Zvirene pc, nechce otvarat zastupcov s plochy
Napsal: 21 říj 2012 15:24
Dobry den, pc nechce otvarat zastupcov ulozenych na ploche, cez ponuku start ich otvaram v pohode.
Bolo tu 12 virou, vecsinou postahovanych cez toolbary, po odinstalacii zacalo pc blbnut.
V pc boli dokonca naistalovane dva antiviry.
Log cez Rsit nejde urobit, dakujem.
ComboFix 12-10-21.01 - kristina 21.10.2012 16:00:52.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.446.184 [GMT 2:00]
Spuštěný z: c:\documents and settings\kristina\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\100
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TheBflix
c:\documents and settings\All Users\Application Data\TheBflix\background.html
c:\documents and settings\All Users\Application Data\TheBflix\content.js
c:\documents and settings\All Users\Application Data\TheBflix\ekdjfcdinekpfcedakhpngcnaamhiihn.crx
c:\documents and settings\All Users\Application Data\TheBflix\settings.ini
c:\documents and settings\All Users\Application Data\TheBflix\uninstall.exe
c:\windows\msmqinst.log
c:\windows\system32\MUI\0405\tourstart.exe
c:\windows\system32\SET8E.tmp
c:\windows\system32\SET90.tmp
c:\windows\system32\SET91.tmp
c:\windows\system32\SET97.tmp
c:\windows\system32\SET98.tmp
c:\windows\system32\SET99.tmp
c:\windows\system32\SET9D.tmp
c:\windows\system32\SETA0.tmp
c:\windows\system32\SETA1.tmp
.
Nakažená kopie c:\windows\system32\midimap.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\$NtServicePackUninstall$\midimap.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-21 do 2012-10-21 )))))))))))))))))))))))))))))))
.
.
2012-10-21 14:00 . 2012-10-21 14:00 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA27CE85-6B5C-410B-9BA6-C36235D815AA}\MpKsl9abf29ba.sys
2012-10-21 11:53 . 2012-10-21 11:53 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA27CE85-6B5C-410B-9BA6-C36235D815AA}\offreg.dll
2012-10-21 11:53 . 2012-10-21 11:53 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA27CE85-6B5C-410B-9BA6-C36235D815AA}\MpKsle78a9717.sys
2012-10-21 11:39 . 2012-10-11 20:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA27CE85-6B5C-410B-9BA6-C36235D815AA}\mpengine.dll
2012-10-21 11:35 . 2012-10-21 11:35 -------- d-----w- c:\program files\Microsoft Security Client
2012-10-21 10:43 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-10-21 10:24 . 2012-10-21 11:13 -------- d-----w- c:\program files\AVAST Software
2012-10-21 10:24 . 2012-10-21 11:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-10-20 14:53 . 2012-10-20 14:54 -------- d-----w- c:\program files\Microsoft Bootvis
2012-10-20 12:53 . 2012-10-20 12:54 -------- d-----w- c:\documents and settings\kristina\Application Data\MSNInstaller
2012-10-20 12:45 . 2012-10-21 12:15 781383 ----a-w- C:\RSIT.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-21 14:14 . 2012-10-21 14:14 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA27CE85-6B5C-410B-9BA6-C36235D815AA}\MpKslee9135b5.sys
2012-08-30 20:03 . 2012-08-30 20:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-27 19:12 . 2004-08-04 01:07 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 19:12 . 2004-08-04 01:07 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-08-27 19:12 . 2010-02-14 01:08 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 19:12 . 2004-08-04 01:07 17408 ----a-w- c:\windows\system32\corpol.dll
2012-08-24 13:53 . 2004-08-04 01:07 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29 . 2004-08-04 01:07 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-03 22:59 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-06 14:18 . 2012-08-06 14:18 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2012-08-06 14:17 . 2012-08-06 14:17 600928 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-06-14 22:19 . 2012-06-24 12:01 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 00:11 . 97C9CD13793088BC6BA9E2C56E5B104A . 1493504 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 . 97C9CD13793088BC6BA9E2C56E5B104A . 1493504 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[7] 2004-08-04 01:07 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . A913E1FF4C0BDA15FC542430182EB7B6 . 368640 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . A913E1FF4C0BDA15FC542430182EB7B6 . 368640 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[7] 2004-08-04 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\kristina\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 19:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-01-31 21:06 17146504 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-11-16 21:42 577536 ----a-r- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2005-03-07 19:33 53248 ----a-r- c:\windows\system32\VTTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
2006-03-23 08:02 176128 ----a-r- c:\windows\system32\VTTrayp.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R1 MpKslee9135b5;MpKslee9135b5;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA27CE85-6B5C-410B-9BA6-C36235D815AA}\MpKslee9135b5.sys [21.10.2012 16:14 29904]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [13.2.2010 0:10 51072]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12.12.2009 0:56 47360]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [16.1.2010 18:08 36608]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [24.6.2012 14:01 113120]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [15.9.2010 17:36 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [15.9.2010 17:36 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [15.9.2010 17:36 121856]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSLEE9135B5
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-21 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 15:25]
.
2012-10-21 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 15:25]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://findgala.com/?&uid=213&q={searchTerms}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\kristina\Application Data\Mozilla\Firefox\Profiles\y1oiwu54.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: extensions.BabylonToolbar_i.id - e0617795000000000000001d920ac47e
FF - user.js: extensions.BabylonToolbar_i.hardId - e0617795000000000000001d920ac47e
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15397
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:47
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100888
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=nv1
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=nv1
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=nv1&q=
FF - user.js: extensions.funmoods_i.id - e0617795000000000000001d920ac47e
FF - user.js: extensions.funmoods_i.instlDay - 15413
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1617:39
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - nv1
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
Toolbar-Locked - (no file)
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-hpqSRMon - c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
MSConfigStartUp-ICQ - c:\program files\ICQ7.2\ICQ.exe
MSConfigStartUp-Power DVD Player - c:\program files\Power DVD Player\PowerDVDPlayer.exe
MSConfigStartUp-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe
AddRemove-{37476589-E48E-439E-A706-56189E2ED4C4} - c:\documents and settings\All Users\Application Data\TheBflix\uninstall.exe
AddRemove-{7585478E9D9B42108671C12F8714CEFE} - c:\program files\DivX\DivXConverterUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-21 16:14
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'explorer.exe'(1988)
c:\windows\system32\WININET.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\credui.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Celkový čas: 2012-10-21 16:21:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-21 14:21
.
Před spuštěním: 8 673 484 800 bytes free
Po spuštění: 8 775 393 280
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 1DC8593DD6DD7059323F5102B790B0CD
Bolo tu 12 virou, vecsinou postahovanych cez toolbary, po odinstalacii zacalo pc blbnut.
V pc boli dokonca naistalovane dva antiviry.
Log cez Rsit nejde urobit, dakujem.
ComboFix 12-10-21.01 - kristina 21.10.2012 16:00:52.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.446.184 [GMT 2:00]
Spuštěný z: c:\documents and settings\kristina\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\100
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TheBflix
c:\documents and settings\All Users\Application Data\TheBflix\background.html
c:\documents and settings\All Users\Application Data\TheBflix\content.js
c:\documents and settings\All Users\Application Data\TheBflix\ekdjfcdinekpfcedakhpngcnaamhiihn.crx
c:\documents and settings\All Users\Application Data\TheBflix\settings.ini
c:\documents and settings\All Users\Application Data\TheBflix\uninstall.exe
c:\windows\msmqinst.log
c:\windows\system32\MUI\0405\tourstart.exe
c:\windows\system32\SET8E.tmp
c:\windows\system32\SET90.tmp
c:\windows\system32\SET91.tmp
c:\windows\system32\SET97.tmp
c:\windows\system32\SET98.tmp
c:\windows\system32\SET99.tmp
c:\windows\system32\SET9D.tmp
c:\windows\system32\SETA0.tmp
c:\windows\system32\SETA1.tmp
.
Nakažená kopie c:\windows\system32\midimap.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\$NtServicePackUninstall$\midimap.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-21 do 2012-10-21 )))))))))))))))))))))))))))))))
.
.
2012-10-21 14:00 . 2012-10-21 14:00 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA27CE85-6B5C-410B-9BA6-C36235D815AA}\MpKsl9abf29ba.sys
2012-10-21 11:53 . 2012-10-21 11:53 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA27CE85-6B5C-410B-9BA6-C36235D815AA}\offreg.dll
2012-10-21 11:53 . 2012-10-21 11:53 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA27CE85-6B5C-410B-9BA6-C36235D815AA}\MpKsle78a9717.sys
2012-10-21 11:39 . 2012-10-11 20:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA27CE85-6B5C-410B-9BA6-C36235D815AA}\mpengine.dll
2012-10-21 11:35 . 2012-10-21 11:35 -------- d-----w- c:\program files\Microsoft Security Client
2012-10-21 10:43 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-10-21 10:24 . 2012-10-21 11:13 -------- d-----w- c:\program files\AVAST Software
2012-10-21 10:24 . 2012-10-21 11:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-10-20 14:53 . 2012-10-20 14:54 -------- d-----w- c:\program files\Microsoft Bootvis
2012-10-20 12:53 . 2012-10-20 12:54 -------- d-----w- c:\documents and settings\kristina\Application Data\MSNInstaller
2012-10-20 12:45 . 2012-10-21 12:15 781383 ----a-w- C:\RSIT.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-21 14:14 . 2012-10-21 14:14 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA27CE85-6B5C-410B-9BA6-C36235D815AA}\MpKslee9135b5.sys
2012-08-30 20:03 . 2012-08-30 20:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-27 19:12 . 2004-08-04 01:07 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 19:12 . 2004-08-04 01:07 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-08-27 19:12 . 2010-02-14 01:08 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 19:12 . 2004-08-04 01:07 17408 ----a-w- c:\windows\system32\corpol.dll
2012-08-24 13:53 . 2004-08-04 01:07 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29 . 2004-08-04 01:07 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-03 22:59 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-06 14:18 . 2012-08-06 14:18 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2012-08-06 14:17 . 2012-08-06 14:17 600928 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-06-14 22:19 . 2012-06-24 12:01 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 00:11 . 97C9CD13793088BC6BA9E2C56E5B104A . 1493504 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 . 97C9CD13793088BC6BA9E2C56E5B104A . 1493504 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[7] 2004-08-04 01:07 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . A913E1FF4C0BDA15FC542430182EB7B6 . 368640 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . A913E1FF4C0BDA15FC542430182EB7B6 . 368640 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[7] 2004-08-04 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\kristina\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 19:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-01-31 21:06 17146504 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-11-16 21:42 577536 ----a-r- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2005-03-07 19:33 53248 ----a-r- c:\windows\system32\VTTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
2006-03-23 08:02 176128 ----a-r- c:\windows\system32\VTTrayp.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R1 MpKslee9135b5;MpKslee9135b5;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA27CE85-6B5C-410B-9BA6-C36235D815AA}\MpKslee9135b5.sys [21.10.2012 16:14 29904]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [13.2.2010 0:10 51072]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12.12.2009 0:56 47360]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [16.1.2010 18:08 36608]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [24.6.2012 14:01 113120]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [15.9.2010 17:36 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [15.9.2010 17:36 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [15.9.2010 17:36 121856]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSLEE9135B5
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-21 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 15:25]
.
2012-10-21 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 15:25]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://findgala.com/?&uid=213&q={searchTerms}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\kristina\Application Data\Mozilla\Firefox\Profiles\y1oiwu54.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: extensions.BabylonToolbar_i.id - e0617795000000000000001d920ac47e
FF - user.js: extensions.BabylonToolbar_i.hardId - e0617795000000000000001d920ac47e
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15397
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:47
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100888
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=nv1
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=nv1
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=nv1&q=
FF - user.js: extensions.funmoods_i.id - e0617795000000000000001d920ac47e
FF - user.js: extensions.funmoods_i.instlDay - 15413
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1617:39
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - nv1
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
Toolbar-Locked - (no file)
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-hpqSRMon - c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
MSConfigStartUp-ICQ - c:\program files\ICQ7.2\ICQ.exe
MSConfigStartUp-Power DVD Player - c:\program files\Power DVD Player\PowerDVDPlayer.exe
MSConfigStartUp-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe
AddRemove-{37476589-E48E-439E-A706-56189E2ED4C4} - c:\documents and settings\All Users\Application Data\TheBflix\uninstall.exe
AddRemove-{7585478E9D9B42108671C12F8714CEFE} - c:\program files\DivX\DivXConverterUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-21 16:14
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'explorer.exe'(1988)
c:\windows\system32\WININET.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\credui.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Celkový čas: 2012-10-21 16:21:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-21 14:21
.
Před spuštěním: 8 673 484 800 bytes free
Po spuštění: 8 775 393 280
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 1DC8593DD6DD7059323F5102B790B0CD
