Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:44:37, on 11.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
D:\programs\AusLogics BoostSpeed\boostspeed.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ipszmlal] rundll32.exe "C:\Program Files\ipszmlal\ebofsbeh.dll",Init
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BoostSpeed] "D:\programs\AusLogics BoostSpeed\boostspeed.exe" /Q
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\Programs\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programs\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programs\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programs\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programs\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programs\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 0881114963
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0881077219
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programs\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 8287 bytes
V posledni dobe mi pocitac dela takovou podivnou vec. Kdyz neco delam treba na netu nebo neco pisu ve wordu, tak se pravidelne asi po deseti minutach jakoby vsechno vypne a je videt pouze tapeta plochy a pak se zase vratim a pusobi to asi tak stejne jako kdyz po zapnuti pocitace najedu na plochu (blikne tam vystraha zabespeceni systemu windows a tak) Za kazdou radu moc dik
Prosim o kontrolu logu
Použij ComboFix:
Stáhni si ComboFix, ulož ho na plochu zavři všechna spuštěná okna a spusť ho.
Postupuj dle pokynů během aplikování ComboFixu neklikej do zobrazujícího se okna může se stát totiž že to proces zastaví.
Je možné, že se počítač restartuje znamená to, že ComboFix našel škodlivé soubory, a aby je smazal tak je nutný restart.
Po skončení se vytvoří log tak sem zkopíruj jeho obsah.
Jinak je ComboFixův log umístěný na C:\ComboFix.txt
Stáhni si ComboFix, ulož ho na plochu zavři všechna spuštěná okna a spusť ho.
Postupuj dle pokynů během aplikování ComboFixu neklikej do zobrazujícího se okna může se stát totiž že to proces zastaví.
Je možné, že se počítač restartuje znamená to, že ComboFix našel škodlivé soubory, a aby je smazal tak je nutný restart.
Po skončení se vytvoří log tak sem zkopíruj jeho obsah.
Jinak je ComboFixův log umístěný na C:\ComboFix.txt
tady to je a behem provadeni se pocitac restartoval
C:\Documents and Settings\Zbyšek Hamrla\Dokumenty\MCROSO~1.NET
C:\Documents and Settings\Zbyšek Hamrla\Dokumenty\SKS~1
C:\Program Files\Common Files\Yazzle1488OinUninstaller.exe
C:\Program Files\ipszmlal
C:\Program Files\ipszmlal\ebofsbeh.dll
C:\WINDOWS\bonrep.dll
C:\WINDOWS\dat.txt
C:\WINDOWS\neobus.dll
C:\WINDOWS\system32\gjkkj.ini
C:\WINDOWS\system32\gjkkj.ini2
C:\WINDOWS\system32\hlvbfwoq
C:\WINDOWS\system32\hlvbfwoq\bg1.gif
C:\WINDOWS\system32\hlvbfwoq\bgtop.gif
C:\WINDOWS\system32\hlvbfwoq\bottom1.gif
C:\WINDOWS\system32\hlvbfwoq\essentials.gif
C:\WINDOWS\system32\hlvbfwoq\hlvbfwoq1.exe
C:\WINDOWS\system32\hlvbfwoq\hlvbfwoq2.exe
C:\WINDOWS\system32\hlvbfwoq\hlvbfwoq3.exe
C:\WINDOWS\system32\hlvbfwoq\icon1.ico
C:\WINDOWS\system32\hlvbfwoq\install1.gif
C:\WINDOWS\system32\hlvbfwoq\left1.gif
C:\WINDOWS\system32\hlvbfwoq\li.gif
C:\WINDOWS\system32\hlvbfwoq\logo.gif
C:\WINDOWS\system32\hlvbfwoq\main.htm
C:\WINDOWS\system32\hlvbfwoq\mainframe.htm
C:\WINDOWS\system32\hlvbfwoq\reinstall1.gif
C:\WINDOWS\system32\hlvbfwoq\right1.gif
C:\WINDOWS\system32\hlvbfwoq\s1.htm
C:\WINDOWS\system32\hlvbfwoq\s2.htm
C:\WINDOWS\system32\hlvbfwoq\s3.htm
C:\WINDOWS\system32\hlvbfwoq\SMTop1.gif
C:\WINDOWS\system32\hlvbfwoq\SMTop2.gif
C:\WINDOWS\system32\hlvbfwoq\SMTop3.gif
C:\WINDOWS\system32\hlvbfwoq\SMTop4.gif
C:\WINDOWS\system32\hlvbfwoq\soft1_off.gif
C:\WINDOWS\system32\hlvbfwoq\soft1_off_ext.gif
C:\WINDOWS\system32\hlvbfwoq\soft1_on.gif
C:\WINDOWS\system32\hlvbfwoq\soft1_on_ext.gif
C:\WINDOWS\system32\hlvbfwoq\soft2_off.gif
C:\WINDOWS\system32\hlvbfwoq\soft2_off_ext.gif
C:\WINDOWS\system32\hlvbfwoq\soft2_on.gif
C:\WINDOWS\system32\hlvbfwoq\soft2_on_ext.gif
C:\WINDOWS\system32\hlvbfwoq\soft3_off.gif
C:\WINDOWS\system32\hlvbfwoq\soft3_off_ext.gif
C:\WINDOWS\system32\hlvbfwoq\soft3_on.gif
C:\WINDOWS\system32\hlvbfwoq\soft3_on_ext.gif
C:\WINDOWS\system32\hlvbfwoq\softbottom_off.gif
C:\WINDOWS\system32\hlvbfwoq\softbottom_on.gif
C:\WINDOWS\system32\hlvbfwoq\softleft_off.gif
C:\WINDOWS\system32\hlvbfwoq\softleft_on.gif
C:\WINDOWS\system32\hlvbfwoq\top1.gif
C:\WINDOWS\system32\hlvbfwoq\top2.gif
C:\WINDOWS\system32\hlvbfwoq\turnoff1.gif
C:\WINDOWS\system32\hlvbfwoq\turnon1.gif
C:\WINDOWS\system32\opnolll.dll
C:\WINDOWS\system32\ssqnkjk.dll
C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\uttss.ini
C:\WINDOWS\system32\uttss.ini2
C:\WINDOWS\system32\winymp32.dll
C:\WINDOWS\system32\wycdd.ini
C:\WINDOWS\system32\wycdd.ini2
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\nm
((((((((((((((((((((((((( Files Created from 2007-11-12 to 2007-12-12 )))))))))))))))))))))))))))))))
.
2007-12-11 21:28 . 2007-12-11 21:28 73 --a------ C:\WINDOWS\EurekaLog.ini
2007-12-11 20:44 . 2007-12-11 20:44 <DIR> d-------- C:\Program Files\Tomb Raider - Legend Demo
2007-12-11 19:47 . 2007-12-11 19:47 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-12-11 19:38 . 2007-12-11 20:44 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-12-11 18:20 . 2007-12-11 18:20 <DIR> d-------- C:\[PC GAME - ITA] Doom 3 Resurrection of Evil + patch + crack (N3m3sIs)
2007-12-11 17:28 . 2007-12-11 19:37 <DIR> d-------- C:\Program Files\Doom 3
2007-12-11 17:19 . 2007-12-11 17:19 <DIR> d-------- C:\Program Files\Pgbqebta
2007-12-11 15:37 . 2007-12-11 15:37 <DIR> d-------- C:\Program Files\Midway Games
2007-12-11 15:09 . 2007-12-11 15:11 <DIR> d-------- C:\Program Files\Aquadelic GT
2007-12-08 21:58 . 2007-12-08 21:58 <DIR> d-------- C:\Program Files\Playlogic
2007-12-07 20:53 . 2007-12-08 09:33 <DIR> d-------- C:\Ewa Farna - 2007 Ticho
2007-12-05 12:39 . 2007-12-08 21:26 <DIR> d-------- C:\Program Files\Pariah
2007-12-02 23:32 . 2007-12-05 16:09 464,609,034 --a------ C:\Exploited Black Teens - Dejia.AVI
2007-12-02 21:35 . 2007-12-05 12:36 <DIR> d-------- C:\Program Files\Pariah Singleplayer Demo
2007-12-02 17:03 . 2007-12-02 17:06 <DIR> d-------- C:\Program Files\AllToAVI
2007-12-02 16:58 . 2007-12-02 17:02 26,453,613 --a------ C:\AllToAVI_v4_r5394_Setup.exe
2007-11-28 20:14 . 2007-11-29 02:36 475,212,082 --a------ C:\Exploited Black Teens - Baby Doll.mpg
2007-11-27 17:55 . 2007-11-27 17:55 <DIR> d-------- C:\Program Files\Ubisoft
2007-11-27 17:52 . 2007-11-27 17:56 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-11-27 16:40 . 2007-11-17 00:03 996,485,120 --a------ C:\HAMILTONOVI-2006.avi
2007-11-26 20:36 . 2007-11-26 20:36 1 --a------ C:\WINDOWS\system32\SI.bin
2007-11-25 16:15 . 2007-11-25 16:18 10,014,037 --a------ C:\vty-0122.7z
2007-11-23 17:31 . 2007-11-23 17:31 0 --a------ C:\temp.dat
2007-11-21 12:46 . 2007-11-23 00:50 604 --------- C:\WINDOWS\Sof2.INI
2007-11-20 20:44 . 2007-11-20 20:44 <DIR> d-------- C:\Program Files\GameSpy
2007-11-20 20:43 . 2007-11-20 20:43 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2007-11-20 20:43 . 2007-11-20 20:43 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-11-20 20:43 . 2007-11-20 20:43 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-11-20 20:43 . 2007-11-20 20:43 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-17 21:14 . 2007-11-17 21:14 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-17 00:21 . 2007-11-17 00:21 <DIR> d-------- C:\Program Files\Alwil Software
2007-11-17 00:21 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-17 00:21 . 2004-01-09 11:13 380,928 --a--c--- C:\WINDOWS\system32\actskin4.ocx
2007-11-17 00:21 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-17 00:21 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-17 00:21 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-17 00:21 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-17 00:21 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-17 00:21 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-16 10:55 . 2007-11-16 10:55 <DIR> d-------- C:\Program Files\Activision Value
2007-11-15 12:35 . 2007-11-17 21:11 <DIR> d-------- C:\Program Files\ConnectionServices
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 18:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-29 22:57 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-27 15:57 --------- d-----w C:\Program Files\GameShadow
2007-11-18 20:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-18 20:01 --------- d-----w C:\Program Files\AGEIA Technologies
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 21:06 --------- d-----w C:\Program Files\OpenAL
2007-11-09 12:21 --------- d-----w C:\Program Files\Winamp
2007-11-09 09:11 294,912 ----a-w C:\WINDOWS\ipwypwpk.dll
2007-11-09 09:11 143,360 ----a-w C:\WINDOWS\qdertu.exe
2007-11-08 23:54 --------- d-----w C:\Program Files\Funcom
2007-11-07 09:25 --------- d-----w C:\Program Files\Java
2007-11-06 14:26 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-06 11:06 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2007-11-05 22:22 --------- d-----w C:\Program Files\directx
2007-11-04 14:38 --------- d-----w C:\Program Files\Lavalys
2007-11-03 18:11 --------- d-----w C:\Program Files\PowerISO
2007-10-30 22:03 --------- d-----w C:\Program Files\PFConfig
2007-10-30 00:29 --------- d-----w C:\Program Files\uTorrent
2007-10-27 09:47 --------- d-----w C:\Program Files\GamePark
2007-10-24 21:58 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-23 11:20 --------- d-----w C:\Program Files\Winamp Toolbar
2007-10-23 11:19 --------- d-----w C:\Program Files\Winamp Remote
2007-10-18 08:47 --------- d--h--w C:\Program Files\Zero G Registry
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 13:00]
"Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe" [2007-06-29 15:03]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16]
"BoostSpeed"="D:\programs\AusLogics BoostSpeed\boostspeed.exe" [2007-03-30 13:22]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAShCut.exe" [2005-01-07 16:07 C:\WINDOWS\system32\HdAShCut.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-18 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-05-03 18:21 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RunDLL32.exe" [2004-08-18 13:00 C:\WINDOWS\system32\rundll32.exe]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-03-18 03:24]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-12-11 19:46]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 13:00]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Zbyšek Hamrla^Nabídka Start^Programy^Po spuštění^UltimateZip Quick Start.lnk]
backup=C:\WINDOWS\pss\UltimateZip Quick Start.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
D:\Programs\DAEMON Tools\daemon.exe -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DaemonTools_WhenUSave_Installer]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 --a--c--- D:\Programs\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
D:\Programs\ICQ6\ICQ.exe silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
D:\Programs\ICQLite\ICQLite.exe -minimize
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2007-11-02 13:39 2778112 --a------ D:\programs\Spyware Terminator\SpywareTerminatorShield.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-05-24 15:25 171448 --a--c--- C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-02-13 19:29 35328 --a--c--- C:\Program Files\Winamp\winampa.exe
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
S3 ProtoWall;ProtoWall Defender;C:\WINDOWS\system32\DRIVERS\ProtoWall.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-12-07 16:15:01 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- D:\Programs\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-12 11:33:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-12 11:35:01 - machine was rebooted
C:\Documents and Settings\Zbyšek Hamrla\Dokumenty\MCROSO~1.NET
C:\Documents and Settings\Zbyšek Hamrla\Dokumenty\SKS~1
C:\Program Files\Common Files\Yazzle1488OinUninstaller.exe
C:\Program Files\ipszmlal
C:\Program Files\ipszmlal\ebofsbeh.dll
C:\WINDOWS\bonrep.dll
C:\WINDOWS\dat.txt
C:\WINDOWS\neobus.dll
C:\WINDOWS\system32\gjkkj.ini
C:\WINDOWS\system32\gjkkj.ini2
C:\WINDOWS\system32\hlvbfwoq
C:\WINDOWS\system32\hlvbfwoq\bg1.gif
C:\WINDOWS\system32\hlvbfwoq\bgtop.gif
C:\WINDOWS\system32\hlvbfwoq\bottom1.gif
C:\WINDOWS\system32\hlvbfwoq\essentials.gif
C:\WINDOWS\system32\hlvbfwoq\hlvbfwoq1.exe
C:\WINDOWS\system32\hlvbfwoq\hlvbfwoq2.exe
C:\WINDOWS\system32\hlvbfwoq\hlvbfwoq3.exe
C:\WINDOWS\system32\hlvbfwoq\icon1.ico
C:\WINDOWS\system32\hlvbfwoq\install1.gif
C:\WINDOWS\system32\hlvbfwoq\left1.gif
C:\WINDOWS\system32\hlvbfwoq\li.gif
C:\WINDOWS\system32\hlvbfwoq\logo.gif
C:\WINDOWS\system32\hlvbfwoq\main.htm
C:\WINDOWS\system32\hlvbfwoq\mainframe.htm
C:\WINDOWS\system32\hlvbfwoq\reinstall1.gif
C:\WINDOWS\system32\hlvbfwoq\right1.gif
C:\WINDOWS\system32\hlvbfwoq\s1.htm
C:\WINDOWS\system32\hlvbfwoq\s2.htm
C:\WINDOWS\system32\hlvbfwoq\s3.htm
C:\WINDOWS\system32\hlvbfwoq\SMTop1.gif
C:\WINDOWS\system32\hlvbfwoq\SMTop2.gif
C:\WINDOWS\system32\hlvbfwoq\SMTop3.gif
C:\WINDOWS\system32\hlvbfwoq\SMTop4.gif
C:\WINDOWS\system32\hlvbfwoq\soft1_off.gif
C:\WINDOWS\system32\hlvbfwoq\soft1_off_ext.gif
C:\WINDOWS\system32\hlvbfwoq\soft1_on.gif
C:\WINDOWS\system32\hlvbfwoq\soft1_on_ext.gif
C:\WINDOWS\system32\hlvbfwoq\soft2_off.gif
C:\WINDOWS\system32\hlvbfwoq\soft2_off_ext.gif
C:\WINDOWS\system32\hlvbfwoq\soft2_on.gif
C:\WINDOWS\system32\hlvbfwoq\soft2_on_ext.gif
C:\WINDOWS\system32\hlvbfwoq\soft3_off.gif
C:\WINDOWS\system32\hlvbfwoq\soft3_off_ext.gif
C:\WINDOWS\system32\hlvbfwoq\soft3_on.gif
C:\WINDOWS\system32\hlvbfwoq\soft3_on_ext.gif
C:\WINDOWS\system32\hlvbfwoq\softbottom_off.gif
C:\WINDOWS\system32\hlvbfwoq\softbottom_on.gif
C:\WINDOWS\system32\hlvbfwoq\softleft_off.gif
C:\WINDOWS\system32\hlvbfwoq\softleft_on.gif
C:\WINDOWS\system32\hlvbfwoq\top1.gif
C:\WINDOWS\system32\hlvbfwoq\top2.gif
C:\WINDOWS\system32\hlvbfwoq\turnoff1.gif
C:\WINDOWS\system32\hlvbfwoq\turnon1.gif
C:\WINDOWS\system32\opnolll.dll
C:\WINDOWS\system32\ssqnkjk.dll
C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\uttss.ini
C:\WINDOWS\system32\uttss.ini2
C:\WINDOWS\system32\winymp32.dll
C:\WINDOWS\system32\wycdd.ini
C:\WINDOWS\system32\wycdd.ini2
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\nm
((((((((((((((((((((((((( Files Created from 2007-11-12 to 2007-12-12 )))))))))))))))))))))))))))))))
.
2007-12-11 21:28 . 2007-12-11 21:28 73 --a------ C:\WINDOWS\EurekaLog.ini
2007-12-11 20:44 . 2007-12-11 20:44 <DIR> d-------- C:\Program Files\Tomb Raider - Legend Demo
2007-12-11 19:47 . 2007-12-11 19:47 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-12-11 19:38 . 2007-12-11 20:44 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-12-11 18:20 . 2007-12-11 18:20 <DIR> d-------- C:\[PC GAME - ITA] Doom 3 Resurrection of Evil + patch + crack (N3m3sIs)
2007-12-11 17:28 . 2007-12-11 19:37 <DIR> d-------- C:\Program Files\Doom 3
2007-12-11 17:19 . 2007-12-11 17:19 <DIR> d-------- C:\Program Files\Pgbqebta
2007-12-11 15:37 . 2007-12-11 15:37 <DIR> d-------- C:\Program Files\Midway Games
2007-12-11 15:09 . 2007-12-11 15:11 <DIR> d-------- C:\Program Files\Aquadelic GT
2007-12-08 21:58 . 2007-12-08 21:58 <DIR> d-------- C:\Program Files\Playlogic
2007-12-07 20:53 . 2007-12-08 09:33 <DIR> d-------- C:\Ewa Farna - 2007 Ticho
2007-12-05 12:39 . 2007-12-08 21:26 <DIR> d-------- C:\Program Files\Pariah
2007-12-02 23:32 . 2007-12-05 16:09 464,609,034 --a------ C:\Exploited Black Teens - Dejia.AVI
2007-12-02 21:35 . 2007-12-05 12:36 <DIR> d-------- C:\Program Files\Pariah Singleplayer Demo
2007-12-02 17:03 . 2007-12-02 17:06 <DIR> d-------- C:\Program Files\AllToAVI
2007-12-02 16:58 . 2007-12-02 17:02 26,453,613 --a------ C:\AllToAVI_v4_r5394_Setup.exe
2007-11-28 20:14 . 2007-11-29 02:36 475,212,082 --a------ C:\Exploited Black Teens - Baby Doll.mpg
2007-11-27 17:55 . 2007-11-27 17:55 <DIR> d-------- C:\Program Files\Ubisoft
2007-11-27 17:52 . 2007-11-27 17:56 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-11-27 16:40 . 2007-11-17 00:03 996,485,120 --a------ C:\HAMILTONOVI-2006.avi
2007-11-26 20:36 . 2007-11-26 20:36 1 --a------ C:\WINDOWS\system32\SI.bin
2007-11-25 16:15 . 2007-11-25 16:18 10,014,037 --a------ C:\vty-0122.7z
2007-11-23 17:31 . 2007-11-23 17:31 0 --a------ C:\temp.dat
2007-11-21 12:46 . 2007-11-23 00:50 604 --------- C:\WINDOWS\Sof2.INI
2007-11-20 20:44 . 2007-11-20 20:44 <DIR> d-------- C:\Program Files\GameSpy
2007-11-20 20:43 . 2007-11-20 20:43 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2007-11-20 20:43 . 2007-11-20 20:43 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-11-20 20:43 . 2007-11-20 20:43 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-11-20 20:43 . 2007-11-20 20:43 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-17 21:14 . 2007-11-17 21:14 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-17 00:21 . 2007-11-17 00:21 <DIR> d-------- C:\Program Files\Alwil Software
2007-11-17 00:21 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-17 00:21 . 2004-01-09 11:13 380,928 --a--c--- C:\WINDOWS\system32\actskin4.ocx
2007-11-17 00:21 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-17 00:21 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-17 00:21 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-17 00:21 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-17 00:21 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-17 00:21 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-16 10:55 . 2007-11-16 10:55 <DIR> d-------- C:\Program Files\Activision Value
2007-11-15 12:35 . 2007-11-17 21:11 <DIR> d-------- C:\Program Files\ConnectionServices
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 18:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-29 22:57 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-27 15:57 --------- d-----w C:\Program Files\GameShadow
2007-11-18 20:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-18 20:01 --------- d-----w C:\Program Files\AGEIA Technologies
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 21:06 --------- d-----w C:\Program Files\OpenAL
2007-11-09 12:21 --------- d-----w C:\Program Files\Winamp
2007-11-09 09:11 294,912 ----a-w C:\WINDOWS\ipwypwpk.dll
2007-11-09 09:11 143,360 ----a-w C:\WINDOWS\qdertu.exe
2007-11-08 23:54 --------- d-----w C:\Program Files\Funcom
2007-11-07 09:25 --------- d-----w C:\Program Files\Java
2007-11-06 14:26 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-06 11:06 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2007-11-05 22:22 --------- d-----w C:\Program Files\directx
2007-11-04 14:38 --------- d-----w C:\Program Files\Lavalys
2007-11-03 18:11 --------- d-----w C:\Program Files\PowerISO
2007-10-30 22:03 --------- d-----w C:\Program Files\PFConfig
2007-10-30 00:29 --------- d-----w C:\Program Files\uTorrent
2007-10-27 09:47 --------- d-----w C:\Program Files\GamePark
2007-10-24 21:58 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-23 11:20 --------- d-----w C:\Program Files\Winamp Toolbar
2007-10-23 11:19 --------- d-----w C:\Program Files\Winamp Remote
2007-10-18 08:47 --------- d--h--w C:\Program Files\Zero G Registry
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 13:00]
"Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe" [2007-06-29 15:03]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16]
"BoostSpeed"="D:\programs\AusLogics BoostSpeed\boostspeed.exe" [2007-03-30 13:22]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAShCut.exe" [2005-01-07 16:07 C:\WINDOWS\system32\HdAShCut.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-18 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-05-03 18:21 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RunDLL32.exe" [2004-08-18 13:00 C:\WINDOWS\system32\rundll32.exe]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-03-18 03:24]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-12-11 19:46]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 13:00]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Zbyšek Hamrla^Nabídka Start^Programy^Po spuštění^UltimateZip Quick Start.lnk]
backup=C:\WINDOWS\pss\UltimateZip Quick Start.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
D:\Programs\DAEMON Tools\daemon.exe -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DaemonTools_WhenUSave_Installer]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 --a--c--- D:\Programs\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
D:\Programs\ICQ6\ICQ.exe silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
D:\Programs\ICQLite\ICQLite.exe -minimize
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2007-11-02 13:39 2778112 --a------ D:\programs\Spyware Terminator\SpywareTerminatorShield.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-05-24 15:25 171448 --a--c--- C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-02-13 19:29 35328 --a--c--- C:\Program Files\Winamp\winampa.exe
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
S3 ProtoWall;ProtoWall Defender;C:\WINDOWS\system32\DRIVERS\ProtoWall.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-12-07 16:15:01 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- D:\Programs\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-12 11:33:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-12 11:35:01 - machine was rebooted
Při této akci je nutné mít ComboFix na ploše, již by jsi ho tam měl mít.
Spusť Notepad (Poznámkový blok) a vlož do něj text z bílého políčka:
Pak dej Soubor (File) -> Uložit jako (Save As) -> jak je Název souboru (File name) tak do toho řádku napiš: CFScript.txt
Typ souboru (Save as type) tak tam vyber *všechny soubory (*all files)
A ulož ho na plochu.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix a když se oba soubory překryjí, skript upusť.
ComboFix se automaticky spustí.
A vlož sem log který se ti objeví po skončení operace.
Tyto soubory nechej otestovat na Virustotalu (trošku se však změnil design stránky):
C:\WINDOWS\Sof2.INI
A zkopíruj sem výsledek.
Spusť Notepad (Poznámkový blok) a vlož do něj text z bílého políčka:
Kód: Vybrat vše
DirLook::
C:\Program Files\Pgbqebta
File::
C:\temp.dat
C:\WINDOWS\ipwypwpk.dll
C:\WINDOWS\qdertu.exePak dej Soubor (File) -> Uložit jako (Save As) -> jak je Název souboru (File name) tak do toho řádku napiš: CFScript.txt
Typ souboru (Save as type) tak tam vyber *všechny soubory (*all files)
A ulož ho na plochu.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix a když se oba soubory překryjí, skript upusť.
ComboFix se automaticky spustí.
A vlož sem log který se ti objeví po skončení operace.
Tyto soubory nechej otestovat na Virustotalu (trošku se však změnil design stránky):
C:\WINDOWS\Sof2.INI
A zkopíruj sem výsledek.
tady je ten log
FILE
C:\temp.dat
C:\WINDOWS\ipwypwpk.dll
C:\WINDOWS\qdertu.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\temp.dat
C:\WINDOWS\ipwypwpk.dll
C:\WINDOWS\qdertu.exe
.
((((((((((((((((((((((((( Files Created from 2007-11-12 to 2007-12-12 )))))))))))))))))))))))))))))))
.
2007-12-12 18:02 . 2007-12-12 18:05 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2007-12-12 17:57 . 2007-12-12 17:59 <DIR> d-------- C:\Your Uninstaller! PRO 2008 6.1.1233
2007-12-12 15:43 . 2007-12-12 19:35 <DIR> d-------- C:\Infernal [English][PCDVD][WwW.GamesTorrents.CoM]
2007-12-12 15:33 . 2007-12-12 15:34 <DIR> d-------- C:\WINDOWS\LastGood
2007-12-12 15:31 . 2007-12-12 15:31 <DIR> d-------- C:\infernal_demo
2007-12-12 12:11 . 2007-12-12 16:20 <DIR> d-------- C:\Doom 3 DVD + Resurrection of Evil Expansion Pack
2007-12-11 21:28 . 2007-12-11 21:28 73 --a------ C:\WINDOWS\EurekaLog.ini
2007-12-11 19:47 . 2007-12-12 11:39 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-12-11 19:38 . 2007-12-12 11:39 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-12-11 19:38 . 2007-12-12 11:39 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2007-12-11 17:19 . 2007-12-11 17:19 <DIR> d-------- C:\Program Files\Pgbqebta
2007-12-11 15:37 . 2007-12-11 15:37 <DIR> d-------- C:\Program Files\Midway Games
2007-12-08 21:58 . 2007-12-12 15:32 <DIR> d-------- C:\Program Files\Playlogic
2007-12-07 20:53 . 2007-12-08 09:33 <DIR> d-------- C:\Ewa Farna - 2007 Ticho
2007-12-05 12:39 . 2007-12-08 21:26 <DIR> d-------- C:\Program Files\Pariah
2007-12-02 23:32 . 2007-12-05 16:09 464,609,034 --a------ C:\Exploited Black Teens - Dejia.AVI
2007-12-02 17:03 . 2007-12-02 17:06 <DIR> d-------- C:\Program Files\AllToAVI
2007-12-02 16:58 . 2007-12-02 17:02 26,453,613 --a------ C:\AllToAVI_v4_r5394_Setup.exe
2007-11-29 15:06 . 2007-11-29 15:15 <DIR> d-------- C:\Documents and Settings\Zbyšek Hamrla\Data aplikací\GetRightToGo
2007-11-28 20:14 . 2007-11-29 02:36 475,212,082 --a------ C:\Exploited Black Teens - Baby Doll.mpg
2007-11-27 17:55 . 2007-11-27 17:55 <DIR> d-------- C:\Program Files\Ubisoft
2007-11-27 17:52 . 2007-11-27 17:56 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-11-27 16:17 . 2007-11-27 16:17 1 --a------ C:\Documents and Settings\Zbyšek Hamrla\SI.bin
2007-11-27 16:17 . 2007-11-27 16:17 1 --a------ C:\Documents and Settings\Zbyšek Hamrla\SI.bin
2007-11-26 20:36 . 2007-11-26 20:36 1 --a------ C:\WINDOWS\system32\SI.bin
2007-11-25 16:15 . 2007-11-25 16:18 10,014,037 --a------ C:\vty-0122.7z
2007-11-24 13:14 . 2007-11-26 21:26 <DIR> d-------- C:\Documents and Settings\Zbyšek Hamrla\Data aplikací\IDM
2007-11-24 13:14 . 2007-11-26 21:08 <DIR> d-------- C:\Documents and Settings\Zbyšek Hamrla\Data aplikací\DMCache
2007-11-21 12:46 . 2007-11-23 00:50 604 --------- C:\WINDOWS\Sof2.INI
2007-11-20 20:44 . 2007-11-20 20:44 <DIR> d-------- C:\Program Files\GameSpy
2007-11-20 20:43 . 2007-11-20 20:43 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2007-11-20 20:43 . 2007-11-20 20:43 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-11-20 20:43 . 2007-11-20 20:43 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-11-20 20:43 . 2007-11-20 20:43 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-20 20:43 . 2007-11-20 20:43 22,328 --a------ C:\Documents and Settings\Zbyšek Hamrla\Data aplikací\PnkBstrK.sys
2007-11-18 21:20 . 2007-11-18 21:20 <DIR> d-------- C:\Documents and Settings\Zbyšek Hamrla\Data aplikací\BitSpirit
2007-11-17 21:14 . 2007-11-17 21:14 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-17 00:21 . 2007-11-17 00:21 <DIR> d-------- C:\Program Files\Alwil Software
2007-11-17 00:21 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-17 00:21 . 2004-01-09 11:13 380,928 --a--c--- C:\WINDOWS\system32\actskin4.ocx
2007-11-17 00:21 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-17 00:21 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-17 00:21 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-17 00:21 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-17 00:21 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-17 00:21 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-16 10:55 . 2007-11-16 10:55 <DIR> d-------- C:\Program Files\Activision Value
2007-11-15 12:35 . 2007-11-17 21:11 <DIR> d-------- C:\Program Files\ConnectionServices
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-12 18:43 --------- d-----w C:\Documents and Settings\Zbyšek Hamrla\Data aplikací\uTorrent
2007-12-12 17:04 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2007-12-12 17:02 --------- d-----w C:\Documents and Settings\Zbyšek Hamrla\Data aplikací\URSoft
2007-12-12 14:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-12 10:35 --------- d-----w C:\Program Files\ICQToolbar
2007-12-11 18:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-11 14:19 --------- d-----w C:\Documents and Settings\Zbyšek Hamrla\Data aplikací\U3
2007-12-11 14:11 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-12-11 14:11 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-11-29 22:57 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-27 15:57 --------- d-----w C:\Program Files\GameShadow
2007-11-27 14:43 --------- d-----w C:\Documents and Settings\Zbyšek Hamrla\Data aplikací\InstallShield
2007-11-18 20:01 --------- d-----w C:\Program Files\AGEIA Technologies
2007-11-14 13:41 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 21:06 --------- d-----w C:\Program Files\OpenAL
2007-11-09 12:21 --------- d-----w C:\Program Files\Winamp
2007-11-08 23:54 --------- d-----w C:\Program Files\Funcom
2007-11-07 11:27 --------- d-----w C:\Documents and Settings\Zbyšek Hamrla\Data aplikací\Bioshock
2007-11-07 09:25 --------- d-----w C:\Program Files\Java
2007-11-06 14:26 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-06 11:06 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2007-11-05 22:22 --------- d-----w C:\Program Files\directx
2007-11-05 15:28 --------- d-----w C:\Documents and Settings\Zbyšek Hamrla\Data aplikací\DAEMON Tools Pro
2007-11-04 14:38 --------- d-----w C:\Program Files\Lavalys
2007-11-03 18:11 --------- d-----w C:\Program Files\PowerISO
2007-10-30 22:03 --------- d-----w C:\Program Files\PFConfig
2007-10-30 14:41 --------- d-----w C:\Documents and Settings\Zbyšek Hamrla\Data aplikací\Codemasters
2007-10-30 00:29 --------- d-----w C:\Program Files\uTorrent
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 09:47 --------- d-----w C:\Program Files\GamePark
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-24 22:04 --------- d-----w C:\Documents and Settings\Zbyšek Hamrla\Data aplikací\THQ
2007-10-24 22:02 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\InstallShield
2007-10-24 21:58 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-23 11:20 --------- d-----w C:\Program Files\Winamp Toolbar
2007-10-23 11:20 --------- d-----w C:\Documents and Settings\Zbyšek Hamrla\Data aplikací\Winamp
2007-10-23 11:20 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar
2007-10-23 11:19 --------- d-----w C:\Program Files\Winamp Remote
2007-10-23 11:19 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\OrbNetworks
2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-20 21:09 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\nView_Profiles
2007-10-18 08:48 36,864 ----a-w C:\WINDOWS\system32\maplec.dll
2007-10-18 08:48 147,456 ----a-w C:\WINDOWS\system32\WMIMPLEX.dll
2007-10-18 08:47 --------- d--h--w C:\Program Files\Zero G Registry
2007-10-16 11:25 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\TuneUp Software
2007-10-16 10:48 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\URSoft
2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-05 18:22 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-02 08:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll
2007-09-14 04:21 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll
2007-09-13 07:45 70,944 -c--a-w C:\WINDOWS\system32\PhysXLoader.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Program Files\Pgbqebta ----
((((((((((((((((((((((((((((( snapshot@2007-12-12_11.34.23.63 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-27 17:09:07 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2007-12-12 14:34:30 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2007-11-27 17:09:07 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2007-12-12 14:34:30 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2007-11-27 17:09:08 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2007-12-12 14:34:30 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2007-11-27 17:09:03 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-12 14:34:16 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-11-27 17:09:04 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-12 14:34:17 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-11-27 17:09:04 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-12 14:34:18 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-11-27 17:09:05 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-12 14:34:18 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-11-27 17:09:05 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-12 14:34:18 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-11-27 17:09:05 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-12 14:34:19 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-11-27 17:09:06 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-12 14:34:19 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-11-27 17:09:06 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-12 14:34:19 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-11-27 17:09:07 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-12 14:34:20 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-11-27 17:09:08 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-12 14:34:30 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-11-27 17:09:08 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2007-12-12 14:34:31 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2007-11-27 17:09:08 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2007-12-12 14:34:31 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2007-11-27 17:09:08 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2007-12-12 14:34:32 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2007-11-27 17:09:08 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2007-12-12 14:34:32 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2007-11-27 17:09:07 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2007-12-12 14:34:29 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2007-12-12 14:33:44 250,880 ----a-r C:\WINDOWS\Installer\{582876EC-A178-44D4-9823-C10D6C62EAFF}\Icon582876EC.exe
+ 2007-12-12 14:33:44 745,472 ----a-r C:\WINDOWS\Installer\{582876EC-A178-44D4-9823-C10D6C62EAFF}\IconDC14E667.exe
+ 2005-02-05 19:45:26 2,222,800 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_24.dll
+ 2005-05-30 13:50:04 2,337,488 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_25.dll
+ 2005-05-26 14:34:52 2,297,552 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_26.dll
+ 2005-07-22 18:59:04 2,319,568 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_27.dll
+ 2005-12-05 18:09:18 2,323,664 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_28.dll
+ 2006-02-03 07:43:16 2,332,368 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_29.dll
+ 2006-03-31 11:40:58 2,388,176 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_30.dll
+ 2006-08-22 12:27:46 108,160 ----a-r C:\WINDOWS\LastGood\system32\DRVSTORE\athena_23EC3C14E2AB5CFF3A3433BB18DFB8B9B31384A7\athena.sys
+ 2006-02-03 07:41:26 14,032 ----a-w C:\WINDOWS\LastGood\system32\x3daudio1_0.dll
+ 2006-02-03 07:42:06 230,096 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_0.dll
+ 2006-03-31 11:39:48 229,584 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_1.dll
+ 2006-05-31 06:24:16 230,168 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_2.dll
+ 2006-03-31 11:39:24 62,672 ----a-w C:\WINDOWS\LastGood\system32\xinput1_1.dll
+ 2005-12-05 17:07:30 61,136 ----a-w C:\WINDOWS\LastGood\system32\xinput9_1_0.dll
- 2007-12-12 10:27:39 74,804 ----a-w C:\WINDOWS\system32\perfc005.dat
+ 2007-12-12 10:37:23 74,804 ----a-w C:\WINDOWS\system32\perfc005.dat
- 2007-12-12 10:27:39 63,522 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-12 10:37:23 63,522 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-12 10:27:39 402,238 ----a-w C:\WINDOWS\system32\perfh005.dat
+ 2007-12-12 10:37:23 402,238 ----a-w C:\WINDOWS\system32\perfh005.dat
- 2007-12-12 10:27:39 404,302 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-12 10:37:23 404,302 ----a-w C:\WINDOWS\system32\perfh009.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 13:00]
"Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe" [2007-06-29 15:03]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16]
"BoostSpeed"="D:\programs\AusLogics BoostSpeed\boostspeed.exe" [2007-03-30 13:22]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAShCut.exe" [2005-01-07 16:07 C:\WINDOWS\system32\HdAShCut.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-18 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-05-03 18:21 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RunDLL32.exe" [2004-08-18 13:00 C:\WINDOWS\system32\rundll32.exe]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-03-18 03:24]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-12-12 11:39]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 13:00]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Zbyšek Hamrla^Nabídka Start^Programy^Po spuštění^UltimateZip Quick Start.lnk]
backup=C:\WINDOWS\pss\UltimateZip Quick Start.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
D:\Programs\DAEMON Tools\daemon.exe -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DaemonTools_WhenUSave_Installer]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 --a--c--- D:\Programs\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
D:\Programs\ICQ6\ICQ.exe silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
D:\Programs\ICQLite\ICQLite.exe -minimize
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2007-11-02 13:39 2778112 --a------ D:\programs\Spyware Terminator\SpywareTerminatorShield.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-05-24 15:25 171448 --a--c--- C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-02-13 19:29 35328 --a--c--- C:\Program Files\Winamp\winampa.exe
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
S3 ProtoWall;ProtoWall Defender;C:\WINDOWS\system32\DRIVERS\ProtoWall.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26977894-ffdf-11db-9321-00030d4fce68}]
\Shell\AutoRun\command - M:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-12-07 16:15:01 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- D:\Programs\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-12 19:45:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-12 19:45:35
C:\ComboFix2.txt ... 2007-12-12 11:35
FILE
C:\temp.dat
C:\WINDOWS\ipwypwpk.dll
C:\WINDOWS\qdertu.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\temp.dat
C:\WINDOWS\ipwypwpk.dll
C:\WINDOWS\qdertu.exe
.
((((((((((((((((((((((((( Files Created from 2007-11-12 to 2007-12-12 )))))))))))))))))))))))))))))))
.
2007-12-12 18:02 . 2007-12-12 18:05 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2007-12-12 17:57 . 2007-12-12 17:59 <DIR> d-------- C:\Your Uninstaller! PRO 2008 6.1.1233
2007-12-12 15:43 . 2007-12-12 19:35 <DIR> d-------- C:\Infernal [English][PCDVD][WwW.GamesTorrents.CoM]
2007-12-12 15:33 . 2007-12-12 15:34 <DIR> d-------- C:\WINDOWS\LastGood
2007-12-12 15:31 . 2007-12-12 15:31 <DIR> d-------- C:\infernal_demo
2007-12-12 12:11 . 2007-12-12 16:20 <DIR> d-------- C:\Doom 3 DVD + Resurrection of Evil Expansion Pack
2007-12-11 21:28 . 2007-12-11 21:28 73 --a------ C:\WINDOWS\EurekaLog.ini
2007-12-11 19:47 . 2007-12-12 11:39 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-12-11 19:38 . 2007-12-12 11:39 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-12-11 19:38 . 2007-12-12 11:39 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2007-12-11 17:19 . 2007-12-11 17:19 <DIR> d-------- C:\Program Files\Pgbqebta
2007-12-11 15:37 . 2007-12-11 15:37 <DIR> d-------- C:\Program Files\Midway Games
2007-12-08 21:58 . 2007-12-12 15:32 <DIR> d-------- C:\Program Files\Playlogic
2007-12-07 20:53 . 2007-12-08 09:33 <DIR> d-------- C:\Ewa Farna - 2007 Ticho
2007-12-05 12:39 . 2007-12-08 21:26 <DIR> d-------- C:\Program Files\Pariah
2007-12-02 23:32 . 2007-12-05 16:09 464,609,034 --a------ C:\Exploited Black Teens - Dejia.AVI
2007-12-02 17:03 . 2007-12-02 17:06 <DIR> d-------- C:\Program Files\AllToAVI
2007-12-02 16:58 . 2007-12-02 17:02 26,453,613 --a------ C:\AllToAVI_v4_r5394_Setup.exe
2007-11-29 15:06 . 2007-11-29 15:15 <DIR> d-------- C:\Documents and Settings\Zbyšek Hamrla\Data aplikací\GetRightToGo
2007-11-28 20:14 . 2007-11-29 02:36 475,212,082 --a------ C:\Exploited Black Teens - Baby Doll.mpg
2007-11-27 17:55 . 2007-11-27 17:55 <DIR> d-------- C:\Program Files\Ubisoft
2007-11-27 17:52 . 2007-11-27 17:56 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-11-27 16:17 . 2007-11-27 16:17 1 --a------ C:\Documents and Settings\Zbyšek Hamrla\SI.bin
2007-11-27 16:17 . 2007-11-27 16:17 1 --a------ C:\Documents and Settings\Zbyšek Hamrla\SI.bin
2007-11-26 20:36 . 2007-11-26 20:36 1 --a------ C:\WINDOWS\system32\SI.bin
2007-11-25 16:15 . 2007-11-25 16:18 10,014,037 --a------ C:\vty-0122.7z
2007-11-24 13:14 . 2007-11-26 21:26 <DIR> d-------- C:\Documents and Settings\Zbyšek Hamrla\Data aplikací\IDM
2007-11-24 13:14 . 2007-11-26 21:08 <DIR> d-------- C:\Documents and Settings\Zbyšek Hamrla\Data aplikací\DMCache
2007-11-21 12:46 . 2007-11-23 00:50 604 --------- C:\WINDOWS\Sof2.INI
2007-11-20 20:44 . 2007-11-20 20:44 <DIR> d-------- C:\Program Files\GameSpy
2007-11-20 20:43 . 2007-11-20 20:43 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2007-11-20 20:43 . 2007-11-20 20:43 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-11-20 20:43 . 2007-11-20 20:43 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-11-20 20:43 . 2007-11-20 20:43 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-20 20:43 . 2007-11-20 20:43 22,328 --a------ C:\Documents and Settings\Zbyšek Hamrla\Data aplikací\PnkBstrK.sys
2007-11-18 21:20 . 2007-11-18 21:20 <DIR> d-------- C:\Documents and Settings\Zbyšek Hamrla\Data aplikací\BitSpirit
2007-11-17 21:14 . 2007-11-17 21:14 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-17 00:21 . 2007-11-17 00:21 <DIR> d-------- C:\Program Files\Alwil Software
2007-11-17 00:21 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-17 00:21 . 2004-01-09 11:13 380,928 --a--c--- C:\WINDOWS\system32\actskin4.ocx
2007-11-17 00:21 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-17 00:21 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-17 00:21 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-17 00:21 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-17 00:21 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-17 00:21 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-16 10:55 . 2007-11-16 10:55 <DIR> d-------- C:\Program Files\Activision Value
2007-11-15 12:35 . 2007-11-17 21:11 <DIR> d-------- C:\Program Files\ConnectionServices
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-12 18:43 --------- d-----w C:\Documents and Settings\Zbyšek Hamrla\Data aplikací\uTorrent
2007-12-12 17:04 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2007-12-12 17:02 --------- d-----w C:\Documents and Settings\Zbyšek Hamrla\Data aplikací\URSoft
2007-12-12 14:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-12 10:35 --------- d-----w C:\Program Files\ICQToolbar
2007-12-11 18:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-11 14:19 --------- d-----w C:\Documents and Settings\Zbyšek Hamrla\Data aplikací\U3
2007-12-11 14:11 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-12-11 14:11 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-11-29 22:57 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-27 15:57 --------- d-----w C:\Program Files\GameShadow
2007-11-27 14:43 --------- d-----w C:\Documents and Settings\Zbyšek Hamrla\Data aplikací\InstallShield
2007-11-18 20:01 --------- d-----w C:\Program Files\AGEIA Technologies
2007-11-14 13:41 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 21:06 --------- d-----w C:\Program Files\OpenAL
2007-11-09 12:21 --------- d-----w C:\Program Files\Winamp
2007-11-08 23:54 --------- d-----w C:\Program Files\Funcom
2007-11-07 11:27 --------- d-----w C:\Documents and Settings\Zbyšek Hamrla\Data aplikací\Bioshock
2007-11-07 09:25 --------- d-----w C:\Program Files\Java
2007-11-06 14:26 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-06 11:06 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2007-11-05 22:22 --------- d-----w C:\Program Files\directx
2007-11-05 15:28 --------- d-----w C:\Documents and Settings\Zbyšek Hamrla\Data aplikací\DAEMON Tools Pro
2007-11-04 14:38 --------- d-----w C:\Program Files\Lavalys
2007-11-03 18:11 --------- d-----w C:\Program Files\PowerISO
2007-10-30 22:03 --------- d-----w C:\Program Files\PFConfig
2007-10-30 14:41 --------- d-----w C:\Documents and Settings\Zbyšek Hamrla\Data aplikací\Codemasters
2007-10-30 00:29 --------- d-----w C:\Program Files\uTorrent
2007-10-29 22:44 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 09:47 --------- d-----w C:\Program Files\GamePark
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-24 22:04 --------- d-----w C:\Documents and Settings\Zbyšek Hamrla\Data aplikací\THQ
2007-10-24 22:02 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\InstallShield
2007-10-24 21:58 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-23 11:20 --------- d-----w C:\Program Files\Winamp Toolbar
2007-10-23 11:20 --------- d-----w C:\Documents and Settings\Zbyšek Hamrla\Data aplikací\Winamp
2007-10-23 11:20 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar
2007-10-23 11:19 --------- d-----w C:\Program Files\Winamp Remote
2007-10-23 11:19 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\OrbNetworks
2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-20 21:09 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\nView_Profiles
2007-10-18 08:48 36,864 ----a-w C:\WINDOWS\system32\maplec.dll
2007-10-18 08:48 147,456 ----a-w C:\WINDOWS\system32\WMIMPLEX.dll
2007-10-18 08:47 --------- d--h--w C:\Program Files\Zero G Registry
2007-10-16 11:25 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\TuneUp Software
2007-10-16 10:48 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\URSoft
2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-05 18:22 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-02 08:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll
2007-09-14 04:21 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll
2007-09-13 07:45 70,944 -c--a-w C:\WINDOWS\system32\PhysXLoader.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Program Files\Pgbqebta ----
((((((((((((((((((((((((((((( snapshot@2007-12-12_11.34.23.63 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-27 17:09:07 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2007-12-12 14:34:30 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2007-11-27 17:09:07 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2007-12-12 14:34:30 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2007-11-27 17:09:08 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2007-12-12 14:34:30 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2007-11-27 17:09:03 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-12 14:34:16 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-11-27 17:09:04 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-12 14:34:17 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-11-27 17:09:04 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-12 14:34:18 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-11-27 17:09:05 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-12 14:34:18 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-11-27 17:09:05 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-12 14:34:18 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-11-27 17:09:05 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-12 14:34:19 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-11-27 17:09:06 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-12 14:34:19 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-11-27 17:09:06 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-12 14:34:19 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-11-27 17:09:07 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-12 14:34:20 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-11-27 17:09:08 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2007-12-12 14:34:30 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2007-11-27 17:09:08 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2007-12-12 14:34:31 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2007-11-27 17:09:08 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2007-12-12 14:34:31 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2007-11-27 17:09:08 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2007-12-12 14:34:32 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2007-11-27 17:09:08 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2007-12-12 14:34:32 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2007-11-27 17:09:07 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2007-12-12 14:34:29 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2007-12-12 14:33:44 250,880 ----a-r C:\WINDOWS\Installer\{582876EC-A178-44D4-9823-C10D6C62EAFF}\Icon582876EC.exe
+ 2007-12-12 14:33:44 745,472 ----a-r C:\WINDOWS\Installer\{582876EC-A178-44D4-9823-C10D6C62EAFF}\IconDC14E667.exe
+ 2005-02-05 19:45:26 2,222,800 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_24.dll
+ 2005-05-30 13:50:04 2,337,488 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_25.dll
+ 2005-05-26 14:34:52 2,297,552 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_26.dll
+ 2005-07-22 18:59:04 2,319,568 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_27.dll
+ 2005-12-05 18:09:18 2,323,664 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_28.dll
+ 2006-02-03 07:43:16 2,332,368 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_29.dll
+ 2006-03-31 11:40:58 2,388,176 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_30.dll
+ 2006-08-22 12:27:46 108,160 ----a-r C:\WINDOWS\LastGood\system32\DRVSTORE\athena_23EC3C14E2AB5CFF3A3433BB18DFB8B9B31384A7\athena.sys
+ 2006-02-03 07:41:26 14,032 ----a-w C:\WINDOWS\LastGood\system32\x3daudio1_0.dll
+ 2006-02-03 07:42:06 230,096 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_0.dll
+ 2006-03-31 11:39:48 229,584 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_1.dll
+ 2006-05-31 06:24:16 230,168 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_2.dll
+ 2006-03-31 11:39:24 62,672 ----a-w C:\WINDOWS\LastGood\system32\xinput1_1.dll
+ 2005-12-05 17:07:30 61,136 ----a-w C:\WINDOWS\LastGood\system32\xinput9_1_0.dll
- 2007-12-12 10:27:39 74,804 ----a-w C:\WINDOWS\system32\perfc005.dat
+ 2007-12-12 10:37:23 74,804 ----a-w C:\WINDOWS\system32\perfc005.dat
- 2007-12-12 10:27:39 63,522 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-12 10:37:23 63,522 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-12 10:27:39 402,238 ----a-w C:\WINDOWS\system32\perfh005.dat
+ 2007-12-12 10:37:23 402,238 ----a-w C:\WINDOWS\system32\perfh005.dat
- 2007-12-12 10:27:39 404,302 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-12 10:37:23 404,302 ----a-w C:\WINDOWS\system32\perfh009.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 13:00]
"Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe" [2007-06-29 15:03]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16]
"BoostSpeed"="D:\programs\AusLogics BoostSpeed\boostspeed.exe" [2007-03-30 13:22]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAShCut.exe" [2005-01-07 16:07 C:\WINDOWS\system32\HdAShCut.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-18 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-05-03 18:21 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RunDLL32.exe" [2004-08-18 13:00 C:\WINDOWS\system32\rundll32.exe]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-03-18 03:24]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-12-12 11:39]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 13:00]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Zbyšek Hamrla^Nabídka Start^Programy^Po spuštění^UltimateZip Quick Start.lnk]
backup=C:\WINDOWS\pss\UltimateZip Quick Start.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
D:\Programs\DAEMON Tools\daemon.exe -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DaemonTools_WhenUSave_Installer]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 --a--c--- D:\Programs\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
D:\Programs\ICQ6\ICQ.exe silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
D:\Programs\ICQLite\ICQLite.exe -minimize
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2007-11-02 13:39 2778112 --a------ D:\programs\Spyware Terminator\SpywareTerminatorShield.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-05-24 15:25 171448 --a--c--- C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-02-13 19:29 35328 --a--c--- C:\Program Files\Winamp\winampa.exe
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
S3 ProtoWall;ProtoWall Defender;C:\WINDOWS\system32\DRIVERS\ProtoWall.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26977894-ffdf-11db-9321-00030d4fce68}]
\Shell\AutoRun\command - M:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-12-07 16:15:01 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- D:\Programs\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-12 19:45:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-12 19:45:35
C:\ComboFix2.txt ... 2007-12-12 11:35
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 11 hostů