Ahoj, posielam obsah logu
ComboFix 09-08-18.01 - pik 20.08.2009 11:21.4.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1535.1110 [GMT 2:00]
Running from: d:\internet\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
Infected copy of c:\windows\system32\mspmsnsv.dll was found and disinfected
Restored copy from - c:\windows\system32\dllcache\mspmsnsv.dll
.
((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))
.
2009-08-18 17:37 . 2009-08-18 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\HappyFoto
2009-08-17 09:13 . 2009-08-17 09:13 -------- d-----w- c:\program files\Trend Micro
2009-08-06 15:47 . 2009-08-06 16:25 -------- d-----w- C:\Milan video
2009-08-01 18:37 . 2009-08-01 18:37 -------- d-----w- C:\image
2009-08-01 16:26 . 2009-08-01 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-01 16:22 . 2009-08-01 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM
2009-08-01 16:20 . 2009-08-01 16:20 -------- d-----w- c:\program files\Bonjour
2009-08-01 16:10 . 2009-08-01 16:10 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-07-30 17:40 . 2009-07-30 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SugarGames
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-20 08:03 . 2007-10-07 08:30 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-19 16:59 . 2007-01-06 15:59 -------- d-----w- c:\documents and settings\pik\Application Data\Happy Foto
2009-08-19 16:15 . 2007-05-28 17:42 -------- d-----w- c:\program files\Shrink Pic
2009-08-18 17:38 . 2008-04-23 19:04 101672 ----a-w- c:\documents and settings\pik\Application Data\mdbu.bin
2009-08-07 08:56 . 2004-08-03 21:15 618912 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-08-06 19:34 . 2006-11-01 12:36 -------- d-----w- c:\documents and settings\pik\Application Data\Skype
2009-08-06 13:56 . 2008-01-11 14:21 -------- d-----w- c:\documents and settings\pik\Application Data\skypePM
2009-08-01 16:58 . 2006-10-28 10:31 375800 ----a-w- c:\documents and settings\pik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-01 16:20 . 2006-11-03 12:52 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-29 18:55 . 2007-01-06 19:33 230 ----a-w- c:\windows\popcinfo.dat
2009-07-15 11:03 . 2009-02-03 19:41 -------- d-----r- c:\program files\Skype
2009-07-15 11:02 . 2009-07-15 11:02 -------- d-----w- c:\program files\Common Files\Skype
2009-07-15 11:02 . 2007-07-13 11:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-06-28 08:04 . 2009-06-28 08:04 -------- d-----w- c:\program files\Mio Technology
2009-06-28 08:04 . 2006-10-27 20:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-28 08:02 . 2007-03-10 20:38 -------- d-----w- c:\program files\Microsoft ActiveSync
.
------- Sigcheck -------
[-] 2004-10-16 14:05 656896 CBA65B573C66FE23F647FF96E3A10994 c:\windows\system32\wininet.dll
[-] 2004-10-16 14:08 359040 09EB23A4567BDD56D9580A059E616E23 c:\windows\system32\drivers\tcpip.sys
[-] 2004-10-16 13:59 3004928 D94E6405E420373161467ACD3DA65640 c:\windows\system32\mshtml.dll
[-] 2009-08-07 08:56 618912 40C4350EAC7EC8D85FAB5B78D1E1F40D c:\windows\system32\drivers\ntfs.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-08-19_10.12.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-23 13:00 . 2009-08-19 10:04 62344 c:\windows\system32\perfc009.dat
+ 2001-08-23 13:00 . 2009-08-20 09:33 62344 c:\windows\system32\perfc009.dat
+ 2001-08-23 13:00 . 2009-08-20 09:33 401064 c:\windows\system32\perfh009.dat
- 2001-08-23 13:00 . 2009-08-19 10:04 401064 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"LDM"="c:\software\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-27 67128]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-12-15 5513216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-12-15 86016]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"WinampAgent"="c:\software\Winamp\winampa.exe" [2004-12-20 33792]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CnxDslTaskBar"="c:\program files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" [2004-06-16 233472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-04-07 188416]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-19 286720]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-12-15 1490944]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-15 77824]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-05-20 28160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\pik\Start Menu\Programs\Startup\
Total Commander.lnk - c:\software\totalcmd\TOTALCMD.EXE [2007-4-1 851664]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ImageMixer HDD Camera Monitor.lnk - c:\program files\PIXELA\ImageMixer3\HDDCameraMonitor.exe [2008-5-15 2117632]
Logitech Desktop Messenger.lnk - c:\software\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-2-27 67128]
Logitech SetPoint.lnk - c:\software\Logitech\SetPoint\SetPoint.exe [2006-10-28 450560]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Software\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Software\\totalcmd\\TOTALCMD.EXE"=
"c:\\Software\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56199:TCP"= 56199:TCP:Pando P2P TCP Listening Port
"56199:UDP"= 56199:UDP:Pando P2P UDP Listening Port
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [5.10.2003 10:41 123520]
R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [28.9.2003 10:57 5504]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 15:23 106208]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.7.2008 7:51 277736]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [26.3.2007 18:06 51072]
R2 ekrn;ESET Service;c:\program files\Eset\ESET Smart Security\ekrn.exe [6.2.2009 15:23 727720]
R3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [23.6.2008 15:20 131072]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [23.6.2008 15:20 614272]
R3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\drivers\CnxTgNP.sys [23.6.2008 15:21 60416]
R3 PAC7311;Trust Webcam 14839;c:\windows\system32\drivers\PA707UCM.SYS [18.10.2005 12:48 154752]
S3 esihdrv;esihdrv;\??\c:\docume~1\pik\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\pik\LOCALS~1\Temp\esihdrv.sys [?]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [7.3.2007 13:19 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [7.3.2007 13:19 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [7.3.2007 13:19 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [7.3.2007 13:19 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [7.3.2007 13:19 83344]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [22.3.2007 9:19 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys --> c:\windows\system32\DRIVERS\kwflower.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.zoznam.sk/
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\software\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\pik\Application Data\Mozilla\Firefox\Profiles\w75qieiq.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.vaav.sk
FF - prefs.js: keyword.URL -
hxxp://www.crawler.com/search/dispatche ... 60049&qkw=
FF - plugin: c:\program files\TV JOJ Media Player\np_JOJ_netscape_player.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-08-20 11:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,f5,31,d2,07,a8,
da,5d,ff,e2,63,26,f1,3f,c8,ff,68,81,74,f3,63,c3,58,08,6a,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,b2,06,7c,94,82,
68,1f,34,6a,9c,d6,61,af,45,84,18,b3,b7,5d,73,69,20,c6,a7,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{61F22E4F-B27F-AFC4-A522A9C3D24CB12E}\{1AB70131-6AEF-F29E-373C8656BA527ED6}\{4909E9D0-65F5-FEDD-EF93FC8CC6374EF9}*]
"6CR3BGOGF5UBY5FPSVOYDJGMKH1"=hex:01,00,01,00,00,00,00,00,5b,5e,48,29,ce,7c,e8,
34,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,ff,aa,3f,c3,cc,
0a,cf,ee,ff,7c,85,e0,43,d4,0e,fe,03,0f,95,ad,93,55,bb,bd,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,2a,bd,23,13,a6,
90,d4,5a,86,8c,21,01,be,91,eb,e7,95,54,e7,5f,dc,c5,dc,ce,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,02,2a,d0,43,c2,
33,62,49,f5,1d,4d,73,a8,13,5c,05,d9,dd,bc,f7,af,a7,39,4e,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,9c,90,15,72,ee,
a4,4e,58,df,20,58,62,78,6b,cf,c8,cc,59,b8,8a,de,c8,42,1f,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,47,e2,f4,4c,98,
d6,95,21,fb,a7,78,e6,12,2f,9a,ea,6c,b7,d0,92,f4,e3,d1,65,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AD212F18-226F-19C5-6836DC0F322A8CD1}\{165CDB28-57BC-2FFB-C17032E84F1598CE}\{1D773DA2-1E07-1A59-CFCCE9D8E9744932}*]
"6CR3BGOGF5UBY5FPSVOYDJGMKH1"=hex:01,00,01,00,00,00,00,00,5b,5e,48,29,ce,7c,e8,
34,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,61,99,90,64,ac,
75,ff,72,01,3a,48,fc,e8,04,4a,f1,81,1b,01,a5,6a,87,65,2f,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,cc,68,12,6e,99,
ca,2a,ca,f6,0f,4e,58,98,5b,89,c9,85,3c,06,20,db,d9,98,a6,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,ff,35,31,31,fd,
c6,3c,31,3d,ce,ea,26,2d,45,aa,78,45,9b,6f,27,0f,7c,63,16,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,33,59,bd,15,ed,
23,fa,0a,2a,b7,cc,b5,b9,7f,41,e7,63,8d,de,21,7c,13,24,91,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,07,9b,82,32,2c,
63,4e,ce,6c,43,2d,1e,aa,22,2f,9c,28,78,3b,e7,d0,61,2c,cf,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3380)
c:\software\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\ATKKBService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PAStiSvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2009-08-20 11:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-20 09:39
ComboFix2.txt 2009-08-19 10:18
Pre-Run: 12 691 742 720 bytes free
Post-Run: 12 adresárov, 12 713 758 720 voľných bajtov
298
, alebo sa to dá napraviť?
