Tak po urpútnom boji zasielam konečne obidva logy.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 10/15/2007 at 04:20 PM
Application Version : 3.9.1008
Core Rules Database Version : 3324
Trace Rules Database Version: 1325
Scan type : Complete Scan
Total Scan Time : 01:17:54
Memory items scanned : 294
Memory threats detected : 5
Registry items scanned : 3340
Registry threats detected : 28
File items scanned : 24181
File threats detected : 161
Trojan.Mezzia/Resident
C:\WINDOWS\SYSTEM32\WINTLI32.DLL
C:\WINDOWS\SYSTEM32\WINTLI32.DLL
Trojan.Downloader-Gen/MobRules
C:\PROGRAM FILES\QCVQNCXM\DXNJKVAM.DLL
C:\PROGRAM FILES\QCVQNCXM\DXNJKVAM.DLL
C:\PROGRAM FILES\CPVDEDUU\JEVFZKVG.DLL
C:\PROGRAM FILES\CPVDEDUU\JEVFZKVG.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MBSFEXGH.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MBSFEXGH.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\YJUHGHUP.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\YJUHGHUP.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{534A3E28-2B67-5797-55C6-08628A7497AD}
HKCR\CLSID\{534A3E28-2B67-5797-55C6-08628A7497AD}
HKCR\CLSID\{534A3E28-2B67-5797-55C6-08628A7497AD}\InprocServer32
HKCR\CLSID\{534A3E28-2B67-5797-55C6-08628A7497AD}\InprocServer32#ThreadingModel
HKCR\CLSID\{534A3E28-2B67-5797-55C6-08628A7497AD}\InprocServer32#t
Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{3F5E9987-FD12-408E-3612-018845CDF059}
HKCR\CLSID\{3F5E9987-FD12-408E-3612-018845CDF059}
HKCR\CLSID\{3F5E9987-FD12-408E-3612-018845CDF059}\InprocServer32
HKCR\CLSID\{3F5E9987-FD12-408E-3612-018845CDF059}\InprocServer32#ThreadingModel
HKCR\CLSID\{3F5E9987-FD12-408E-3612-018845CDF059}\InprocServer32#t
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3F5E9987-FD12-408E-3612-018845CDF059}
HKCR\CLSID\{3F5E9987-FD12-408E-3612-018845CDF059}
Trojan.Downloader-Win/GHY
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\wintli32
Adware.Tracking Cookie
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@server.cpmstar[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@flixbanner.bearshare[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@ads.pointroll[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@smileycentral[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@ads.boardgamegeek[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@3d-sexgames[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@www.burstnet[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@ads.zdravie[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@ad.adtegrity[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@please[5].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@bs.serving-sys[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@zedo[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@fastclick[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@ad1.clickhype[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@67.15.239[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@ad.yieldmanager[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@cgi-bin[3].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@hmt.connexpromotions[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@a.websponsors[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@premiumtv.122.2o7[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@msnportal.112.2o7[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@adrenalinesk[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@cpvfeed[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@popularscreensavers[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@hitbox[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@showit[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@ads.markiza[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@ad.zanox[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@www.hentaisexsites[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@3d-adult-world[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@yoursexygames[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@please[4].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@adbrite[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@www.fishsexgames[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@spylog[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@image.masterstats[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@www.fishadultgames[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@hentaisexsites[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@pornbilly[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@advertising[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@please[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@fl01.ct2.comclick[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@ads.gamesbannernet[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@www.mysexgames[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@doubleclick[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@drivecleaner[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@ads.newgrounds[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@overture[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@ad[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@casalemedia[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@www.3d-sexgames[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@linksynergy[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@fishsexgames[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@www.bigsexgames[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@adx.centrum[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@ads.atlas-as[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@cz8.clickzs[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@statse.webtrendslive[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@sexyfuckgames[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@2.adbrite[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@2adultflashgames[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@as1.falkag[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@ehg-ifilm.hitbox[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@stat.onestat[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@ehg-fastweb.hitbox[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@toplist[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@cz4.clickzs[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@ad.creafi[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@ad.iconadserver[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@atdmt[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@statcounter[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@4.adbrite[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@clickaider[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@3.adbrite[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@serving-sys[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@adserving.cpxinteractive[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@tribalfusion[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@counter.hitslink[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@adultfriendfinder[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@metacafe.122.2o7[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@games[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@please[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@ads.addynamix[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@toplist[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@specificclick[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@fishadultgames[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@burstnet[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@cgi-bin[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@xiti[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@ads.atlas[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@ads.adbrite[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl
pp@ads.freeonlinegames[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@adtech[2].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@a[1].txt
C:\Documents and Settings\mhl pp\Cookies\mhl pp@azjmp[1].txt
Trojan.Unknown Origin
HKLM\SOFTWARE\Microsoft\MSSMGR
HKLM\SOFTWARE\Microsoft\MSSMGR#Data
HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#PID
HKLM\SOFTWARE\Microsoft\MSSMGR#Rid
HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SCLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#SSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#BPTV
HKLM\SOFTWARE\Microsoft\MSSMGR#LID
HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#OCCUR
C:\WINDOWS\TEMP\WIN9A2F.TMP.EXE
Malware.Ultimate Defender
C:\Program Files\Ultimate Defender
C:\WINDOWS\SYSTEM32\WDQPOKTI\WDQPOKTI1.EXE
C:\WINDOWS\SYSTEM32\WDQPOKTI\WDQPOKTI2.EXE
C:\WINDOWS\SYSTEM32\WDQPOKTI\WDQPOKTI3.EXE
BearShare File Sharing Client
C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE
Trojan.Downloader-Gen/HitItQuitIt
C:\WINDOWS\SYSTEM32\IIFFCYY.DLL
C:\WINDOWS\SYSTEM32\MLJKLKJ.DLL
C:\WINDOWS\SYSTEM32\YAYWXUS.DLL
Trojan.Downloader-FakeRX
C:\WINDOWS\SYSTEM32\OEMBIOS32.DLL
Trace.Known Threat Sources
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\HGB6YNYX\text[1].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\WG7LT1OL\text[4].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\HGB6YNYX\text[2].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\WG7LT1OL\text[2].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\WG7LT1OL\text[3].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\HGB6YNYX\text[3].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\2MKIVQJZ\text[2].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\WG7LT1OL\text[7].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\WG7LT1OL\text[6].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\HGB6YNYX\text[4].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\WG7LT1OL\text[5].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\SXAFGHY3\get_lic_new[1].htm
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\SPA1GXQP\get_lic_new[2].htm
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\WBXZUI7X\xcd23[1].exe
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\SPA1GXQP\text[1].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\SPA1GXQP\get_lic_new[1].htm
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\UR05KFCD\text[1].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\2MKIVQJZ\text[4].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\SXAFGHY3\text[1].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\SXAFGHY3\text[2].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\ATEBUJ4P\text[3].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\UR05KFCD\text[3].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\7E8NJ9O5\text[2].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\UR05KFCD\text[4].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\UR05KFCD\text[5].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\7E8NJ9O5\text[3].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\6HHUZ21C\text[2].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\SXAFGHY3\text[5].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\7E8NJ9O5\text[4].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\5BVZ9LGE\text[7].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\SXAFGHY3\text[3].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\5BVZ9LGE\antzom[1].exe
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\5BVZ9LGE\text[2].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\SXAFGHY3\text[6].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\5BVZ9LGE\text[1].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\6HHUZ21C\text[1].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\7E8NJ9O5\text[5].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\ATEBUJ4P\text[5].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\6HHUZ21C\text[6].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\WBXZUI7X\text[6].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\6HHUZ21C\text[4].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\7E8NJ9O5\text[6].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\SPA1GXQP\text[4].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\6HHUZ21C\text[3].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\WBXZUI7X\text[1].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\WBXZUI7X\text[4].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\5BVZ9LGE\text[5].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\5BVZ9LGE\text[8].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\7E8NJ9O5\text[9].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\5BVZ9LGE\text[6].dat
C:\Documents and Settings\mhl pp\Local Settings\Temporary Internet Files\Content.IE5\5BVZ9LGE\text[3].dat
ComboFix 07-10-14.5 - mhl pp 2007-10-15 16:26:52.1 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.17 [GMT 2:00]
¬asově limit spracovania skriptu "C:\ComboFix\osid.vbs" bol prekroźeně.
Spracovanie skriptu sa ukonźilo.
Running from: c:\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data.\mbsfexgh.dll
C:\Documents and Settings\All Users\Application Data.\yjuhghup.dll
C:\Program Files\SecCenter
C:\WINDOWS\system32\drivers\bg_bg.gif
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\close_ico.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\icon_warning_big.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\remove_spyware_header.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\spyware_detected.gif
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_ico.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\drivers\yellow_warning_ico.gif
C:\WINDOWS\system32\fksprtai.ini
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\iatrpskf.dll
C:\WINDOWS\system32\ijrkvcvm.ini
C:\WINDOWS\system32\mvcvkrji.dll
C:\WINDOWS\system32\nusrmgr.exe
.
((((((((((((((((((((((((( Files Created from 2007-09-15 to 2007-10-15 )))))))))))))))))))))))))))))))
.
2007-10-15 16:23 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-15 14:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-15 14:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-15 14:31 <DIR> d-------- C:\Documents and Settings\mhl pp\Application Data\SUPERAntiSpyware.com
2007-10-15 14:30 1,522,814 --a------ C:\ComboFix.exe
2007-10-15 14:28 5,914,648 --a------ C:\SUPERAntiSpyware.exe
2007-10-15 11:37 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-15 11:36 812,344 --a------ C:\HJTInstall.exe
2007-10-08 08:58 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-08 08:48 <DIR> d-------- C:\VundoFix Backups
2007-10-08 08:43 19,755,376 --a------ C:\aaw2007.exe
2007-10-07 15:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-06 18:59 <DIR> d-------- C:\Program Files\Radmin 3.0
2007-10-06 14:01 <DIR> d-------- C:\vdownloader
2007-10-06 10:08 <DIR> d-------- C:\Program Files\DAP
2007-10-04 12:48 <DIR> d-------- C:\Program Files\SpeedBit Video Accelerator
2007-10-04 12:48 <DIR> d-------- C:\Program Files\AskPBar
2007-10-04 12:38 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-10-04 12:35 <DIR> d-------- C:\Program Files\Google
2007-09-27 10:55 <DIR> d-------- C:\Program Files\Cpvdeduu
2007-09-27 10:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Locktime
2007-09-20 18:27 <DIR> d-------- C:\Program Files\Common Files\STORMWARE Shared
2007-09-20 18:10 <DIR> d-------- C:\Pohoda
2007-09-20 15:02 62,512,691 --a------ C:\Pohoda.zip
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-15 14:46 --------- d-----w C:\Documents and Settings\mhl pp\Application Data\Skype
2007-10-15 12:56 --------- d-----w C:\Documents and Settings\mhl pp\Application Data\uTorrent
2007-10-15 12:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-12 10:55 --------- d-----w C:\Documents and Settings\mhl pp\Application Data\OpenOffice.org2
2007-10-07 17:36 --------- d-----w C:\Documents and Settings\mhl pp\Application Data\Hamachi
2007-10-06 14:20 25,544 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-06 12:15 --------- d-----w C:\Program Files\Hamachi
2007-10-06 10:42 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-21 07:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-08 16:27 --------- d-----w C:\Program Files\uTorrent
2007-09-05 11:38 --------- d-----w C:\Documents and Settings\mhl pp\Application Data\Spyware Terminator
2007-09-05 11:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2007-09-04 09:44 --------- d-----w C:\Documents and Settings\mhl pp\Application Data\TuneUp Software
2007-08-30 15:08 --------- d-----w C:\Program Files\Qcvqncxm
2007-08-30 15:07 --------- d-----w C:\Program Files\netsfchi
2007-08-29 18:58 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-08-23 10:27 --------- d-----w C:\Documents and Settings\mhl pp\Application Data\Radmin
2007-08-16 12:26 --------- d-----w C:\Program Files\Skype
2007-08-16 12:26 --------- d-----w C:\Program Files\Common Files\Skype
2007-08-16 12:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-08-15 09:48 --------- d-----w C:\Program Files\Yahoo!
2007-08-03 09:06 96,978 ----a-w C:\VirtumundoBeGone.exe
2007-08-03 08:43 109,056 ----a-w C:\VundoFix.exe
2007-04-22 10:31 1,002,624 ----a-w C:\Program Files\HamachiSetup-1.0.2.1-cz.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11ECC821-9ED4-4965-BC42-25DFE0FBFDB3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-30 12:32]
"Microsoft Setup Initialization"="Microsoft Setup Initialization" [2007-09-21 19:59 C:\WINDOWS\system32\Microsoft Setup Initialization]
"System Updater Machine"="system23.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-06 12:43]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2007-09-17 13:28]
"Microsoft Setup Initialization"="Microsoft Setup Initialization" [2007-09-21 19:59 C:\WINDOWS\system32\Microsoft Setup Initialization]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft Setup Initialization"=Microsoft Setup Initialization
"System Updater Machine"=system23.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=,C:\WINDOWS\system32\rserver30\r3god.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Ponuka Štart^Programy^Pri spustení^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Ponuka Štart\Programy\Pri spustení\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Ponuka Štart^Programy^Pri spustení^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Ponuka Štart\Programy\Pri spustení\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^mhl pp^Ponuka Štart^Programy^Pri spustení^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\mhl pp\Ponuka Štart\Programy\Pri spustení\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
"C:\Program Files\DAP\DAP.EXE" /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hide IP Platinum]
c:\Program Files\Hide IP Platinum\hideippla.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SC2]
C:\Program Files\SecCenter\scprot4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
"C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Syslog]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
"c:\Program Files\uTorrent\uTorrent.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasAuto"=3 (0x3)
"AudioSrv"=2 (0x2)
"wscsvc"=2 (0x2)
"sp_rssrv"=2 (0x2)
"sp_clamsrv"=3 (0x3)
"nlsvc"=2 (0x2)
"VideoAcceleratorEngine"=2 (0x2)
"gusvc"=3 (0x3)
R1 nltdi;nltdi;\??\C:\WINDOWS\system32\drivers\nltdi.sys
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 mirrorv3;mirrorv3;C:\WINDOWS\system32\DRIVERS\rminiv3.sys
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F2042EE3-DE0E-AF96-C700-F4600B05E70F}]
C:\WINDOWS\scvhost.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-10-12 15:15:02 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-10-15 16:52:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-15 16:53:55 - machine was rebooted
.
--- E O F ---
