COMBOFIX je fantastická aplikácia, opravil chod Pc!!! Pozrite sa, kolko vselicoho tam bolo.. Je tu niekto, kto to vie skontrolovat? Vopred dakujem..
ComboFix 08-08-21.02 - AN 2008-08-23 19:18:43.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.181 [GMT 2:00]
Running from: F:\ComboFix\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\csrss.exe
C:\WINDOWS\b152.exe
C:\WINDOWS\BMdbafa548.txt
C:\WINDOWS\BMdbafa548.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bvqymxxw.dll
C:\WINDOWS\system32\c4
C:\WINDOWS\system32\eoedpwns.dll
C:\WINDOWS\system32\hryobtje.ini
C:\WINDOWS\system32\iiffFwww.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\p1
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qtDJQBeg.ini
C:\WINDOWS\system32\qtDJQBeg.ini2
C:\WINDOWS\system32\spgmiqxv.ini
C:\WINDOWS\system32\tshuugpj.dll
C:\WINDOWS\system32\upcvlwqo.dll
C:\WINDOWS\system32\UwGQstwa.ini
C:\WINDOWS\system32\UwGQstwa.ini2
C:\WINDOWS\system32\wwwFffii.ini
C:\WINDOWS\system32\wwwFffii.ini2
.
((((((((((((((((((((((((( Files Created from 2008-07-23 to 2008-08-23 )))))))))))))))))))))))))))))))
.
2008-08-23 18:58 . 2008-08-23 18:58 353,674 ---h----- C:\TREEINFO.WC
2008-08-23 18:14 . 2008-08-23 18:14 <DIR> d-------- C:\Program Files\Webroot
2008-08-23 18:14 . 2007-12-10 20:08 1,526,584 --a------ C:\WINDOWS\WRSetup.dll
2008-08-23 18:14 . 2007-12-10 19:47 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-08-23 18:14 . 2007-12-10 19:47 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-08-23 18:14 . 2007-12-10 19:47 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-08-23 18:14 . 2007-12-10 19:47 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-08-23 13:14 . 2008-08-23 13:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-23 11:49 . 2008-08-23 11:49 <DIR> d-------- C:\VundoFix Backups
2008-08-22 21:18 . 2008-08-22 21:18 <DIR> d-------- C:\Program Files\Glary Utilities
2008-08-22 20:02 . 2008-08-22 20:02 <DIR> d-------- C:\Documents and Settings\LocalService\Plocha
2008-08-22 20:02 . 2008-08-22 20:02 <DIR> d--h----- C:\Documents and Settings\LocalService\Okolnˇ sˇś
2008-08-22 20:02 . 2008-08-22 20:02 <DIR> dr------- C:\Documents and Settings\LocalService\Oblˇben‚ polo§ky
2008-08-22 20:02 . 2008-08-22 20:02 <DIR> d-------- C:\Documents and Settings\LocalService\Nabˇdka Start
2008-08-22 20:02 . 2008-08-22 20:02 <DIR> dr------- C:\Documents and Settings\LocalService\Dokumenty
2008-08-22 20:02 . 2004-08-17 15:49 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-21 16:38 . 2008-08-21 16:39 <DIR> d-------- C:\Program Files\TuneUp Utilities 2006
2008-08-21 15:38 . 2008-08-21 15:38 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-20 17:11 . 2008-08-20 17:11 <DIR> d-------- C:\Program Files\ESET
2008-08-20 16:44 . 2008-08-20 16:45 <DIR> d-------- C:\Program Files\1
2008-08-20 16:29 . 2005-12-13 21:24 <DIR> d--h----- C:\Documents and Settings\Administrator\ćablony
2008-08-20 16:29 . 2008-08-20 16:42 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-08-20 16:29 . 2005-12-13 22:19 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ tisk rny
2008-08-20 16:29 . 2005-12-13 22:19 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ sˇś
2008-08-20 16:29 . 2005-12-13 22:19 <DIR> d-------- C:\Documents and Settings\Administrator\Oblˇben‚ polo§ky
2008-08-20 16:29 . 2005-12-13 22:19 <DIR> dr------- C:\Documents and Settings\Administrator\Nabˇdka Start
2008-08-20 16:29 . 2005-12-13 22:19 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-08-20 16:29 . 2008-08-20 16:50 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikacˇ
2008-08-20 16:29 . 2008-08-20 16:29 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-20 08:55 . 2008-08-21 16:42 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-20 08:54 . 2008-08-21 16:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-19 22:00 . 2008-08-19 22:00 71 --a------ C:\Documents and Settings\AN\2544.bat
2008-08-18 23:46 . 2008-08-18 23:46 71 --a------ C:\Documents and Settings\AN\3272.bat
2008-08-18 22:33 . 2008-08-18 22:33 <DIR> d-------- C:\Program Files\Mjcore
2008-08-17 21:46 . 2008-08-17 21:46 <DIR> d--hs---- C:\WINDOWS\QU4
2008-08-17 21:44 . 2008-08-20 17:38 <DIR> d-------- C:\WINDOWS\system32\kBin02
2008-08-17 21:44 . 2008-08-17 21:44 71 --a------ C:\Documents and Settings\AN\2641.bat
2008-08-16 18:28 . 2008-08-16 18:28 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-08-16 18:26 . 2008-08-16 18:26 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-08-16 18:23 . 2008-08-16 18:23 10,121,656 --a------ C:\Alcohol120_trial_1.9.7.6221.exe
2008-08-13 14:49 . 2008-08-13 14:49 227 --a------ C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
2008-08-13 14:49 . 2008-08-13 14:49 214 --a------ C:\WINDOWS\HP_48BitScanUpdatePatch.ini
2008-08-13 14:42 . 2008-08-13 14:42 221 --a------ C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
2008-07-29 20:34 . 2008-07-29 20:34 <DIR> d-------- C:\Program Files\Sun
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 14:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-20 16:00 --------- d-----w C:\Program Files\Symantec
2008-08-20 16:00 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-20 15:51 --------- d-----w C:\Program Files\Norton SystemWorks
2008-08-20 14:42 --------- d-----w C:\Program Files\Totalcmd
2008-08-13 12:41 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll
2008-07-29 18:34 --------- d-----w C:\Program Files\Java
2008-07-12 20:15 --------- d-----w C:\Program Files\Kids Colouring Book 2006
2008-07-12 16:00 --------- d-----w C:\Program Files\Google
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:41 660,480 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:42 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-18 18:52 7,721,920 ----a-w C:\Firefox Setup 3.0.exe
2004-05-15 15:03 1,300,260 ----a-w C:\Documents and Settings\DVD Audio Ripper 1.0.17.202\dvd-audio-ripper.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 12:14 57344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 16:10 271360]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-12-10 20:08 5367608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 11:17 1241088]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2003-08-13 19:38 54472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
"BMdbafa548"=Rundll32.exe "C:\WINDOWS\system32\tshuugpj.dll",s
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"LvHidSvc"=C:\WINDOWS\system32\lvhidsvc.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{105857c8-6ced-11da-81a6-0013d4dd174d}]
\Shell\Auto\command - G:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5101906f-c81c-11dc-890b-0013d4dd174d}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5885f75a-c267-11db-860e-0013d4dd174d}]
\Shell\AutoRun\command - F:\PortableRoboForm.exe
\Shell\RoboForm2Go\command - F:\PortableRoboForm.exe
.
Contents of the 'Scheduled Tasks' folder
2008-08-21 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-10-20 00:11]
2008-08-23 C:\WINDOWS\Tasks\GlaryInitialize.job
- C:\Program Files\Glary Utilities\initialize.exe [2008-07-18 11:08]
2008-08-23 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-13 19:38]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-BMdbafa548 - C:\WINDOWS\system32\eoedpwns.dll
ShellExecuteHooks-{C3F6F4FE-85F6-4D0C-98DE-15324B09F149} - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\AN\Data aplikací\Mozilla\Firefox\Profiles\4s3s5vzk.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-08-23 19:23:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\system32\ATL.DLL
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
.
**************************************************************************
.
Completion time: 2008-08-23 19:25:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-23 17:25:50
Pre-Run: 4,682,682,368
Post-Run: 4,638,052,352
204 --- E O F --- 2008-08-16 07:48:21
