takze tu je log z combofixu
ComboFix 11-07-21.04 - Owner 22.07.2011 11:40:21.1.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1014.459 [GMT 2:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\FullRemove.exe
c:\documents and settings\Owner\Application Data\PriceGong
c:\documents and settings\Owner\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Owner\WINDOWS
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix.rar
c:\windows\rpcminer.rar
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\system32\Thumbs.db
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
.
Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\wuauclt.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVIECHECK
-------\Legacy_WINRING0_1_0_1
.
.
((((((((((((((((((((((((( Files Created from 2011-06-22 to 2011-07-22 )))))))))))))))))))))))))))))))
.
.
2011-07-22 09:09 . 2011-07-22 09:09 -------- d-----w- c:\windows\TempB3C8FDF1-A370-AA90-3F6E-101E5F035BF8-Signatures
2011-07-21 17:32 . 2011-07-21 17:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2011-07-21 17:31 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-21 17:31 . 2011-07-21 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-21 17:31 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-21 17:31 . 2011-07-22 09:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-21 12:58 . 2011-07-21 12:58 -------- d-----w- c:\windows\ufa
2011-07-21 12:58 . 2011-07-21 12:58 -------- d-----w- c:\windows\rpcminer
2011-07-21 12:58 . 2011-07-21 12:58 -------- d-----w- c:\windows\phoenix
2011-07-21 12:57 . 2011-07-21 12:58 246272 ----a-w- c:\windows\unrar.exe
2011-07-21 12:53 . 2011-07-21 12:53 -------- d-----w- c:\windows\av_ico
2011-07-21 12:51 . 2011-07-22 07:23 -------- d--h--w- c:\windows\update.tray-14-0
2011-07-21 12:51 . 2011-07-21 18:27 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-07-21 12:51 . 2011-07-22 06:56 -------- d-----w- c:\documents and settings\Administrator
2011-07-17 19:14 . 1997-01-18 08:40 299520 ----a-w- c:\windows\uninst.exe
2011-07-12 19:27 . 2011-07-12 19:27 -------- d-----w- c:\program files\DreamWorks Interactive
2011-07-07 11:41 . 2003-05-23 11:28 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-07-07 11:41 . 2003-05-23 11:28 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-07-07 11:38 . 2003-05-23 11:28 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-07-07 11:37 . 2002-12-05 12:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-07-07 11:37 . 2002-12-02 11:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-07-07 11:37 . 2002-12-02 11:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-07-07 11:37 . 2003-02-27 14:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-07-07 11:37 . 2002-12-02 13:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-07-07 11:37 . 2011-07-07 11:37 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-07-07 11:37 . 2011-07-07 11:37 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-07-06 10:15 . 2011-07-06 10:15 -------- d--h--r- c:\documents and settings\Owner\Application Data\SecuROM
2011-07-05 14:50 . 2011-07-05 14:50 -------- d-----w- c:\documents and settings\Owner\Application Data\MyPhoneExplorer
2011-07-05 14:46 . 2011-07-05 14:50 -------- d-----w- c:\program files\MyPhoneExplorer
2011-07-02 19:35 . 2011-07-02 19:35 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\DOSBox
2011-07-02 19:31 . 2011-07-05 19:38 -------- d-----w- c:\program files\DOSBox-0.74
2011-06-27 19:19 . 2010-12-07 12:23 25088 ----a-w- c:\windows\system32\drivers\lgandmodem.sys
2011-06-27 19:19 . 2010-12-07 12:23 20736 ----a-w- c:\windows\system32\drivers\lganddiag.sys
2011-06-27 19:19 . 2010-12-07 12:23 20096 ----a-w- c:\windows\system32\drivers\lgandgps.sys
2011-06-27 19:19 . 2010-12-07 12:22 14336 ----a-w- c:\windows\system32\drivers\lgandbus.sys
2011-06-27 19:19 . 2011-06-27 19:19 -------- d-----w- c:\program files\LG Electronics
2011-06-27 19:17 . 2011-06-27 19:17 -------- d-----w- C:\LGP500
2011-06-27 19:16 . 2011-05-10 11:37 224768 ----a-w- c:\windows\system32\msvcm90.dll
2011-06-27 19:16 . 2011-05-10 11:37 655872 ----a-w- c:\windows\system32\msvcr90.dll
2011-06-27 19:16 . 2011-05-10 11:37 568832 ----a-w- c:\windows\system32\msvcp90.dll
2011-06-27 19:16 . 2006-05-04 06:33 53248 ----a-w- c:\windows\system32\CommonDL.dll
2011-06-27 19:16 . 2005-10-03 23:39 44544 ----a-w- c:\windows\system32\msxml4a.dll
2011-06-27 19:16 . 2011-06-29 12:37 -------- d-----w- c:\documents and settings\All Users\Application Data\LGMOBILEAX
2011-06-26 16:40 . 2008-04-13 22:26 12800 -c--a-w- c:\windows\system32\dllcache\usb8023x.sys
2011-06-26 16:40 . 2008-04-13 22:26 12800 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2011-06-26 16:40 . 2008-04-13 22:26 30592 -c--a-w- c:\windows\system32\dllcache\rndismpx.sys
2011-06-26 16:40 . 2008-04-13 22:26 30592 ----a-w- c:\windows\system32\drivers\rndismpx.sys
2011-06-26 16:37 . 2011-06-26 16:37 -------- d-----w- c:\program files\Microsoft ActiveSync
2011-06-24 14:02 . 2011-06-24 14:02 -------- d-----w- c:\program files\Common Files\Steam
2011-06-24 14:02 . 2011-06-29 06:40 -------- d-----w- c:\program files\Steam
2011-06-24 07:38 . 2011-06-24 07:38 -------- d-----w- c:\documents and settings\Owner\Application Data\fltk.org
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-03 08:36 . 2011-06-03 08:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-03 06:05 . 2011-06-03 06:05 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-06-02 14:02 . 2010-03-19 15:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-26 09:35 . 2011-05-26 09:35 65536 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut5_3293C06B003F40278380FFD79E38167D.exe
2011-05-26 09:35 . 2011-05-26 09:35 61440 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut3_3293C06B003F40278380FFD79E38167D.exe
2011-05-26 09:35 . 2011-05-26 09:35 61440 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut2_3293C06B003F40278380FFD79E38167D_1.exe
2011-05-26 09:35 . 2011-05-26 09:35 40960 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut1_3293C06B003F40278380FFD79E38167D.exe
2011-05-14 21:03 . 2011-05-14 21:04 737280 ----a-w- c:\windows\iun6002.exe
2011-05-13 20:10 . 2011-05-13 20:10 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-05-11 06:09 . 2011-05-11 06:09 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-05-10 11:13 . 2011-05-10 11:13 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-05-02 15:31 . 2010-03-19 17:01 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2010-03-19 15:51 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2010-03-19 15:51 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2010-03-19 15:51 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2010-03-19 15:51 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:11 . 2010-03-19 15:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2010-03-19 15:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2010-03-19 15:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2010-03-19 15:51 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBit0.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-03-28 16:22 176936 ----a-w- c:\program files\BitTorrentBar\prxtbBit0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBit0.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\prxtbBit0.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2010-01-29 751592]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-11-19 83240]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"CapsHook"="c:\program files\EeePC\CapsHook\CapsHook.exe" [2010-05-28 445344]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-27 19523616]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-06-26 118784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-05-08 98304]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2010-05-17 1246632]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-19 1594664]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-28 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-28 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-28 141336]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2010-3-19 385024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-06-29 08:46 124216 ----a-w- c:\program files\ICQ7.5\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-28 19:59 141336 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"d:\\Hry\\Pan\\game.dat"=
"d:\\Hry\\CS\\hl.exe"=
"d:\\Hry\\NHL09\\nhl2009.exe"=
"d:\\Hry\\TrackMania Original\\TrackManiaLauncher.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"d:\\Hry\\Cataclysm\\Launcher.exe"=
"d:\\Hry\\Cataclysm\\BackgroundDownloader.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Steam\\steamapps\\eastonko\\team fortress 2\\hl2.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Documents and Settings\\Owner\\My Documents\\Downloads\\HALO CE\\halo.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 pe3ajcyb;TrackMania Original Environment Driver (pe3ajcyb);c:\windows\system32\drivers\pe3ajcyb.sys [6.2.2007 19:53 65424]
R0 pf2ajcyb;TrackMania Original File System Driver (pf2ajcyb);c:\windows\system32\drivers\pf2ajcyb.sys [6.2.2007 19:53 82832]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.5.2011 13:13 691696]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [19.3.2010 20:06 11520]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21.7.2011 19:31 366640]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [11.3.2010 15:55 44032]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21.7.2011 19:31 22712]
R3 rtsuvc;Realtek USB2.0 PC Camera;c:\windows\system32\drivers\rtsuvc.sys [9.5.2011 8:29 73088]
S1 MpKsl04d1232d;MpKsl04d1232d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{361F2228-1D57-4F26-A5D6-6E485C38D6FF}\MpKsl04d1232d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{361F2228-1D57-4F26-A5D6-6E485C38D6FF}\MpKsl04d1232d.sys [?]
S1 MpKsl10b9fa8f;MpKsl10b9fa8f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD126C54-1CAC-4805-90AE-DB0280CEBCF2}\MpKsl10b9fa8f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD126C54-1CAC-4805-90AE-DB0280CEBCF2}\MpKsl10b9fa8f.sys [?]
S1 MpKsl2d617679;MpKsl2d617679;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B41BCCD2-A86D-4C17-8F38-8D192714E81D}\MpKsl2d617679.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B41BCCD2-A86D-4C17-8F38-8D192714E81D}\MpKsl2d617679.sys [?]
S1 MpKsl51714340;MpKsl51714340;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F4B8C8A-E8A6-4E7D-8AD0-6063B17EC90D}\MpKsl51714340.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F4B8C8A-E8A6-4E7D-8AD0-6063B17EC90D}\MpKsl51714340.sys [?]
S1 MpKsl80b04e45;MpKsl80b04e45;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9DC2EFA7-0FE4-4969-8FF4-E04E3C74C7E4}\MpKsl80b04e45.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9DC2EFA7-0FE4-4969-8FF4-E04E3C74C7E4}\MpKsl80b04e45.sys [?]
S1 MpKsl918de7df;MpKsl918de7df;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD126C54-1CAC-4805-90AE-DB0280CEBCF2}\MpKsl918de7df.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD126C54-1CAC-4805-90AE-DB0280CEBCF2}\MpKsl918de7df.sys [?]
S1 MpKsla1589737;MpKsla1589737;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5704E468-B3EF-4133-86FB-58249B395770}\MpKsla1589737.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5704E468-B3EF-4133-86FB-58249B395770}\MpKsla1589737.sys [?]
S1 MpKslac6f084d;MpKslac6f084d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9DC2EFA7-0FE4-4969-8FF4-E04E3C74C7E4}\MpKslac6f084d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9DC2EFA7-0FE4-4969-8FF4-E04E3C74C7E4}\MpKslac6f084d.sys [?]
S2 pr2ajcyb;TrackMania Original Drivers Auto Removal (pr2ajcyb);c:\windows\system32\pr2ajcyb.exe svc --> c:\windows\system32\pr2ajcyb.exe svc [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9.5.2011 8:28 1691480]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [27.6.2011 21:19 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [27.6.2011 21:19 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [27.6.2011 21:19 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [27.6.2011 21:19 25088]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?]
S3 hid7906;hid7906;c:\windows\system32\drivers\hid7906.sys [23.5.2011 13:05 53793]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [21.7.2011 19:31 41272]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [19.3.2010 17:51 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2720364081-1508842672-1582766270-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-10 10:38]
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2720364081-1508842672-1582766270-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-10 10:38]
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3087345157-2538592061-3371908944-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-10 10:38]
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3087345157-2538592061-3371908944-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-10 10:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.20
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
AddRemove-Mario - d:\hry\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-07-22 11:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\$NtUninstallKB774$:SummaryInformation 0 bytes hidden from API
.
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\\.\globalroot\Device\svchost.exe\svchost.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\sysprep\sysprep.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\NOTEPAD.EXE
.
**************************************************************************
.
Completion time: 2011-07-22 11:56:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-22 09:56
.
Pre-Run: 27 343 609 856 bytes free
Post-Run: 29 550 133 248 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=AlwaysOff /fastdetect
.
- - End Of File - - 82205DE0D683AF65AEE9536F030D9F91