ComboFix 09-02-19.01 - ADMIN 2009-02-21 19:31:15.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1643 [GMT 1:00]
Running from: c:\documents and settings\ADMIN\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\ADMIN\Application Data\FunWebProducts
c:\documents and settings\ADMIN\Application Data\inst.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\
0025F5F4.urr
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\system32\TDSSerrors.log
c:\windows\system32\tdssinit.dll
c:\windows\system32\tdssservers.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV
-------\Service_TDSSserv
((((((((((((((((((((((((( Files Created from 2009-01-21 to 2009-02-21 )))))))))))))))))))))))))))))))
.
2009-02-21 17:15 . 2009-02-21 17:15 <DIR> d-------- c:\program files\Trend Micro
2009-02-16 13:22 . 2009-02-16 13:22 <DIR> d-------- c:\program files\EA GAMES
2009-02-16 13:18 . 2009-02-16 13:18 <DIR> d--hs---- c:\windows\ftpcache
2009-02-13 18:01 . 2009-02-13 18:01 146,650 --a------ c:\windows\system32\BuzzingBee.wav
2009-02-08 16:37 . 2009-02-08 16:37 <DIR> d-------- c:\program files\RegCleaner
2009-02-08 16:22 . 2009-02-08 16:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Azureus
2009-02-08 16:22 . 2009-02-09 13:40 <DIR> d-------- c:\documents and settings\ADMIN\Application Data\Azureus
2009-02-08 16:21 . 2009-02-08 16:21 <DIR> d-------- c:\program files\Vuze
2009-02-08 16:21 . 2009-02-08 16:21 <DIR> d-------- c:\program files\Common Files\i4j_jres
2009-02-08 15:41 . 2008-04-14 05:41 21,504 --a------ c:\windows\system32\hidserv.dll
2009-02-08 15:41 . 2008-04-14 05:41 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2009-02-08 15:41 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-02-08 15:41 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2009-02-08 15:41 . 2008-04-14 00:15 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2009-02-08 15:41 . 2008-04-14 00:15 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2009-02-07 19:47 . 2009-02-07 19:47 <DIR> d-------- c:\program files\Common Files\Canon
2009-02-07 11:54 . 2000-10-31 12:00 307,200 --a------ c:\windows\vidcap32.Exe
2009-02-07 11:54 . 2004-12-24 11:15 225,357 --a------ c:\windows\system32\VM31bPrp.Ax
2009-02-07 11:54 . 2006-05-24 13:39 195,299 --a------ c:\windows\system32\drivers\usbVM31b.sys
2009-02-07 11:54 . 2006-04-11 13:25 176,128 --a------ c:\windows\amcap.exe
2009-02-07 11:54 . 2006-05-24 13:39 94,208 --a------ c:\windows\VMCap.exe
2009-02-07 11:54 . 2006-05-24 13:39 61,440 --a------ c:\windows\system32\VM31bSTI.dll
2009-02-07 11:54 . 2006-05-24 13:38 57,344 --a------ c:\windows\StillCap.exe
2009-02-07 11:54 . 2006-07-04 14:16 49,152 --a------ c:\windows\domino.exe
2009-02-03 14:15 . 2009-02-03 14:15 <DIR> d-------- c:\program files\Deep Silver
2009-02-03 14:14 . 2009-02-03 14:31 419 --a------ c:\windows\level.ini
2009-01-31 11:15 . 2009-02-04 19:57 64 --a------ c:\windows\AVerText.ini
2009-01-31 10:03 . 2009-01-31 10:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\AVerTV
2009-01-31 10:02 . 2008-07-21 07:47 273,152 --a------ c:\windows\system32\drivers\AVerFx2hbtv.sys
2009-01-31 10:02 . 2008-07-02 02:38 163,768 --a------ c:\windows\system32\MVDetection.ax
2009-01-31 10:02 . 2008-07-02 02:38 81,920 --a------ c:\windows\system32\TVRate.dll
2009-01-31 10:01 . 2009-01-31 10:02 <DIR> d-------- c:\program files\Common Files\AVerMedia
2009-01-31 10:01 . 2009-01-31 10:02 <DIR> d-------- c:\program files\AVerMedia
2009-01-31 10:01 . 2007-03-17 02:27 253,952 -r------- c:\windows\system32\sptlib02.dll
2009-01-31 10:01 . 2008-07-04 11:28 249,856 -r------- c:\windows\system32\sptlib01.dll
2009-01-31 10:01 . 2008-07-03 06:37 245,760 -r------- c:\windows\system32\sptlib03.dll
2009-01-31 10:01 . 2008-08-12 20:30 90,112 -r------- c:\windows\system32\CardID.dll
2009-01-31 10:01 . 2007-02-09 06:09 49,152 -r------- c:\windows\system32\AVerIO.dll
2009-01-31 10:01 . 2005-04-29 12:08 3,456 -r------- c:\windows\system32\AVerIO.sys
2009-01-30 20:28 . 2009-01-30 20:28 <DIR> d-------- c:\program files\Keyboard & Mouse Driver
2009-01-30 20:21 . 2009-02-20 17:20 <DIR> d-------- c:\program files\Mouse Driver
2009-01-29 10:54 . 2009-01-29 10:54 <DIR> d-------- c:\documents and settings\ADMIN\Application Data\DAEMON Tools Pro
2009-01-28 15:18 . 2009-01-28 15:18 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2009-01-28 15:18 . 2009-01-28 15:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-28 15:17 . 2009-01-29 10:54 <DIR> d-------- c:\documents and settings\ADMIN\Application Data\DAEMON Tools Lite
2009-01-28 14:26 . 2009-01-28 14:26 <DIR> d-------- c:\program files\Infogrames
2009-01-26 15:40 . 2009-01-26 15:40 <DIR> d-------- c:\documents and settings\ADMIN\Application Data\Leadertech
2009-01-26 15:39 . 2009-01-26 15:39 <DIR> d-------- c:\program files\Atari
2009-01-25 11:41 . 2009-01-25 11:41 <DIR> d-------- c:\program files\Autodesk
2009-01-25 11:40 . 2009-01-25 11:40 <DIR> d-------- c:\program files\AnswerWorks 4.0
2009-01-25 11:37 . 2009-02-20 17:14 <DIR> d-------- c:\program files\Common Files\Autodesk Shared
2009-01-25 11:37 . 2009-01-25 11:41 <DIR> d-------- c:\program files\AutoCAD 2005
2009-01-25 11:37 . 2009-01-25 11:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Autodesk
2009-01-25 11:37 . 2009-01-25 11:43 <DIR> d-------- c:\documents and settings\ADMIN\Application Data\Autodesk
2009-01-24 21:12 . 2009-02-08 16:45 <DIR> d-------- c:\program files\GameSpy Arcade
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-21 16:27 196,608 ----a-w c:\windows\system32\drivers\nStandard.bin
2009-02-21 16:05 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-21 15:22 --------- d-----w c:\program files\ICQ6.5
2009-02-21 15:03 --------- d-----w c:\documents and settings\ADMIN\Application Data\Skype
2009-02-21 14:09 --------- d-----w c:\documents and settings\ADMIN\Application Data\skypePM
2009-02-20 16:23 --------- d-----w c:\program files\PowerISO
2009-02-20 16:20 --------- d-----w c:\program files\Opera
2009-02-20 15:32 --------- d-----w c:\documents and settings\All Users\Application Data\TrackMania
2009-02-12 19:29 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-12 15:22 --------- d-----w c:\program files\Google
2009-02-08 16:28 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-08 15:45 --------- d-----w c:\program files\Alawar
2009-02-07 10:54 --------- d-----w c:\program files\Vimicro
2009-02-01 12:15 --------- d-----w c:\documents and settings\All Users\Application Data\AlawarWrapper
2009-01-29 09:54 --------- d-----w c:\documents and settings\ADMIN\Application Data\DAEMON Tools
2009-01-29 09:53 --------- d-----w c:\program files\DAEMON Tools Lite
2009-01-24 17:11 --------- d-----w c:\program files\QuickTime
2009-01-23 12:44 --------- d-----w c:\program files\Seekeen
2009-01-23 12:44 --------- d-----w c:\documents and settings\All Users\Application Data\Seekeen
2009-01-17 20:03 --------- d-----w c:\program files\DreamWorks Interactive
2009-01-16 17:49 --------- d-----w c:\documents and settings\All Users\Application Data\Fugazo
2009-01-16 15:18 --------- d-----w c:\documents and settings\All Users\Application Data\InterAction studios
2009-01-16 13:47 --------- d-----w c:\program files\Realore
2009-01-13 18:34 --------- d-----w c:\program files\Retro64 Games
2009-01-13 16:43 --------- d-----w c:\documents and settings\All Users\Application Data\AlawarGameBox
2009-01-12 17:28 --------- d-----w c:\documents and settings\All Users\Application Data\FarmFrenzy2
2009-01-11 14:29 --------- d-----w c:\documents and settings\All Users\Application Data\Winferno
2009-01-11 14:24 --------- d-----w c:\program files\Winferno
2009-01-04 10:09 --------- d-----w c:\program files\TmNationsForever
2009-01-02 20:05 --------- d-----w c:\program files\Common Files\Sandlot Shared
2009-01-02 20:05 --------- d-----w c:\documents and settings\All Users\Application Data\Sandlot Games
2009-01-02 17:03 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-02 10:12 --------- d-----w c:\program files\Red Storm Entertainment
2009-01-02 10:11 --------- d-----w c:\program files\LostInEU
2009-01-01 11:59 --------- d-----w c:\program files\ReflexiveArcade
2008-12-31 19:33 --------- d-----w c:\program files\ICQ6Toolbar
2008-12-31 19:33 --------- d-----w c:\documents and settings\All Users\Application Data\ICQ
2008-12-31 11:35 --------- d--h--r c:\documents and settings\ADMIN\Application Data\Chromeflower
2008-12-31 10:59 --------- d--h--r c:\documents and settings\ADMIN\Application Data\CrystalSpace
2008-12-31 10:46 --------- d-----w c:\program files\TeddyBears
2008-12-31 10:45 --------- d-----w c:\program files\RainbowIslands
2008-12-24 18:57 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-24 18:57 --------- d-----w c:\program files\AGEIA Technologies
2008-12-08 20:26 47,360 ----a-w c:\documents and settings\ADMIN\Application Data\pcouffin.sys
2008-09-15 11:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090820080915\index.dat
2008-09-22 15:13 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091520080922\index.dat
2008-09-22 18:31 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092220080923\index.dat
2008-09-23 17:57 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092320080924\index.dat
2008-09-24 18:10 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092420080925\index.dat
2008-09-25 18:55 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092520080926\index.dat
2008-09-26 20:16 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092620080927\index.dat
2008-09-28 17:33 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092820080929\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"VMSnap1"="c:\windows\VMSnap1.exe" [2006-07-17 49152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32\narrator.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2009-01-31 159744]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2009-01-31 663552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
"vidc.asv2"= asusasv2.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Akcelerátor spuštení AutoCADu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Akcelerátor spuštení AutoCADu.lnk
backup=c:\windows\pss\Akcelerátor spuštení AutoCADu.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
--a------ 2008-02-21 08:49 1126400 c:\program files\ASUS\SmartDoctor\SmartDoctor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
--a------ 2007-10-23 16:48 380928 c:\program files\ASUS\GamerOSD\GamerOSD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-10-13 20:05 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-06-01 12:32 94208 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-12-29 11:40 687560 c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\domino]
--a------ 2006-07-04 14:16 49152 c:\windows\domino.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KMCONFIG]
--a------ 2007-03-06 14:51 212992 c:\program files\Keyboard & Mouse Driver\StartAutorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 04:42 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-10-07 13:33 13574144 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-10-07 13:33 86016 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
--a------ 2003-07-07 08:29 729088 c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
--a------ 2003-05-08 10:00 49152 c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
--a------ 2007-02-26 14:03 2209224 c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--a------ 2004-03-10 23:26 406016 c:\windows\system32\PSDrvCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-01-20 08:09 200704 c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
--a------ 2008-07-08 17:41 2828184 c:\program files\Registry Mechanic\RegMech.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 18:42 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap1]
--a------ 2006-07-17 11:27 49152 c:\windows\VMSnap1.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 17:43 69632 c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-10-07 13:33 1630208 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-07-21 15:56 16261632 c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-05-16 17:04 2879488 c:\windows\SkyTel.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2008-06-26 101120]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-03-13 33800]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [2009-01-31 352256]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2009-01-31 409600]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-03-13 472320]
R3 AVerFx2hbtv;AVerMedia USB SW Analog Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [2009-01-31 273152]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2008-06-26 28672]
S2 gupdate1c989fc646f7fc4;Google Update Service (gupdate1c989fc646f7fc4);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 133104]
.
Contents of the 'Scheduled Tasks' folder
2009-02-21 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 15:48]
2009-02-21 c:\windows\Tasks\RegPowerClean.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2008-10-28 14:48]
2009-02-21 c:\windows\Tasks\RPCReminder.job
- c:\program files\Winferno\RegistryPowerCleaner\RPCReminder.exe [2008-10-28 14:34]
.
- - - - ORPHANS REMOVED - - - -
BHO-{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - (no file)
HKLM-Run-NWEReboot - (no file)
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.sk/
IE: E&xportovat do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-02-21 19:35:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,b6,85,44,9f,62,
46,55,48,e2,63,26,f1,3f,c8,ff,68,73,61,41,25,68,12,0f,06,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,f9,05,75,33,63,
15,df,f9,6a,9c,d6,61,af,45,84,18,b7,72,71,a9,e8,cc,87,9a,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,a0,be,c8,cf,a1,
21,92,95,ff,7c,85,e0,43,d4,0e,fe,b9,ed,a2,5e,fb,0f,bf,08,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,74,35,73,db,81,
c5,83,b4,86,8c,21,01,be,91,eb,e7,fb,23,6a,7c,40,58,36,6d,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,e8,93,eb,ea,30,
09,3b,da,f5,1d,4d,73,a8,13,5c,05,0d,c7,1e,f4,86,f1,66,53,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,21,38,b4,bb,0a,
60,0d,9c,df,20,58,62,78,6b,cf,c8,9b,21,5b,56,bc,29,5b,50,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,c8,ca,b7,0c,ad,
4f,76,66,fb,a7,78,e6,12,2f,9a,ea,b4,26,2c,0c,c1,0a,b1,4c,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,40,11,e6,4a,a8,
43,80,69,01,3a,48,fc,e8,04,4a,f1,15,98,00,21,60,17,b7,da,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,66,cb,a5,bf,ba,
17,db,25,f6,0f,4e,58,98,5b,89,c9,3c,b6,53,1b,ee,3f,dd,42,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,93,ba,2c,24,84,
53,8a,a8,3d,ce,ea,26,2d,45,aa,78,e5,55,63,e8,08,7e,1d,e9,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,d0,e2,16,44,d5,
2b,37,f5,2a,b7,cc,b5,b9,7f,41,e7,3e,bc,02,89,2b,e9,c5,09,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,99,99,a6,d6,ef,
a4,87,26,6c,43,2d,1e,aa,22,2f,9c,bd,4d,12,d6,c7,a5,2e,6d,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\ATKKBService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\windows\system32\wdfmgr.exe
c:\windows\SoftwareDistribution\Download\cb5a6e6205e8e4bf4d746b7f5bcdd148\update\update.exe
.
**************************************************************************
.
Completion time: 2009-02-21 19:41:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-21 18:41:46
Pre-Run: 34 617 188 352 bytes free
Post-Run: 34,667,589,632 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
357 --- E O F --- 2008-08-16 11:34:37
Choď na stránku: