e:\windows\update.tray-8-0-lnk
2011-07-21 11:02 . 2011-07-22 20:47 -------- d--h--w- e:\windows\update.tray-8-0
2011-07-05 17:49 . 2011-07-05 17:49 -------- d-----w- e:\program files\LogMeIn Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-17 19:11 . 2011-05-24 11:43 404640 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- e:\windows\system32\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- e:\windows\system32\OpenCL.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- e:\windows\system32\amdocl.dll
2005-08-04 21:30 . 2005-08-04 21:28 10 ----a-w- e:\program files\cc.bin
2003-02-28 21:22 . 2005-08-04 21:30 140800 ----a-w- e:\program files\BINKPLAY.EXE
1999-10-08 21:31 . 2005-08-04 21:30 163840 ----a-w- e:\program files\UPDATE.EXE
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . e:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wscntfy.exe
.
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . e:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xmlprov.dll
.
[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . e:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\mspmsnsv.dll
[-] 2002-11-27 02:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [9.0.1.56] . . e:\windows\system32\mspmsnsv.dll
.
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . e:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\d3d9.dll
[-] 2004-07-09 12:27 . 0E51BD586D186F61A9E4453DB8AEC774 . 1703936 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . e:\windows\system32\d3d9.dll
.
e:\windows\System32\wscntfy.exe ... is missing !!
e:\windows\System32\xmlprov.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="e:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-08-26 860160]
"swg"="e:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-21 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-11-13 62464]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2005-08-17 77824]
"PinnacleDriverCheck"="e:\windows\System32\PSDrvCheck.exe" [2003-12-04 406016]
"Adobe Photo Downloader"="e:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"SpywareTerminator"="e:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-05-06 1817600]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\System32\CTFMON.EXE" [2003-03-31 13312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2003-03-31 51200]
.
e:\documents and settings\rr\Start Menu\Programs\Startup\
Adobe Media Player.lnk - e:\program files\Adobe Media Player\Adobe Media Player.exe [2009-2-12 261120]
PowerReg Scheduler.exe [2005-8-15 256000]
.
e:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - e:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Bluetooth.lnk - e:\program files\MSI\BToes Bluetooth Software\BTTray.exe [2005-3-30 569405]
hp psc 1000 series.lnk - e:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - e:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Microsoft Office.lnk - e:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Picture Package Menu.lnk - e:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-9-1 151552]
Picture Package VCD Maker.lnk - e:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-9-1 106496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
R0 avgntmgr;avgntmgr;e:\windows\system32\drivers\avgntmgr.sys [3.5.2008 20:32 22360]
R0 sonypvl2;sonypvl2;e:\windows\system32\drivers\sonypvl2.sys [2.7.2005 20:51 19478]
R0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [30.8.2010 20:28 697328]
R0 viasraid;viasraid;e:\windows\system32\drivers\viasraid.sys [11.8.2003 16:52 75904]
R1 avgntdd;avgntdd;e:\windows\system32\drivers\avgntdd.sys [3.5.2008 20:32 45400]
R1 sonypvf2;sonypvf2;e:\windows\system32\drivers\sonypvf2.sys [2.7.2005 20:51 635012]
R1 sonypvt2;sonypvt2;e:\windows\system32\drivers\sonypvt2.sys [2.7.2005 20:51 431236]
R1 sp_rsdrv2;Spyware Terminator Driver 2;e:\windows\system32\drivers\sp_rsdrv2.sys [6.5.2008 5:39 141312]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;e:\program files\LogMeIn Hamachi\hamachi-2.exe [25.5.2011 17:29 1336712]
R2 ICQ Service;ICQ Service;e:\program files\ICQ6Toolbar\ICQ Service.exe [19.6.2008 15:30 222968]
R2 Pokernet;Pokernet;e:\documents and settings\rr\Application Data\MyPokerLab\Pokernet\Pokernet Service.exe [15.10.2010 10:30 520192]
R3 seehcri;Sony Ericsson seehcri Device Driver;e:\windows\system32\drivers\seehcri.sys [19.4.2010 19:24 27632]
S1 sonypvd2;sonypvd2;e:\windows\system32\drivers\sonypvd2.sys [2.7.2005 20:51 64093]
S2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler;"e:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe" --> e:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe [?]
S2 gupdate;Služba Google Update (gupdate);e:\program files\Google\Update\GoogleUpdate.exe [2.2.2010 16:50 135664]
S3 gupdatem;Služba Google Update (gupdatem);e:\program files\Google\Update\GoogleUpdate.exe [2.2.2010 16:50 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;e:\windows\system32\drivers\mbamswissarmy.sys [22.7.2011 21:22 38224]
S3 pnicml;pnicml;\??\e:\docume~1\rr\LOCALS~1\Temp\pnicml.sys --> e:\docume~1\rr\LOCALS~1\Temp\pnicml.sys [?]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;e:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [17.1.2011 9:59 155344]
.
Contents of the 'Scheduled Tasks' folder
.
2005-09-16 e:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1100 series5E771253C1676EBED677BF361FDFC537825E15B8115396095.job
- e:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 07:52]
.
2011-07-23 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- e:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 14:50]
.
2011-07-23 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- e:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 14:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1098640
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
IE: E&xportovať do programu Microsoft Excel - e:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - e:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Send To &Bluetooth - e:\program files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
TCP: DhcpNameServer = 10.0.0.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - e:\progra~1\Crawler\Toolbar\ctbr.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
URLSearchHooks-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - (no file)
WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-sysdriver32.exe - e:\windows\sysdriver32.exe
HKLM-Run-sysdriver32_.exe - e:\windows\sysdriver32_.exe
AddRemove-Adobe Acrobat 4.0 - e:\windows\ISUN0407.EXE
AddRemove-NHL 98 - e:\ea sports\NHL 98\DeIsL1.isu
AddRemove-Worms2 - e:\team17\Worms2\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-23 21:11
Windows 5.1.2600 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(760)
e:\windows\system32\ODBC32.dll
.
- - - - - - - > 'lsass.exe'(816)
e:\windows\System32\dssenh.dll
.
- - - - - - - > 'explorer.exe'(3852)
e:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
e:\program files\Common Files\Microsoft Shared\Web Components\10\1051\OWCI10.DLL
e:\windows\System32\MSCTF.dll
e:\windows\System32\mlang.dll
e:\windows\System32\msimtf.dll
e:\windows\System32\MSLS31.DLL
.
------------------------ Other Running Processes ------------------------
.
e:\windows\System32\Ati2evxx.exe
e:\program files\MSI\BToes Bluetooth Software\bin\btwdins.exe
e:\program files\Java\jre6\bin\jqs.exe
e:\program files\Spyware Terminator\sp_rsser.exe
e:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
e:\windows\System32\WgaTray.exe
e:\progra~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
e:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
.
**************************************************************************
.
Completion time: 2011-07-23 21:14:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-23 19:14
.
Pre-Run: 6 589 812 736 bytes free
Post-Run: 6 653 493 248 voľných bajtov
.
- - End Of File - - 4D03D8AEC08BBFE087ED317D358CC923
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.421.1033.18.511.379 [GMT 2:00]
Running from: e:\documents and settings\rr\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\documents and settings\Administrator\Application Data\Mikrotik
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\advtool.crc
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\advtool.dll
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\dhcp.crc
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\dhcp.dll
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\hotspot.crc
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\hotspot.dll
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\ppp.crc
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\ppp.dll
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\roteros.crc
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\roteros.dll
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\roting2.crc
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\roting2.dll
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\secure.crc
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\secure.dll
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\system.crc
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\system.dll
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\wlan2.crc
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\wlan2.dll
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\winbox.cfg
e:\documents and settings\rr\Application Data\Mikrotik
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\advtool.crc
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\advtool.dll
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\dhcp.crc
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\dhcp.dll
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\hotspot.crc
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\hotspot.dll
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\ppp.crc
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\ppp.dll
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\roteros.crc
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\roteros.dll
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\roting2.crc
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\roting2.dll
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\secure.crc
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\secure.dll
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\system.crc
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\system.dll
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\wlan2.crc
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\wlan2.dll
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\winbox.cfg
e:\documents and settings\rr\Application Data\PriceGong
e:\documents and settings\rr\Application Data\PriceGong\Data\1.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\a.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\b.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\c.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\d.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\e.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\f.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\g.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\h.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\i.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\J.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\k.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\l.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\m.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\mru.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\n.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\o.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\p.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\q.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\r.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\s.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\t.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\u.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\v.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\w.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\x.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\y.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\z.xml
e:\documents and settings\rr\My Documents\DPE.DUS
e:\documents and settings\rr\WINDOWS
e:\windows\IsUn0407.exe
e:\windows\TEMP\11422859-loader2.exe
e:\windows\TEMP\83114693-loader2.exe
e:\windows\TEMP\9526500.exe
e:\windows\update.1
e:\windows\update.2
e:\windows\update.5.0
e:\windows\update.5.0\2838.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVIECHECK
-------\Legacy_WXPDRIVERS
.
.
((((((((((((((((((((((((( Files Created from 2011-06-23 to 2011-07-23 )))))))))))))))))))))))))))))))
.
.
2011-07-22 19:22 . 2011-07-22 19:22 -------- d-----w- e:\documents and settings\rr\Application Data\Malwarebytes
2011-07-22 19:22 . 2010-12-20 16:09 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2011-07-22 19:22 . 2011-07-22 19:22 -------- d-----w- e:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-22 19:22 . 2011-07-22 19:22 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2011-07-22 19:22 . 2010-12-20 16:08 19288 ----a-w- e:\windows\system32\drivers\mbam.sys
2011-07-22 18:58 . 2011-07-22 18:58 -------- d-----w- e:\program files\AMD APP
2011-07-22 18:58 . 2011-07-22 18:58 -------- d-----w- e:\program files\ATI
2011-07-22 18:58 . 2011-07-22 18:58 -------- d-----w- e:\program files\ATI Technologies
2011-07-22 18:48 . 2011-07-22 18:55 -------- d-----w- e:\program files\trend micro
2011-07-22 18:48 . 2011-07-22 18:49 -------- d-----w- E:\rsit
2011-07-22 18:47 . 2011-07-22 18:47 -------- d-----w- E:\ATI
2011-07-22 18:35 . 2011-07-22 18:35 -------- d-----w- e:\windows\phoenix
2011-07-22 18:35 . 2011-07-22 18:35 -------- d-----w- e:\windows\ufa
2011-07-21 12:03 . 2011-07-21 12:03 -------- d-----w- e:\windows\av_ico
2011-07-21 11:15 . 2011-07-22 18:35 246272 ----a-w- e:\windows\unrar.exe
2011-07-21 11:02 . 2011-07-22 20:47 -------- d--h--w- e:\windows\update.tray-8-0-lnk
2011-07-21 11:02 . 2011-07-22 20:47 -------- d--h--w- e:\windows\update.tray-8-0
2011-07-05 17:49 . 2011-07-05 17:49 -------- d-----w- e:\program files\LogMeIn Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-17 19:11 . 2011-05-24 11:43 404640 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- e:\windows\system32\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- e:\windows\system32\OpenCL.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- e:\windows\system32\amdocl.dll
2005-08-04 21:30 . 2005-08-04 21:28 10 ----a-w- e:\program files\cc.bin
2003-02-28 21:22 . 2005-08-04 21:30 140800 ----a-w- e:\program files\BINKPLAY.EXE
1999-10-08 21:31 . 2005-08-04 21:30 163840 ----a-w- e:\program files\UPDATE.EXE
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . e:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wscntfy.exe
.
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . e:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xmlprov.dll
.
[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . e:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\mspmsnsv.dll
[-] 2002-11-27 02:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [9.0.1.56] . . e:\windows\system32\mspmsnsv.dll
.
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . e:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\d3d9.dll
[-] 2004-07-09 12:27 . 0E51BD586D186F61A9E4453DB8AEC774 . 1703936 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . e:\windows\system32\d3d9.dll
.
e:\windows\System32\wscntfy.exe ... is missing !!
e:\windows\System32\xmlprov.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="e:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-08-26 860160]
"swg"="e:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-21 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-11-13 62464]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2005-08-17 77824]
"PinnacleDriverCheck"="e:\windows\System32\PSDrvCheck.exe" [2003-12-04 406016]
"Adobe Photo Downloader"="e:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"SpywareTerminator"="e:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-05-06 1817600]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\System32\CTFMON.EXE" [2003-03-31 13312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2003-03-31 51200]
.
e:\documents and settings\rr\Start Menu\Programs\Startup\
Adobe Media Player.lnk - e:\program files\Adobe Media Player\Adobe Media Player.exe [2009-2-12 261120]
PowerReg Scheduler.exe [2005-8-15 256000]
.
e:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - e:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Bluetooth.lnk - e:\program files\MSI\BToes Bluetooth Software\BTTray.exe [2005-3-30 569405]
hp psc 1000 series.lnk - e:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - e:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Microsoft Office.lnk - e:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Picture Package Menu.lnk - e:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-9-1 151552]
Picture Package VCD Maker.lnk - e:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-9-1 106496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
R0 avgntmgr;avgntmgr;e:\windows\system32\drivers\avgntmgr.sys [3.5.2008 20:32 22360]
R0 sonypvl2;sonypvl2;e:\windows\system32\drivers\sonypvl2.sys [2.7.2005 20:51 19478]
R0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [30.8.2010 20:28 697328]
R0 viasraid;viasraid;e:\windows\system32\drivers\viasraid.sys [11.8.2003 16:52 75904]
R1 avgntdd;avgntdd;e:\windows\system32\drivers\avgntdd.sys [3.5.2008 20:32 45400]
R1 sonypvf2;sonypvf2;e:\windows\system32\drivers\sonypvf2.sys [2.7.2005 20:51 635012]
R1 sonypvt2;sonypvt2;e:\windows\system32\drivers\sonypvt2.sys [2.7.2005 20:51 431236]
R1 sp_rsdrv2;Spyware Terminator Driver 2;e:\windows\system32\drivers\sp_rsdrv2.sys [6.5.2008 5:39 141312]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;e:\program files\LogMeIn Hamachi\hamachi-2.exe [25.5.2011 17:29 1336712]
R2 ICQ Service;ICQ Service;e:\program files\ICQ6Toolbar\ICQ Service.exe [19.6.2008 15:30 222968]
R2 Pokernet;Pokernet;e:\documents and settings\rr\Application Data\MyPokerLab\Pokernet\Pokernet Service.exe [15.10.2010 10:30 520192]
R3 seehcri;Sony Ericsson seehcri Device Driver;e:\windows\system32\drivers\seehcri.sys [19.4.2010 19:24 27632]
S1 sonypvd2;sonypvd2;e:\windows\system32\drivers\sonypvd2.sys [2.7.2005 20:51 64093]
S2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler;"e:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe" --> e:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe [?]
S2 gupdate;Služba Google Update (gupdate);e:\program files\Google\Update\GoogleUpdate.exe [2.2.2010 16:50 135664]
S3 gupdatem;Služba Google Update (gupdatem);e:\program files\Google\Update\GoogleUpdate.exe [2.2.2010 16:50 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;e:\windows\system32\drivers\mbamswissarmy.sys [22.7.2011 21:22 38224]
S3 pnicml;pnicml;\??\e:\docume~1\rr\LOCALS~1\Temp\pnicml.sys --> e:\docume~1\rr\LOCALS~1\Temp\pnicml.sys [?]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;e:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [17.1.2011 9:59 155344]
.
Contents of the 'Scheduled Tasks' folder
.
2005-09-16 e:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1100 series5E771253C1676EBED677BF361FDFC537825E15B8115396095.job
- e:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 07:52]
.
2011-07-23 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- e:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 14:50]
.
2011-07-23 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- e:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 14:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1098640
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
IE: E&xportovať do programu Microsoft Excel - e:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - e:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Send To &Bluetooth - e:\program files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
TCP: DhcpNameServer = 10.0.0.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - e:\progra~1\Crawler\Toolbar\ctbr.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
URLSearchHooks-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - (no file)
WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-sysdriver32.exe - e:\windows\sysdriver32.exe
HKLM-Run-sysdriver32_.exe - e:\windows\sysdriver32_.exe
AddRemove-Adobe Acrobat 4.0 - e:\windows\ISUN0407.EXE
AddRemove-NHL 98 - e:\ea sports\NHL 98\DeIsL1.isu
AddRemove-Worms2 - e:\team17\Worms2\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-23 21:11
Windows 5.1.2600 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(760)
e:\windows\system32\ODBC32.dll
.
- - - - - - - > 'lsass.exe'(816)
e:\windows\System32\dssenh.dll
.
- - - - - - - > 'explorer.exe'(3852)
e:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
e:\program files\Common Files\Microsoft Shared\Web Components\10\1051\OWCI10.DLL
e:\windows\System32\MSCTF.dll
e:\windows\System32\mlang.dll
e:\windows\System32\msimtf.dll
e:\windows\System32\MSLS31.DLL
.
------------------------ Other Running Processes ------------------------
.
e:\windows\System32\Ati2evxx.exe
e:\program files\MSI\BToes Bluetooth Software\bin\btwdins.exe
e:\program files\Java\jre6\bin\jqs.exe
e:\program files\Spyware Terminator\sp_rsser.exe
e:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
e:\windows\System32\WgaTray.exe
e:\progra~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
e:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
.
**************************************************************************
.
Completion time: 2011-07-23 21:14:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-23 19:14
.
Pre-Run: 6 589 812 736 bytes free
Post-Run: 6 653 493 248 voľných bajtov
.
- - End Of File - - 4D03D8AEC08BBFE087ED317D358CC923
a pracuje se na nem 
.
Combofix se nema pouzivat bez doporuceni - vizte nize
