Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

combofix Connected to the internet but cant surf


  • This topic is locked This topic is locked
1 reply to this topic

#1 wqwq

wqwq

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 07 April 2009 - 01:35 PM

Im connected to the internet but i can not surf. skype works ok. and windows updates to.
i run combofix but it doesnt help this is log file.

pls can U help

ComboFix 09-04-04.01 - LUBOS 2009-04-07 19:47:38.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1214.637 [GMT 2:00]
Spuštěný z: G:\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated)
* Resident AV is active


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\LUBOS\Data aplikací\searchtoolbarcorp
c:\documents and settings\LUBOS\Data aplikací\searchtoolbarcorp\Toolbar Vision\PageHistory.txt
c:\documents and settings\LUBOS\Data aplikací\searchtoolbarcorp\Toolbar Vision\WebHistory.txt
c:\program files\INSTALL.LOG
c:\program files\vsadd-in
c:\windows\system32\_004303_.tmp.dll
c:\windows\system32\_004304_.tmp.dll
c:\windows\system32\_004305_.tmp.dll
c:\windows\system32\_004306_.tmp.dll
c:\windows\system32\_004313_.tmp.dll
c:\windows\system32\_004314_.tmp.dll
c:\windows\system32\_004315_.tmp.dll
c:\windows\system32\_004316_.tmp.dll
c:\windows\system32\_004318_.tmp.dll
c:\windows\system32\_004319_.tmp.dll
c:\windows\system32\_004322_.tmp.dll
c:\windows\system32\_004323_.tmp.dll
c:\windows\system32\_004325_.tmp.dll
c:\windows\system32\_004326_.tmp.dll
c:\windows\system32\_004327_.tmp.dll
c:\windows\system32\_004329_.tmp.dll
c:\windows\system32\_004332_.tmp.dll
c:\windows\system32\_004333_.tmp.dll
c:\windows\system32\_004337_.tmp.dll
c:\windows\system32\_004338_.tmp.dll
c:\windows\system32\_004340_.tmp.dll
c:\windows\system32\_004343_.tmp.dll
c:\windows\system32\_004345_.tmp.dll
c:\windows\system32\_004346_.tmp.dll
c:\windows\system32\_004347_.tmp.dll
c:\windows\system32\_004348_.tmp.dll
c:\windows\system32\_004349_.tmp.dll
c:\windows\system32\_004352_.tmp.dll
c:\windows\system32\_004353_.tmp.dll
c:\windows\system32\_004354_.tmp.dll
c:\windows\system32\_004355_.tmp.dll
c:\windows\system32\_004356_.tmp.dll
c:\windows\system32\_004361_.tmp.dll
c:\windows\system32\_004584_.tmp.dll
c:\windows\system32\_004585_.tmp.dll
c:\windows\system32\_004586_.tmp.dll
c:\windows\system32\_004587_.tmp.dll
c:\windows\system32\_004594_.tmp.dll
c:\windows\system32\_004595_.tmp.dll
c:\windows\system32\_004596_.tmp.dll
c:\windows\system32\_004598_.tmp.dll
c:\windows\system32\_004599_.tmp.dll
c:\windows\system32\_004602_.tmp.dll
c:\windows\system32\_004603_.tmp.dll
c:\windows\system32\_004605_.tmp.dll
c:\windows\system32\_004606_.tmp.dll
c:\windows\system32\_004607_.tmp.dll
c:\windows\system32\_004609_.tmp.dll
c:\windows\system32\_004612_.tmp.dll
c:\windows\system32\_004613_.tmp.dll
c:\windows\system32\_004617_.tmp.dll
c:\windows\system32\_004618_.tmp.dll
c:\windows\system32\_004620_.tmp.dll
c:\windows\system32\_004623_.tmp.dll
c:\windows\system32\_004625_.tmp.dll
c:\windows\system32\_004626_.tmp.dll
c:\windows\system32\_004627_.tmp.dll
c:\windows\system32\_004628_.tmp.dll
c:\windows\system32\_004631_.tmp.dll
c:\windows\system32\_004632_.tmp.dll
c:\windows\system32\_004633_.tmp.dll
c:\windows\system32\_004634_.tmp.dll
c:\windows\system32\_004635_.tmp.dll
c:\windows\system32\_004640_.tmp.dll
c:\windows\system32\_004642_.tmp.dll
c:\windows\system32\_007404_.tmp.dll
c:\windows\system32\_007406_.tmp.dll
c:\windows\system32\_007414_.tmp.dll
c:\windows\system32\_007415_.tmp.dll
c:\windows\system32\_007417_.tmp.dll
c:\windows\system32\_007418_.tmp.dll
c:\windows\system32\_007421_.tmp.dll
c:\windows\system32\_007422_.tmp.dll
c:\windows\system32\_007423_.tmp.dll
c:\windows\system32\_007431_.tmp.dll
c:\windows\system32\_007432_.tmp.dll
c:\windows\system32\_007437_.tmp.dll
c:\windows\system32\_007439_.tmp.dll
c:\windows\system32\_007442_.tmp.dll
c:\windows\system32\_007446_.tmp.dll
c:\windows\system32\_007447_.tmp.dll
c:\windows\system32\_007451_.tmp.dll
c:\windows\system32\_007452_.tmp.dll
c:\windows\system32\_007453_.tmp.dll
c:\windows\system32\_007454_.tmp.dll
c:\windows\system32\_007459_.tmp.dll
c:\windows\system32\autorun.ini
c:\windows\system32\stera.job
c:\windows\system32\stera.log
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN


((((((((((((((((((((((((( Soubory vytvořené od 2009-03-07 do 2009-04-07 )))))))))))))))))))))))))))))))
.

2009-04-07 19:40 . 2009-04-07 19:40 <DIR> d-------- c:\documents and settings\LUBOS\Data aplikací\Windows Search
2009-04-07 19:11 . 2008-04-14 00:06 2,927,616 --a------ c:\windows\system32\SET15F.tmp
2009-04-07 19:11 . 2008-04-14 08:52 108,032 --a------ c:\windows\system32\SET15C.tmp
2009-04-07 19:09 . 2009-04-07 19:09 2,948 --a------ c:\windows\SECF.PNF
2009-04-07 18:53 . 2009-04-07 18:53 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\vlc
2009-04-06 23:50 . 2009-04-06 23:50 2,948 --a------ c:\windows\SEC1773.PNF
2009-04-06 23:19 . 2009-04-06 23:19 <DIR> d-------- c:\windows\ServicePackFiles
2009-04-06 23:16 . 2009-04-06 23:16 <DIR> d-------- c:\documents and settings\LUBOS\Data aplikací\ArcSoft
2009-04-06 23:10 . 2009-04-06 23:10 2,948 --a------ c:\windows\SEC15B.PNF
2009-04-06 22:54 . 2008-04-14 04:21 2,843,136 --a------ c:\windows\system32\SET483.tmp
2009-04-06 22:53 . 2008-04-14 04:21 8,465,408 --a------ c:\windows\system32\SET371.tmp
2009-04-06 22:50 . 2004-08-03 22:29 1,897,408 --------- c:\windows\system32\drivers\nv4_mini.sys
2009-04-06 22:38 . 2009-04-06 22:38 <DIR> d--hs---- C:\FOUND.000
2009-04-06 18:05 . 2009-04-06 18:05 <DIR> d-------- c:\documents and settings\LUBOS\Data aplikací\Windows Desktop Search
2009-04-06 18:03 . 2009-04-06 18:03 <DIR> d-------- c:\windows\system32\GroupPolicy
2009-04-06 18:03 . 2009-04-06 18:03 <DIR> d-------- c:\program files\Windows Desktop Search
2009-04-06 00:24 . 2008-04-14 00:06 2,927,616 --------- c:\windows\system32\SET1036.tmp
2009-04-06 00:24 . 2008-04-14 08:48 177,152 --------- c:\windows\system32\SET105F.tmp
2009-04-06 00:24 . 2008-04-14 08:52 108,032 --------- c:\windows\system32\SET1021.tmp
2009-04-06 00:24 . 2008-04-14 08:52 57,856 --a------ c:\windows\system32\SET1030.tmp
2009-04-06 00:20 . 2008-04-14 08:51 8,465,408 --------- c:\windows\system32\SET1ED.tmp
2009-04-06 00:19 . 2009-04-06 00:19 2,948 --a------ c:\windows\SEC10.PNF
2009-04-05 23:41 . 2009-04-05 23:41 <DIR> d-------- c:\windows\system32\cs
2009-04-05 23:41 . 2009-04-05 23:41 <DIR> d-------- c:\windows\system32\bits
2009-04-05 23:41 . 2009-04-05 23:41 <DIR> d-------- c:\windows\l2schemas
2009-04-05 23:41 . 2008-04-14 00:06 2,927,616 --a------ c:\windows\system32\SET4C55.tmp
2009-04-05 23:41 . 2008-04-14 08:51 539,136 --a------ c:\windows\system32\SET4C7C.tmp
2009-04-05 23:41 . 2008-04-14 08:52 354,304 --a------ c:\windows\system32\SET4C47.tmp
2009-04-05 23:41 . 2008-04-14 00:05 188,928 --a------ c:\windows\system32\SET4C56.tmp
2009-04-05 23:41 . 2008-04-14 08:48 177,152 --a------ c:\windows\system32\SET4C7E.tmp
2009-04-05 23:41 . 2008-04-14 08:52 121,856 --------- c:\windows\system32\SET4C3E.tmp
2009-04-05 23:41 . 2008-04-14 08:52 108,032 --a------ c:\windows\system32\SET4C40.tmp
2009-04-05 23:41 . 2008-04-14 08:52 80,896 --a------ c:\windows\system32\SET4C42.tmp
2009-04-05 23:41 . 2008-04-14 08:51 30,208 --a------ c:\windows\system32\SET4CC6.tmp
2009-04-05 23:41 . 2008-04-14 08:52 6,656 --a------ c:\windows\system32\SET4C3F.tmp
2009-04-05 23:37 . 2009-04-05 23:37 2,948 --a------ c:\windows\SEC3BB2.PNF
2009-04-05 23:37 . 2009-04-07 00:17 1,355 --a------ c:\windows\imsins.BAK
2009-04-05 23:33 . 2009-04-05 23:33 <DIR> d-------- c:\windows\EHome
2009-04-05 23:33 . 2004-08-18 20:00 359,936 --a------ c:\windows\system32\SET51FF.tmp
2009-04-05 23:33 . 2004-08-18 20:00 91,648 --a------ c:\windows\system32\SET5200.tmp
2009-04-05 23:33 . 2004-08-18 20:00 71,040 --------- c:\windows\system32\drivers\_007377_.tmp.dll
2009-04-05 23:33 . 2004-08-18 20:00 51,712 --a------ c:\windows\system32\SET51FE.tmp
2009-04-05 23:33 . 2004-08-18 20:00 24,576 --a------ c:\windows\system32\SET51F9.tmp
2009-04-05 23:33 . 2004-08-18 20:00 19,968 --a------ c:\windows\system32\SET51F7.tmp
2009-04-05 23:33 . 2004-08-18 20:00 18,432 --a------ c:\windows\system32\SET51FB.tmp
2009-04-05 23:20 . 2009-04-05 23:21 322,523,176 --a------ C:\WindowsXP-KB936929-SP3-x86-CSY.exe
2009-04-05 23:05 . 2009-04-05 23:05 <DIR> d-------- c:\program files\Windows Defender
2009-04-05 22:49 . 2009-04-05 22:49 <DIR> d-------- c:\program files\RCrawler
2009-04-05 19:58 . 2009-04-05 19:58 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-04-05 19:42 . 2009-04-05 19:42 <DIR> d-------- c:\documents and settings\LUBOS\Data aplikací\Uniblue
2009-03-30 00:19 . 2009-03-30 00:19 786,039 --a------ C:\cviko1.zip
2009-03-29 19:58 . 2009-03-29 19:58 <DIR> d-------- c:\documents and settings\LUBOS\ZooApp
2009-03-29 13:59 . 2009-03-29 13:59 <DIR> d-------- c:\documents and settings\LUBOS\Data aplikací\postgresql
2009-03-29 13:54 . 2005-03-07 15:53 <DIR> d-------- c:\documents and settings\postgres\Plocha
2009-03-29 13:54 . 2005-03-07 15:53 <DIR> d--h----- c:\documents and settings\postgres\Okolní tiskárny
2009-03-29 13:54 . 2005-03-07 15:53 <DIR> d--h----- c:\documents and settings\postgres\Okolní síť
2009-03-29 13:54 . 2005-03-09 11:06 <DIR> dr------- c:\documents and settings\postgres\Oblíbené položky
2009-03-29 13:54 . 2005-03-07 15:53 <DIR> d--h----- c:\documents and settings\postgres\Šablony
2009-03-29 13:54 . 2005-03-07 15:53 <DIR> dr------- c:\documents and settings\postgres\Nabídka Start
2009-03-29 13:54 . 2005-03-09 11:06 <DIR> dr------- c:\documents and settings\postgres\Dokumenty
2009-03-29 13:54 . 2005-03-07 15:53 <DIR> dr-h----- c:\documents and settings\postgres\Data aplikací
2009-03-29 13:54 . 2009-03-29 13:54 <DIR> d-------- c:\documents and settings\postgres
2009-03-29 13:53 . 2009-03-29 13:53 <DIR> d-------- c:\program files\PostgreSQL
2009-03-26 16:52 . 2009-03-26 16:52 <DIR> d-------- c:\program files\Theorica Divx ;-) Codecs
2009-03-25 19:56 . 2009-03-25 19:56 <DIR> dr------- c:\program files\Skype
2009-03-25 19:56 . 2009-03-25 19:56 <DIR> d-------- c:\program files\Common Files\Skype
2009-03-22 07:22 . 2009-03-22 07:22 <DIR> d-------- c:\program files\Xilisoft
2009-03-22 07:12 . 2009-03-22 07:12 954,806 --a------ C:\divxplayer.rar
2009-03-13 15:31 . 2009-03-13 15:31 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-13 15:31 . 2009-03-13 15:31 <DIR> d-------- c:\documents and settings\LUBOS\Data aplikací\Malwarebytes
2009-03-13 15:31 . 2009-03-13 15:31 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-03-13 15:31 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-13 15:31 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-13 11:31 . 2009-03-13 11:31 <DIR> d-------- c:\program files\Security Task Manager
2009-03-13 11:31 . 2009-03-13 11:31 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\SecTaskMan
2009-03-09 18:55 . 2009-03-09 18:55 <DIR> d-------- c:\documents and settings\LUBOS\postalis
2009-03-09 18:53 . 2009-03-09 18:53 <DIR> d-------- c:\documents and settings\LUBOS\Data aplikací\Subversion
2009-03-09 18:32 . 2009-03-09 18:32 <DIR> d-------- c:\program files\glassfish-v3-prelude
2009-03-09 18:30 . 2009-03-09 18:30 <DIR> d-------- c:\program files\glassfish-v2ur2
2009-03-09 18:26 . 2009-03-09 18:26 <DIR> d-------- c:\program files\NetBeans 6.5
2009-03-08 21:03 . 2009-03-08 21:03 <DIR> d-------- c:\documents and settings\LUBOS\magsa
2009-03-08 21:03 . 2009-03-08 21:03 757,615 --a------ c:\documents and settings\LUBOS\magsa.zip
2009-03-08 20:47 . 2009-03-08 20:47 <DIR> d-a------ c:\documents and settings\LUBOS\Informix-batis
2009-03-07 19:23 . 2009-03-07 19:23 <DIR> d-------- c:\documents and settings\LUBOS\BugTrack

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-06 16:44 --------- d-----w c:\documents and settings\Guest\Data aplikací\Sony Ericsson
2009-03-06 11:32 --------- d-----w c:\program files\Symbian
2009-03-06 11:32 --------- d-----w c:\program files\Intuwave
2009-03-06 11:31 --------- d-----w c:\program files\Common Files\Sony Ericsson Shared
2009-03-01 18:19 25,893 ----a-w c:\documents and settings\LUBOS\cviko1.zip
2009-02-16 17:40 --------- d-----w c:\program files\Lavalys
2009-01-16 19:30 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2007-12-13 08:27 42,480 ----a-w c:\documents and settings\LUBOS\Data aplikací\GDIPFONTCACHEV1.DAT
2007-05-13 18:29 169,978 ----a-w c:\documents and settings\LUBOS\SkipList.zip
2008-12-06 19:28 2 --sha-r c:\windows\winstart.bat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-18 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"PCMService"="c:\program files\Arcade\PCMService.exe" [2005-03-09 49152]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"eRecoveryService"="c:\windows\System32\Check.exe" [2005-03-23 245760]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 688218]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 98394]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-12-05 949376]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"PC Suite for Smartphones"="c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-05-28 528384]
"Registry Crawler"="c:\progra~1\RCRAWLER\RCrawler.exe" [2004-02-03 454656]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 c:\windows\SOUNDMAN.EXE]
"SiSPower"="SiSPower.dll" [2008-06-27 c:\windows\system32\SiSPower.dll]
"Tweak UI"="TWEAKUI.CPL" [2003-03-25 c:\windows\system32\tweakui.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Utility Tray.lnk - c:\windows\system32\sistray.exe [31.8.2008 13:45:40 262144]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [26.5.2008 22:19:14 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"vidc.avrn"= AvidAVICodec.dll
"VIDC.mszh"= avimszh.dll
"vidc.zlib"= avizlib.dll
"vidc.ap41"= DivXc32f.dll
"vidc.dvx4"= divx4.dll
"vidc.em2v"= ETXCodec.dll
"vidc.vp31"= vp31vfw.dll
"vidc.sjpg"= pmjpeg32.dll
"vidc.rud0"= rududu.dll
"msacm.wrpr"= aviwrap.dll
"vidc.wrpr"= aviwrap.dll
"vidc.wnv1"= WNVPLAY1.DLL
"vidc.advs"= Dvc.dll
"vidc.aflc"= flccodec32.dll
"vidc.afli"= flccodec32.dll
"vidc.aasc"= Aasc32.dll
"vidc.asv1"= asusasv1.dll
"vidc.asv2"= asusasv2.dll
"vidc.mwv1"= icmw_32.dll
"vidc.bt20"= btvvc32.drv
"vidc.y41p"= btvvc32.drv
"msacm.pcdv"= pcdv.acm
"vidc.cdvc"= CSCCDVC.DLL
"vidc.ddvc"= CSCdvsd.DLL
"vidc.dps0"= DpsAviCC.dll
"MSVideo"= DPSVidCap.drv
"vidc.frwu"= frwu.dll
"vidc.frwd"= frwd.dll
"vidc.frwt"= frwt.dll
"vidc.glzw"= GLZW.dll
"vidc.gpeg"= GPEG.dll
"vidc.ir21"= IR21_R.DLL
"vidc.rt21"= IR21_R.DLL
"vidc.dcmj"= MCMJPG32.DLL
"vidc.dv25"= DigiVCap.dll
"vidc.dv50"= DigiVCap.dll
"vidc.msmc"= DigiVCap.dll
"vidc.mmjp"= DigiVCap.dll
"vidc.mmes"= DigiVCap.dll
"vidc.vixl"= Miroxl32.dll
"vidc.mjpg"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"vidc.mj2c"= M3JP2K32.dll
"vidc.tvmj"= MMTVMJ.dll
"vidc.fljp"= MMTVMJ.dll
"vidc.nt00"= NTCodec.dll
"vidc.pdvc"= idvcodec.dll
"vidc.ipdv"= idvcodec.dll
"vidc.pvw2"= pvwv220.dll
"vidc.pimj"= pvljpg20.dll
"vidc.mjpx"= pvmjpg21.dll
"vidc.miro"= mirodv2avi.dll
"vidc.mjpa"= rtmjpgcdc.dll
"vidc.pim1"= pclepim1.dll
"msacm.qmpeg"= qmpeg.acm
"vidc.rmp4"= rmp4.dll
"vidc.sony"= sonydv.dll
"vidc.s422"= tekyuv.dll
"vidc.vssv"= vsscodec.dll
"vidc.cscd"= camcodec.dll
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.dvmpega"= dvacmau.dll
"vidc.dvma"= dvicmau.dll
"VIDC.I420"= c:\windows\system32\i263_32.drv
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"msacm.avis"= ff_acm.acm
"vidc.i263"= c:\windows\system32\i263_32.drv
"msacm.imc"= c:\windows\system32\imc32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Monitor Apache Servers.lnk]
backup=c:\windows\pss\Monitor Apache Servers.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 14:42 267064 d:\vilo\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 15:57 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-02-28 14:39 77824 c:\program files\Java\jre1.6.0\bin\jusched.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MMTrayLSI"=MMTrayLSI.exe
"MMTray2K"=MMTray2k.exe
"MMTray"=MMTray.exe
"HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe"
"LManager"=c:\program files\Launch Manager\QtZgAcer.EXE
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" -lang 1033
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\apache\\Apache.exe"=
"c:\\Program Files\\BPFTP Server\\bpftpserver.exe"=
"\\\\HOME-A33F504FAD\\Hry\\hlds.exe"=
"c:\\Program Files\\Java\\jdk1.6.0\\jre\\bin\\java.exe"=
"c:\\WINDOWS\\System32\\java.exe"=
"c:\\Documents and Settings\\All Users\\Dokumenty\\Age ll na Pcdlo\\age2_x1.exe"=
"c:\\WINDOWS\\System32\\dplaysvr.exe"=
"c:\\WINDOWS\\System32\\dpnsvr.exe"=
"c:\\wamp\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"d:\\VILO\\iTunes.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jdk1.6.0\\bin\\java.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:WAR

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [5.12.2007 22:55:15 15424]
R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [1.1.1980 14336]
R2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [14.1.2005 15:57:16 4010]
R2 postgresql-8.3;PostgreSQL Server 8.3;C:/Program Files/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N "postgresql-8.3" -D "C:/Program Files/PostgreSQL/8.3/data" -w --> C:/Program Files/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N postgresql-8.3 [?]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19:58 13592]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [6.4.2009 0:11:07 69120]
S2 PHPGeekUtil;PHPGeekUtil;c:\apache\Apache.exe [25.1.2002 5:30:52 20480]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S3 cglptnt;cglptnt;c:\totalcmd\CGLPTNT.SYS [24.10.2008 13:00:26 7888]
S3 ComFiltr;Panda Anti-Dialer;\??\c:\windows\system32\DRIVERS\COMFiltr.sys --> c:\windows\system32\DRIVERS\COMFiltr.sys [?]
S3 PAC207;Trust WB-1300N Webcam Live;c:\windows\system32\drivers\PFC027.SYS [27.9.2008 17:44:51 618112]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23.9.2005 7:01:16 2799808]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-4-7-11-100004630-100022791-100022661-4411.com c:\
\Shell\Open\command - RECYCLER\S-4-7-11-100004630-100022791-100022661-4411.com c:\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-4-7-11-100004630-100022791-100022661-4411.com d:\
\Shell\Open\command - RECYCLER\S-4-7-11-100004630-100022791-100022661-4411.com d:\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4885f24-152e-11dd-81e0-00c09fb4211b}]
\Shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b10ae15f-9371-11da-a5f7-00c09fb4211b}]
\Shell\AutoRun\command - G:\Autorun.exe
.
Obsah adresáře 'Naplánované úlohy'

2009-04-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{4F5A21A5-E1C2-48D9-A80D-E64C9C5561B5} - (no file)
HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
Notify-rqrpqop - rqrpqop.dll
Notify-sstqn - (no file)


.
------- Doplňkový sken -------
.
uStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 134.226.52.35:3124
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.14\AMVConverter\grab.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.14\MediaManager\grab.html
LSP: imon.dll
Trusted Zone: billingnow.com
Trusted Zone: reliablestats.com
Trusted Zone: winantispyware.com
Trusted Zone: winantivirus.com
Trusted Zone: winantiviruspro.com
Trusted Zone: winfixer.com
Trusted Zone: winnanny.com
Trusted Zone: winsoftware.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
------- Asociace souborů -------
.
JSEFile=Foobar
VBEFile=Foobar
VBSFile=Foobar
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-07 19:58:46
Windows 5.1.2600 Service Pack 2 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/apache/mysql/bin/mysqld-nt.exe"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.3]
"ImagePath"="C:/Program Files/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N \"postgresql-8.3\" -D \"C:/Program Files/PostgreSQL/8.3/data\" -w"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/apache/mysql/bin/mysqld-nt.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.3]
"ImagePath"="C:/Program Files/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N \"postgresql-8.3\" -D \"C:/Program Files/PostgreSQL/8.3/data\" -w"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1392033945-528894812-1738178572-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1392033945-528894812-1738178572-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7EB7D221-8300-EE6D-7CBB-B81FDF128E4F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iadgjpcdpcmdmpaapd"=hex:6c,61,61,62,6f,62,61,61,6a,69,61,66,69,69,68,6f,63,62,
65,63,66,6b,63,6f,00,87
"hanhpmdkobhnmgdn"=hex:6c,61,61,62,68,61,66,6f,6a,70,64,6b,6d,70,6e,6b,68,62,
68,6d,65,63,6f,65,00,87

[HKEY_USERS\S-1-5-21-1392033945-528894812-1738178572-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:db,fb,4d,01,ec,db,ab,7d,f5,f2,11,aa,64,e3,c2,e3,dd,1d,08,11,5a,42,04,
43,6d,d5,a1,0c,dc,f9,15,ee,1f,25,4b,ae,2c,34,3e,7e,1d,1f,2a,78,a9,6d,62,d6,\
"??"=hex:9f,e2,f9,02,30,3b,0a,bd,70,5e,2f,dd,a3,54,e2,46

[HKEY_LOCAL_MACHINE\software\Classes\.bcp\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKEY_LOCAL_MACHINE\software\Classes\.cc\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKEY_LOCAL_MACHINE\software\Classes\.cod\PersistentHandler]
@DACL=(02 0000)
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKEY_LOCAL_MACHINE\software\Classes\.doc\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKEY_LOCAL_MACHINE\software\Classes\.dot\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKEY_LOCAL_MACHINE\software\Classes\.dsp\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKEY_LOCAL_MACHINE\software\Classes\.dsw\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKEY_LOCAL_MACHINE\software\Classes\.i\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKEY_LOCAL_MACHINE\software\Classes\.inl\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKEY_LOCAL_MACHINE\software\Classes\.lst\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKEY_LOCAL_MACHINE\software\Classes\.mak\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKEY_LOCAL_MACHINE\software\Classes\.mk\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKEY_LOCAL_MACHINE\software\Classes\.odh\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKEY_LOCAL_MACHINE\software\Classes\.odl\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKEY_LOCAL_MACHINE\software\Classes\.pot\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKEY_LOCAL_MACHINE\software\Classes\.pps\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKEY_LOCAL_MACHINE\software\Classes\.ppt\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKEY_LOCAL_MACHINE\software\Classes\.rc2\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKEY_LOCAL_MACHINE\software\Classes\.rct\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKEY_LOCAL_MACHINE\software\Classes\.rgs\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKEY_LOCAL_MACHINE\software\Classes\.rtf\PersistentHandler]
@DACL=(02 0000)
@="{2e2294a9-50d7-4fe7-a09f-e6492e185884}"

[HKEY_LOCAL_MACHINE\software\Classes\.s\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKEY_LOCAL_MACHINE\software\Classes\.srf\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKEY_LOCAL_MACHINE\software\Classes\.tlh\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKEY_LOCAL_MACHINE\software\Classes\.tli\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKEY_LOCAL_MACHINE\software\Classes\.vcproj\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKEY_LOCAL_MACHINE\software\Classes\.xlb\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKEY_LOCAL_MACHINE\software\Classes\.xlc\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKEY_LOCAL_MACHINE\software\Classes\.xls\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKEY_LOCAL_MACHINE\software\Classes\.xlt\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKEY_LOCAL_MACHINE\software\Classes\.xsd\PersistentHandler]
@DACL=(02 0000)
@="{7E9D8D44-6926-426F-AA2B-217A819A5CCE}"

[HKEY_LOCAL_MACHINE\software\Classes\.xslt\PersistentHandler]
@DACL=(02 0000)
@="{7E9D8D44-6926-426F-AA2B-217A819A5CCE}"

[HKEY_LOCAL_MACHINE\software\Classes\mapi\Shell]
@DACL=(02 0000)
@=""
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(772)
c:\windows\system32\imon.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\acer\EMANAGER\ANBMSERV.EXE
c:\program files\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
c:\program files\MICROSOFT SQL SERVER\MSSQL.1\MSSQL\BINN\SQLSERVR.EXE
c:\program files\ESET\NOD32KRN.EXE
c:\program files\POSTGRESQL\8.3\BIN\PG_CTL.EXE
c:\windows\SYSTEM32\WDFMGR.EXE
c:\program files\POSTGRESQL\8.3\BIN\POSTGRES.EXE
c:\windows\SYSTEM32\SEARCHINDEXER.EXE
c:\program files\POSTGRESQL\8.3\BIN\POSTGRES.EXE
c:\program files\POSTGRESQL\8.3\BIN\POSTGRES.EXE
c:\program files\POSTGRESQL\8.3\BIN\POSTGRES.EXE
c:\program files\POSTGRESQL\8.3\BIN\POSTGRES.EXE
c:\program files\POSTGRESQL\8.3\BIN\POSTGRES.EXE
c:\windows\system32\rundll32.exe
c:\program files\acer\eRecovery\Monitor.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Celkový čas: 2009-04-07 20:06:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-04-07 18:06:24

Před spuštěním: 3 080 028 160
Po spuštění: 3,838,279,680

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
603 --- E O F --- 2009-04-07 18:02:07

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:05:44 PM

Posted 07 April 2009 - 04:00 PM

ComboFix logs should not to be posted or discussed outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic in the Am I Infected forum.
http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
Explain the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

This topic is now closed.
The BC Staff
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users