přikládám log z HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:45:13, on 18.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\RAPTOR-GAMING\RAPTOR-ADJUST M3 V1\Panel.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Documents and Settings\All Users\Data aplikací\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ivan Viktora\Plocha\hijakthi\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RAPTOR-GAMING M3] "C:\Program Files\RAPTOR-GAMING\RAPTOR-ADJUST M3 V1\Panel.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 9253 bytes
WinSpywareProtect, prosim o pomoc
Re: WinSpywareProtect, prosim o pomoc
Zdravim,
v logu nie je vidiet nic zle. Poslite log z ComboFixu.
v logu nie je vidiet nic zle. Poslite log z ComboFixu.
Re: WinSpywareProtect, prosim o pomoc
tak tady z combofixu
ComboFix 08-07-17.4 - Ivan Viktora 2008-07-18 18:14:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.1082 [GMT 2:00]
Running from: C:\Documents and Settings\Ivan Viktora\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Ivan Viktora\Data aplikací\inst.exe
C:\WINDOWS\regedit.com
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\awtqpomM.dll
C:\WINDOWS\system32\bxkucfjh.ini
C:\WINDOWS\system32\hjfcukxb.dll
C:\WINDOWS\system32\hook.dll
C:\WINDOWS\system32\khfgGwWQ.dll
C:\WINDOWS\system32\Mmopqtwa.ini
C:\WINDOWS\system32\Mmopqtwa.ini2
C:\WINDOWS\system32\opnkiFyx.dll
C:\WINDOWS\system32\taskmgr.com
.
((((((((((((((((((((((((( Files Created from 2008-06-18 to 2008-07-18 )))))))))))))))))))))))))))))))
.
2008-07-17 01:59 . 2008-07-17 01:59 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-11 09:46 . 2008-07-11 09:46 <DIR> d-------- C:\Program Files\Sun
2008-07-02 09:17 . 2008-07-16 02:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-02 09:17 . 2008-07-02 09:17 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-26 16:39 . 2008-06-26 16:58 <DIR> d-------- C:\Program Files\Bridge Builder
2008-06-23 14:06 . 2008-06-23 14:24 <DIR> d-------- C:\obr zky
2008-06-23 14:03 . 2008-06-23 14:03 <DIR> d-------- C:\Program Files\Recuva
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 15:33 136,888 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-18 10:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-16 23:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-11 07:46 --------- d-----w C:\Program Files\Java
2008-06-23 06:20 --------- d-----w C:\Program Files\TC PowerPack
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 18:00 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 11:13 --------- d-----w C:\Program Files\FlatOut
2008-06-14 11:03 --------- d-----w C:\Program Files\Valve
2008-06-14 10:56 --------- d-----w C:\Program Files\Codemasters
2008-06-10 14:31 --------- d-----w C:\Program Files\OpenAL
2008-05-30 18:52 --------- d-----w C:\Program Files\Phun
2008-05-25 20:39 --------- d-----w C:\Program Files\World of Warcraft
2008-05-25 19:20 --------- d-----w C:\Program Files\Diablo II
2008-05-22 08:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-19 14:22 --------- d-----w C:\Program Files\Half Life 2
2008-02-09 20:52 0 ----a-w C:\Program Files\AstonWriteTest.txt
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2EBD89DD-4AD6-447F-8379-3ED19C799A04}]
2008-05-31 09:49 14848 --a------ C:\WINDOWS\system32\usrdpa32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 20:25 81920]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-12-19 22:13 486856]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-04-27 18:23 219952]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-04-01 12:40 172280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-09-26 15:29 872448]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-09-09 11:05 1115728]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"RAPTOR-GAMING M3"="C:\Program Files\RAPTOR-GAMING\RAPTOR-ADJUST M3 V1\Panel.exe" [2006-10-05 11:29 73728]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 02:07 593920]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 nxsIO32;NextSensor Kernel I/O Driver;C:\WINDOWS\System32\DRIVERS\nxsIO32.sys [2007-09-09 13:09]
R3 GMFilter Filter;GMFilter Filter;C:\WINDOWS\system32\Drivers\GMFilter.sys [2006-10-04 14:20]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 14:00]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 21:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 21:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 21:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 21:08]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 21:06]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 21:09]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 21:06]
.
Contents of the 'Scheduled Tasks' folder
"2008-07-18 11:34:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -
ShellExecuteHooks-{53D2B243-C8DF-460C-A3FF-745870147415} - C:\WINDOWS\system32\opnkiFyx.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-18 18:22:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
.
**************************************************************************
.
Completion time: 2008-07-18 18:29:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-18 16:28:57
Pre-Run: 11, Volných bajtů: 103,364,505,600
Post-Run: 13, Volněch bajt…: 103,402,524,672
168 --- E O F --- 2008-07-12 08:34:27
ComboFix 08-07-17.4 - Ivan Viktora 2008-07-18 18:14:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.1082 [GMT 2:00]
Running from: C:\Documents and Settings\Ivan Viktora\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Ivan Viktora\Data aplikací\inst.exe
C:\WINDOWS\regedit.com
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\awtqpomM.dll
C:\WINDOWS\system32\bxkucfjh.ini
C:\WINDOWS\system32\hjfcukxb.dll
C:\WINDOWS\system32\hook.dll
C:\WINDOWS\system32\khfgGwWQ.dll
C:\WINDOWS\system32\Mmopqtwa.ini
C:\WINDOWS\system32\Mmopqtwa.ini2
C:\WINDOWS\system32\opnkiFyx.dll
C:\WINDOWS\system32\taskmgr.com
.
((((((((((((((((((((((((( Files Created from 2008-06-18 to 2008-07-18 )))))))))))))))))))))))))))))))
.
2008-07-17 01:59 . 2008-07-17 01:59 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-11 09:46 . 2008-07-11 09:46 <DIR> d-------- C:\Program Files\Sun
2008-07-02 09:17 . 2008-07-16 02:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-02 09:17 . 2008-07-02 09:17 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-26 16:39 . 2008-06-26 16:58 <DIR> d-------- C:\Program Files\Bridge Builder
2008-06-23 14:06 . 2008-06-23 14:24 <DIR> d-------- C:\obr zky
2008-06-23 14:03 . 2008-06-23 14:03 <DIR> d-------- C:\Program Files\Recuva
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 15:33 136,888 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-18 10:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-16 23:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-11 07:46 --------- d-----w C:\Program Files\Java
2008-06-23 06:20 --------- d-----w C:\Program Files\TC PowerPack
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 18:00 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 11:13 --------- d-----w C:\Program Files\FlatOut
2008-06-14 11:03 --------- d-----w C:\Program Files\Valve
2008-06-14 10:56 --------- d-----w C:\Program Files\Codemasters
2008-06-10 14:31 --------- d-----w C:\Program Files\OpenAL
2008-05-30 18:52 --------- d-----w C:\Program Files\Phun
2008-05-25 20:39 --------- d-----w C:\Program Files\World of Warcraft
2008-05-25 19:20 --------- d-----w C:\Program Files\Diablo II
2008-05-22 08:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-19 14:22 --------- d-----w C:\Program Files\Half Life 2
2008-02-09 20:52 0 ----a-w C:\Program Files\AstonWriteTest.txt
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2EBD89DD-4AD6-447F-8379-3ED19C799A04}]
2008-05-31 09:49 14848 --a------ C:\WINDOWS\system32\usrdpa32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 20:25 81920]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-12-19 22:13 486856]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-04-27 18:23 219952]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-04-01 12:40 172280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-09-26 15:29 872448]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-09-09 11:05 1115728]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"RAPTOR-GAMING M3"="C:\Program Files\RAPTOR-GAMING\RAPTOR-ADJUST M3 V1\Panel.exe" [2006-10-05 11:29 73728]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 02:07 593920]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 nxsIO32;NextSensor Kernel I/O Driver;C:\WINDOWS\System32\DRIVERS\nxsIO32.sys [2007-09-09 13:09]
R3 GMFilter Filter;GMFilter Filter;C:\WINDOWS\system32\Drivers\GMFilter.sys [2006-10-04 14:20]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 14:00]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 21:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 21:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 21:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 21:08]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 21:06]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 21:09]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 21:06]
.
Contents of the 'Scheduled Tasks' folder
"2008-07-18 11:34:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -
ShellExecuteHooks-{53D2B243-C8DF-460C-A3FF-745870147415} - C:\WINDOWS\system32\opnkiFyx.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-18 18:22:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
.
**************************************************************************
.
Completion time: 2008-07-18 18:29:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-18 16:28:57
Pre-Run: 11, Volných bajtů: 103,364,505,600
Post-Run: 13, Volněch bajt…: 103,402,524,672
168 --- E O F --- 2008-07-12 08:34:27
Re: WinSpywareProtect, prosim o pomoc
Skrupt pre Avenger:
Inak OK. Problem pretrvava?
Kód: Vybrat vše
Files to delete:
C:\WINDOWS\system32\usrdpa32.dll
Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EBD89DD-4AD6-447F-8379-3ED19C799A04}Inak OK. Problem pretrvava?
Re: WinSpywareProtect, prosim o pomoc
a co s tím, prosím, mám udělat ?
Re: WinSpywareProtect, prosim o pomoc
Stiahnite Avenger (vid podpis), skopirovat do policka a potvrdit.
Re: WinSpywareProtect, prosim o pomoc
díky moc, problém vyřešen :)
Re: WinSpywareProtect, prosim o pomoc
Prosim o pomoc natahal jsem WinSpywareProtect mam log z Comb,ale nevim jestli je to okej ..prosim podivate se na to:
ComboFix 08-08-04.07 - Tommasson 2008-08-05 21:19:06.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1029.18.966 [GMT 2:00]
Running from: C:\Users\Tommasson\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ProgramData\SecuriSoft SARL
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\BASE\vbase.dat
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080805153709365.log
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080805160241930.log
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080805163153177.log
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080805165133168.log
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe
.
((((((((((((((((((((((((( Files Created from 2008-07-05 to 2008-08-05 )))))))))))))))))))))))))))))))
.
2008-08-05 12:54 . 2003-08-14 16:47 528,384 --a------ C:\Windows\System32\eJayxAudio.ax
2008-08-04 03:31 . 2008-08-04 03:31 235,157,629 --a------ C:\Windows\MEMORY.DMP
2008-08-03 19:38 . 2008-08-05 16:02 <DIR> d-------- C:\Users\Tommasson\AppData\Roaming\skypePM
2008-08-03 19:38 . 2008-08-03 19:38 56 --ah----- C:\Windows\System32\ezsidmv.dat
2008-08-03 19:31 . 2008-08-05 21:31 <DIR> d-------- C:\Users\Tommasson\AppData\Roaming\Skype
2008-08-03 19:30 . 2008-08-03 19:30 <DIR> d-------- C:\Users\All Users\Skype
2008-08-03 19:30 . 2008-08-05 16:22 <DIR> d-------- C:\Users\All Users\Google
2008-08-03 19:30 . 2008-08-03 19:30 <DIR> d-------- C:\ProgramData\Skype
2008-08-03 19:30 . 2008-08-03 19:30 <DIR> d-------- C:\Program Files\Skype
2008-08-03 19:30 . 2008-08-05 16:30 <DIR> d-------- C:\Program Files\Google
2008-08-03 19:30 . 2008-08-03 19:30 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-08-01 01:42 . 2008-08-01 01:42 <DIR> d-------- C:\Users\Tommasson\AppData\Roaming\Propellerhead Software
2008-08-01 01:42 . 2008-08-01 01:42 <DIR> d-------- C:\Users\All Users\Propellerhead Software
2008-08-01 01:42 . 2008-08-01 01:42 <DIR> d-------- C:\ProgramData\Propellerhead Software
2008-08-01 01:42 . 2008-08-01 01:42 368,640 --a------ C:\Windows\System32\ReWire.dll
2008-08-01 01:42 . 2008-08-01 01:42 233,472 --a------ C:\Windows\System32\REX Shared Library.dll
2008-08-01 01:41 . 2008-08-01 01:41 0 --a------ C:\Windows\musicmaker.INI
2008-08-01 01:30 . 2008-08-01 01:30 <DIR> d-------- C:\Program Files\Common Files\MAGIX Shared
2008-08-01 01:29 . 2008-08-01 01:30 <DIR> d-------- C:\Windows\System32\MAGIX
2008-08-01 01:29 . 2008-08-01 01:29 <DIR> d-------- C:\MAGIX
2008-08-01 01:29 . 2006-07-05 11:21 638,976 --a------ C:\Windows\System32\mgxoschk.dll
2008-08-01 01:29 . 1998-10-15 17:28 85,504 --a------ C:\Windows\System32\HtmlWH.dll
2008-08-01 01:29 . 2008-08-01 01:30 5,729 --a------ C:\Windows\mgxoschk.ini
2008-08-01 00:18 . 2008-08-01 00:18 <DIR> d-------- C:\Users\Tommasson\AppData\Roaming\HighAndes
2008-08-01 00:18 . 2008-08-01 00:18 <DIR> d-------- C:\Users\All Users\HighAndes
2008-08-01 00:18 . 2008-08-01 00:18 <DIR> d-------- C:\ProgramData\HighAndes
2008-07-31 23:46 . 2008-07-31 23:46 <DIR> d-------- C:\Users\Tommasson\AppData\Roaming\NetMedia Providers
2008-07-31 23:43 . 1998-10-29 15:45 306,688 --a------ C:\Windows\IsUninst.exe
2008-07-31 23:43 . 2002-12-17 16:23 33,340 --------- C:\Windows\System32\dbmsqlgc.dll
2008-07-31 23:43 . 2002-10-20 14:05 24,576 --------- C:\Windows\System32\dbmsgnet.dll
2008-07-31 23:43 . 2008-07-31 23:43 20,480 --a------ C:\Windows\System32\cliconfg.728
2008-07-31 23:42 . 2008-07-31 23:42 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-07-31 22:41 . 2008-07-31 22:41 <DIR> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-07-31 22:41 . 2008-07-31 22:41 <DIR> dr------- C:\Windows\System32\config\systemprofile\Searches
2008-07-31 22:41 . 2008-07-31 22:41 <DIR> dr------- C:\Windows\System32\config\systemprofile\Saved Games
2008-07-31 22:41 . 2008-07-31 22:41 <DIR> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-07-31 22:41 . 2008-07-31 22:41 <DIR> dr------- C:\Windows\System32\config\systemprofile\Links
2008-07-31 22:41 . 2008-07-31 22:41 <DIR> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-07-31 22:41 . 2008-07-31 22:41 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-07-31 22:41 . 2008-08-05 16:43 <DIR> d-------- C:\Program Files\MixMeister Fusion
2008-07-31 13:56 . 2008-08-05 16:18 <DIR> d-------- C:\Windows\System32\djpclib
2008-07-31 13:56 . 2008-08-05 16:18 <DIR> d-------- C:\Program Files\DJ Music Mixer
2008-07-31 12:07 . 2008-07-31 12:07 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-07-31 11:53 . 2008-07-31 11:53 <DIR> d-------- C:\Users\Tommasson\AppData\Roaming\Publish Providers
2008-07-30 18:26 . 2008-07-30 18:26 44,544 --a------ C:\Windows\System32\Gif89.dll
2008-07-30 18:26 . 2008-07-30 18:26 32,768 --a------ C:\Windows\System32\ShellLnkSSE.dll
2008-07-30 11:40 . 2008-08-05 16:20 <DIR> d-------- C:\Program Files\Image-Line
2008-07-30 11:37 . 2008-07-31 23:46 <DIR> d-------- C:\Users\Tommasson\AppData\Roaming\Sony
2008-07-30 11:35 . 2008-08-05 16:42 <DIR> d-------- C:\Program Files\Sony
2008-07-30 11:34 . 2008-07-31 23:36 <DIR> d-------- C:\Program Files\Sony Setup
2008-07-30 11:12 . 2008-08-05 16:34 <DIR> d-------- C:\Program Files\Native Instruments
2008-07-30 11:07 . 2005-11-30 21:20 2,314,332 --a------ C:\Windows\System32\LIBMMD.DLL
2008-07-30 11:00 . 2008-08-05 16:19 <DIR> d-------- C:\Users\All Users\eMule
2008-07-30 11:00 . 2008-08-05 16:19 <DIR> d-------- C:\ProgramData\eMule
2008-07-30 10:58 . 2008-07-30 10:58 <DIR> d-------- C:\Users\Tommasson\AppData\Roaming\Acoustica
2008-07-30 10:58 . 2008-07-30 10:58 <DIR> d-------- C:\Users\All Users\Acoustica
2008-07-30 10:58 . 2008-07-30 10:58 <DIR> d-------- C:\ProgramData\Acoustica
2008-07-30 10:58 . 2008-08-05 16:20 <DIR> d-------- C:\Program Files\VST
2008-07-30 10:58 . 2008-08-05 16:18 <DIR> d-------- C:\Program Files\Acoustica Mixcraft 3
2008-07-30 10:58 . 2007-08-07 11:32 57,344 --a------ C:\Windows\System32\Wnaspint.dll
2008-07-30 09:46 . 2008-08-02 15:33 <DIR> d-------- C:\Videos
2008-07-30 09:46 . 2008-07-30 09:46 <DIR> d-------- C:\Users\Tommasson\AppData\Roaming\CoolFlvMan
2008-07-30 09:45 . 2008-07-30 09:45 <DIR> d-------- C:\Users\Tommasson\AppData\Roaming\CoolYouTubeDownloader
2008-07-29 10:28 . 2008-07-29 10:28 <DIR> d-------- C:\PerfLogs
2008-07-24 13:04 . 2008-01-19 05:12 3,662,296 --a------ C:\Windows\System32\locale.nls
2008-07-24 13:03 . 2008-01-19 09:38 4,595,712 --a------ C:\Windows\System32\AuthFWSnapin.dll
2008-07-24 13:02 . 2008-01-19 09:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
2008-07-24 13:01 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-07-24 13:00 . 2008-01-19 09:32 5,714,432 --a------ C:\Windows\System32\logon.scr
2008-07-24 12:59 . 2008-01-19 09:35 376,832 --a------ C:\Windows\System32\mspbde40.dll
2008-07-24 12:58 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-07-24 12:56 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-07-24 12:55 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-07-24 12:55 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-07-24 12:54 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-07-24 12:54 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-07-24 12:52 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-07-24 12:52 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-07-24 12:52 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-07-24 12:52 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-07-24 12:22 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-05 14:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-05 14:35 --------- d-----w C:\Program Files\epson
2008-08-05 11:01 27,715 ----a-w C:\Users\Tommasson\AppData\Roaming\nvModes.dat
2008-08-04 14:21 --------- d-----w C:\Program Files\ICQToolbar
2008-07-30 10:09 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-29 08:43 174 --sha-w C:\Program Files\desktop.ini
2008-07-29 08:32 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-29 08:32 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-07-29 08:32 --------- d-----w C:\Program Files\Windows Mail
2008-07-29 08:32 --------- d-----w C:\Program Files\Windows Journal
2008-07-29 08:32 --------- d-----w C:\Program Files\Windows Defender
2008-07-29 08:32 --------- d-----w C:\Program Files\Windows Collaboration
2008-07-29 08:32 --------- d-----w C:\Program Files\Windows Calendar
2008-07-02 06:37 --------- d-----w C:\Users\Tommasson\AppData\Roaming\ICQ Toolbar
2008-07-02 06:34 --------- d-----w C:\Users\Tommasson\AppData\Roaming\ICQ
2008-07-02 06:34 --------- d-----w C:\Program Files\ICQ6
2008-06-30 21:31 --------- d-----w C:\Users\Tommasson\AppData\Roaming\Media Player Classic
2008-06-29 18:32 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-06-29 18:32 --------- d-----w C:\Program Files\DivX
2008-06-14 22:34 --------- d-----w C:\Program Files\Sun
2008-06-14 22:34 --------- d-----w C:\Program Files\Java
2008-06-09 01:11 --------- d-----w C:\Program Files\SiteAdvisor
2008-06-06 11:10 --------- d-----w C:\Users\Tommasson\AppData\Roaming\FLVPlayer4Free
2008-06-06 11:09 --------- d-----w C:\Program Files\FLVPlayer4Free
2008-06-06 10:55 --------- d-----w C:\Users\Tommasson\AppData\Roaming\vlc
2008-06-06 10:54 --------- d-----w C:\Program Files\VideoLAN
2008-04-06 21:24 22,328 ----a-w C:\Users\Tommasson\AppData\Roaming\PnkBstrK.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 22:43 729088]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 16:37 174872]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 18:11 176128]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 11:54 50696]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 20:12 17920]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2002-09-13 12:21 73728]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 23:57 36640]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe" [2003-07-08 21:03 315392]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-03-10 19:45 35328]
"FineReader7NewsReaderPro"="C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" [2003-12-10 00:19 278528]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-01 12:27 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-01 12:27 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-01 12:27 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 19:50 4390912 C:\Windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe]
C:\Users\Tommasson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
start.bat [2008-04-05 10:34:41 39]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Akceler tor spuçtŘnˇ AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2004-02-25 05:35:22 10872]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-20 12:27:40 719664]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-06-08 22:40:37 91440]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-04-04 13:42:50 692224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"msacm.fraunhoferacm"= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\sandra.exe"= C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\sandra.exe:*:Enabled:SiSoftware Sandra Professional
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\RpcSandraSrv.exe"= C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Professional
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\RpcDataSrv.exe"= C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Professional
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3786C7AF-4843-41B5-8ED8-A4F38F7D6C30}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{8C5D8017-5669-4D2E-AA22-8AAD4C7B44DF}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{A0472573-7C43-45CA-A842-474D00CCFFAA}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{DC8D28A6-819C-41EA-9D1B-183D21B93CB6}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{83DCD27C-2030-4BCD-ACCA-1806E16DAFC8}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{91C92B25-43C0-4509-9143-AD3769FEBB23}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3F64324A-DAF2-495F-9CC9-3A3C49F46444}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{59E86ED0-E2BA-44A6-9F81-BEB52C51EA86}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4B6ECCDC-5020-460F-8118-6F35F63A702C}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{5808AC10-0158-437A-B9A5-5DA29D90AF40}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{BFB3AAAA-7653-486E-BC6F-B335AC5C61B0}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{0041834A-2944-443E-81DC-2D0E5A28DE5D}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{46E1FBE8-E61F-4D64-B891-B8DC0738548E}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{090B1574-EDE8-4014-9EFB-2F4F1BDE4BA1}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{AA7BA636-515F-4234-B536-E6F8DF90D83F}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{ACD6CB65-23AB-4E14-B125-F9CEDC173589}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{8FA7CD82-EEF7-48E4-9EF3-01B297253F2C}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{33D1F42A-9E3B-444C-9D85-8954C1AE5DAB}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{A6D121A8-A7D6-4448-8519-24633442B177}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{41463D84-0264-4C09-9AA9-A728E26FA320}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{89F170E4-0431-47EA-A15D-3A801FAFE93B}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{64A41A4C-8071-4CE9-A29D-1029EC697B34}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{961578DB-30B8-4D07-B9B4-246883DC3434}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{4E69F195-D8A2-4BF0-AE42-A3C43FE6BBBE}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{53010DC7-2CAA-408C-AC19-649886B07D85}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{A55511AF-E98A-47E0-8732-91C31B4DDE8A}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\sandra.exe"= C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\sandra.exe:*:Enabled:SiSoftware Sandra Professional
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\RpcSandraSrv.exe"= C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Professional
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\RpcDataSrv.exe"= C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Professional
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-01-02 12:45]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-01-02 12:45]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-02 12:45]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
Contents of the 'Scheduled Tasks' folder
2008-06-14 C:\Windows\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-07-31 C:\Windows\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-08-05 C:\Windows\Tasks\User_Feed_Synchronization-{86563F86-E098-4807-8A35-70D9EE69DD27}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-CubeDesktop - (no file)
HKLM-Run-Trickler - c:\users\tommasson\appdata\local\temp\~vis0001\fsg_4104.exe
HKLM-Run-NWEReboot - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Tommasson\AppData\Roaming\Mozilla\Firefox\Profiles\ev2v0htx.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://start.qip.ru
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-05 21:31:23
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
C:\Windows\System32\conime.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\System32\IoctlSvc.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
.
**************************************************************************
.
Completion time: 2008-08-05 21:46:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-05 19:46:18
Pre-Run: 9,636,810,752
Post-Run: 9,482,096,640
308 --- E O F --- 2008-08-05 13:58:09
ComboFix 08-08-04.07 - Tommasson 2008-08-05 21:19:06.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1029.18.966 [GMT 2:00]
Running from: C:\Users\Tommasson\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ProgramData\SecuriSoft SARL
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\BASE\vbase.dat
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080805153709365.log
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080805160241930.log
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080805163153177.log
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080805165133168.log
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe
.
((((((((((((((((((((((((( Files Created from 2008-07-05 to 2008-08-05 )))))))))))))))))))))))))))))))
.
2008-08-05 12:54 . 2003-08-14 16:47 528,384 --a------ C:\Windows\System32\eJayxAudio.ax
2008-08-04 03:31 . 2008-08-04 03:31 235,157,629 --a------ C:\Windows\MEMORY.DMP
2008-08-03 19:38 . 2008-08-05 16:02 <DIR> d-------- C:\Users\Tommasson\AppData\Roaming\skypePM
2008-08-03 19:38 . 2008-08-03 19:38 56 --ah----- C:\Windows\System32\ezsidmv.dat
2008-08-03 19:31 . 2008-08-05 21:31 <DIR> d-------- C:\Users\Tommasson\AppData\Roaming\Skype
2008-08-03 19:30 . 2008-08-03 19:30 <DIR> d-------- C:\Users\All Users\Skype
2008-08-03 19:30 . 2008-08-05 16:22 <DIR> d-------- C:\Users\All Users\Google
2008-08-03 19:30 . 2008-08-03 19:30 <DIR> d-------- C:\ProgramData\Skype
2008-08-03 19:30 . 2008-08-03 19:30 <DIR> d-------- C:\Program Files\Skype
2008-08-03 19:30 . 2008-08-05 16:30 <DIR> d-------- C:\Program Files\Google
2008-08-03 19:30 . 2008-08-03 19:30 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-08-01 01:42 . 2008-08-01 01:42 <DIR> d-------- C:\Users\Tommasson\AppData\Roaming\Propellerhead Software
2008-08-01 01:42 . 2008-08-01 01:42 <DIR> d-------- C:\Users\All Users\Propellerhead Software
2008-08-01 01:42 . 2008-08-01 01:42 <DIR> d-------- C:\ProgramData\Propellerhead Software
2008-08-01 01:42 . 2008-08-01 01:42 368,640 --a------ C:\Windows\System32\ReWire.dll
2008-08-01 01:42 . 2008-08-01 01:42 233,472 --a------ C:\Windows\System32\REX Shared Library.dll
2008-08-01 01:41 . 2008-08-01 01:41 0 --a------ C:\Windows\musicmaker.INI
2008-08-01 01:30 . 2008-08-01 01:30 <DIR> d-------- C:\Program Files\Common Files\MAGIX Shared
2008-08-01 01:29 . 2008-08-01 01:30 <DIR> d-------- C:\Windows\System32\MAGIX
2008-08-01 01:29 . 2008-08-01 01:29 <DIR> d-------- C:\MAGIX
2008-08-01 01:29 . 2006-07-05 11:21 638,976 --a------ C:\Windows\System32\mgxoschk.dll
2008-08-01 01:29 . 1998-10-15 17:28 85,504 --a------ C:\Windows\System32\HtmlWH.dll
2008-08-01 01:29 . 2008-08-01 01:30 5,729 --a------ C:\Windows\mgxoschk.ini
2008-08-01 00:18 . 2008-08-01 00:18 <DIR> d-------- C:\Users\Tommasson\AppData\Roaming\HighAndes
2008-08-01 00:18 . 2008-08-01 00:18 <DIR> d-------- C:\Users\All Users\HighAndes
2008-08-01 00:18 . 2008-08-01 00:18 <DIR> d-------- C:\ProgramData\HighAndes
2008-07-31 23:46 . 2008-07-31 23:46 <DIR> d-------- C:\Users\Tommasson\AppData\Roaming\NetMedia Providers
2008-07-31 23:43 . 1998-10-29 15:45 306,688 --a------ C:\Windows\IsUninst.exe
2008-07-31 23:43 . 2002-12-17 16:23 33,340 --------- C:\Windows\System32\dbmsqlgc.dll
2008-07-31 23:43 . 2002-10-20 14:05 24,576 --------- C:\Windows\System32\dbmsgnet.dll
2008-07-31 23:43 . 2008-07-31 23:43 20,480 --a------ C:\Windows\System32\cliconfg.728
2008-07-31 23:42 . 2008-07-31 23:42 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-07-31 22:41 . 2008-07-31 22:41 <DIR> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-07-31 22:41 . 2008-07-31 22:41 <DIR> dr------- C:\Windows\System32\config\systemprofile\Searches
2008-07-31 22:41 . 2008-07-31 22:41 <DIR> dr------- C:\Windows\System32\config\systemprofile\Saved Games
2008-07-31 22:41 . 2008-07-31 22:41 <DIR> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-07-31 22:41 . 2008-07-31 22:41 <DIR> dr------- C:\Windows\System32\config\systemprofile\Links
2008-07-31 22:41 . 2008-07-31 22:41 <DIR> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-07-31 22:41 . 2008-07-31 22:41 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-07-31 22:41 . 2008-08-05 16:43 <DIR> d-------- C:\Program Files\MixMeister Fusion
2008-07-31 13:56 . 2008-08-05 16:18 <DIR> d-------- C:\Windows\System32\djpclib
2008-07-31 13:56 . 2008-08-05 16:18 <DIR> d-------- C:\Program Files\DJ Music Mixer
2008-07-31 12:07 . 2008-07-31 12:07 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-07-31 11:53 . 2008-07-31 11:53 <DIR> d-------- C:\Users\Tommasson\AppData\Roaming\Publish Providers
2008-07-30 18:26 . 2008-07-30 18:26 44,544 --a------ C:\Windows\System32\Gif89.dll
2008-07-30 18:26 . 2008-07-30 18:26 32,768 --a------ C:\Windows\System32\ShellLnkSSE.dll
2008-07-30 11:40 . 2008-08-05 16:20 <DIR> d-------- C:\Program Files\Image-Line
2008-07-30 11:37 . 2008-07-31 23:46 <DIR> d-------- C:\Users\Tommasson\AppData\Roaming\Sony
2008-07-30 11:35 . 2008-08-05 16:42 <DIR> d-------- C:\Program Files\Sony
2008-07-30 11:34 . 2008-07-31 23:36 <DIR> d-------- C:\Program Files\Sony Setup
2008-07-30 11:12 . 2008-08-05 16:34 <DIR> d-------- C:\Program Files\Native Instruments
2008-07-30 11:07 . 2005-11-30 21:20 2,314,332 --a------ C:\Windows\System32\LIBMMD.DLL
2008-07-30 11:00 . 2008-08-05 16:19 <DIR> d-------- C:\Users\All Users\eMule
2008-07-30 11:00 . 2008-08-05 16:19 <DIR> d-------- C:\ProgramData\eMule
2008-07-30 10:58 . 2008-07-30 10:58 <DIR> d-------- C:\Users\Tommasson\AppData\Roaming\Acoustica
2008-07-30 10:58 . 2008-07-30 10:58 <DIR> d-------- C:\Users\All Users\Acoustica
2008-07-30 10:58 . 2008-07-30 10:58 <DIR> d-------- C:\ProgramData\Acoustica
2008-07-30 10:58 . 2008-08-05 16:20 <DIR> d-------- C:\Program Files\VST
2008-07-30 10:58 . 2008-08-05 16:18 <DIR> d-------- C:\Program Files\Acoustica Mixcraft 3
2008-07-30 10:58 . 2007-08-07 11:32 57,344 --a------ C:\Windows\System32\Wnaspint.dll
2008-07-30 09:46 . 2008-08-02 15:33 <DIR> d-------- C:\Videos
2008-07-30 09:46 . 2008-07-30 09:46 <DIR> d-------- C:\Users\Tommasson\AppData\Roaming\CoolFlvMan
2008-07-30 09:45 . 2008-07-30 09:45 <DIR> d-------- C:\Users\Tommasson\AppData\Roaming\CoolYouTubeDownloader
2008-07-29 10:28 . 2008-07-29 10:28 <DIR> d-------- C:\PerfLogs
2008-07-24 13:04 . 2008-01-19 05:12 3,662,296 --a------ C:\Windows\System32\locale.nls
2008-07-24 13:03 . 2008-01-19 09:38 4,595,712 --a------ C:\Windows\System32\AuthFWSnapin.dll
2008-07-24 13:02 . 2008-01-19 09:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
2008-07-24 13:01 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-07-24 13:00 . 2008-01-19 09:32 5,714,432 --a------ C:\Windows\System32\logon.scr
2008-07-24 12:59 . 2008-01-19 09:35 376,832 --a------ C:\Windows\System32\mspbde40.dll
2008-07-24 12:58 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-07-24 12:56 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-07-24 12:55 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-07-24 12:55 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-07-24 12:54 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-07-24 12:54 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-07-24 12:52 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-07-24 12:52 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-07-24 12:52 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-07-24 12:52 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-07-24 12:22 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-05 14:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-05 14:35 --------- d-----w C:\Program Files\epson
2008-08-05 11:01 27,715 ----a-w C:\Users\Tommasson\AppData\Roaming\nvModes.dat
2008-08-04 14:21 --------- d-----w C:\Program Files\ICQToolbar
2008-07-30 10:09 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-29 08:43 174 --sha-w C:\Program Files\desktop.ini
2008-07-29 08:32 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-29 08:32 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-07-29 08:32 --------- d-----w C:\Program Files\Windows Mail
2008-07-29 08:32 --------- d-----w C:\Program Files\Windows Journal
2008-07-29 08:32 --------- d-----w C:\Program Files\Windows Defender
2008-07-29 08:32 --------- d-----w C:\Program Files\Windows Collaboration
2008-07-29 08:32 --------- d-----w C:\Program Files\Windows Calendar
2008-07-02 06:37 --------- d-----w C:\Users\Tommasson\AppData\Roaming\ICQ Toolbar
2008-07-02 06:34 --------- d-----w C:\Users\Tommasson\AppData\Roaming\ICQ
2008-07-02 06:34 --------- d-----w C:\Program Files\ICQ6
2008-06-30 21:31 --------- d-----w C:\Users\Tommasson\AppData\Roaming\Media Player Classic
2008-06-29 18:32 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-06-29 18:32 --------- d-----w C:\Program Files\DivX
2008-06-14 22:34 --------- d-----w C:\Program Files\Sun
2008-06-14 22:34 --------- d-----w C:\Program Files\Java
2008-06-09 01:11 --------- d-----w C:\Program Files\SiteAdvisor
2008-06-06 11:10 --------- d-----w C:\Users\Tommasson\AppData\Roaming\FLVPlayer4Free
2008-06-06 11:09 --------- d-----w C:\Program Files\FLVPlayer4Free
2008-06-06 10:55 --------- d-----w C:\Users\Tommasson\AppData\Roaming\vlc
2008-06-06 10:54 --------- d-----w C:\Program Files\VideoLAN
2008-04-06 21:24 22,328 ----a-w C:\Users\Tommasson\AppData\Roaming\PnkBstrK.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 22:43 729088]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 16:37 174872]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 18:11 176128]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 11:54 50696]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 20:12 17920]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2002-09-13 12:21 73728]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 23:57 36640]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe" [2003-07-08 21:03 315392]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-03-10 19:45 35328]
"FineReader7NewsReaderPro"="C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" [2003-12-10 00:19 278528]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-01 12:27 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-01 12:27 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-01 12:27 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 19:50 4390912 C:\Windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe]
C:\Users\Tommasson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
start.bat [2008-04-05 10:34:41 39]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Akceler tor spuçtŘnˇ AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2004-02-25 05:35:22 10872]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-20 12:27:40 719664]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-06-08 22:40:37 91440]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-04-04 13:42:50 692224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"msacm.fraunhoferacm"= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\sandra.exe"= C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\sandra.exe:*:Enabled:SiSoftware Sandra Professional
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\RpcSandraSrv.exe"= C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Professional
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\RpcDataSrv.exe"= C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Professional
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3786C7AF-4843-41B5-8ED8-A4F38F7D6C30}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{8C5D8017-5669-4D2E-AA22-8AAD4C7B44DF}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{A0472573-7C43-45CA-A842-474D00CCFFAA}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{DC8D28A6-819C-41EA-9D1B-183D21B93CB6}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{83DCD27C-2030-4BCD-ACCA-1806E16DAFC8}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{91C92B25-43C0-4509-9143-AD3769FEBB23}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3F64324A-DAF2-495F-9CC9-3A3C49F46444}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{59E86ED0-E2BA-44A6-9F81-BEB52C51EA86}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4B6ECCDC-5020-460F-8118-6F35F63A702C}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{5808AC10-0158-437A-B9A5-5DA29D90AF40}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{BFB3AAAA-7653-486E-BC6F-B335AC5C61B0}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{0041834A-2944-443E-81DC-2D0E5A28DE5D}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{46E1FBE8-E61F-4D64-B891-B8DC0738548E}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{090B1574-EDE8-4014-9EFB-2F4F1BDE4BA1}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{AA7BA636-515F-4234-B536-E6F8DF90D83F}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{ACD6CB65-23AB-4E14-B125-F9CEDC173589}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{8FA7CD82-EEF7-48E4-9EF3-01B297253F2C}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{33D1F42A-9E3B-444C-9D85-8954C1AE5DAB}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{A6D121A8-A7D6-4448-8519-24633442B177}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{41463D84-0264-4C09-9AA9-A728E26FA320}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{89F170E4-0431-47EA-A15D-3A801FAFE93B}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{64A41A4C-8071-4CE9-A29D-1029EC697B34}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{961578DB-30B8-4D07-B9B4-246883DC3434}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{4E69F195-D8A2-4BF0-AE42-A3C43FE6BBBE}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{53010DC7-2CAA-408C-AC19-649886B07D85}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{A55511AF-E98A-47E0-8732-91C31B4DDE8A}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\sandra.exe"= C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\sandra.exe:*:Enabled:SiSoftware Sandra Professional
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\RpcSandraSrv.exe"= C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Professional
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\RpcDataSrv.exe"= C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Professional
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-01-02 12:45]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-01-02 12:45]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-02 12:45]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
Contents of the 'Scheduled Tasks' folder
2008-06-14 C:\Windows\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-07-31 C:\Windows\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-08-05 C:\Windows\Tasks\User_Feed_Synchronization-{86563F86-E098-4807-8A35-70D9EE69DD27}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-CubeDesktop - (no file)
HKLM-Run-Trickler - c:\users\tommasson\appdata\local\temp\~vis0001\fsg_4104.exe
HKLM-Run-NWEReboot - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Tommasson\AppData\Roaming\Mozilla\Firefox\Profiles\ev2v0htx.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://start.qip.ru
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-05 21:31:23
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
C:\Windows\System32\conime.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\System32\IoctlSvc.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
.
**************************************************************************
.
Completion time: 2008-08-05 21:46:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-05 19:46:18
Pre-Run: 9,636,810,752
Post-Run: 9,482,096,640
308 --- E O F --- 2008-08-05 13:58:09
Kdo je online
Uživatelé prohlížející si toto fórum: Karrex a 3 hosti