PC-HELP.CZ

České diskuzní fórum o počítačích
https://pc-help.cnews.cz/

,,YOU HAVE SECURITY PROBLEM,,

https://pc-help.cnews.cz/viewtopic.php?f=70&t=32236

Stránka 1 z 2

,,YOU HAVE SECURITY PROBLEM,,

Napsal: 16 říj 2008 16:46
od Rinty
Zdravim vas vsetkych.
Mam taky problem. Zrejme pri stahovani jedneho programu sa mi dostal do PC zrejme spyware. Jednoducho sa mi na spodnej liste ako je cas ukazala ikonka, ktora mi pravidelne hlasila ,,YOU HAVE SECURITY PROBLEM,, a pokial som bol na internete tak mi vyhadzoval hlasku, ze si mam stiahnut nejaky antivirus 2009 aby som odstranil virus. Samozrejme som to nespravil. Stiahol som si porgramy typu Ad-Aware, Spybot a pod. dokonca aj NOD32. Kazdy z nich mi po podrobnej analyze nasli nejake skodlive cervy, ktore som po konceni analyzy vymazal. Tu ikonku na spodnej liste uz nemam, ani hlasky nevyhadzuje, ale moje PC konkretne notebook stale pracuje, teda harddisk stale pracuje, ale ziadny program nie je spusteny, ani sipka na ploche nevyhadzuje presypacie hodiny. Vie mi prosim Vas niekto pomoct ako tu moju masinu dat do povodneho plne funkcneho stavu bez reinstalacie windowsu? Daukem pekne.

Re: ,,YOU HAVE SECURITY PROBLEM,,

Napsal: 16 říj 2008 16:51
od jaro3
Nejprve sem vlo log z HJT, návod a odkaz na stažení je zde:
viewtopic.php?f=70&t=5119

Re: ,,YOU HAVE SECURITY PROBLEM,,

Napsal: 16 říj 2008 17:02
od Rinty
jeden navod som cital a tam bolo pisane, ze hjt by nemali pouzivat ludia, ktori sa detajlne navyznaju do windowsu a ja zase nie som odbronik do windowsu

Re: ,,YOU HAVE SECURITY PROBLEM,,

Napsal: 16 říj 2008 17:32
od jaro3
Přečti si ten návod a stáhni HJT, drž se rad a vlož pak ten log. To tady dělají všichni. To ostatní nech na nás, ohledně dalšího postupu a fixů..

Re: ,,YOU HAVE SECURITY PROBLEM,,

Napsal: 16 říj 2008 19:11
od Rinty
tak tu je ten log z mojho hjt:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:35, on 16. 10. 2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\ICO.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O1 - Hosts: ::1 localhost
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\byXOebcb.dll,#1
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [MSFox] C:\Users\Progress. Dance Love\AppData\Local\Temp\a.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\PROGRE~1.DAN\AppData\Local\Temp\cbXRKCTM.dll,c
O4 - HKCU\..\Run: [aa217701] rundll32.exe "C:\Users\PROGRE~1.DAN\AppData\Local\Temp\jhlxswxa.dll",b
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\PROGRE~1.DAN\AppData\Local\Temp\wvUnNhFV.dll,#1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9235 bytes

Re: ,,YOU HAVE SECURITY PROBLEM,,

Napsal: 16 říj 2008 19:34
od jaro3
Když pracuješ s HJT , ukonči všechny jiné aplikace a prohlížeče.
Odinstaluj jeden antivir,asi Avast(?)...
Pokud máš 32bitovou verzi win vista pokračuj takto:
Vypni rez. ochranu u NOD32 (nebo AVASTU), vypni rez . ochranu u Spybot, pokračuj podle fredika v tomto tématu (ohledně vyp.rez. ochrany u Spybotu):
viewtopic.php?f=70&t=31077
Stáhni si ComboFix (by sUBs)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Re: ,,YOU HAVE SECURITY PROBLEM,,

Napsal: 16 říj 2008 20:47
od Rinty
tak tu je ten log z combofixu:

ComboFix 08-10-15.08 - Progress. Dance Love 2008-10-16 20:07:24.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.1.1033.18.271 [GMT 2:00]
Running from: C:\Users\Progress. Dance Love\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\PROGRE~1.DAN\AppData\Local\Temp\jhlxswxa.dll

.
((((((((((((((((((((((((( Files Created from 2008-09-16 to 2008-10-16 )))))))))))))))))))))))))))))))
.

2008-10-16 18:58 . 2008-10-16 18:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-15 13:04 . 2008-10-15 13:04 <DIR> d-------- C:\Users\Progress. Dance Love\AppData\Roaming\Auslogics
2008-10-15 13:03 . 2008-10-15 13:03 <DIR> d-------- C:\Program Files\Auslogics
2008-10-15 08:52 . 2008-10-15 09:54 <DIR> d-------- C:\Users\Progress. Dance Love\AppData\Roaming\Spyware Terminator
2008-10-15 08:52 . 2008-10-15 09:55 <DIR> d-------- C:\Users\All Users\Spyware Terminator
2008-10-15 08:52 . 2008-10-15 09:55 <DIR> d-------- C:\ProgramData\Spyware Terminator
2008-10-15 08:52 . 2008-10-15 09:54 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-10-15 08:52 . 2008-10-15 08:53 <DIR> d-------- C:\Program Files\Crawler
2008-10-15 08:52 . 2008-10-15 08:52 141,312 --a------ C:\Windows\System32\drivers\sp_rsdrv2.sys
2008-10-15 08:46 . 2008-10-15 12:07 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-10-15 08:46 . 2008-10-15 12:07 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-10-15 08:46 . 2008-10-15 08:46 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-15 05:19 . 2008-09-18 07:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-15 05:19 . 2008-09-18 07:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-15 05:19 . 2008-09-18 04:16 2,032,640 --a------ C:\Windows\System32\win32k.sys
2008-10-15 05:19 . 2008-09-03 05:59 468,992 --a------ C:\Windows\System32\newdev.dll
2008-10-15 05:19 . 2008-08-27 03:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-15 05:19 . 2008-09-03 05:58 74,752 --a------ C:\Windows\System32\newdev.exe
2008-10-15 05:18 . 2008-10-02 03:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-10-15 05:18 . 2008-10-02 05:49 827,392 --a------ C:\Windows\System32\wininet.dll
2008-10-15 01:00 . 2008-10-15 01:00 <DIR> d-------- C:\Windows\System32\Adobe
2008-10-15 00:16 . 2008-10-15 00:22 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-10-15 00:16 . 2008-10-15 00:22 <DIR> d-------- C:\ProgramData\Lavasoft
2008-10-15 00:16 . 2008-10-15 00:16 <DIR> d-------- C:\Program Files\Lavasoft
2008-10-15 00:14 . 2008-10-15 00:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-13 18:40 . 2008-10-13 18:40 <DIR> d-------- C:\Program Files\ESET
2008-10-13 18:21 . 2008-10-13 18:21 <DIR> d-------- C:\Users\All Users\ESET
2008-10-13 18:21 . 2008-10-13 18:21 <DIR> d-------- C:\ProgramData\ESET
2008-10-12 18:05 . 2008-10-12 18:05 <DIR> d-------- C:\Users\All Users\Grisoft
2008-10-12 18:05 . 2008-10-12 18:05 <DIR> d-------- C:\ProgramData\Grisoft
2008-10-12 17:19 . 2008-10-12 17:19 35,840 --a------ C:\Windows\System32\mlJYQhig.dll
2008-10-12 17:19 . 2008-10-12 17:19 35,840 --a------ C:\Windows\System32\byXOebcb.dll
2008-10-12 15:37 . 2008-10-12 15:37 <DIR> d-------- C:\Users\Progress. Dance Love\AppData\Roaming\ICQ Toolbar
2008-10-12 15:24 . 2008-10-12 17:19 <DIR> d-------- C:\Extracted
2008-10-10 08:00 . 2008-10-10 08:00 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-10-07 18:32 . 2008-10-07 18:55 <DIR> d-------- C:\Program Files\Lula 3D
2008-10-07 00:01 . 2008-10-07 07:35 <DIR> d-------- C:\Users\Progress. Dance Love\.cobraShare
2008-10-07 00:01 . 2008-10-07 00:01 <DIR> d-------- C:\Program Files\CobraShare_DUploader
2008-10-06 23:31 . 2008-10-06 23:34 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-10-06 23:31 . 2008-10-06 23:31 <DIR> d-------- C:\Program Files\Sports Interactive
2008-10-06 23:30 . 2008-10-06 23:30 <DIR> d--h----- C:\Users\Progress. Dance Love\InstallAnywhere
2008-10-06 23:27 . 2008-10-06 23:45 <DIR> d-------- C:\Users\Progress. Dance Love\AppData\Roaming\Sports Interactive
2008-10-06 15:20 . 2008-10-06 15:20 <DIR> d-------- C:\Users\All Users\SlySoft
2008-10-06 15:20 . 2008-10-06 15:20 <DIR> d-------- C:\ProgramData\SlySoft
2008-10-06 15:17 . 2008-10-06 15:17 <DIR> d-------- C:\Program Files\DVD Region+CSS Free
2008-10-06 15:16 . 2008-10-06 15:16 <DIR> d-------- C:\Program Files\SlySoft
2008-10-03 03:38 . 2008-10-03 03:38 <DIR> d-------- C:\Users\All Users\GRETECH
2008-10-03 03:38 . 2008-10-03 03:38 <DIR> d-------- C:\ProgramData\GRETECH
2008-10-03 03:37 . 2008-10-03 03:37 <DIR> d-------- C:\Users\Progress. Dance Love\AppData\Roaming\GRETECH
2008-10-03 03:37 . 2008-10-03 03:37 <DIR> d-------- C:\Program Files\GRETECH
2008-10-02 05:00 . 2008-10-02 05:00 <DIR> d-------- C:\Users\Progress. Dance Love\AppData\Roaming\CyberLink
2008-10-02 05:00 . 2008-10-02 05:00 <DIR> d-------- C:\Users\All Users\CyberLink
2008-10-02 05:00 . 2008-10-02 05:00 <DIR> d-------- C:\ProgramData\CyberLink
2008-10-02 04:52 . 2008-10-02 04:54 <DIR> d-------- C:\Program Files\CyberLink
2008-10-02 04:37 . 2008-10-02 04:37 <DIR> d-------- C:\Program Files\Roxio
2008-10-02 04:37 . 2008-10-02 04:37 558,080 --a------ C:\Windows\System32\MSMPEG2VDEC.DLL
2008-10-02 04:37 . 2008-10-02 04:37 505,856 --a------ C:\Windows\System32\MSMPEG2ENC.DLL
2008-10-02 04:37 . 2008-10-02 04:37 386,560 --a------ C:\Windows\System32\MSMPEG2ADEC.DLL
2008-10-02 04:04 . 2008-10-02 04:04 <DIR> d-------- C:\Program Files\Morgan
2008-10-02 04:04 . 2002-11-15 14:11 77,824 --a------ C:\Windows\System32\MMSwitch.dll
2008-10-02 04:04 . 2002-11-18 17:02 40,960 --a------ C:\Windows\System32\MMAVILNG.exe
2008-09-30 19:22 . 2008-09-30 19:22 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-09-30 19:18 . 2008-09-30 19:18 <DIR> d-------- C:\Users\Progress. Dance Love\AbiSuite
2008-09-30 19:17 . 2008-09-30 19:17 <DIR> d-------- C:\Program Files\AbiSuite2
2008-09-30 13:50 . 2008-09-30 13:50 <DIR> d-------- C:\Users\Progress. Dance Love\AppData\Roaming\Apple Computer
2008-09-30 13:50 . 2008-09-30 13:50 <DIR> d-------- C:\Program Files\iPod
2008-09-30 13:49 . 2008-09-30 13:50 <DIR> d-------- C:\Program Files\iTunes
2008-09-30 13:45 . 2008-09-30 13:45 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-30 13:44 . 2008-09-30 13:44 <DIR> d-------- C:\Users\All Users\Apple
2008-09-30 13:44 . 2008-09-30 13:44 <DIR> d-------- C:\ProgramData\Apple
2008-09-30 13:44 . 2008-09-30 13:44 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-09-30 13:01 . 2008-09-30 13:49 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-09-30 13:01 . 2008-09-30 13:49 <DIR> d-------- C:\ProgramData\Apple Computer
2008-09-30 13:01 . 2008-09-30 13:01 <DIR> d-------- C:\Program Files\VistaCodecPack
2008-09-30 12:35 . 2008-09-30 13:31 <DIR> d-------- C:\Program Files\Any Audio Converter
2008-09-30 12:30 . 2008-09-30 12:28 737,280 --a------ C:\Windows\iun6002.exe
2008-09-29 11:53 . 2008-09-29 11:53 <DIR> d-------- C:\Program Files\CDex_150
2008-09-28 15:16 . 2008-09-29 19:48 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-09-28 15:16 . 2008-09-29 19:48 <DIR> d-------- C:\Program Files\AVSMedia
2008-09-26 03:02 . 2008-09-26 03:02 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-09-25 22:34 . 2008-09-25 22:34 <DIR> d-------- C:\Users\All Users\WEBREG
2008-09-25 22:34 . 2008-09-25 22:34 <DIR> d-------- C:\ProgramData\WEBREG
2008-09-25 22:33 . 2008-09-25 22:33 <DIR> d-------- C:\Users\Progress. Dance Love\AppData\Roaming\HP
2008-09-25 22:32 . 2008-09-25 22:32 <DIR> d-------- C:\Users\All Users\HPSSUPPLY
2008-09-25 22:32 . 2008-09-25 22:32 <DIR> d-------- C:\ProgramData\HPSSUPPLY
2008-09-25 22:28 . 2008-09-25 22:32 <DIR> d-------- C:\Program Files\Common Files\HP
2008-09-25 22:28 . 2008-09-25 22:28 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-09-25 22:19 . 2008-09-25 22:38 <DIR> d-------- C:\Users\All Users\HP
2008-09-25 22:19 . 2008-09-25 22:38 <DIR> d-------- C:\ProgramData\HP
2008-09-25 22:19 . 2006-12-16 08:19 897,024 --a------ C:\Windows\System32\hpotiop1.dll
2008-09-25 22:19 . 2006-12-16 08:19 675,840 --a------ C:\Windows\System32\hpowiav1.dll
2008-09-25 22:19 . 2006-12-16 08:19 303,104 --a------ C:\Windows\System32\hpovst01.dll
2008-09-25 22:19 . 2006-11-20 23:36 258,048 --a------ C:\Windows\System32\hpzids01.dll
2008-09-25 22:19 . 2008-09-25 22:35 148,987 --a------ C:\Windows\hpoins19.dat
2008-09-25 22:19 . 2007-03-13 21:24 26,952 --a------ C:\Windows\hpomdl19.dat
2008-09-24 22:49 . 2008-05-10 05:35 885,248 --a------ C:\Windows\System32\RacEngn.dll
2008-09-24 22:49 . 2008-05-10 00:22 9,127 --a------ C:\Windows\System32\RacUR.xml
2008-09-24 22:49 . 2008-05-10 00:22 153 --a------ C:\Windows\System32\RacUREx.xml
2008-09-24 22:45 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-24 22:45 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-24 22:45 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-24 22:45 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-24 22:44 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-24 22:44 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-24 22:44 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-24 22:44 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-24 22:44 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-09-21 15:33 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-09-21 15:23 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-09-21 15:23 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-09-21 15:23 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-09-21 15:20 . 2008-05-10 03:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-09-21 15:17 . 2008-04-26 10:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-09-21 15:17 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-09-21 15:17 . 2008-05-08 23:59 430,080 --a------ C:\Windows\System32\vbscript.dll
2008-09-21 15:17 . 2008-05-08 23:59 180,224 --a------ C:\Windows\System32\scrobj.dll
2008-09-21 15:17 . 2008-05-08 23:59 172,032 --a------ C:\Windows\System32\scrrun.dll
2008-09-21 15:17 . 2008-05-08 23:59 155,648 --a------ C:\Windows\System32\wscript.exe
2008-09-21 15:17 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\wshom.ocx
2008-09-21 15:17 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\cscript.exe
2008-09-21 15:17 . 2008-05-08 23:59 90,112 --a------ C:\Windows\System32\wshext.dll
2008-09-19 22:36 . 2008-09-19 22:36 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-09-19 01:45 . 2008-09-19 01:45 <DIR> d-------- C:\Program Files\Burn4Free Toolbar
2008-09-19 01:45 . 2008-09-19 01:45 232,034 --a------ C:\Windows\Burn4Free_Toolbar_Uninstaller_8696.exe
2008-09-19 00:10 . 2008-09-19 00:10 <DIR> d-------- C:\Program Files\VirtualDJ

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 17:52 --------- d-----w C:\Program Files\Windows Mail
2008-10-12 13:31 777 ----a-w C:\Program Files\Ahmbed.gz
2008-09-18 20:50 174 --sha-w C:\Program Files\desktop.ini
2008-09-18 20:43 --------- d-----w C:\Program Files\Windows Sidebar
2008-09-18 20:43 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-09-18 20:43 --------- d-----w C:\Program Files\Windows Defender
2008-09-18 20:43 --------- d-----w C:\Program Files\Windows Collaboration
2008-09-18 20:43 --------- d-----w C:\Program Files\Windows Calendar
2008-09-18 20:32 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-09-18 20:32 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-09-04 10:23 99,648 ----a-w C:\Windows\system32\drivers\AnyDVD.sys
2008-08-21 08:57 2,689,208 ----a-w C:\Program Files\Setup.exe
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2008-09-19 01:45 806912 --a------ C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll" [2008-09-19 806912]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll" [2008-09-19 806912]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-12-19 172280]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-09-09 2182080]
"MSServer"="C:\Users\PROGRE~1.DAN\AppData\Local\Temp\ddcDuTNh.dll" [2008-10-12 35840]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-18 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-19 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="C:\Program Files\VistaCodecPack\QT\QTTask.exe" [2007-12-11 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 267048]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"MSServer"="C:\Windows\system32\byXOebcb.dll" [2008-10-12 35840]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"Mouse Suite 98 Daemon"="ICO.EXE" [2006-11-03 C:\Windows\System32\ICO.EXE]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "C:\Program Files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]
"{20D23232-AED6-490D-A3C2-F08BA539A1FE}"= "C:\Windows\system32\byXOebcb.dll" [2008-10-12 35840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{3D1C9405-ECEA-4F5F-9FA6-6FA6FE9E2E8B}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{429757E6-6555-4B99-8CC0-B9C8F3A10E91}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"{F3381C10-22AF-43FC-A078-F8C24866674D}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{E92281D3-7E94-499A-833C-DA1EC3BCC514}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{140668CB-988B-4FE1-B4D4-AD0D92329079}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{688328AE-0248-468C-BEA7-ACB3601F3C1D}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{ECE8B866-27A7-43DF-B7E1-E4ECB5B6982F}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{96722BB2-6BAE-4CAB-82F0-3C7E696F32C8}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{AAC9C537-54F6-4066-BB8A-B4BD91BCFE38}"= C:\Program Files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{A1EAD456-AC31-4DCA-B8B6-F80E8641456A}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{4125A47B-D140-4938-A207-E362819BB092}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R1 PSched;QoS Packet Scheduler;C:\Windows\system32\DRIVERS\pacer.sys [2008-04-05 72192]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2007-08-31 600912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-10-16 C:\Windows\Tasks\User_Feed_Synchronization-{F5CA98FC-DD89-4688-8F71-F1322F49CF9E}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-18 23:33]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MSFox - C:\Users\Progress. Dance Love\AppData\Local\Temp\a.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Progress. Dance Love\AppData\Roaming\Mozilla\Firefox\Profiles\hhv7af0c.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-16 20:28:08
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\PELMICED.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-10-16 20:33:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-16 18:31:44

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 166,179,184,640 bytes free

278 --- E O F --- 2008-10-16 16:56:44

Re: ,,YOU HAVE SECURITY PROBLEM,,

Napsal: 16 říj 2008 21:09
od Rinty
chcem sa spytat v spominanych antiviroch mozem uz zapnut rezidencnu ochranu?

Re: ,,YOU HAVE SECURITY PROBLEM,,

Napsal: 16 říj 2008 21:57
od Pic
Rezidentní ochranu povoluj vždy jen jednu u antiviru a jednu u antispyware, jinak budeš mít problémy.

Re: ,,YOU HAVE SECURITY PROBLEM,,

Napsal: 16 říj 2008 22:03
od Rinty
diky vam moc chalani, uz mi to fici normalne, fakt moc diky

Re: ,,YOU HAVE SECURITY PROBLEM,,

Napsal: 16 říj 2008 22:47
od jaro3
Takže najdi toto a smaž:
C:\Users\PROGRE~1.DAN\AppData\Local\Temp\ddcDuTNh.dll"
Potom zase vypni ochrany, jak je výše..
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\Windows\System32\mlJYQhig.dll
C:\Windows\System32\byXOebcb.dll
C:\Windows\System32\MMAVILNG.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSServer"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Re: ,,YOU HAVE SECURITY PROBLEM,,

Napsal: 17 říj 2008 07:49
od Rinty
tu je ten log z combofixu:

ComboFix 08-10-15.08 - Progress. Dance Love 2008-10-17 3:06:48.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.1.1033.18.409 [GMT 2:00]
Running from: C:\Users\Progress. Dance Love\Desktop\ComboFix.exe
Command switches used :: C:\Users\Progress. Dance Love\Desktop\CFScript.txt
* Resident AV is active


FILE ::
C:\Windows\System32\byXOebcb.dll
C:\Windows\System32\mlJYQhig.dll
C:\Windows\System32\MMAVILNG.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\System32\byXOebcb.dll
C:\Windows\System32\mlJYQhig.dll
C:\Windows\System32\MMAVILNG.exe

.
((((((((((((((((((((((((( Files Created from 2008-09-17 to 2008-10-17 )))))))))))))))))))))))))))))))
.

2008-10-16 18:58 . 2008-10-16 18:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-15 13:04 . 2008-10-15 13:04 <DIR> d-------- C:\Users\Progress. Dance Love\AppData\Roaming\Auslogics
2008-10-15 13:03 . 2008-10-15 13:03 <DIR> d-------- C:\Program Files\Auslogics
2008-10-15 08:52 . 2008-10-17 02:57 <DIR> d-------- C:\Users\Progress. Dance Love\AppData\Roaming\Spyware Terminator
2008-10-15 08:52 . 2008-10-17 02:36 <DIR> d-------- C:\Users\All Users\Spyware Terminator
2008-10-15 08:52 . 2008-10-17 02:36 <DIR> d-------- C:\ProgramData\Spyware Terminator
2008-10-15 08:52 . 2008-10-16 21:19 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-10-15 08:52 . 2008-10-15 08:53 <DIR> d-------- C:\Program Files\Crawler
2008-10-15 08:52 . 2008-10-15 08:52 141,312 --a------ C:\Windows\System32\drivers\sp_rsdrv2.sys
2008-10-15 08:46 . 2008-10-15 12:07 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-10-15 08:46 . 2008-10-15 12:07 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-10-15 08:46 . 2008-10-15 08:46 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-15 05:19 . 2008-09-18 07:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-15 05:19 . 2008-09-18 07:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-15 05:19 . 2008-09-18 04:16 2,032,640 --a------ C:\Windows\System32\win32k.sys
2008-10-15 05:19 . 2008-09-03 05:59 468,992 --a------ C:\Windows\System32\newdev.dll
2008-10-15 05:19 . 2008-08-27 03:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-15 05:19 . 2008-09-03 05:58 74,752 --a------ C:\Windows\System32\newdev.exe
2008-10-15 05:18 . 2008-10-02 03:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-10-15 05:18 . 2008-10-02 05:49 827,392 --a------ C:\Windows\System32\wininet.dll
2008-10-15 01:00 . 2008-10-15 01:00 <DIR> d-------- C:\Windows\System32\Adobe
2008-10-15 00:16 . 2008-10-15 00:22 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-10-15 00:16 . 2008-10-15 00:22 <DIR> d-------- C:\ProgramData\Lavasoft
2008-10-15 00:16 . 2008-10-15 00:16 <DIR> d-------- C:\Program Files\Lavasoft
2008-10-15 00:14 . 2008-10-15 00:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-13 18:40 . 2008-10-13 18:40 <DIR> d-------- C:\Program Files\ESET
2008-10-13 18:21 . 2008-10-13 18:21 <DIR> d-------- C:\Users\All Users\ESET
2008-10-13 18:21 . 2008-10-13 18:21 <DIR> d-------- C:\ProgramData\ESET
2008-10-12 18:05 . 2008-10-12 18:05 <DIR> d-------- C:\Users\All Users\Grisoft
2008-10-12 18:05 . 2008-10-12 18:05 <DIR> d-------- C:\ProgramData\Grisoft
2008-10-12 15:37 . 2008-10-12 15:37 <DIR> d-------- C:\Users\Progress. Dance Love\AppData\Roaming\ICQ Toolbar
2008-10-12 15:24 . 2008-10-12 17:19 <DIR> d-------- C:\Extracted
2008-10-10 08:00 . 2008-10-10 08:00 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-10-07 18:32 . 2008-10-07 18:55 <DIR> d-------- C:\Program Files\Lula 3D
2008-10-07 00:01 . 2008-10-07 07:35 <DIR> d-------- C:\Users\Progress. Dance Love\.cobraShare
2008-10-07 00:01 . 2008-10-07 00:01 <DIR> d-------- C:\Program Files\CobraShare_DUploader
2008-10-06 23:31 . 2008-10-06 23:34 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-10-06 23:31 . 2008-10-06 23:31 <DIR> d-------- C:\Program Files\Sports Interactive
2008-10-06 23:30 . 2008-10-06 23:30 <DIR> d--h----- C:\Users\Progress. Dance Love\InstallAnywhere
2008-10-06 23:27 . 2008-10-06 23:45 <DIR> d-------- C:\Users\Progress. Dance Love\AppData\Roaming\Sports Interactive
2008-10-06 15:20 . 2008-10-06 15:20 <DIR> d-------- C:\Users\All Users\SlySoft
2008-10-06 15:20 . 2008-10-06 15:20 <DIR> d-------- C:\ProgramData\SlySoft
2008-10-06 15:17 . 2008-10-06 15:17 <DIR> d-------- C:\Program Files\DVD Region+CSS Free
2008-10-06 15:16 . 2008-10-06 15:16 <DIR> d-------- C:\Program Files\SlySoft
2008-10-03 03:38 . 2008-10-03 03:38 <DIR> d-------- C:\Users\All Users\GRETECH
2008-10-03 03:38 . 2008-10-03 03:38 <DIR> d-------- C:\ProgramData\GRETECH
2008-10-03 03:37 . 2008-10-03 03:37 <DIR> d-------- C:\Users\Progress. Dance Love\AppData\Roaming\GRETECH
2008-10-03 03:37 . 2008-10-03 03:37 <DIR> d-------- C:\Program Files\GRETECH
2008-10-02 05:00 . 2008-10-02 05:00 <DIR> d-------- C:\Users\Progress. Dance Love\AppData\Roaming\CyberLink
2008-10-02 05:00 . 2008-10-02 05:00 <DIR> d-------- C:\Users\All Users\CyberLink
2008-10-02 05:00 . 2008-10-02 05:00 <DIR> d-------- C:\ProgramData\CyberLink
2008-10-02 04:52 . 2008-10-02 04:54 <DIR> d-------- C:\Program Files\CyberLink
2008-10-02 04:37 . 2008-10-02 04:37 <DIR> d-------- C:\Program Files\Roxio
2008-10-02 04:37 . 2008-10-02 04:37 558,080 --a------ C:\Windows\System32\MSMPEG2VDEC.DLL
2008-10-02 04:37 . 2008-10-02 04:37 505,856 --a------ C:\Windows\System32\MSMPEG2ENC.DLL
2008-10-02 04:37 . 2008-10-02 04:37 386,560 --a------ C:\Windows\System32\MSMPEG2ADEC.DLL
2008-10-02 04:04 . 2008-10-02 04:04 <DIR> d-------- C:\Program Files\Morgan
2008-10-02 04:04 . 2002-11-15 14:11 77,824 --a------ C:\Windows\System32\MMSwitch.dll
2008-09-30 19:22 . 2008-09-30 19:22 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-09-30 19:18 . 2008-09-30 19:18 <DIR> d-------- C:\Users\Progress. Dance Love\AbiSuite
2008-09-30 19:17 . 2008-09-30 19:17 <DIR> d-------- C:\Program Files\AbiSuite2
2008-09-30 13:50 . 2008-09-30 13:50 <DIR> d-------- C:\Users\Progress. Dance Love\AppData\Roaming\Apple Computer
2008-09-30 13:50 . 2008-09-30 13:50 <DIR> d-------- C:\Program Files\iPod
2008-09-30 13:49 . 2008-09-30 13:50 <DIR> d-------- C:\Program Files\iTunes
2008-09-30 13:45 . 2008-09-30 13:45 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-30 13:44 . 2008-09-30 13:44 <DIR> d-------- C:\Users\All Users\Apple
2008-09-30 13:44 . 2008-09-30 13:44 <DIR> d-------- C:\ProgramData\Apple
2008-09-30 13:44 . 2008-09-30 13:44 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-09-30 13:01 . 2008-09-30 13:49 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-09-30 13:01 . 2008-09-30 13:49 <DIR> d-------- C:\ProgramData\Apple Computer
2008-09-30 13:01 . 2008-09-30 13:01 <DIR> d-------- C:\Program Files\VistaCodecPack
2008-09-30 12:35 . 2008-09-30 13:31 <DIR> d-------- C:\Program Files\Any Audio Converter
2008-09-30 12:30 . 2008-09-30 12:28 737,280 --a------ C:\Windows\iun6002.exe
2008-09-29 11:53 . 2008-09-29 11:53 <DIR> d-------- C:\Program Files\CDex_150
2008-09-28 15:16 . 2008-09-29 19:48 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-09-28 15:16 . 2008-09-29 19:48 <DIR> d-------- C:\Program Files\AVSMedia
2008-09-26 03:02 . 2008-09-26 03:02 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-09-25 22:34 . 2008-09-25 22:34 <DIR> d-------- C:\Users\All Users\WEBREG
2008-09-25 22:34 . 2008-09-25 22:34 <DIR> d-------- C:\ProgramData\WEBREG
2008-09-25 22:33 . 2008-09-25 22:33 <DIR> d-------- C:\Users\Progress. Dance Love\AppData\Roaming\HP
2008-09-25 22:32 . 2008-09-25 22:32 <DIR> d-------- C:\Users\All Users\HPSSUPPLY
2008-09-25 22:32 . 2008-09-25 22:32 <DIR> d-------- C:\ProgramData\HPSSUPPLY
2008-09-25 22:28 . 2008-09-25 22:32 <DIR> d-------- C:\Program Files\Common Files\HP
2008-09-25 22:28 . 2008-09-25 22:28 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-09-25 22:19 . 2008-09-25 22:38 <DIR> d-------- C:\Users\All Users\HP
2008-09-25 22:19 . 2008-09-25 22:38 <DIR> d-------- C:\ProgramData\HP
2008-09-25 22:19 . 2006-12-16 08:19 897,024 --a------ C:\Windows\System32\hpotiop1.dll
2008-09-25 22:19 . 2006-12-16 08:19 675,840 --a------ C:\Windows\System32\hpowiav1.dll
2008-09-25 22:19 . 2006-12-16 08:19 303,104 --a------ C:\Windows\System32\hpovst01.dll
2008-09-25 22:19 . 2006-11-20 23:36 258,048 --a------ C:\Windows\System32\hpzids01.dll
2008-09-25 22:19 . 2008-09-25 22:35 148,987 --a------ C:\Windows\hpoins19.dat
2008-09-25 22:19 . 2007-03-13 21:24 26,952 --a------ C:\Windows\hpomdl19.dat
2008-09-24 22:49 . 2008-05-10 05:35 885,248 --a------ C:\Windows\System32\RacEngn.dll
2008-09-24 22:49 . 2008-05-10 00:22 9,127 --a------ C:\Windows\System32\RacUR.xml
2008-09-24 22:49 . 2008-05-10 00:22 153 --a------ C:\Windows\System32\RacUREx.xml
2008-09-24 22:45 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-24 22:45 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-24 22:45 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-24 22:45 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-24 22:44 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-24 22:44 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-24 22:44 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-24 22:44 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-24 22:44 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-09-21 15:33 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-09-21 15:23 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-09-21 15:23 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-09-21 15:23 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-09-21 15:20 . 2008-05-10 03:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-09-21 15:17 . 2008-04-26 10:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-09-21 15:17 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-09-21 15:17 . 2008-05-08 23:59 430,080 --a------ C:\Windows\System32\vbscript.dll
2008-09-21 15:17 . 2008-05-08 23:59 180,224 --a------ C:\Windows\System32\scrobj.dll
2008-09-21 15:17 . 2008-05-08 23:59 172,032 --a------ C:\Windows\System32\scrrun.dll
2008-09-21 15:17 . 2008-05-08 23:59 155,648 --a------ C:\Windows\System32\wscript.exe
2008-09-21 15:17 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\wshom.ocx
2008-09-21 15:17 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\cscript.exe
2008-09-21 15:17 . 2008-05-08 23:59 90,112 --a------ C:\Windows\System32\wshext.dll
2008-09-19 22:36 . 2008-09-19 22:36 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-09-19 01:45 . 2008-09-19 01:45 <DIR> d-------- C:\Program Files\Burn4Free Toolbar
2008-09-19 01:45 . 2008-09-19 01:45 232,034 --a------ C:\Windows\Burn4Free_Toolbar_Uninstaller_8696.exe
2008-09-19 00:10 . 2008-09-19 00:10 <DIR> d-------- C:\Program Files\VirtualDJ
2008-09-19 00:08 . 2008-09-19 00:08 <DIR> d-------- C:\Program Files\RarZilla Free Unrar
2008-09-18 23:53 . 2008-10-13 20:09 <DIR> d-------- C:\Users\Progress. Dance Love\AppData\Roaming\LimeWire
2008-09-18 23:50 . 2008-09-18 23:51 <DIR> d-------- C:\Program Files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 17:52 --------- d-----w C:\Program Files\Windows Mail
2008-10-12 13:31 777 ----a-w C:\Program Files\Ahmbed.gz
2008-09-18 20:50 174 --sha-w C:\Program Files\desktop.ini
2008-09-18 20:43 --------- d-----w C:\Program Files\Windows Sidebar
2008-09-18 20:43 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-09-18 20:43 --------- d-----w C:\Program Files\Windows Defender
2008-09-18 20:43 --------- d-----w C:\Program Files\Windows Collaboration
2008-09-18 20:43 --------- d-----w C:\Program Files\Windows Calendar
2008-09-04 10:23 99,648 ----a-w C:\Windows\system32\drivers\AnyDVD.sys
2008-08-21 08:57 2,689,208 ----a-w C:\Program Files\Setup.exe
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
.

((((((((((((((((((((((((((((( snapshot@2008-10-16_20.30.52.85 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-16 18:20:01 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-17 00:34:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-10-16 18:20:01 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-10-17 00:34:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-10-16 18:20:44 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-17 00:36:25 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-17 00:36:25 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-10-16 18:20:49 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-17 00:36:20 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-17 00:36:20 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-10-16 17:55:09 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-17 00:57:44 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-16 19:19:54 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008101620081017\index.dat
+ 2008-10-17 00:57:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008101720081018\index.dat
- 2008-10-16 17:55:09 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-17 00:57:44 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-16 17:55:09 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-17 00:57:44 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-16 18:24:28 101,250 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-10-17 00:39:52 101,250 ----a-w C:\Windows\System32\perfc009.dat
- 2008-10-16 18:24:28 587,178 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-10-17 00:39:52 587,178 ----a-w C:\Windows\System32\perfh009.dat
- 2008-10-16 17:56:59 7,272 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1412517946-4075337526-2142817071-1000_UserData.bin
+ 2008-10-16 18:29:40 7,534 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1412517946-4075337526-2142817071-1000_UserData.bin
- 2008-10-16 17:56:59 56,652 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-16 18:29:38 56,818 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-10-16 17:56:56 35,916 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-17 00:37:54 36,914 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2008-09-19 01:45 806912 --a------ C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll" [2008-09-19 806912]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll" [2008-09-19 806912]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-12-19 172280]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-09-09 2182080]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-18 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-19 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="C:\Program Files\VistaCodecPack\QT\QTTask.exe" [2007-12-11 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 267048]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"Mouse Suite 98 Daemon"="ICO.EXE" [2006-11-03 C:\Windows\System32\ICO.EXE]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "C:\Program Files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{3D1C9405-ECEA-4F5F-9FA6-6FA6FE9E2E8B}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{429757E6-6555-4B99-8CC0-B9C8F3A10E91}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"{F3381C10-22AF-43FC-A078-F8C24866674D}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{E92281D3-7E94-499A-833C-DA1EC3BCC514}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{140668CB-988B-4FE1-B4D4-AD0D92329079}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{688328AE-0248-468C-BEA7-ACB3601F3C1D}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{ECE8B866-27A7-43DF-B7E1-E4ECB5B6982F}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{96722BB2-6BAE-4CAB-82F0-3C7E696F32C8}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{AAC9C537-54F6-4066-BB8A-B4BD91BCFE38}"= C:\Program Files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{A1EAD456-AC31-4DCA-B8B6-F80E8641456A}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{4125A47B-D140-4938-A207-E362819BB092}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R1 PSched;QoS Packet Scheduler;C:\Windows\system32\DRIVERS\pacer.sys [2008-04-05 72192]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Windows\system32\drivers\sp_rsdrv2.sys [2008-10-15 141312]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2007-08-31 600912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-10-16 C:\Windows\Tasks\User_Feed_Synchronization-{F5CA98FC-DD89-4688-8F71-F1322F49CF9E}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-18 23:33]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{20D23232-AED6-490D-A3C2-F08BA539A1FE} - C:\Windows\system32\byXOebcb.dll



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-17 03:15:12
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-17 3:19:07
ComboFix-quarantined-files.txt 2008-10-17 01:19:02
ComboFix2.txt 2008-10-16 18:33:13

Pre-Run: 164 842 590 208 bytes free
Post-Run: 168,557,457,408 bytes free

279 --- E O F --- 2008-10-16 16:56:44
Časové pásmo: UTC+02:00
Stránka 1 z 2
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/