combofix:
ComboFix 08-02.03.1 - Rene 2008-02-04 19:38:52.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.751 [GMT 1:00]
Running from: C:\Documents and Settings\Rene\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Rene\Oblíbené položky\Error Cleaner.url
C:\Documents and Settings\Rene\Oblíbené položky\Privacy Protector.url
C:\Documents and Settings\Rene\Oblíbené položky\Spyware&Malware Protection.url
C:\Program Files\autorun.inf
C:\Program Files\Video Add-on
C:\Program Files\VideoAccessCodec
C:\Program Files\VideoAccessCodec\install.ico
C:\Program Files\VideoAccessCodec\Uninstall.exe
C:\Program Files\VideoAccessCodec\VideoAccessCodec.ocx
C:\WINDOWS\dat.txt
C:\WINDOWS\hostctrl.dll
C:\WINDOWS\nmcuninstall.exe
----- BITS: Possible infected sites -----
hxxp://onsafepro.com
hxxp://205.177.122.104
hxxp://thenetworkcom.com
.
((((((((((((((((((((((((( Files Created from 2008-01-04 to 2008-02-04 )))))))))))))))))))))))))))))))
.
2008-02-04 19:03 . 2008-02-04 19:03 <DIR> d-------- C:\Program Files\Microprose
2008-02-04 18:57 . 2008-02-04 18:57 <DIR> d-------- C:\Program Files\NovaLogic
2008-02-04 18:57 . 2008-02-04 18:57 <DIR> d-------- C:\Documents and Settings\Rene\WINDOWS
2008-02-04 18:38 . 2008-02-04 18:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-03 21:51 . 2008-02-03 21:51 0 --ah----- C:\WINDOWS\SwSys2.bmp
2008-02-03 21:51 . 2008-02-03 21:51 0 --ah----- C:\WINDOWS\SwSys1.bmp
2008-02-03 21:50 . 2008-02-03 21:50 <DIR> d-------- C:\Program Files\StuGroup
2008-01-29 19:34 . 2008-01-29 20:05 <DIR> d-------- C:\Program Files\Scorpions WinCheater
2008-01-26 11:16 . 2008-01-26 11:16 <DIR> d-------- C:\Program Files\Common Files\DirectX
2008-01-24 21:12 . 2008-01-24 21:12 <DIR> d-------- C:\Program Files\Miranda IM
2008-01-24 21:12 . 2008-01-24 21:12 <DIR> d-------- C:\Documents and Settings\Rene\Data aplikací\Miranda
2008-01-17 18:12 . 2008-01-17 18:12 <DIR> d-------- C:\Program Files\Id Software
2008-01-17 16:00 . 2008-01-17 16:05 <DIR> d-------- C:\Documents and Settings\Rene\Data aplikací\Winamp
2008-01-16 16:40 . 2008-01-16 16:40 <DIR> d-------- C:\Program Files\Audio CD Copier
2008-01-16 16:40 . 2002-07-30 10:38 647,168 --a------ C:\WINDOWS\system32\CDWriterXP.ocx
2008-01-16 16:40 . 2002-03-25 02:03 380,928 --a------ C:\WINDOWS\system32\CDRipperX.ocx
2008-01-16 16:40 . 2002-10-16 20:03 208,896 --a------ C:\WINDOWS\system32\RICHTX32.OCX
2008-01-16 16:40 . 2002-10-26 14:35 140,288 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-01-16 16:40 . 1998-06-18 04:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-01-13 20:14 . 2008-01-13 20:14 <DIR> d-------- C:\Program Files\GamePark
2008-01-13 20:07 . 2008-02-02 16:40 <DIR> d-------- C:\Program Files\TrackMania Nations ESWC
2008-01-13 14:20 . 2008-01-13 14:20 231 --a------ C:\WINDOWS\system32\3dsmax.ini
2008-01-13 14:20 . 2008-01-13 14:20 43 --a------ C:\WINDOWS\system32\InstallSettings.ini
2008-01-13 14:19 . 2008-01-13 14:20 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-01-13 14:18 . 2008-01-13 14:18 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Autodesk
2008-01-13 14:17 . 2008-01-13 14:20 <DIR> d-------- C:\Program Files\Autodesk
2008-01-12 22:13 . 2008-01-12 22:28 <DIR> d-------- C:\Program Files\Need for Speed Most Wanted - Black Edition
2008-01-07 22:16 . 2008-01-11 17:56 <DIR> d-------- C:\Program Files\Video Strip Poker
2008-01-07 22:16 . 2008-01-11 17:56 <DIR> d-a------ C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-01-07 14:01 . 2008-01-07 14:01 <DIR> d-------- C:\Documents and Settings\Rene\Data aplikací\dvdcss
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 21:36 --------- d-----w C:\Program Files\HLSW
2008-02-03 20:53 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-03 20:53 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-02-03 18:49 --------- d-----w C:\Program Files\mIRC
2008-02-02 11:44 --------- d-----w C:\Documents and Settings\Rene\Data aplikací\Vso
2008-02-01 21:15 --------- d-----w C:\Documents and Settings\Rene\Data aplikací\LimeWire
2008-01-28 22:10 --------- d-----w C:\Documents and Settings\Rene\Data aplikací\skypePM
2008-01-28 22:10 --------- d-----w C:\Documents and Settings\Rene\Data aplikací\Skype
2008-01-28 22:07 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-01-26 10:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-25 21:15 --------- d-----w C:\Program Files\Opera
2008-01-17 15:27 --------- d-----w C:\Program Files\Winamp
2008-01-10 19:39 --------- d-----w C:\Program Files\Java
2007-12-30 21:11 --------- d-----w C:\Program Files\QIP
2007-12-18 15:04 --------- d-----w C:\Program Files\YouTube Downloader
2007-12-15 10:43 --------- d-----w C:\Documents and Settings\Rene\Data aplikací\teamspeak2
2007-12-14 17:08 --------- d-----w C:\Documents and Settings\Danica\Data aplikací\MEGAUPLOADTOOLBAR
2007-12-14 14:52 --------- d-----w C:\Program Files\EA GAMES
2007-12-14 09:43 --------- d-----w C:\Documents and Settings\Shandy RP\Data aplikací\TuneUp Software
2007-12-12 20:17 --------- d-----w C:\Program Files\EACom
2007-12-12 20:14 --------- d-----w C:\Program Files\Electronic Arts
2007-12-12 18:04 --------- d-----w C:\Documents and Settings\Erik\Data aplikací\MEGAUPLOADTOOLBAR
2007-12-11 18:41 --------- d-----w C:\Documents and Settings\Shandy RP\Data aplikací\MEGAUPLOADTOOLBAR
2007-12-10 19:49 --------- d-----w C:\Documents and Settings\Erik\Data aplikací\Skype
2007-12-10 17:42 --------- d-----w C:\Documents and Settings\Erik\Data aplikací\Media Player Classic
2007-12-08 17:43 --------- d-----w C:\Program Files\Rockstar Games
2007-12-06 18:54 --------- d-----w C:\Program Files\FlashFXP
2007-12-06 15:24 --------- d-----w C:\Documents and Settings\Rene\Data aplikací\FlashFXP
2007-12-05 12:59 --------- d-----w C:\Program Files\Activision
2007-12-03 20:28 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2007-11-19 14:06 73,728 ----a-w C:\WINDOWS\DUMP5592.tmp
2007-10-30 15:56 870,400 ----a-w C:\Program Files\autorun.dat
2007-10-30 15:56 7,943,432 ----a-w C:\Program Files\nfsdemo.exe
2007-10-30 15:56 632,072 ----a-w C:\Program Files\msvcr80.dll
2007-10-30 15:56 554,248 ----a-w C:\Program Files\msvcp80.dll
2007-10-30 15:56 505,096 ----a-w C:\Program Files\msvcp71.dll
2007-10-30 15:56 484,616 ----a-w C:\Program Files\msvcm80.dll
2007-10-30 15:56 402,696 ----a-w C:\Program Files\AutoRun.exe
2007-10-30 15:56 386,312 ----a-w C:\Program Files\server.dll
2007-10-30 15:56 386,312 ----a-w C:\Program Files\EASetup.exe
2007-10-30 15:56 353,544 ----a-w C:\Program Files\msvcr71.dll
2007-10-30 15:56 1,180,936 ----a-w C:\Program Files\msvcr80d.dll
2007-10-30 15:56 1,041,672 ----a-w C:\Program Files\msvcp80d.dll
2007-10-30 15:56 1,021,192 ----a-w C:\Program Files\msvcm80d.dll
2007-10-30 15:55 6,844,737 ----a-w C:\Program Files\Group151.cab
2007-10-30 15:55 36,466,538 ----a-w C:\Program Files\Group3.cab
2007-10-30 15:55 36 ----a-w C:\Program Files\Group138.cab
2007-10-30 15:55 3,678,484 ----a-w C:\Program Files\Group152.cab
2007-10-30 15:55 140,458,424 ----a-w C:\Program Files\Group18.cab
2007-10-30 15:54 5,093 ----a-w C:\Program Files\Group8.cab
2007-10-30 15:54 201,398,784 ----a-w C:\Program Files\Group20.cab
2007-10-30 15:54 10,776,597 ----a-w C:\Program Files\Group136.cab
2007-10-30 15:52 944,116 ----a-w C:\Program Files\Group114.cab
2007-10-30 15:52 4,353,168 ----a-w C:\Program Files\Group111.cab
2007-10-30 15:52 36 ----a-w C:\Program Files\Group21.cab
2007-10-30 15:52 2,767 ----a-w C:\Program Files\Group4.cab
2007-10-30 15:52 111,469,457 ----a-w C:\Program Files\Group110.cab
2007-10-30 15:52 1,602 ----a-w C:\Program Files\Group139.cab
2007-10-30 15:51 75,464,468 ----a-w C:\Program Files\Group10.cab
2007-10-30 15:51 36 ----a-w C:\Program Files\Group1.cab
2007-10-30 15:51 30,187,042 ----a-w C:\Program Files\Group6.cab
2007-10-30 15:51 24,202 ----a-w C:\Program Files\Group9.cab
2007-10-30 15:51 2,351,637 ----a-w C:\Program Files\Group15.cab
2007-10-30 15:51 19,665 ----a-w C:\Program Files\Group16.cab
2007-10-30 15:51 14,750 ----a-w C:\Program Files\Group134.cab
2007-10-30 15:50 93,422,941 ----a-w C:\Program Files\Group2.cab
2007-10-30 15:50 695,735 ----a-w C:\Program Files\Group0.cab
2007-10-30 15:50 676 ----a-w C:\Program Files\Group12.cab
2007-10-30 15:50 6,458,669 ----a-w C:\Program Files\Group11.cab
2007-10-30 15:50 566,461 ----a-w C:\Program Files\Group17.cab
2007-10-30 15:50 536,982 ----a-w C:\Program Files\Group112.cab
2007-10-30 15:50 36 ----a-w C:\Program Files\Group19.cab
2007-10-30 15:50 351,200 ----a-w C:\Program Files\Group137.cab
2007-10-30 15:50 35,899,970 ----a-w C:\Program Files\Group153.cab
2007-10-30 15:50 3,526,886 ----a-w C:\Program Files\Group5.cab
2007-10-30 15:50 1,295 ----a-w C:\Program Files\Group113.cab
2007-10-30 15:49 6,940,334 ----a-w C:\Program Files\Group135.cab
2007-10-30 15:49 33,546,010 ----a-w C:\Program Files\Group14.cab
2007-10-30 15:49 2,757,228 ----a-w C:\Program Files\Group13.cab
2007-10-30 15:49 2,741,922 ----a-w C:\Program Files\Group7.cab
2007-10-24 19:50 3,262 ----a-w C:\Program Files\nfs_icon.ico
2007-10-24 19:50 258 ----a-w C:\Program Files\dat.bin
2007-10-24 19:50 1,462 ----a-w C:\Program Files\server.cfg
2007-10-24 19:49 1,869 ----a-w C:\Program Files\microsoft.vc80.crt.manifest
2007-10-19 13:34 106,496 ----a-w C:\Documents and Settings\All Users\Data aplikací\didwbkro.dll
2007-09-18 14:31 4,300,800 ----a-w C:\Program Files\mplayerc.exe
2005-01-01 03:41 802,816 ----a-w C:\Documents and Settings\Erik\SimTr.exe
2001-11-23 10:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 05:22 7700480]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 16:16 37376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 17:05 13312]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"CTFMON.EXE"=C:\WINDOWS\System32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe
"C-Media Mixer"=Mixer.exe /startup
"didwbkro"=regsvr32 /u "C:\Documents and Settings\All Users\Data aplikací\didwbkro.dll"
"Omnipage"=C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" -minimize
R2 mi-raysat_3dsMax2008_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit;"C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe" [2007-09-24 17:05]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2001-10-25 13:00]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys [2002-08-29 00:35]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2008-02-01 16:16:17 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-02-04 19:42:02
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-04 19:45:23
ComboFix-quarantined-files.txt 2008-02-04 18:45:21
nejaka ina alternativa?
v OS to fakt neviem..no ak to mrzne aj po formate tak to bude jedine HW chyba..
