Spustila som aplikaciu ComboFix s nasledovnym vysledkom, dakujem za dalsie pokyny...
ComboFix 08-07-12.1 - Admin 2008-07-12 21:38:18.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.242 [GMT 2:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Admin\Application Data\rhcvsuj0eg23
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\PopSwatr\History\allowed
C:\Program Files\FunWebProducts\PopSwatr\History\notallow
C:\Program Files\FunWebProducts\ScreenSaver\Images\
0006C47B.urr
C:\Program Files\FunWebProducts\Shared\
001F2EF8.dat
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1a.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1a.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1a.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1a.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1b.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1b.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1b.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1b.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1b.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1b.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1b.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1b.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1b.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1b.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1b.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1b.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\
0002136E.bin
C:\Program Files\MyWebSearch\bar\Cache\
000219E7.bin
C:\Program Files\MyWebSearch\bar\Cache\
00023713.bin
C:\Program Files\MyWebSearch\bar\Cache\
000238E8.bin
C:\Program Files\MyWebSearch\bar\Cache\
0004E480
C:\Program Files\MyWebSearch\bar\Cache\
0017E3A9
C:\Program Files\MyWebSearch\bar\Cache\
001FE6CF
C:\Program Files\MyWebSearch\bar\Cache\
0021299F.bin
C:\Program Files\MyWebSearch\bar\Cache\
00212C30.bin
C:\Program Files\MyWebSearch\bar\Cache\
00212DD5.bin
C:\Program Files\MyWebSearch\bar\Cache\
0023E7B6.bin
C:\Program Files\MyWebSearch\bar\Cache\
0023EF47.bin
C:\Program Files\MyWebSearch\bar\Cache\
0023F0AF.bin
C:\Program Files\MyWebSearch\bar\Cache\
002D5F8A.bin
C:\Program Files\MyWebSearch\bar\Cache\
003DFF75
C:\Program Files\MyWebSearch\bar\Cache\
00FB3284
C:\Program Files\MyWebSearch\bar\Cache\
0115972B
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm.bak
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak
C:\Program Files\rhcvsuj0eg23
C:\WINDOWS\gpefaowr.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\sqvgnrpx.dll
C:\WINDOWS\system32\blphcrsuj0eg23.scr
C:\WINDOWS\system32\lphcrsuj0eg23.exe
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\audio.dll.cla
C:\WINDOWS\system32\wsnpoem\video.dll
.
((((((((((((((((((((((((( Files Created from 2008-06-12 to 2008-07-12 )))))))))))))))))))))))))))))))
.
2008-07-11 10:58 . 2008-07-11 10:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-20 19:41 . 2008-06-20 19:41 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 12:44 . 2008-06-20 12:44 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 13:17 --------- d-----w C:\Program Files\ICQToolbar
2008-07-11 18:11 --------- d-----w C:\Program Files\ESET
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 16:56 34,312 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-06-10 16:48 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-10 16:47 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-16 09:44 1200128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-30 02:50 4620288]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:56 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-04-27 12:04:44 635019]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-12 02:58:16 16423]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^Ubisoft register.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Ubisoft register.lnk
backup=C:\WINDOWS\pss\Ubisoft register.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2004-05-13 01:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-02-12 23:38 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2004-11-30 22:36 1945600 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 20:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"D:\\icq\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\hry\\Valve\\cstrike.exe"=
R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2007-09-23 06:32]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-05 09:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-05 09:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-05 09:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-05 09:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-05 09:15]
S3 SE30bus;Sony Ericsson Device 048 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE30bus.sys [2006-11-10 23:48]
S3 SE30mdfl;Sony Ericsson Device 048 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE30mdfl.sys [2006-11-10 23:48]
S3 SE30mdm;Sony Ericsson Device 048 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE30mdm.sys [2006-11-10 23:48]
S3 SE30mgmt;Sony Ericsson Device 048 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE30mgmt.sys [2006-11-10 23:48]
S3 se30nd5;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (NDIS);C:\WINDOWS\system32\DRIVERS\se30nd5.sys [2006-11-10 23:48]
S3 SE30obex;Sony Ericsson Device 048 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE30obex.sys [2006-11-10 23:48]
S3 se30unic;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (WDM);C:\WINDOWS\system32\DRIVERS\se30unic.sys [2006-11-10 23:48]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
S3 Z550bus;Sony Ericsson Z550 driver (WDM);C:\WINDOWS\system32\DRIVERS\Z550bus.sys [2006-03-14 05:37]
S3 Z550mdfl;Sony Ericsson Z550 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\Z550mdfl.sys [2006-03-14 05:37]
S3 Z550mdm;Sony Ericsson Z550 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\Z550mdm.sys [2006-03-14 05:37]
S3 Z550mgmt;Sony Ericsson Z550 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\Z550mgmt.sys [2006-03-14 05:37]
S3 Z550obex;Sony Ericsson Z550 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\Z550obex.sys [2006-03-14 05:37]
*Newly Created Service* - CATCHME
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-lphcrsuj0eg23 - C:\WINDOWS\system32\lphcrsuj0eg23.exe
HKLM-Run-lphcrsuj0eg23 - C:\WINDOWS\system32\lphcrsuj0eg23.exe
Notify-jpgmgr - jpgmgr32.dll
Notify-wmvmgr - wmvmgr32.dll
MSConfigStartUp-MyWebSearch Email Plugin - C:\PROGRA~1\MYWEBS~1\bar\1b.bin\mwsoemon.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-12 21:39:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-12 21:42:17
ComboFix-quarantined-files.txt 2008-07-12 19:41:52
Pre-Run: 8,968,556,544 bytes free
22 adresárov, 9,196,662,784 voľných bajtov
209 --- E O F --- 2008-07-11 06:23:18