dakuem za ochotu pomoc , uz som to zacal riesit :
zatial to vypada asi takto, uz nevyskakuje spyware :
ComboFix 09-09-10.03 - user 11.09.2009 21:09.1.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1328 [GMT 2:00]
Running from: c:\documents and settings\user\Desktop\hmm.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\boramovo.sys
c:\documents and settings\All Users\Application Data\ewytux.dl
c:\documents and settings\All Users\Application Data\jetefovoju.dll
c:\documents and settings\All Users\Application Data\jevuti.scr
c:\documents and settings\All Users\Application Data\meto._sy
c:\documents and settings\All Users\Application Data\qosynodo.inf
c:\documents and settings\All Users\Application Data\risazuzapa.sys
c:\documents and settings\All Users\Application Data\sazoz.sys
c:\documents and settings\All Users\Application Data\tuloc.scr
c:\documents and settings\All Users\Application Data\ujarydide.inf
c:\documents and settings\All Users\Application Data\uluja.com
c:\documents and settings\All Users\Application Data\unin.inf
c:\documents and settings\All Users\Application Data\uwudiguse.sys
c:\documents and settings\All Users\Application Data\yboqulevo._dl
c:\documents and settings\All Users\Application Data\ynezikabod.scr
c:\documents and settings\All Users\Documents\exowucov.pif
c:\documents and settings\All Users\Documents\fymoxeqa.pif
c:\documents and settings\All Users\Documents\gymuwy.com
c:\documents and settings\All Users\Documents\icigohin.pif
c:\documents and settings\All Users\Documents\ijih.reg
c:\documents and settings\All Users\Documents\jidyxitoqi.dl
c:\documents and settings\All Users\Documents\qazavoqe.pif
c:\documents and settings\All Users\Documents\ucoxe.reg
c:\documents and settings\All Users\Documents\ywivuhepub.pif
c:\documents and settings\All Users\Documents\zygika.dl
c:\documents and settings\user\Application Data\amaqud.pif
c:\documents and settings\user\Application Data\fenoc.dll
c:\documents and settings\user\Application Data\merydehob.dl
c:\documents and settings\user\Application Data\nukikuc.ban
c:\documents and settings\user\Application Data\secuh._dl
c:\documents and settings\user\Application Data\xowataxef.bin
c:\documents and settings\user\Application Data\zasagofe.com
c:\documents and settings\user\Cookies\asakytako.dl
c:\documents and settings\user\Cookies\cedyfalyzo.pif
c:\documents and settings\user\Cookies\hajen.reg
c:\documents and settings\user\Cookies\ipixiret.reg
c:\documents and settings\user\Cookies\lolakuly.bin
c:\documents and settings\user\Cookies\mofe.ban
c:\documents and settings\user\Cookies\ohesok.vbs
c:\documents and settings\user\Cookies\onire.reg
c:\documents and settings\user\Cookies\pypoduve.vbs
c:\documents and settings\user\Cookies\qosysonuby.reg
c:\documents and settings\user\Cookies\qyqem.exe
c:\documents and settings\user\Cookies\ucote.reg
c:\documents and settings\user\Cookies\uketawac.exe
c:\documents and settings\user\Cookies\uqutojadu.bat
c:\documents and settings\user\Cookies\utojov.reg
c:\documents and settings\user\Cookies\wezitemim.reg
c:\documents and settings\user\Cookies\xutiz.ban
c:\documents and settings\user\Cookies\yjex.reg
c:\documents and settings\user\delself.bat
c:\documents and settings\user\Local Settings\Application Data\agahu.exe
c:\documents and settings\user\Local Settings\Application Data\avemite.ban
c:\documents and settings\user\Local Settings\Application Data\fusib._dl
c:\documents and settings\user\Local Settings\Application Data\givulyz._dl
c:\documents and settings\user\Local Settings\Application Data\gytunid.pif
c:\documents and settings\user\Local Settings\Application Data\lozofaqof.bin
c:\documents and settings\user\Local Settings\Application Data\luqu.reg
c:\documents and settings\user\Local Settings\Application Data\owowitesy.exe
c:\documents and settings\user\Local Settings\Application Data\owupybyju.pif
c:\documents and settings\user\Local Settings\Application Data\soxajusizy.vbs
c:\documents and settings\user\Local Settings\Application Data\ufyfen.ban
c:\documents and settings\user\Local Settings\Application Data\ysofyt.exe
c:\documents and settings\user\Local Settings\Temporary Internet Files\bylup.ban
c:\documents and settings\user\Local Settings\Temporary Internet Files\exiremyhaz.db
c:\documents and settings\user\Local Settings\Temporary Internet Files\idalaram.sys
c:\documents and settings\user\Local Settings\Temporary Internet Files\izob.sys
c:\documents and settings\user\Local Settings\Temporary Internet Files\kikuvopo._dl
c:\documents and settings\user\Local Settings\Temporary Internet Files\qapezeq.bin
c:\documents and settings\user\Local Settings\Temporary Internet Files\qetygi.vbs
c:\documents and settings\user\Local Settings\Temporary Internet Files\timasu.vbs
c:\documents and settings\user\Local Settings\Temporary Internet Files\ufywirilaq.dll
c:\documents and settings\user\Local Settings\Temporary Internet Files\uleko.lib
c:\documents and settings\user\Local Settings\Temporary Internet Files\upoluzeleh.dl
c:\documents and settings\user\Local Settings\Temporary Internet Files\uwid.db
c:\documents and settings\user\Local Settings\Temporary Internet Files\ykurykyvi.db
c:\documents and settings\user\Local Settings\Temporary Internet Files\yruwikyf.exe
c:\documents and settings\user\Local Settings\Temporary Internet Files\yxykytuj.reg
c:\documents and settings\user\Local Settings\Temporary Internet Files\zyhite.dll
c:\documents and settings\user\sys32_nov.exe
c:\program files\Common Files\asypova.reg
c:\program files\Common Files\axybyra.com
c:\program files\Common Files\dotuqovad.scr
c:\program files\Common Files\gyjy.com
c:\program files\Common Files\igofomafu.bat
c:\program files\Common Files\imipis.sys
c:\program files\Common Files\lawidydu.exe
c:\program files\Common Files\rubisyfedu.scr
c:\program files\Common Files\uwapuve.dl
c:\program files\Common Files\yxycyt.pif
c:\program files\Common Files\zepyhilepy.dll
c:\windows\abako.inf
c:\windows\adaw.bin
c:\windows\braviax.exe
c:\windows\cru629.dat
c:\windows\eduxulynyx.sys
c:\windows\efyhutun.scr
c:\windows\epijup.vbs
c:\windows\ityja.inf
c:\windows\ixemipus.dll
c:\windows\jahed.dl
c:\windows\jifa.vbs
c:\windows\nukypir.vbs
c:\windows\oxabudute.reg
c:\windows\pimumoguh.reg
c:\windows\syqet.inf
c:\windows\system32\_scui.cpl
c:\windows\system32\braviax.exe
c:\windows\system32\cru629.dat
c:\windows\system32\dllcache\figaro.sys
c:\windows\system32\dodam.ban
c:\windows\system32\etyda.ban
c:\windows\system32\inuxu.ban
c:\windows\system32\jebunar.reg
c:\windows\system32\onerybo.bin
c:\windows\system32\qanyji.pif
c:\windows\system32\qedi.dll
c:\windows\system32\sys32_nov.exe
c:\windows\system32\wisdstr.exe
c:\windows\system32\xupowejuv.bat
c:\windows\taqyfume.reg
c:\windows\uvaze.vbs
c:\windows\vodiqy.bat
c:\windows\xagy._dl
c:\windows\xehevofezi._dl
c:\windows\ydys._dl
c:\windows\ykatom.exe
c:\windows\ylydicum.scr
c:\windows\zugu._dl
Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{8F21247B-9B8E-4F93-A3E3-4CBDABD06204}\RP530\A0117835.sys
Infected copy of c:\windows\system32\drivers\AGP440.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\agp440.sys
.
((((((((((((((((((((((((( Files Created from 2009-08-11 to 2009-09-11 )))))))))))))))))))))))))))))))
.
2009-09-11 13:10 . 2009-09-11 18:58 -------- d-----w- c:\program files\trend micro
2009-09-11 13:10 . 2009-09-11 13:10 -------- d-----w- C:\rsit
2009-09-11 07:58 . 2009-09-11 07:58 11425 ----a-w- c:\windows\rofyburacu.com
2009-09-11 07:33 . 2009-09-11 07:33 15566 ----a-w- c:\windows\cewykyka.dat
2009-09-10 13:06 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-08 16:14 . 2009-06-25 08:25 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2009-09-08 16:14 . 2009-06-25 08:25 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2009-09-08 16:14 . 2009-06-25 08:25 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-08 16:14 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys
2009-09-06 12:04 . 2009-09-06 12:05 -------- d-----w- C:\Download
2009-09-06 09:35 . 2009-07-10 10:33 1589248 ----a-w- c:\windows\system32\libmysql_d.dll
2009-09-05 10:26 . 2009-09-05 10:30 -------- d-----w- c:\documents and settings\user\Application Data\The Path
2009-09-02 18:50 . 2009-09-03 14:02 -------- d-----w- c:\documents and settings\user\Application Data\SQLyog
2009-09-02 18:50 . 2009-09-05 08:34 -------- d-----w- c:\program files\SQLyog Enterprise Trial
2009-09-01 11:01 . 2009-09-03 15:41 -------- d-----w- c:\documents and settings\user\Application Data\TeamViewer
2009-09-01 11:01 . 2009-09-01 11:01 -------- d-----w- c:\program files\TeamViewer
2009-09-01 11:01 . 2009-09-01 11:01 -------- d-----w- c:\documents and settings\user\temp
2009-08-31 14:21 . 2009-08-31 14:21 -------- d-----w- c:\program files\GameSpy Arcade
2009-08-31 14:12 . 2009-08-31 14:12 -------- d-----w- c:\program files\Sierra
2009-08-29 18:30 . 2009-08-29 18:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-08-29 18:15 . 2009-08-29 18:15 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-08-29 18:14 . 2009-08-29 18:23 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Google
2009-08-29 18:14 . 2009-09-09 12:48 -------- d-----w- c:\program files\Google
2009-08-12 20:45 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-11 18:51 . 2008-03-24 17:43 -------- d-----w- c:\documents and settings\user\Application Data\Skype
2009-09-11 14:52 . 2009-09-11 14:52 12072 ----a-w- c:\program files\Common Files\udesily.db
2009-09-11 07:33 . 2009-09-11 07:33 16847 ----a-w- c:\documents and settings\user\Application Data\zisyz.dat
2009-09-11 07:33 . 2009-09-11 07:33 11026 ----a-w- c:\program files\Common Files\luxod.lib
2009-09-11 06:44 . 2009-09-11 06:44 14542 ----a-w- c:\program files\Common Files\eqexyx.lib
2009-09-10 18:57 . 2008-03-24 17:45 -------- d-----w- c:\documents and settings\user\Application Data\skypePM
2009-09-06 15:35 . 2009-05-26 15:11 -------- d-----w- c:\program files\SpeedFan
2009-09-01 16:31 . 2009-04-19 14:28 -------- d-----w- c:\documents and settings\user\Application Data\Hamachi
2009-09-01 10:21 . 2008-03-05 13:28 -------- d-----w- c:\program files\World of Warcraft
2009-08-31 14:12 . 2008-02-12 15:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-12 07:35 . 2008-02-12 14:36 56104 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-11 11:17 . 2009-08-11 11:17 -------- d-----w- c:\program files\Microsoft Games
2009-08-10 19:15 . 2009-01-29 16:08 38 ----a-w- c:\windows\popcinfot.dat
2009-08-05 09:01 . 2004-08-03 23:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 14:18 . 2008-02-13 07:42 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-02 14:18 . 2009-08-02 14:18 -------- d-----w- c:\documents and settings\user\Application Data\id Software
2009-08-02 14:18 . 2008-02-13 07:42 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-08-02 14:18 . 2008-02-13 07:42 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2009-08-02 14:18 . 2009-08-02 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\id Software
2009-08-01 09:29 . 2008-07-24 13:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-01 09:29 . 2008-07-24 13:22 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-01 09:29 . 2008-07-24 13:22 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-24 15:36 . 2009-07-23 13:52 -------- d-----w- c:\documents and settings\user\Application Data\Folding@home-gpu
2009-07-24 13:31 . 2009-07-23 16:23 -------- d-----w- c:\program files\FahMon
2009-07-23 18:30 . 2009-07-23 13:36 -------- d-----w- c:\program files\Lineage II
2009-07-23 17:26 . 2009-07-23 16:05 -------- d-----w- c:\program files\Folding@home
2009-07-23 16:43 . 2009-07-23 16:42 -------- d-----w- c:\documents and settings\user\Application Data\Folding@home-x86
2009-07-23 13:49 . 2009-07-23 13:49 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-07-23 13:36 . 2009-07-23 13:36 -------- d-----w- c:\documents and settings\user\Application Data\InstallShield
2009-07-17 21:47 . 2008-06-18 17:43 -------- d-----w- c:\documents and settings\user\Application Data\ICQ
2009-07-17 20:00 . 2009-07-11 07:24 -------- d-----w- c:\documents and settings\user\Application Data\U3
2009-07-17 19:01 . 2004-08-03 23:56 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 17:51 . 2008-04-28 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\TrackMania
2009-07-13 21:43 . 2004-08-03 23:56 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 16:33 . 2008-02-13 08:05 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-03 17:09 . 2004-08-03 23:56 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-08-03 23:56 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-03 23:56 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-03 23:56 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-03 23:56 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-03 23:56 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-03 23:56 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-03 21:59 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-03 23:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMCS"="c:\program files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe" [2006-06-08 65536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-13 2007832]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2003-11-10 406016]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2007-11-01 151552]
"PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2006-06-08 90112]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-01 09:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sierra Entertainment\\FEAR Perseus Mandate\\FEARXP2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\zolixgemini\\counter-strike\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\zolixgemini\\condition zero\\hl.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\zolixgemini\\dedicated server\\hlds.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector Express\\PDX.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\zolixgemini\\day of defeat\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\zolixgemini\\ricochet\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\zolixgemini\\deathmatch classic\\hl.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"c:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\bejeweled twist\\BejeweledTwist.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\spectraball demo\\Spectraball.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"=
"c:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [24.7.2008 15:22 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [24.7.2008 15:22 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [24.7.2008 15:22 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [18.6.2009 16:09 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10.1.2009 11:11 297752]
R3 3xHybrid;Pinnacle PCTV 110i service;c:\windows\system32\drivers\3xHybrid.sys [10.4.2008 17:13 827008]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [12.2.2008 17:30 38656]
S2 gupdate1ca28d49fb28e9c;Služba Google Update (gupdate1ca28d49fb28e9c);c:\program files\Google\Update\GoogleUpdate.exe [29.8.2009 20:15 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 18:14]
2009-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 18:14]
2009-09-11 c:\windows\Tasks\User_Feed_Synchronization-{0BDD8109-C0CF-4AE7-8B29-F70F5157BBFB}.job
- c:\windows\system32\msfeedssync.exe [2009-05-13 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com
mStart Page =
hxxp://www.google.com
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\16ueqcio.default\
FF - prefs.js: browser.startup.homepage -
www.google.sk
FF - component: c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\16ueqcio.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Pinnacle WebUpdater - c:\program files\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe -s -f=UpdateVersion.xml
HKLM-Run-Antivirus Pro 2010 - c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-09-11 21:22
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-117609710-746137067-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:74,07,af,d0,ce,c2,de,dd,4c,84,7a,9b,04,de,e0,82,b3,6a,22,b6,08,a7,d5,
38,05,8b,e9,a1,8c,7b,78,e9,5d,b1,27,d8,db,85,09,e7,71,1e,2c,d2,c0,63,c0,84,\
"??"=hex:88,0d,90,80,36,b8,b1,f7,84,ef,e8,01,9c,46,48,f3
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,ed,df,97,2f,35,
10,7d,06,e2,63,26,f1,3f,c8,ff,68,78,11,ce,ae,2b,ea,bb,e1,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,0a,ac,b0,54,bb,
2f,56,6d,6a,9c,d6,61,af,45,84,18,6b,bd,ba,09,73,07,68,67,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,ea,91,66,ae,ee,
2b,83,fb,ff,7c,85,e0,43,d4,0e,fe,d1,f0,c7,d3,98,15,04,e7,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,2e,df,59,d5,d3,
32,7c,a3,86,8c,21,01,be,91,eb,e7,c7,99,b2,84,1a,f3,55,f8,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,b2,c6,f7,b9,bc,
a3,bc,e5,f5,1d,4d,73,a8,13,5c,05,30,e9,02,2a,73,0a,79,a6,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,fd,ce,0a,d0,65,
d0,e5,ac,df,20,58,62,78,6b,cf,c8,d7,11,b0,20,0b,96,53,af,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,45,f4,82,80,b6,
9f,b4,a7,fb,a7,78,e6,12,2f,9a,ea,f1,c6,c2,91,e4,08,ac,e6,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,d9,d2,6b,94,4c,
18,12,b1,01,3a,48,fc,e8,04,4a,f1,51,50,3c,c3,68,bf,fe,94,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,3e,ba,75,e3,3c,
e1,9e,7d,f6,0f,4e,58,98,5b,89,c9,2d,20,02,ad,f0,74,88,fc,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,0f,4e,2b,f8,d9,
f3,c6,4c,3d,ce,ea,26,2d,45,aa,78,b7,c0,27,9f,77,50,6a,3e,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,91,24,e4,6b,21,
36,61,8a,2a,b7,cc,b5,b9,7f,41,e7,b5,c0,3e,8e,f0,7e,7e,bf,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,33,85,15,17,55,
67,a6,6c,6c,43,2d,1e,aa,22,2f,9c,d4,e0,b4,8e,d5,c1,74,bc,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2676)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\brss01a.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\windows\system32\rundll32.exe
c:\program files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
c:\windows\system32\control.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\control.exe
.
**************************************************************************
.
Completion time: 2009-09-11 21:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-11 19:27
Pre-Run: 99 011 186 688 bytes free
Post-Run: 19 adresárov, 100 891 181 056 voľných bajtov
441 --- E O F --- 2009-09-11 06:09