Nejde zapnut antivirus
Napsal: 05 lis 2011 18:38
Ahoj
stiahol som z netu jednu blbost a odvtedy mi nejde zapnut antivir. Povodne som mal MS Security Essential, ten som vymazal a stiahol trial ESET. S nim som nasiel Sirefef.CB, odstranil ale po restarte nejde zapnut ani ESET - hlasi: "Chyba pri komunikacii s jadrom." To je vraj IRC.Bot trojan - na ten som stiahol ESET utilitu, ale nepomohla.
Pripajam log, vopred dakujem za pomoc!
ComboFix 11-11-05.02 - ameriMEDIA 05.11.2011 18:08:27.1.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.2047.1621 [GMT 1:00]
Running from: e:\documents and settings\ameriMEDIA\My Documents\Downloads\ComboFix.exe
AV: ESET Smart Security 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\documents and settings\ameriMEDIA\WINDOWS
e:\windows\$NtUninstallKB50375$
e:\windows\$NtUninstallKB50375$\1241674042\@
e:\windows\$NtUninstallKB50375$\1241674042\L\tajtoyph
e:\windows\$NtUninstallKB50375$\1241674042\U\@00000001
e:\windows\$NtUninstallKB50375$\1241674042\U\@000000c0
e:\windows\$NtUninstallKB50375$\1241674042\U\@000000cb
e:\windows\$NtUninstallKB50375$\1241674042\U\@000000cf
e:\windows\$NtUninstallKB50375$\1241674042\U\@80000000
e:\windows\$NtUninstallKB50375$\1241674042\U\@800000c0
e:\windows\$NtUninstallKB50375$\1241674042\U\@800000cb
e:\windows\$NtUninstallKB50375$\1241674042\U\@800000cf
e:\windows\$NtUninstallKB50375$\617478641
e:\windows\system32\lsprst7.dll
e:\windows\system32\ssprs.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_4a02713a
.
.
((((((((((((((((((((((((( Files Created from 2011-10-05 to 2011-11-05 )))))))))))))))))))))))))))))))
.
.
2011-11-05 16:48 . 2011-11-05 16:48 -------- d-----w- e:\program files\Ultimate Process Manager
2011-11-04 20:00 . 2011-11-04 20:00 -------- d-----w- e:\program files\Intel Corporation
2011-11-04 13:50 . 2011-11-04 12:42 16432 ----a-w- e:\windows\system32\lsdelete.exe
2011-11-04 12:42 . 2011-11-04 12:42 101720 ----a-w- e:\windows\system32\drivers\SBREDrv.sys
2011-11-04 12:28 . 2011-10-28 18:35 64512 ----a-w- e:\windows\system32\drivers\Lbd.sys
2011-11-04 12:28 . 2011-11-04 12:28 -------- d-----w- e:\program files\Lavasoft
2011-11-02 19:26 . 2011-11-02 19:26 -------- d-----w- e:\program files\Topsevenreviews
2011-10-28 16:18 . 2011-11-01 15:51 -------- d-----w- e:\program files\ESET
2011-10-28 08:54 . 2011-10-28 16:43 -------- d-----w- e:\documents and settings\All Users\Application Data\AVAST Software
2011-10-28 08:54 . 2011-10-28 08:54 -------- d-----w- e:\program files\AVAST Software
2011-10-26 17:03 . 2011-10-26 17:18 -------- d-----w- e:\documents and settings\Administrator
2011-10-26 16:32 . 2011-10-26 16:32 -------- d-sh--w- e:\documents and settings\ameriMEDIA\Local Settings\Application Data\4a02713a
2011-10-26 16:31 . 2011-10-26 16:31 -------- d-----w- e:\documents and settings\ameriMEDIA\Local Settings\Application Data\Aiseesoft Studio
2011-10-23 15:17 . 2011-10-23 15:17 -------- d-----w- e:\program files\iPod
2011-10-23 15:17 . 2011-10-23 15:18 -------- d-----w- e:\program files\iTunes
2011-10-23 15:12 . 2011-10-23 15:12 -------- d-----w- e:\program files\Bonjour
2011-10-18 16:42 . 2008-08-28 14:52 627072 ----a-w- e:\windows\system32\drivers\rt2870.sys
2011-10-18 16:42 . 2008-08-28 14:38 221184 ----a-w- e:\windows\system32\RaCoInst.dll
2011-10-18 16:42 . 2011-10-18 16:42 -------- d-----w- e:\program files\Tenda
2011-10-09 18:16 . 2011-10-09 18:16 -------- d-sh--w- e:\documents and settings\ameriMEDIA\IECompatCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-04 18:57 . 2008-02-24 19:59 196582 ----a-w- e:\windows\system32\drivers\aStandard.bin
2011-10-28 17:28 . 2011-10-28 17:28 64512 ----a-w- e:\windows\system32\drivers\serial.sys.org
2011-10-18 16:42 . 2009-05-17 18:49 21419 ----a-w- e:\windows\system32\drivers\AegisP.sys
2011-10-13 06:00 . 2011-05-17 19:02 414368 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-03 10:17 . 2006-02-28 12:00 599040 ----a-w- e:\windows\system32\crypt32.dll
2011-08-30 21:05 . 2011-08-30 21:05 83816 ----a-w- e:\windows\system32\dns-sd.exe
2011-08-30 21:05 . 2011-08-30 21:05 73064 ----a-w- e:\windows\system32\dnssd.dll
2011-08-30 21:05 . 2011-08-30 21:05 178536 ----a-w- e:\windows\system32\dnssdX.dll
2011-08-09 12:24 . 2011-08-09 12:24 154136 ----a-w- e:\windows\system32\drivers\eamon.sys
2011-08-09 07:37 . 2011-08-09 07:37 39824 ----a-w- e:\windows\system32\drivers\epfwndis.sys
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- e:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- e:\program files\opera\program\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="e:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"JMB36X IDE Setup"="e:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="e:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
"ASUSGamerOSD"="e:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-17 61440]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"APSDaemon"="e:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"egui"="e:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="e:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
e:\documents and settings\All Users\Start Menu\Programs\Startup\
W302U.lnk - e:\program files\Tenda\W302U\UI.exe [2011-10-18 2125824]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=e:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^INTELLINET Wireless Utility.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\INTELLINET Wireless Utility.lnk
backup=e:\windows\pss\INTELLINET Wireless Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\E:^Documents and Settings^ameriMEDIA^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=e:\documents and settings\ameriMEDIA\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=e:\windows\pss\Adobe Gamma.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
e:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 19:59 937920 ----a-r- e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- e:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- e:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-11-16 18:04 139264 ----a-w- e:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-10 09:02 216520 ----a-w- e:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 16:06 421736 ----a-w- e:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- e:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"IDriverT"=3 (0x3)
"ATKKeyboardService"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"avast! Mail Scanner"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"mi-raysat_3dsMax2008_32"=2 (0x2)
"iPod Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\totalcmd\\TOTALCMD.EXE"=
"e:\\Program Files\\eMule\\emule.exe"=
"e:\\WINDOWS\\system32\\dpnsvr.exe"=
"e:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"e:\\Documents and Settings\\ameriMEDIA\\Desktop\\iphone\\tinyumbrella-4.21.05.exe"=
"e:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 Lbd;Lbd;e:\windows\system32\drivers\Lbd.sys [4.11.2011 13:28 64512]
R0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [31.12.2008 16:36 717296]
R1 ehdrv;ehdrv;e:\windows\system32\drivers\ehdrv.sys [4.8.2011 8:20 118104]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\Lavasoft\Ad-Aware\AAWService.exe [28.10.2011 19:35 2152152]
S1 MpKsl7f50e9cb;MpKsl7f50e9cb;\??\e:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0CD46F01-DC97-406C-83D2-AB9DC7009A02}\MpKsl7f50e9cb.sys --> e:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0CD46F01-DC97-406C-83D2-AB9DC7009A02}\MpKsl7f50e9cb.sys [?]
S2 ekrn;ESET Service;e:\program files\ESET\ESET Smart Security\ekrn.exe [22.9.2011 11:03 974944]
S3 esihdrv;esihdrv;\??\e:\docume~1\AMERIM~1\LOCALS~1\Temp\esihdrv.sys --> e:\docume~1\AMERIM~1\LOCALS~1\Temp\esihdrv.sys [?]
S3 HPPLSBULK;HPPLSBULK;e:\windows\system32\drivers\hpplsbulk.sys [2.2.2005 17:29 9344]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;e:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [28.10.2011 19:35 15232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-05 e:\windows\Tasks\Ad-Aware Update (Weekly).job
- e:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-10-28 18:35]
.
2011-10-12 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-11-02 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1659004503-1801674531-1004Core.job
- e:\documents and settings\ameriMEDIA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-23 09:40]
.
2011-11-04 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1659004503-1801674531-1004UA.job
- e:\documents and settings\ameriMEDIA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-23 09:40]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.80.175.66 195.80.171.4
FF - ProfilePath - e:\documents and settings\ameriMEDIA\Application Data\Mozilla\Firefox\Profiles\azyt23jm.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - e:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-DivXUpdate - e:\program files\DivX\DivX Update\DivXUpdate.exe
MSConfigStartUp-LogMeIn Hamachi Ui - e:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
MSConfigStartUp-Uniblue RegistryBooster 2 - e:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-05 18:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1614895754-1659004503-1801674531-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:45,15,ea,4a,f4,01,07,80,41,37,e5,70,3b,e0,01,57,b7,8f,7c,65,e1,86,14,
da,d9,fc,ff,5a,1b,2d,1f,4e,48,82,49,32,5d,70,07,b0,52,53,41,da,12,34,ae,da,\
"??"=hex:d1,90,9f,78,11,4e,2d,bf,a9,7c,fb,86,fc,c3,a6,48
.
[HKEY_USERS\S-1-5-21-1614895754-1659004503-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:0d,d1,66,34,15,a0,b2,b4,97,00,3d,3c,97,c4,f6,29,fb,f1,c5,ba,8a,
77,64,90,85,71,22,16,20,eb,1c,15,06,70,8d,1b,d7,fc,01,4a,a0,22,96,37,c2,f9,\
"rkeysecu"=hex:c6,c9,f0,dc,20,aa,bc,60,16,80,52,9a,ba,e5,6e,a1
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:ea,82,95,fe,61,db,bb,fb,f3,e7,e9,7f,70,0b,1d,7b,3b,c2,c4,66,05,
dd,d6,6f,d6,f9,ee,02,41,74,68,3d,42,af,6b,1f,25,2a,ea,b2,e6,8f,1c,ff,25,71,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:ea,82,95,fe,61,db,bb,fb,f3,e7,e9,7f,70,0b,1d,7b,3b,c2,c4,66,05,
dd,d6,6f,d6,f9,ee,02,41,74,68,3d,42,af,6b,1f,25,2a,ea,b2,e6,8f,1c,ff,25,71,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1428)
e:\windows\system32\Ati2evxx.dll
e:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(472)
e:\windows\system32\WININET.dll
e:\windows\system32\ieframe.dll
e:\windows\system32\webcheck.dll
e:\windows\system32\WPDShServiceObj.dll
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
e:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
e:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
e:\program files\Bonjour\mDNSResponder.exe
e:\program files\Java\jre6\bin\jqs.exe
e:\windows\system32\wbem\unsecapp.exe
e:\program files\Lavasoft\Ad-Aware\AAWTray.exe
e:\program files\iPod\bin\iPodService.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2011-11-05 18:29:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-05 17:29
.
Pre-Run: 61 650 284 544 bytes free
Post-Run: 9 adresárov, 61 911 908 352 voľných bajtov
.
- - End Of File - - DB246147DD03F60E0505176D037FCC9E
stiahol som z netu jednu blbost a odvtedy mi nejde zapnut antivir. Povodne som mal MS Security Essential, ten som vymazal a stiahol trial ESET. S nim som nasiel Sirefef.CB, odstranil ale po restarte nejde zapnut ani ESET - hlasi: "Chyba pri komunikacii s jadrom." To je vraj IRC.Bot trojan - na ten som stiahol ESET utilitu, ale nepomohla.
Pripajam log, vopred dakujem za pomoc!
ComboFix 11-11-05.02 - ameriMEDIA 05.11.2011 18:08:27.1.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.2047.1621 [GMT 1:00]
Running from: e:\documents and settings\ameriMEDIA\My Documents\Downloads\ComboFix.exe
AV: ESET Smart Security 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\documents and settings\ameriMEDIA\WINDOWS
e:\windows\$NtUninstallKB50375$
e:\windows\$NtUninstallKB50375$\1241674042\@
e:\windows\$NtUninstallKB50375$\1241674042\L\tajtoyph
e:\windows\$NtUninstallKB50375$\1241674042\U\@00000001
e:\windows\$NtUninstallKB50375$\1241674042\U\@000000c0
e:\windows\$NtUninstallKB50375$\1241674042\U\@000000cb
e:\windows\$NtUninstallKB50375$\1241674042\U\@000000cf
e:\windows\$NtUninstallKB50375$\1241674042\U\@80000000
e:\windows\$NtUninstallKB50375$\1241674042\U\@800000c0
e:\windows\$NtUninstallKB50375$\1241674042\U\@800000cb
e:\windows\$NtUninstallKB50375$\1241674042\U\@800000cf
e:\windows\$NtUninstallKB50375$\617478641
e:\windows\system32\lsprst7.dll
e:\windows\system32\ssprs.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_4a02713a
.
.
((((((((((((((((((((((((( Files Created from 2011-10-05 to 2011-11-05 )))))))))))))))))))))))))))))))
.
.
2011-11-05 16:48 . 2011-11-05 16:48 -------- d-----w- e:\program files\Ultimate Process Manager
2011-11-04 20:00 . 2011-11-04 20:00 -------- d-----w- e:\program files\Intel Corporation
2011-11-04 13:50 . 2011-11-04 12:42 16432 ----a-w- e:\windows\system32\lsdelete.exe
2011-11-04 12:42 . 2011-11-04 12:42 101720 ----a-w- e:\windows\system32\drivers\SBREDrv.sys
2011-11-04 12:28 . 2011-10-28 18:35 64512 ----a-w- e:\windows\system32\drivers\Lbd.sys
2011-11-04 12:28 . 2011-11-04 12:28 -------- d-----w- e:\program files\Lavasoft
2011-11-02 19:26 . 2011-11-02 19:26 -------- d-----w- e:\program files\Topsevenreviews
2011-10-28 16:18 . 2011-11-01 15:51 -------- d-----w- e:\program files\ESET
2011-10-28 08:54 . 2011-10-28 16:43 -------- d-----w- e:\documents and settings\All Users\Application Data\AVAST Software
2011-10-28 08:54 . 2011-10-28 08:54 -------- d-----w- e:\program files\AVAST Software
2011-10-26 17:03 . 2011-10-26 17:18 -------- d-----w- e:\documents and settings\Administrator
2011-10-26 16:32 . 2011-10-26 16:32 -------- d-sh--w- e:\documents and settings\ameriMEDIA\Local Settings\Application Data\4a02713a
2011-10-26 16:31 . 2011-10-26 16:31 -------- d-----w- e:\documents and settings\ameriMEDIA\Local Settings\Application Data\Aiseesoft Studio
2011-10-23 15:17 . 2011-10-23 15:17 -------- d-----w- e:\program files\iPod
2011-10-23 15:17 . 2011-10-23 15:18 -------- d-----w- e:\program files\iTunes
2011-10-23 15:12 . 2011-10-23 15:12 -------- d-----w- e:\program files\Bonjour
2011-10-18 16:42 . 2008-08-28 14:52 627072 ----a-w- e:\windows\system32\drivers\rt2870.sys
2011-10-18 16:42 . 2008-08-28 14:38 221184 ----a-w- e:\windows\system32\RaCoInst.dll
2011-10-18 16:42 . 2011-10-18 16:42 -------- d-----w- e:\program files\Tenda
2011-10-09 18:16 . 2011-10-09 18:16 -------- d-sh--w- e:\documents and settings\ameriMEDIA\IECompatCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-04 18:57 . 2008-02-24 19:59 196582 ----a-w- e:\windows\system32\drivers\aStandard.bin
2011-10-28 17:28 . 2011-10-28 17:28 64512 ----a-w- e:\windows\system32\drivers\serial.sys.org
2011-10-18 16:42 . 2009-05-17 18:49 21419 ----a-w- e:\windows\system32\drivers\AegisP.sys
2011-10-13 06:00 . 2011-05-17 19:02 414368 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-03 10:17 . 2006-02-28 12:00 599040 ----a-w- e:\windows\system32\crypt32.dll
2011-08-30 21:05 . 2011-08-30 21:05 83816 ----a-w- e:\windows\system32\dns-sd.exe
2011-08-30 21:05 . 2011-08-30 21:05 73064 ----a-w- e:\windows\system32\dnssd.dll
2011-08-30 21:05 . 2011-08-30 21:05 178536 ----a-w- e:\windows\system32\dnssdX.dll
2011-08-09 12:24 . 2011-08-09 12:24 154136 ----a-w- e:\windows\system32\drivers\eamon.sys
2011-08-09 07:37 . 2011-08-09 07:37 39824 ----a-w- e:\windows\system32\drivers\epfwndis.sys
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- e:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- e:\program files\opera\program\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="e:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"JMB36X IDE Setup"="e:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="e:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
"ASUSGamerOSD"="e:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-17 61440]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"APSDaemon"="e:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"egui"="e:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="e:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
e:\documents and settings\All Users\Start Menu\Programs\Startup\
W302U.lnk - e:\program files\Tenda\W302U\UI.exe [2011-10-18 2125824]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=e:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^INTELLINET Wireless Utility.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\INTELLINET Wireless Utility.lnk
backup=e:\windows\pss\INTELLINET Wireless Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\E:^Documents and Settings^ameriMEDIA^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=e:\documents and settings\ameriMEDIA\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=e:\windows\pss\Adobe Gamma.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
e:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 19:59 937920 ----a-r- e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- e:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- e:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-11-16 18:04 139264 ----a-w- e:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-10 09:02 216520 ----a-w- e:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 16:06 421736 ----a-w- e:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- e:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"IDriverT"=3 (0x3)
"ATKKeyboardService"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"avast! Mail Scanner"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"mi-raysat_3dsMax2008_32"=2 (0x2)
"iPod Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\totalcmd\\TOTALCMD.EXE"=
"e:\\Program Files\\eMule\\emule.exe"=
"e:\\WINDOWS\\system32\\dpnsvr.exe"=
"e:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"e:\\Documents and Settings\\ameriMEDIA\\Desktop\\iphone\\tinyumbrella-4.21.05.exe"=
"e:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 Lbd;Lbd;e:\windows\system32\drivers\Lbd.sys [4.11.2011 13:28 64512]
R0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [31.12.2008 16:36 717296]
R1 ehdrv;ehdrv;e:\windows\system32\drivers\ehdrv.sys [4.8.2011 8:20 118104]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\Lavasoft\Ad-Aware\AAWService.exe [28.10.2011 19:35 2152152]
S1 MpKsl7f50e9cb;MpKsl7f50e9cb;\??\e:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0CD46F01-DC97-406C-83D2-AB9DC7009A02}\MpKsl7f50e9cb.sys --> e:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0CD46F01-DC97-406C-83D2-AB9DC7009A02}\MpKsl7f50e9cb.sys [?]
S2 ekrn;ESET Service;e:\program files\ESET\ESET Smart Security\ekrn.exe [22.9.2011 11:03 974944]
S3 esihdrv;esihdrv;\??\e:\docume~1\AMERIM~1\LOCALS~1\Temp\esihdrv.sys --> e:\docume~1\AMERIM~1\LOCALS~1\Temp\esihdrv.sys [?]
S3 HPPLSBULK;HPPLSBULK;e:\windows\system32\drivers\hpplsbulk.sys [2.2.2005 17:29 9344]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;e:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [28.10.2011 19:35 15232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-05 e:\windows\Tasks\Ad-Aware Update (Weekly).job
- e:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-10-28 18:35]
.
2011-10-12 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-11-02 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1659004503-1801674531-1004Core.job
- e:\documents and settings\ameriMEDIA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-23 09:40]
.
2011-11-04 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1659004503-1801674531-1004UA.job
- e:\documents and settings\ameriMEDIA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-23 09:40]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.80.175.66 195.80.171.4
FF - ProfilePath - e:\documents and settings\ameriMEDIA\Application Data\Mozilla\Firefox\Profiles\azyt23jm.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - e:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-DivXUpdate - e:\program files\DivX\DivX Update\DivXUpdate.exe
MSConfigStartUp-LogMeIn Hamachi Ui - e:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
MSConfigStartUp-Uniblue RegistryBooster 2 - e:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-05 18:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1614895754-1659004503-1801674531-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:45,15,ea,4a,f4,01,07,80,41,37,e5,70,3b,e0,01,57,b7,8f,7c,65,e1,86,14,
da,d9,fc,ff,5a,1b,2d,1f,4e,48,82,49,32,5d,70,07,b0,52,53,41,da,12,34,ae,da,\
"??"=hex:d1,90,9f,78,11,4e,2d,bf,a9,7c,fb,86,fc,c3,a6,48
.
[HKEY_USERS\S-1-5-21-1614895754-1659004503-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:0d,d1,66,34,15,a0,b2,b4,97,00,3d,3c,97,c4,f6,29,fb,f1,c5,ba,8a,
77,64,90,85,71,22,16,20,eb,1c,15,06,70,8d,1b,d7,fc,01,4a,a0,22,96,37,c2,f9,\
"rkeysecu"=hex:c6,c9,f0,dc,20,aa,bc,60,16,80,52,9a,ba,e5,6e,a1
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:ea,82,95,fe,61,db,bb,fb,f3,e7,e9,7f,70,0b,1d,7b,3b,c2,c4,66,05,
dd,d6,6f,d6,f9,ee,02,41,74,68,3d,42,af,6b,1f,25,2a,ea,b2,e6,8f,1c,ff,25,71,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:ea,82,95,fe,61,db,bb,fb,f3,e7,e9,7f,70,0b,1d,7b,3b,c2,c4,66,05,
dd,d6,6f,d6,f9,ee,02,41,74,68,3d,42,af,6b,1f,25,2a,ea,b2,e6,8f,1c,ff,25,71,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1428)
e:\windows\system32\Ati2evxx.dll
e:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(472)
e:\windows\system32\WININET.dll
e:\windows\system32\ieframe.dll
e:\windows\system32\webcheck.dll
e:\windows\system32\WPDShServiceObj.dll
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
e:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
e:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
e:\program files\Bonjour\mDNSResponder.exe
e:\program files\Java\jre6\bin\jqs.exe
e:\windows\system32\wbem\unsecapp.exe
e:\program files\Lavasoft\Ad-Aware\AAWTray.exe
e:\program files\iPod\bin\iPodService.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2011-11-05 18:29:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-05 17:29
.
Pre-Run: 61 650 284 544 bytes free
Post-Run: 9 adresárov, 61 911 908 352 voľných bajtov
.
- - End Of File - - DB246147DD03F60E0505176D037FCC9E
