combofix Sheldon Vyřešeno
Napsal: 25 úno 2008 19:18
ComboFix 08-02-25.3 - PC 2008-02-25 20:05:37.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.527 [GMT 1:00]
Running from: C:\Documents and Settings\PC\Plocha\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))
.
2008-02-25 15:58 . 2008-02-25 15:59 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\InstallShield
2008-02-24 14:42 . 2008-02-24 14:42 85 --a------ C:\WINDOWS\wininit.ini
2008-02-24 14:12 . 2008-02-24 14:12 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-24 14:12 . 2008-02-24 14:43 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-02-24 12:46 . 2008-02-24 12:46 <DIR> d-------- C:\Documents and Settings\PC\Data aplikací\Talkback
2008-02-24 12:21 . 2008-02-25 19:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-24 12:21 . 2008-02-25 18:59 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-24 12:19 . 2008-02-25 17:02 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-02-24 12:13 . 2008-02-25 19:22 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-02-24 12:13 . 2008-02-24 12:14 <DIR> d-------- C:\Program Files\Crawler
2008-02-24 12:13 . 2008-02-25 19:23 <DIR> d-------- C:\Documents and Settings\PC\Data aplikací\Spyware Terminator
2008-02-24 12:13 . 2008-02-25 17:03 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-02-24 12:13 . 2008-02-24 12:13 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-02-24 12:08 . 2008-02-24 12:08 <DIR> d-------- C:\Program Files\ESET
2008-02-24 11:30 . 2008-02-24 11:54 <DIR> d-------- C:\Program Files\Advanced Spyware Remover Pro
2008-02-24 11:30 . 2006-01-01 01:04 10,027 --a------ C:\WINDOWS\system32\mspriv32.dll
2008-02-24 11:16 . 2008-02-24 11:16 269,334 --a------ C:\WINDOWS\system32\qtcbmtsnidgbel.bmp
2008-02-23 12:26 . 2008-02-22 21:08 237,568 --a------ C:\WINDOWS\alofkmn.dll
2008-02-23 12:26 . 2008-02-22 21:08 90,112 --a------ C:\WINDOWS\fkxvkns.exe
2008-02-19 17:36 . 2008-02-19 17:37 <DIR> d-------- C:\Documents and Settings\PC\KBCertifikat
2008-02-16 17:44 . 2008-02-24 09:28 <DIR> d-------- C:\Program Files\Glassfish Games
2008-02-09 10:59 . 2008-02-09 10:59 <DIR> d-------- C:\Program Files\MSI
2008-02-09 10:59 . 2005-05-31 14:10 56,648 --a------ C:\WINDOWS\system32\drivers\btwusb.sys
2008-02-06 13:14 . 2008-02-06 13:14 <DIR> d-------- C:\Program Files\ICQToolbar
2008-02-06 13:13 . 2008-02-06 13:15 <DIR> d-------- C:\Program Files\ICQ6
2008-02-04 11:34 . 2008-02-04 11:34 <DIR> d-------- C:\Program Files\Kinomania
2008-02-03 19:21 . 2008-02-03 19:21 <DIR> d-------- C:\Documents and Settings\PC\Data aplikací\QIP
2008-02-03 14:39 . 2008-02-03 14:39 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-03 14:38 . 2008-02-03 14:39 <DIR> d-------- C:\OpenOffice.org 2.3 Installation Files
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 18:32 --------- d-----w C:\Documents and Settings\PC\Data aplikací\OpenOffice.org2
2008-02-25 15:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-25 15:03 --------- d-----w C:\Program Files\MSBuild
2008-02-24 08:24 --------- d-----w C:\Program Files\BearShare
2008-02-18 22:02 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-14 12:35 --------- d-----w C:\Documents and Settings\PC\Data aplikací\ICQ
2008-02-10 19:07 --------- d-----w C:\Documents and Settings\PC\Data aplikací\Image Zone Express
2008-02-10 08:02 --------- d-----w C:\Program Files\SMS Zdarma
2008-01-15 20:06 --------- d-----w C:\Documents and Settings\PC\Data aplikací\WebCompiler3
2008-01-14 15:29 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2008-01-14 15:08 --------- d-----w C:\Program Files\CursorXP
2008-01-13 19:35 --------- d-----w C:\Program Files\Paint.NET
2008-01-09 19:52 --------- d-----w C:\Documents and Settings\PC\Data aplikací\Nokia Multimedia Player
2008-01-05 12:21 --------- d-----w C:\Documents and Settings\PC\Data aplikací\Nokia
2007-12-28 14:50 --------- d-----w C:\Documents and Settings\PC\Data aplikací\PC Suite
2007-12-28 13:55 --------- d-----w C:\Program Files\Microsoft Works
2007-12-28 13:54 --------- d-----w C:\Program Files\Microsoft.NET
2007-12-28 13:46 --------- d-----w C:\Program Files\Alcohol Soft
2007-12-26 12:33 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\PC Suite
2007-12-26 12:31 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-12-26 12:31 --------- d-----w C:\Program Files\Nokia
2007-12-26 12:31 --------- d-----w C:\Program Files\DIFX
2007-12-26 12:31 --------- d-----w C:\Program Files\Common Files\PCSuite
2007-12-26 12:31 --------- d-----w C:\Program Files\Common Files\Nokia
2007-12-26 12:30 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Installations
2007-12-07 02:14 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-06-15 12:58 32 ----a-r C:\Documents and Settings\All Users\hash.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B71B15CF-3093-459C-B764-AEB2486F2273}
{855F3B16-6D32-4FE6-8A56-BBB695989046}
{292547EC-9C38-4398-B336-6219B91A1634}
{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
[HKEY_CLASSES_ROOT\clsid\{292547ec-9c38-4398-b336-6219b91a1634}]
[HKEY_CLASSES_ROOT\ekvgsnw.1]
[HKEY_CLASSES_ROOT\TypeLib\{A17B7F5F-32DE-4114-9AF3-A40C8966076C}]
[HKEY_CLASSES_ROOT\ekvgsnw]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-12-17 16:12 172280]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 16:34 128000]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 14:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 21:55 54832]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-20 09:55 77824]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41 49152]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 04:49 16269312 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 16:31 80896]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 20:44 65536]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 13:06 40048]
"SBI"="C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\ZSZRJ7EH\install_sbd_en[1].exe" [ ]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-02-24 12:13 2957824]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 33280 C:\WINDOWS\system32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-03-02 13:00 33280 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-10-31 07:35 1622016 C:\WINDOWS\system32\nwiz.exe]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
C:\Documents and Settings\PC\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 17:32:04 393216]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - C:\Program Files\MSI\Star Key Bluetooth Software\BTTray.exe [2005-05-31 14:29:16 577597]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22 288472]
Monitor Apache Servers.lnk - C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2007-01-09 22:20:44 41041]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"alofkmn"= {7BD6A986-6BCD-42E7-AD09-8D2AD0A4401E} - C:\WINDOWS\alofkmn.dll [2008-02-22 21:08 237568]
"bxlrvps"= {B0648A3C-EEA9-4E77-AE82-C387FC09688A} - C:\WINDOWS\bxlrvps.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
C:\Program Files\BearShare\BearShare.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-12-23 17:05 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-09-28 02:17 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)
"7974:TCP"= 7974:TCP:BitComet 7974 TCP
"7974:UDP"= 7974:UDP:BitComet 7974 UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-02-24 12:13]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 13:00]
S3 p2pgasvc;Ověřování v síti skupiny rovnocenných počítačů;C:\WINDOWS\system32\svchost.exe [2006-03-02 13:00]
S3 p2pimsvc;Správce identit sítě rovnocenných počítačů;C:\WINDOWS\system32\svchost.exe [2006-03-02 13:00]
S3 p2psvc;Síť rovnocenných počítačů;C:\WINDOWS\system32\svchost.exe [2006-03-02 13:00]
S3 PNRPSvc;Protokol PNRP;C:\WINDOWS\system32\svchost.exe [2006-03-02 13:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 20:06:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-25 20:06:29
ComboFix-quarantined-files.txt 2008-02-25 19:06:27
ComboFix2.txt 2008-02-25 18:03:31
.
2008-02-13 17:29:11 --- E O F ---
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.527 [GMT 1:00]
Running from: C:\Documents and Settings\PC\Plocha\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))
.
2008-02-25 15:58 . 2008-02-25 15:59 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\InstallShield
2008-02-24 14:42 . 2008-02-24 14:42 85 --a------ C:\WINDOWS\wininit.ini
2008-02-24 14:12 . 2008-02-24 14:12 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-24 14:12 . 2008-02-24 14:43 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-02-24 12:46 . 2008-02-24 12:46 <DIR> d-------- C:\Documents and Settings\PC\Data aplikací\Talkback
2008-02-24 12:21 . 2008-02-25 19:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-24 12:21 . 2008-02-25 18:59 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-24 12:19 . 2008-02-25 17:02 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-02-24 12:13 . 2008-02-25 19:22 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-02-24 12:13 . 2008-02-24 12:14 <DIR> d-------- C:\Program Files\Crawler
2008-02-24 12:13 . 2008-02-25 19:23 <DIR> d-------- C:\Documents and Settings\PC\Data aplikací\Spyware Terminator
2008-02-24 12:13 . 2008-02-25 17:03 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-02-24 12:13 . 2008-02-24 12:13 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-02-24 12:08 . 2008-02-24 12:08 <DIR> d-------- C:\Program Files\ESET
2008-02-24 11:30 . 2008-02-24 11:54 <DIR> d-------- C:\Program Files\Advanced Spyware Remover Pro
2008-02-24 11:30 . 2006-01-01 01:04 10,027 --a------ C:\WINDOWS\system32\mspriv32.dll
2008-02-24 11:16 . 2008-02-24 11:16 269,334 --a------ C:\WINDOWS\system32\qtcbmtsnidgbel.bmp
2008-02-23 12:26 . 2008-02-22 21:08 237,568 --a------ C:\WINDOWS\alofkmn.dll
2008-02-23 12:26 . 2008-02-22 21:08 90,112 --a------ C:\WINDOWS\fkxvkns.exe
2008-02-19 17:36 . 2008-02-19 17:37 <DIR> d-------- C:\Documents and Settings\PC\KBCertifikat
2008-02-16 17:44 . 2008-02-24 09:28 <DIR> d-------- C:\Program Files\Glassfish Games
2008-02-09 10:59 . 2008-02-09 10:59 <DIR> d-------- C:\Program Files\MSI
2008-02-09 10:59 . 2005-05-31 14:10 56,648 --a------ C:\WINDOWS\system32\drivers\btwusb.sys
2008-02-06 13:14 . 2008-02-06 13:14 <DIR> d-------- C:\Program Files\ICQToolbar
2008-02-06 13:13 . 2008-02-06 13:15 <DIR> d-------- C:\Program Files\ICQ6
2008-02-04 11:34 . 2008-02-04 11:34 <DIR> d-------- C:\Program Files\Kinomania
2008-02-03 19:21 . 2008-02-03 19:21 <DIR> d-------- C:\Documents and Settings\PC\Data aplikací\QIP
2008-02-03 14:39 . 2008-02-03 14:39 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-03 14:38 . 2008-02-03 14:39 <DIR> d-------- C:\OpenOffice.org 2.3 Installation Files
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 18:32 --------- d-----w C:\Documents and Settings\PC\Data aplikací\OpenOffice.org2
2008-02-25 15:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-25 15:03 --------- d-----w C:\Program Files\MSBuild
2008-02-24 08:24 --------- d-----w C:\Program Files\BearShare
2008-02-18 22:02 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-14 12:35 --------- d-----w C:\Documents and Settings\PC\Data aplikací\ICQ
2008-02-10 19:07 --------- d-----w C:\Documents and Settings\PC\Data aplikací\Image Zone Express
2008-02-10 08:02 --------- d-----w C:\Program Files\SMS Zdarma
2008-01-15 20:06 --------- d-----w C:\Documents and Settings\PC\Data aplikací\WebCompiler3
2008-01-14 15:29 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2008-01-14 15:08 --------- d-----w C:\Program Files\CursorXP
2008-01-13 19:35 --------- d-----w C:\Program Files\Paint.NET
2008-01-09 19:52 --------- d-----w C:\Documents and Settings\PC\Data aplikací\Nokia Multimedia Player
2008-01-05 12:21 --------- d-----w C:\Documents and Settings\PC\Data aplikací\Nokia
2007-12-28 14:50 --------- d-----w C:\Documents and Settings\PC\Data aplikací\PC Suite
2007-12-28 13:55 --------- d-----w C:\Program Files\Microsoft Works
2007-12-28 13:54 --------- d-----w C:\Program Files\Microsoft.NET
2007-12-28 13:46 --------- d-----w C:\Program Files\Alcohol Soft
2007-12-26 12:33 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\PC Suite
2007-12-26 12:31 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-12-26 12:31 --------- d-----w C:\Program Files\Nokia
2007-12-26 12:31 --------- d-----w C:\Program Files\DIFX
2007-12-26 12:31 --------- d-----w C:\Program Files\Common Files\PCSuite
2007-12-26 12:31 --------- d-----w C:\Program Files\Common Files\Nokia
2007-12-26 12:30 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Installations
2007-12-07 02:14 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-06-15 12:58 32 ----a-r C:\Documents and Settings\All Users\hash.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B71B15CF-3093-459C-B764-AEB2486F2273}
{855F3B16-6D32-4FE6-8A56-BBB695989046}
{292547EC-9C38-4398-B336-6219B91A1634}
{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
[HKEY_CLASSES_ROOT\clsid\{292547ec-9c38-4398-b336-6219b91a1634}]
[HKEY_CLASSES_ROOT\ekvgsnw.1]
[HKEY_CLASSES_ROOT\TypeLib\{A17B7F5F-32DE-4114-9AF3-A40C8966076C}]
[HKEY_CLASSES_ROOT\ekvgsnw]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-12-17 16:12 172280]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 16:34 128000]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 14:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 21:55 54832]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-20 09:55 77824]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41 49152]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 04:49 16269312 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 16:31 80896]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 20:44 65536]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 13:06 40048]
"SBI"="C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\ZSZRJ7EH\install_sbd_en[1].exe" [ ]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-02-24 12:13 2957824]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 33280 C:\WINDOWS\system32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-03-02 13:00 33280 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-10-31 07:35 1622016 C:\WINDOWS\system32\nwiz.exe]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
C:\Documents and Settings\PC\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 17:32:04 393216]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - C:\Program Files\MSI\Star Key Bluetooth Software\BTTray.exe [2005-05-31 14:29:16 577597]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22 288472]
Monitor Apache Servers.lnk - C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2007-01-09 22:20:44 41041]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"alofkmn"= {7BD6A986-6BCD-42E7-AD09-8D2AD0A4401E} - C:\WINDOWS\alofkmn.dll [2008-02-22 21:08 237568]
"bxlrvps"= {B0648A3C-EEA9-4E77-AE82-C387FC09688A} - C:\WINDOWS\bxlrvps.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
C:\Program Files\BearShare\BearShare.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-12-23 17:05 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-09-28 02:17 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)
"7974:TCP"= 7974:TCP:BitComet 7974 TCP
"7974:UDP"= 7974:UDP:BitComet 7974 UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-02-24 12:13]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 13:00]
S3 p2pgasvc;Ověřování v síti skupiny rovnocenných počítačů;C:\WINDOWS\system32\svchost.exe [2006-03-02 13:00]
S3 p2pimsvc;Správce identit sítě rovnocenných počítačů;C:\WINDOWS\system32\svchost.exe [2006-03-02 13:00]
S3 p2psvc;Síť rovnocenných počítačů;C:\WINDOWS\system32\svchost.exe [2006-03-02 13:00]
S3 PNRPSvc;Protokol PNRP;C:\WINDOWS\system32\svchost.exe [2006-03-02 13:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 20:06:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-25 20:06:29
ComboFix-quarantined-files.txt 2008-02-25 19:06:27
ComboFix2.txt 2008-02-25 18:03:31
.
2008-02-13 17:29:11 --- E O F ---
)
