ComboFix 08-06-12.2 - wave 2008-06-15 13:03:44.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.2816 [GMT 2:00]
Running from: C:\Documents and Settings\wave\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\wave\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\popcinfot.dat
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\PWRISOSH.DLL.bad
C:\WINDOWS\popcinfot.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SESSIONLAUNCHER
-------\Service_SessionLauncher
((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 )))))))))))))))))))))))))))))))
.
2008-06-15 12:59 . 2008-06-15 12:59 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-06-15 11:01 . 2008-06-15 11:00 1,404 --a------ C:\WINDOWS\system32\MMDRIVER.inf
2008-06-15 02:34 . 2008-06-15 02:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-15 02:09 . 2008-06-15 02:09 <DIR> d-------- C:\Program Files\Analog Devices
2008-06-15 02:09 . 2008-06-15 02:09 <DIR> d-------- C:\Documents and Settings\wave\Application Data\vlc
2008-06-15 02:04 . 2008-06-15 02:04 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-15 01:58 . 2008-06-15 02:09 <DIR> d-------- C:\Program Files\Analog Devices(2)
2008-06-15 01:57 . 2008-06-15 02:09 <DIR> d-------- C:\WINDOWS\AsDmiHtm
2008-06-13 17:31 . 2008-06-13 17:42 <DIR> d-------- C:\Documents and Settings\wave\Graphisoft
2008-06-13 17:31 . 2008-06-13 17:42 <DIR> d-------- C:\Documents and Settings\wave\Application Data\Graphisoft
2008-06-13 17:12 . 2008-06-13 17:12 <DIR> d-------- C:\Program Files\WIBU-SYSTEMS
2008-06-13 17:12 . 2008-06-13 17:12 7,309 --a------ C:\WINDOWS\vpd.properties
2008-06-13 17:11 . 2008-06-13 17:11 <DIR> d-------- C:\Program Files\Graphisoft
2008-06-13 16:42 . 2008-06-13 16:43 <DIR> d-------- C:\Program Files\Revit Architecture 2009
2008-06-13 16:24 . 2007-01-10 14:00 244,736 --------- C:\WINDOWS\system32\drivers\c2scsi.sys
2008-06-13 16:21 . 2008-06-13 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-13 15:15 . 2008-06-13 15:15 <DIR> d-------- C:\Program Files\Bonjour
2008-06-13 15:04 . 2008-06-13 15:04 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-11 13:37 . 2008-06-13 19:21 <DIR> d-------- C:\Program Files\Opera
2008-06-11 13:01 . 2008-04-14 13:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 13:01 . 2008-04-14 13:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 21:33 . 2008-06-13 19:15 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-10 21:33 . 2008-06-15 03:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DeskShare
2008-06-10 21:31 . 2008-06-10 21:31 <DIR> d-------- C:\Documents and Settings\wave\Application Data\DivX
2008-06-09 15:31 . 2008-06-09 15:31 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-06-09 15:31 . 2004-08-04 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-09 15:30 . 2008-06-09 15:31 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-09 15:08 . 2008-06-15 02:09 <DIR> d-------- C:\Program Files\VideoLAN
2008-06-09 15:06 . 2008-06-13 16:47 <DIR> d-------- C:\Program Files\DivX
2008-06-08 14:26 . 2008-06-08 14:26 <DIR> d-------- C:\WINDOWS\Sun
2008-06-08 11:26 . 2008-06-08 11:26 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-08 11:25 . 2008-06-08 11:25 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-06-08 11:24 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-06-08 11:02 . 2008-06-15 02:16 <DIR> d-------- C:\Program Files\AutoCAD 2009
2008-06-07 23:41 . 2008-06-15 13:00 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-06-07 23:41 . 2008-06-15 12:59 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-06-07 11:39 . 2008-06-07 17:11 <DIR> d-------- C:\Program Files\Java
2008-06-07 11:39 . 2008-06-07 11:39 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-07 11:39 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-05 23:26 . 2008-06-05 23:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Codemasters
2008-06-05 23:21 . 2008-06-05 23:21 <DIR> d-------- C:\Program Files\OpenAL
2008-06-05 00:34 . 2008-06-05 00:34 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-06-05 00:34 . 2008-04-30 17:27 442,368 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-06-05 00:34 . 2008-05-02 22:46 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-06-05 00:34 . 2008-06-15 13:12 182,851 --a------ C:\WINDOWS\system32\nvapps.xml
2008-06-05 00:34 . 2008-05-02 22:46 181,895 --a------ C:\WINDOWS\system32\nvdsp.chm
2008-06-05 00:34 . 2008-05-02 22:46 121,529 --a------ C:\WINDOWS\system32\nvcpl.chm
2008-06-05 00:34 . 2008-05-02 22:46 116,384 --a------ C:\WINDOWS\system32\nv3d.chm
2008-06-05 00:34 . 2008-05-02 22:46 54,988 --a------ C:\WINDOWS\system32\nvmob.chm
2008-06-05 00:34 . 2008-05-02 22:46 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-06-04 23:19 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-06-04 23:19 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-06-04 23:19 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-06-04 23:19 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-06-04 23:19 . 2007-10-22 03:37 17,928 --a------ C:\WINDOWS\system32\X3DAudio1_2.dll
2008-06-04 23:18 . 2008-06-09 15:30 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-06-04 23:18 . 2008-06-15 13:00 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-04 23:18 . 2008-06-15 13:00 22,328 --a------ C:\Documents and Settings\wave\Application Data\PnkBstrK.sys
2008-06-04 23:18 . 2008-06-04 23:18 276 --a------ C:\WINDOWS\game.ini
2008-06-04 23:08 . 2008-06-04 23:08 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-06-04 20:17 . 2008-06-13 16:32 <DIR> d-------- C:\Documents and Settings\wave\Application Data\Roxio
2008-06-04 20:17 . 2008-06-04 20:17 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-06-04 17:59 . 2008-06-04 17:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-06-04 17:58 . 2008-06-15 02:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-06-04 17:56 . 2008-06-04 17:56 <DIR> d-------- C:\Program Files\SmartSound Software
2008-06-04 17:56 . 2008-06-15 03:03 <DIR> d-------- C:\Program Files\Roxio
2008-06-04 17:56 . 2008-06-15 02:57 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2008-06-04 17:56 . 2008-06-15 03:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-06-04 17:56 . 2008-06-04 17:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-06-04 17:54 . 2008-06-04 17:54 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-06-04 15:32 . 2008-06-04 15:32 <DIR> d-------- C:\Program Files\Xvid
2008-06-04 15:32 . 2008-04-27 10:33 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-04 15:32 . 2008-04-27 10:35 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-04 15:32 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-06-04 11:45 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-06-04 11:45 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-06-04 11:45 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-06-04 11:45 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-06-04 11:45 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-06-04 03:01 . 2008-06-04 03:01 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-06-04 03:01 . 2008-06-04 03:01 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-04 03:00 . 2008-06-04 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-02 19:56 . 2008-06-13 16:50 <DIR> d-------- C:\Program Files\TV JOJ Media Player
2008-06-01 21:46 . 2008-06-01 21:59 <DIR> d-------- C:\Program Files\AutoCAD 2008
2008-06-01 21:46 . 2008-06-13 17:43 <DIR> d-------- C:\Documents and Settings\wave\Application Data\Autodesk
2008-06-01 21:46 . 2008-06-13 16:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-06-01 21:45 . 2008-06-15 02:16 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-06-01 21:45 . 2008-06-13 16:40 <DIR> d-------- C:\Program Files\Autodesk
2008-06-01 18:53 . 2008-06-01 18:53 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-01 18:44 . 2008-06-01 18:44 <DIR> d-------- C:\Documents and Settings\wave\Application Data\Windows Desktop Search
2008-06-01 18:32 . 2008-06-01 18:32 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-06-01 17:41 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-01 17:41 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-01 17:41 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-01 17:39 . 2008-06-01 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-06-01 17:38 . 2008-06-01 17:38 <DIR> d-------- C:\Program Files\Common Files\HP
2008-06-01 17:37 . 2008-06-01 17:37 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-06-01 17:37 . 2008-06-01 17:37 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-06-01 17:35 . 2005-03-08 06:43 51,120 --------- C:\WINDOWS\system32\drivers\HPZid412.sys
2008-06-01 17:35 . 2005-03-08 06:43 16,496 --------- C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-06-01 17:34 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-06-01 17:34 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-06-01 17:34 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-06-01 17:34 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-06-01 17:34 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-06-01 17:34 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-06-01 17:34 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-06-01 17:34 . 2005-03-08 06:43 21,744 --------- C:\WINDOWS\system32\drivers\HPZius12.sys
2008-06-01 17:34 . 2004-08-03 22:58 15,104 --------- C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-01 17:34 . 2004-08-03 22:58 15,104 -----c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-01 17:27 . 2008-06-01 17:39 <DIR> d-------- C:\Program Files\HP
2008-06-01 17:27 . 2004-08-03 23:01 25,856 --------- C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-01 17:27 . 2004-08-03 23:01 25,856 -----c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-06-01 17:25 . 2008-06-01 17:42 <DIR> d-------- C:\Documents and Settings\wave\Application Data\HP
2008-06-01 17:25 . 2008-06-01 17:44 112,902 --a------ C:\WINDOWS\hpoins07.dat
2008-06-01 17:25 . 2005-05-24 04:48 21,124 --------- C:\WINDOWS\hpomdl07.dat
2008-06-01 17:23 . 2008-06-01 17:23 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-01 17:22 . 2008-06-08 11:27 <DIR> d-------- C:\Program Files\MSBuild
2008-06-01 17:22 . 2008-06-01 17:22 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-01 17:20 . 2008-06-01 17:22 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-01 17:20 . 2008-06-01 17:20 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-06-01 17:20 . 2008-06-01 17:20 <DIR> dr-h----- C:\MSOCache
2008-06-01 17:20 . 2008-06-10 23:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-01 10:42 . 2008-06-01 10:42 <DIR> d-------- C:\Program Files\IrfanView
2008-06-01 10:42 . 2008-06-09 08:06 <DIR> d-------- C:\Program Files\Google
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 15:53 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-02 20:46 6,554,496 ------w C:\WINDOWS\system32\drivers\nv4_mini.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-15_12.13.14.67 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-15 10:10:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-15 11:07:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-15 10:59:36 9,662 ----a-r C:\WINDOWS\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\ARPPRODUCTICON.exe
+ 2008-06-15 10:59:36 10,134 ----a-r C:\WINDOWS\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\checkForUpdatesSC_000E79B7E7254F01870AC12942B7F8E4.exe
+ 2008-06-15 10:59:36 10,134 ----a-r C:\WINDOWS\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\visitWebsite_000E79B7E7254F01870AC12942B7F8E4.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-05-26 20:45 219952]
"Infium"="C:\Program Files\QIP Infium\infium.exe" [2008-04-07 16:54 4139008]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 11:19 1426432]
"CPU Power Monitor"="C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-16 11:35 626176]
"Cpu Level Up help"="C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 10:32 880640]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
"NetLimiter"="C:\Program Files\NetLimiter\NetLimiter.exe" [2004-03-31 15:23 823296]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34 868352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZyXEL G-302 v3 Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZyXEL G-302 v3 Utility.lnk
backup=C:\WINDOWS\pss\ZyXEL G-302 v3 Utility.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
--a------ 2004-08-20 15:51 40960 C:\WINDOWS\VM_STI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft WinUpdate]
C:\WINDOWS\system32\mslatest_updt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxWatch10"=2 (0x2)
"RoxMediaDB10"=3 (0x3)
"Roxio Upnp Server 10"=2 (0x2)
"Roxio UPnP Renderer 10"=3 (0x3)
"WZCSVC"=2 (0x2)
"Webcam Corp. Service Starter"=3 (0x3)
"PnkBstrA"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\StrongDC++\\StrongDC.exe"=
"C:\\Program Files\\Steam\\SteamApps\\n0by@gs14.sk\\counter-strike\\hl.exe"=
"E:\\_gamesky\\BF2\\BF2.exe"=
"E:\\_gamesky\\BF2\\Bf2_w32ded.exe"=
"E:\\_gamesky\\hl2\\hl2.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\QIP Infium\\infium.exe"=
"E:\\_gamesky\\colinDirt\\DiRT.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"E:\\_gamesky\\grid\\GRID.exe"=
"C:\\Program Files\\Steam\\SteamApps\\n0by@gs14.sk\\half-life 2 deathmatch\\hl2.exe"=
"E:\\_gamesky\\cod4\\iw3mp.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Graphisoft\\ArchiCAD 11\\ArchiCAD.exe"=
"E:\\_gamesky\\crysis_wvn\\Bin32\\Crysis.exe"=
"E:\\_gamesky\\crysis_wvn\\Bin32\\CrysisDedicatedServer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"81:TCP"= 81:TCP:Windows Media Format SDK (webcam.exe)
R1 c2scsi;c2scsi;C:\WINDOWS\system32\drivers\c2scsi.sys [2007-01-10 14:00]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14:00]
S2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys []
S2 RoxLiveShare10;LiveShare P2P Server 10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys []
S3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;C:\WINDOWS\system32\DRIVERS\superwebcam.sys [2006-06-27 08:56]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-27 06:55]
S4 Webcam Corp. Service Starter;Webcam Corp. Service Starter;C:\Program Files\Webcam\Webcam123\dogsvc.exe []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2008-06-13 15:23:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-06-15 13:12:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\NetLimiter\nl_lsp.dll
-> C:\WINDOWS\system32\nl_msgc.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\searchindexer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-06-15 13:16:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-15 11:15:43
ComboFix2.txt 2008-06-15 10:13:40
Pre-Run: 84,361,220,096 bytes free
Post-Run: 84,356,780,032 bytes free
303 --- E O F --- 2008-06-12 08:26:18
