tady je log z hjt
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:42:54, on 1.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\DOCUME~1\Holub\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\Holub\LOCALS~1\Temp\Dočasný adresář 1 pro HiJackThis_v2.zip\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{667B0D88-7555-4EE8-AE4D-34AA44FEB355}: NameServer = 10.105.44.1,217.117.216.7
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: GEARSecurity - Unknown owner - C:\WINDOWS\SYSTEM32\GEARSEC.EXE (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 7619 bytes
a tady z combofix
ComboFix 07-07-30.2 - "Holub" 2007-08-01 12:32:28.1 [GMT 2:00] -
FAT32
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.True
Rootkit driver xpdt is present. ... attempting disinfection
xpdt ...... driver unloaded successfully.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\Holub\DATAAP~1.\addon.dat
C:\DOCUME~1\Holub\DATAAP~1.\macromedia\Flash Player\#SharedObjects\42PYFDRA\www.broadcaster.com
C:\DOCUME~1\Holub\DATAAP~1.\macromedia\Flash Player\#SharedObjects\42PYFDRA\www.broadcaster.com\played_list.sol
C:\DOCUME~1\Holub\DATAAP~1.\macromedia\Flash Player\#SharedObjects\42PYFDRA\www.broadcaster.com\video_queue.sol
C:\DOCUME~1\Holub\DATAAP~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\Holub\DATAAP~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\HOLUB\DATAAP~1\WinAntiVirus Pro 2007
C:\DOCUME~1\HOLUB\DATAAP~1\WinAntiVirus Pro 2007\avtasks.dat
C:\DOCUME~1\HOLUB\DATAAP~1\WinAntiVirus Pro 2007\CookieList.dat
C:\DOCUME~1\HOLUB\DATAAP~1\WinAntiVirus Pro 2007\history.db
C:\DOCUME~1\HOLUB\DATAAP~1\WinAntiVirus Pro 2007\Logs\update.log
C:\DOCUME~1\HOLUB\DATAAP~1\WinAntiVirus Pro 2007\Logs\wa7Support.log
C:\DOCUME~1\HOLUB\DATAAP~1\WinAntiVirus Pro 2007\Logs\winav.log
C:\DOCUME~1\HOLUB\DATAAP~1\WinAntiVirus Pro 2007\PGE.dat
C:\Documents and Settings\HOLUB.\err.log
C:\Documents and Settings\HOLUB.\ResErrors.log
C:\Program Files\Common Files\{39541~1
C:\Program Files\Common Files\companion wizard
C:\UWA7P
C:\WINDOWS\system32\cmesys.exe
C:\WINDOWS\system32\pfxzmtaim.dll
C:\WINDOWS\system32\pfxzmtforum.dll
C:\WINDOWS\system32\pfxzmtgtal.dll
C:\WINDOWS\system32\pfxzmticq.dll
C:\WINDOWS\system32\pfxzmtsmt.dll
C:\WINDOWS\system32\pfxzmtsmtspm.dll
C:\WINDOWS\system32\pfxzmtwbmail.dll
C:\WINDOWS\system32\pfxzmtymsg.dll
C:\WINDOWS\system32\rk.bin
C:\WINDOWS\system32\sfxzmtsmt.dll
C:\WINDOWS\system32\sfxzmtsmtspm.dll
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\xpdt.sys
C:\WINDOWS\wpcjmd.log
d:\autorun.inf
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-07-01 to 2007-08-01 )))))))))))))))))))))))))))))))
2007-08-01 12:29 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-01 12:01 <DIR> d--hs---- C:\FOUND.114
2007-07-31 19:34 <DIR> d--hs---- C:\FOUND.113
2007-07-31 16:30 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-07-31 16:00 <DIR> d--hs---- C:\FOUND.112
2007-07-31 12:18 <DIR> d--hs---- C:\FOUND.111
2007-07-31 10:18 <DIR> d-------- C:\VundoFix Backups
2007-07-30 21:30 <DIR> d--hs---- C:\FOUND.110
2007-07-30 20:20 <DIR> d--hs---- C:\FOUND.109
2007-07-30 20:09 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-07-30 20:01 164 --a------ C:\install.dat
2007-07-30 19:20 <DIR> d--hs---- C:\FOUND.108
2007-07-30 16:12 <DIR> d--hs---- C:\FOUND.107
2007-07-30 15:26 <DIR> d-------- C:\Program Files\Alwil Software
2007-07-30 14:36 <DIR> d--hs---- C:\FOUND.106
2007-07-30 14:24 <DIR> d--hs---- C:\FOUND.105
2007-07-30 13:38 <DIR> d--hs---- C:\FOUND.104
2007-07-30 10:28 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-07-30 10:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Kaspersky Lab
2007-07-30 10:05 <DIR> d--hs---- C:\FOUND.103
2007-07-30 09:48 <DIR> d--hs---- C:\FOUND.102
2007-07-29 19:14 <DIR> d--hs---- C:\FOUND.101
2007-07-29 18:24 <DIR> d--hs---- C:\FOUND.100
2007-07-29 16:01 <DIR> d--hs---- C:\FOUND.099
2007-07-29 15:06 8,194 --a------ C:\dnsbak.reg
2007-07-29 11:37 <DIR> d--hs---- C:\FOUND.098
2007-07-29 11:34 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-07-29 11:32 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-29 10:50 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-29 10:43 <DIR> d-------- C:\DOCUME~1\Holub\DATAAP~1\Spy Emergency
2007-07-29 10:32 <DIR> d--hs---- C:\FOUND.097
2007-07-28 22:45 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2007-07-28 22:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Spybot - Search & Destroy
2007-07-28 18:10 <DIR> d--hs---- C:\FOUND.096
2007-07-28 14:12 <DIR> d--hs---- C:\FOUND.095
2007-07-28 11:00 <DIR> d--hs---- C:\FOUND.094
2007-07-27 16:56 <DIR> d-------- C:\Program Files\Magic Video Converter
2007-07-25 16:49 <DIR> d-------- C:\Program Files\Managed DirectX (0900)
2007-07-24 13:40 <DIR> d-------- C:\Program Files\Encore
2007-07-23 15:53 <DIR> d--hs---- C:\FOUND.093
2007-07-23 13:30 <DIR> d--hs---- C:\FOUND.092
2007-07-23 11:33 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-07-23 11:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Spyware Terminator
2007-07-23 10:47 <DIR> d-------- C:\DOCUME~1\Holub\DATAAP~1\Smart PC Solutions
2007-07-23 09:46 <DIR> d--hs---- C:\FOUND.091
2007-07-23 08:39 <DIR> d--hs---- C:\FOUND.090
2007-07-23 07:38 <DIR> d--hs---- C:\FOUND.089
2007-07-22 22:55 885,401 ---hs---- C:\WINDOWS\system32\kmllm.ini2
2007-07-22 22:26 <DIR> d--hs---- C:\FOUND.088
2007-07-22 21:55 <DIR> d--hs---- C:\FOUND.087
2007-07-22 20:14 <DIR> d--hs---- C:\FOUND.086
2007-07-22 20:03 <DIR> d--hs---- C:\FOUND.085
2007-07-22 17:53 <DIR> d--hs---- C:\FOUND.084
2007-07-22 16:43 0 --a------ C:\CONFIG.SYS
2007-07-22 16:43 0 --a------ C:\AUTOEXEC.BAT
2007-07-22 16:14 <DIR> d--hs---- C:\FOUND.083
2007-07-22 16:05 <DIR> d-------- C:\WINDOWS\setup.pss
2007-07-21 19:48 <DIR> d--hs---- C:\FOUND.082
2007-07-21 19:30 <DIR> d--hs---- C:\FOUND.081
2007-07-21 18:51 <DIR> d--hs---- C:\FOUND.080
2007-07-21 17:54 <DIR> d--hs---- C:\FOUND.079
2007-07-21 17:39 <DIR> d--hs---- C:\FOUND.078
2007-07-21 16:36 <DIR> d--hs---- C:\FOUND.077
2007-07-21 15:07 <DIR> d--hs---- C:\FOUND.076
2007-07-20 11:20 883,539 ---hs---- C:\WINDOWS\system32\kmllm.bak2
2007-07-20 11:18 <DIR> d--hs---- C:\FOUND.075
2007-07-20 10:11 880,796 ---hs---- C:\WINDOWS\system32\kmllm.bak1
2007-07-19 21:57 <DIR> d--hs---- C:\FOUND.074
2007-07-19 15:38 <DIR> d--hs---- C:\FOUND.073
2007-07-19 14:00 <DIR> d--hs---- C:\FOUND.072
2007-07-16 08:11 <DIR> d--hs---- C:\FOUND.071
2007-07-14 18:43 <DIR> d-------- C:\DOCUME~1\Holub\DATAAP~1\eBookPro6
2007-07-13 15:10 1,023,892 ---hs---- C:\WINDOWS\system32\sttss.ini2
2007-07-13 14:54 <DIR> d--hs---- C:\FOUND.070
2007-07-13 10:32 <DIR> d--h----- C:\WINDOWS\system32\syss32
2007-07-13 09:27 1,020,878 ---hs---- C:\WINDOWS\system32\sttss.bak2
2007-07-13 09:24 <DIR> d--hs---- C:\FOUND.069
2007-07-12 09:24 <DIR> d--hs---- C:\FOUND.068
2007-07-12 09:16 1,020,024 ---hs---- C:\WINDOWS\system32\sttss.bak1
2007-07-09 22:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\ProStroke Golf
2007-07-09 11:21 63 --a------ C:\WINDOWS\vmreg32.dll
2007-07-08 16:44 <DIR> d-------- C:\Program Files\Microids
2007-07-07 13:15 719,872 --a------ C:\WINDOWS\system32\devil.dll
2007-07-07 13:15 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2007-07-07 13:15 314,368 --a------ C:\WINDOWS\system32\avisynth.dll
2007-07-07 11:24 <DIR> d-------- C:\Program Files\Google
2007-07-02 09:14 <DIR> d--hs---- C:\FOUND.067
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-01 12:36 12 --a------ C:\WINDOWS\bthservsdp.dat
2007-07-31 15:53 330 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2007-07-13 09:34 74450 --a------ C:\WINDOWS\system32\perfc005.dat
2007-07-13 09:34 400304 --a------ C:\WINDOWS\system32\perfh005.dat
2007-06-30 17:55 --------- d-------- C:\Program Files\Eurotran XP
2007-06-28 17:39 143360 --a------ C:\WINDOWS\system32\vbuzip10.dll
2007-06-27 17:39 --------- d-------- C:\DOCUME~1\Holub\DATAAP~1\Nero
2007-06-25 14:08 --------- d-------- C:\DOCUME~1\Holub\DATAAP~1\Symantec
2007-06-23 22:55 9472 --a------ C:\WINDOWS\system32\drivers\lemsgt.sys
2007-06-23 22:55 137344 --a------ C:\WINDOWS\system32\drivers\hwpsgt.sys
2007-06-23 18:45 958443 ---hs---- C:\WINDOWS\system32\hjjlm.bak2
2007-06-20 18:42 886898 ---hs---- C:\WINDOWS\system32\hjjlm.bak1
2007-06-12 14:17 11439 ---hs---- C:\WINDOWS\system32\jjllm.bak2
2007-06-11 14:16 882431 ---hs---- C:\WINDOWS\system32\jjllm.bak1
2007-06-11 10:33 882277 ---hs---- C:\WINDOWS\system32\xbeeg.bak1
2007-06-11 10:20 908449 ---hs---- C:\WINDOWS\system32\rqstv.bak2
2007-06-10 09:23 882277 ---hs---- C:\WINDOWS\system32\rqstv.bak1
2007-06-09 09:18 882237 ---hs---- C:\WINDOWS\system32\aycdd.bak1
2007-06-08 08:44 882277 ---hs---- C:\WINDOWS\system32\pqtss.bak1
2007-06-07 10:12 882279 ---hs---- C:\WINDOWS\system32\fhkmp.bak1
2007-06-06 20:11 196608 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-06-06 20:11 1040384 --a------ C:\WINDOWS\system32\libeay32.dll
2007-06-06 18:08 678800 ---hs---- C:\WINDOWS\system32\stvwa.bak1
2007-06-06 14:58 658513 ---hs---- C:\WINDOWS\system32\oqtwa.bak1
2007-06-06 09:38 678601 ---hs---- C:\WINDOWS\system32\nqtwa.bak2
2007-06-05 09:38 657389 ---hs---- C:\WINDOWS\system32\nqtwa.bak1
2007-06-04 09:56 657390 ---hs---- C:\WINDOWS\system32\cbadd.bak1
2007-06-01 22:07 659958 ---hs---- C:\WINDOWS\system32\rtutv.ini2
2007-06-01 21:56 671392 ---hs---- C:\WINDOWS\system32\rtutv.bak2
2007-05-31 23:14 87608 --a------ C:\DOCUME~1\Holub\DATAAP~1\inst.exe
2007-05-31 23:14 47360 --a------ C:\DOCUME~1\Holub\DATAAP~1\pcouffin.sys
2007-05-27 12:31 616484 ---hs---- C:\WINDOWS\system32\rtutv.bak1
2007-05-19 15:59 491520 --a------ C:\WINDOWS\WebIE.dll
2007-05-19 15:59 45056 --a------ C:\WINDOWS\TRNOEH.DLL
2007-05-19 15:59 356352 --a------ C:\WINDOWS\TrnOutl.dll
2007-05-19 15:59 294912 --a------ C:\WINDOWS\TrnWord.dll
2007-05-19 15:56 516096 --a------ C:\WINDOWS\UN32.EXE
2007-05-16 17:18 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-14 21:54 1079808 --a------ C:\WINDOWS\system32\AutoPartNt.exe
2007-05-10 16:50 302592 --a------ C:\WINDOWS\mauninst.exe
2007-05-08 16:14 356352 --a------ C:\WINDOWS\eSellerateEngine.dll
2007-05-03 07:00 545 --a------ C:\WINDOWS\UC.PIF
2007-05-03 07:00 545 --a------ C:\WINDOWS\RAR.PIF
2007-05-03 07:00 545 --a------ C:\WINDOWS\PKZIP.PIF
2007-05-03 07:00 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2007-05-03 07:00 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2007-05-03 07:00 545 --a------ C:\WINDOWS\LHA.PIF
2007-05-03 07:00 545 --a------ C:\WINDOWS\ARJ.PIF
2007-02-11 16:29 81920 --a------ C:\DOCUME~1\Holub\DATAAP~1\ezpinst.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 15:49 C:\WINDOWS\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 C:\WINDOWS\SkyTel.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 19:29]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]
"OSSelectorReinstall"="C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2005-12-27 18:01]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]
"µTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2007-02-15 23:29]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 20:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 15:33]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"=0 (0x0)
"NoStartBanner"=00
"LinkResolveIgnoreLinkInfo"=0 (0x0)
R0 agpCPQ;Filtr Compaq sbŘrnice AGP;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
R0 prohlp02;StarForce Protection Helper Driver v2;C:\WINDOWS\system32\drivers\prohlp02.sys
R0 prosync1;StarForce Protection Synchronization Driver v1;C:\WINDOWS\system32\drivers\prosync1.sys
R0 sfhlp01;StarForce Protection Helper Driver;C:\WINDOWS\system32\drivers\sfhlp01.sys
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x);C:\WINDOWS\system32\drivers\sfsync02.sys
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R1 OsaFsLoc;OsaFsLoc;\??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys
R1 prodrv06;StarForce Protection Environment Driver v6;C:\WINDOWS\system32\drivers\prodrv06.sys
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
R2 ACEDRV07;ACEDRV07;\??\C:\WINDOWS\system32\drivers\ACEDRV07.sys
R2 athsgt;athsgt;C:\WINDOWS\system32\DRIVERS\athsgt.sys
R2 atksgt;atksgt;C:\WINDOWS\system32\DRIVERS\atksgt.sys
R2 BthServ;Bluetooth Support Service;C:\WINDOWS\system32\svchost.exe -k bthsvcs
R2 hwpsgt;hwpsgt;C:\WINDOWS\system32\DRIVERS\hwpsgt.sys
R2 int15.sys;int15.sys;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys
R2 lemsgt;lemsgt;C:\WINDOWS\system32\DRIVERS\lemsgt.sys
R2 limsgt;limsgt;C:\WINDOWS\system32\DRIVERS\limsgt.sys
R2 lirsgt;lirsgt;C:\WINDOWS\system32\DRIVERS\lirsgt.sys
R2 osaio;osaio;\??\C:\WINDOWS\system32\drivers\osaio.sys
R2 osanbm;osanbm;\??\C:\WINDOWS\system32\drivers\osanbm.sys
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver;C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
R3 Cam5603D;Acer OrbiCam;C:\WINDOWS\system32\Drivers\BisonCam.sys
R3 DKbFltr;Dritek Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
R3 dtscsi;dtscsi;C:\WINDOWS\system32\Drivers\dtscsi.sys
R3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
R3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
R3 ESMCR;ESMCR;C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
R3 HSF_DPV;HSF_DPV;C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
R3 HSFHWAZL;HSFHWAZL;C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys
R3 NTIDrvr;Upper Class Filter Driver;C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
R3 PSched;Pl novaź paket… technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys
S1 nod32drv;nod32drv;C:\WINDOWS\system32\drivers\nod32drv.sys
S3 asbp2poa;asbp2poa;\??\C:\DOCUME~1\Holub\LOCALS~1\Temp\asbp2poa.sys
S3 BthEnum;Ovladaź pro Bluetooth Request Block;C:\WINDOWS\system32\DRIVERS\BthEnum.sys
S3 BthPan;Bluetooth Device (Personal Area Network);C:\WINDOWS\system32\DRIVERS\bthpan.sys
S3 BTHPORT;Ovladaź portu Bluetooth;C:\WINDOWS\system32\Drivers\BTHport.sys
S3 BTHUSB;Ovladaź rozhranˇ USB radiostanice Bluetooth;C:\WINDOWS\system32\Drivers\BTHUSB.sys
S3 Pcouffin;VSO Software pcouffin;C:\WINDOWS\system32\Drivers\Pcouffin.sys
S3 RFCOMM;Zaýˇzenˇ Bluetooth (RFCOMM protokol TDI);C:\WINDOWS\system32\DRIVERS\rfcomm.sys
S3 usbccgp;Obecně nadýazeně ovladaź Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys
S3 usbscan;Ovladaź skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Ovladaź velkokapacitnˇho pamŘśov‚ho zaýˇzenˇ USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver;C:\WINDOWS\system32\DRIVERS\w39n51.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\Autoplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8428B368-E622-0DBF-4828-D1F49FBDB1EC}]
C:\Program Files\Bifrost\server.exe s
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-08-01 12:38:03
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AntiVirScheduler]
Completion time: 2007-08-01 12:40:30 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-01 12:40
--- E O F ---
