Re: Win32/Mebroot.K
Napsal: 31 črc 2008 18:59
Takze dalsia varka logov...
------------------------------------------------------------------------------------------
SDFix: Version 1.210
Run by Admin on çt 31.07.2008 at 19:37
Microsoft Windows XP [Verzia 5.1.2600]
Running From: C:\SDFix\SDFix
Checking Services :
Name :
{DEF85C80-216A-43ab-AF70-1665EDBE2780}
Path :
\??\C:\WINDOWS\TEMP\14EC.tmp
{DEF85C80-216A-43ab-AF70-1665EDBE2780} - Deleted
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\Temp\bca4e2da.$$$ - Deleted
C:\WINDOWS\Temp\ed47fa.$ - Deleted
C:\WINDOWS\Temp\fa56d7ec.$$$ - Deleted
Note - Files associated with the MBR Rootkit have been found on this system, to check the PC use the MBR Rootkit Detector by Gmer or CureIt by Dr.Web
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 19:43:35
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\\need for speed\\Speed.exe"="E:\\need for speed\\Speed.exe:*:Disabled:Speed"
"C:\\WINDOWS\\System32\\dpvsetup.exe"="C:\\WINDOWS\\System32\\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Disabled:ICQ Lite"
"D:\\Mimi\\Hry\\TTDX\\TTDLOADW.OVL"="D:\\Mimi\\Hry\\TTDX\\TTDLOADW.OVL:*:Disabled:TTDLOADW"
"C:\\WINDOWS\\System32\\ftp.exe"="C:\\WINDOWS\\System32\\ftp.exe:*:Enabled:File Transfer Program"
"C:\\Program Files\\Totalcmd\\TOTALCMD.EXE"="C:\\Program Files\\Totalcmd\\TOTALCMD.EXE:*:Disabled:Total Commander 32 bit international version, file manager replacement for Windows"
"E:\\TrackMania Nations\\TmNationsESWC.exe"="E:\\TrackMania Nations\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"E:\\AgeofEmpires3\\empires2.exe"="E:\\AgeofEmpires3\\empires2.exe:*:Enabled:Age of Empires II"
"C:\\WINDOWS\\System32\\dplaysvr.exe"="C:\\WINDOWS\\System32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"D:\\Mimi\\DC++\\DCPlusPlus.exe"="D:\\Mimi\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"E:\\PES5\\game\\PES5.exe"="E:\\PES5\\game\\PES5.exe:*:Disabled:pes5.exe"
"E:\\Call of Duty\\CoDMP.exe"="E:\\Call of Duty\\CoDMP.exe:*:Disabled:CoDMP"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"E:\\FM2007\\fm.exe"="E:\\FM2007\\fm.exe:*:Enabled:Football Manager 2007"
"E:\\Starcraft\\StarCraft.exe"="E:\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft"
"E:\\HoMaMIII\\HEROES3.EXE"="E:\\HoMaMIII\\HEROES3.EXE:*:Enabled:Heroes of Might and MagicR III"
"E:\\AoE2\\empires2.exe"="E:\\AoE2\\empires2.exe:*:Enabled:Age of Empires II"
"E:\\FarCry\\Bin32\\FarCry.exe"="E:\\FarCry\\Bin32\\FarCry.exe:*:Enabled:Far Cry"
"E:\\Boiling Point - Cesta do pekel\\XENUS.EXE"="E:\\Boiling Point - Cesta do pekel\\XENUS.EXE:*:Disabled:XENUS"
"E:\\Football Manager 2008\\fm.exe"="E:\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\SDFix\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 3 Mar 2008 568 A..H. --- "C:\WINDOWS\nod32fixtemdono.reg"
Mon 3 Mar 2008 5,702 A..H. --- "C:\WINDOWS\nod32restoretemdono.reg"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 22 Mar 2007 28,672 ...H. --- "C:\Documents and Settings\Admin\Application Data\Microsoft\Word\~WRL0005.tmp"
Finished!
------------------------------------------------------------------------------------------
ComboFix 08-07-31.01 - Admin 2008-07-31 19:49:28.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.81 [GMT 1:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Antispyware_Spybot - Search & Destroy
C:\Program Files\Antispyware_Spybot - Search & Destroy\advcheck.dll
C:\Program Files\Antispyware_Spybot - Search & Destroy\aports.dll
C:\Program Files\Antispyware_Spybot - Search & Destroy\blindman.exe
C:\Program Files\Antispyware_Spybot - Search & Destroy\borlndmm.dll
C:\Program Files\Antispyware_Spybot - Search & Destroy\Default configuration.ini
C:\Program Files\Antispyware_Spybot - Search & Destroy\delphimm.dll
C:\Program Files\Antispyware_Spybot - Search & Destroy\Dummies\dummy.cd_clint.dll
C:\Program Files\Antispyware_Spybot - Search & Destroy\Dummies\dummy.dap.gif
C:\Program Files\Antispyware_Spybot - Search & Destroy\Dummies\dummy.data.xml
C:\Program Files\Antispyware_Spybot - Search & Destroy\Dummies\dummy.default.gif
C:\Program Files\Antispyware_Spybot - Search & Destroy\Dummies\dummy.related.htm
C:\Program Files\Antispyware_Spybot - Search & Destroy\Help\Brasil.license.txt
C:\Program Files\Antispyware_Spybot - Search & Destroy\Help\Cesky.license.txt
C:\Program Files\Antispyware_Spybot - Search & Destroy\Help\Cesky.Resident.chm
C:\Program Files\Antispyware_Spybot - Search & Destroy\Help\Deutsch.license.txt
C:\Program Files\Antispyware_Spybot - Search & Destroy\Help\English.chm
C:\Program Files\Antispyware_Spybot - Search & Destroy\Help\English.license.txt
C:\Program Files\Antispyware_Spybot - Search & Destroy\Help\English.Resident.chm
C:\Program Files\Antispyware_Spybot - Search & Destroy\Help\Espanol.license.txt
C:\Program Files\Antispyware_Spybot - Search & Destroy\Help\Francais.license.txt
C:\Program Files\Antispyware_Spybot - Search & Destroy\Help\Italiano.license.txt
C:\Program Files\Antispyware_Spybot - Search & Destroy\Help\Japanese.license.txt
C:\Program Files\Antispyware_Spybot - Search & Destroy\Help\Nederlands.license.txt
C:\Program Files\Antispyware_Spybot - Search & Destroy\Help\Polski.license.txt
C:\Program Files\Antispyware_Spybot - Search & Destroy\Help\Slovensky.license.txt
C:\Program Files\Antispyware_Spybot - Search & Destroy\Help\Slovensky.Resident.chm
C:\Program Files\Antispyware_Spybot - Search & Destroy\Help\Srpski.license.txt
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Browserpages.sbs
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\CLSIDs.sbs
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Cookies.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Cookies.sbs
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Dialer.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Dialer.sbs
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\DialerC.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Domains.sbs
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\HeavyDuty.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Hijackers.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\HijackersC.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Keyloggers.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\KeyloggersC.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Logs.uts
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\LSP.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\LSP.sbs
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Malware.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\MalwareC.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\OperaPlugins.sbs
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\ProcWatch.sbs
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\PUPS.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\PUPSC.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\RegDFLinks.sbs
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\RegWatch.sbs
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Revision.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Revision.sbs
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Searchpages.sbs
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Security.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\SecurityC.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Services.sbs
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Spybots.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\SpybotsC.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Startup.tnfo
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Targets.nfo
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Tracks.uti
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Trojans.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\TrojansC.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\URL-Blacklist.sbs
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\X509White.sbs
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Arabic.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Bosanski.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Brasil.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Bulgarski.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Catalan.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Cesky.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Dansk.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Deutsch.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Eesti.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\English.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Espanol.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Esperanto.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Euskera.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Farsi.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Francais.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Galego.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Greek.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Hebrew.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Hrvatski.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Chinese (simplified).sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Chinese (traditional).sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Italiano.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Japanese.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Korean.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Latvian.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Letzebuergesch.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Lietuviu.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Magyar.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Makedonski.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Melayu.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Nederlands.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Norsk.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Polski.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Portugues.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Romaneste.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Russkiy.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Shqip.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Slovenscina.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Slovensky.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Srpski.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Suomi.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Svenska.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Thai.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Turkce.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Ukrainian.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Uzbek.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\messages.zres
C:\Program Files\Antispyware_Spybot - Search & Destroy\OptOut.ini
C:\Program Files\Antispyware_Spybot - Search & Destroy\Plugins\TCPIPAddress.dll
C:\Program Files\Antispyware_Spybot - Search & Destroy\SDHelper.dll
C:\Program Files\Antispyware_Spybot - Search & Destroy\Skins\Colorblind.ini
C:\Program Files\Antispyware_Spybot - Search & Destroy\Skins\Italia.ini
C:\Program Files\Antispyware_Spybot - Search & Destroy\Skins\Italia.jpg
C:\Program Files\Antispyware_Spybot - Search & Destroy\Skins\Peace.ini
C:\Program Files\Antispyware_Spybot - Search & Destroy\Skins\Peace.jpg
C:\Program Files\Antispyware_Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Antispyware_Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Antispyware_Spybot - Search & Destroy\Tools.dll
C:\Program Files\Antispyware_Spybot - Search & Destroy\unins000.dat
C:\Program Files\Antispyware_Spybot - Search & Destroy\unins000.exe
C:\Program Files\Antispyware_Spybot - Search & Destroy\UnzDll.dll
C:\Program Files\Antispyware_Spybot - Search & Destroy\Update.exe
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\advcheck.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\advcheck15.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\advcheck151.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\advcheck152.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\advcheck153.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\clsid.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\desc.english.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\downloaded.ini
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\help.cesky.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\help.english.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\helpres.cesky.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\helpres.english.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\helpres.slovensky.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\includes.dialer.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\includes.hijackers.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\includes.keyloggers.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\includes.malware.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\includes.pups.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\includes.security.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\includes.spybots.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\includes.trojans.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\includes.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\lang.cesky.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\lang.english.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\lang.slovensky.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\mainapp152.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\online.ini
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\plugtcpip.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\sbsd152upd.exe
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\sbsd152upd.wem
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\skins.main.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\startup.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\tools.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\tools15.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\tools212.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\ZipDll.dll
C:\Program Files\Common Files\{10C52~1
C:\Program Files\Common Files\{10C52~2
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\mhjnfpskaq.dat
C:\WINDOWS\system32\mhjnfpskaq_nav.dat
C:\WINDOWS\system32\mhjnfpskaq_navps.dat
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\obmtjiuvsn_navtmp.dat
C:\WINDOWS\system32\trdphnu_navtmp.dat
C:\WINDOWS\system32\valeva.dat
C:\WINDOWS\system32\valeva.exe
C:\WINDOWS\system32\valeva_nav.dat
C:\WINDOWS\system32\valeva_navps.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_{DEF85C80-216A-43AB-AF70-1665EDBE2780}
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-31 )))))))))))))))))))))))))))))))
.
2009-04-08 11:36 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg
2009-04-08 11:36 . 2008-03-03 18:21 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2009-04-08 11:32 . 2009-04-08 11:32 <DIR> d-------- C:\Program Files\ESET
2009-03-02 15:46 . 2009-03-02 15:46 <DIR> d-------- C:\Program Files\Opera
2009-02-25 14:54 . 2006-02-28 08:53 2,936,832 --a------ C:\WINDOWS\system32\MA2_6.scr
2009-01-31 15:14 . 2009-01-31 15:14 <DIR> d--hs---- C:\FOUND.001
2009-01-22 22:10 . 2004-08-04 09:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2009-01-22 20:32 . 2009-01-22 20:32 <DIR> d-------- C:\Program Files\Winamp
2009-01-22 20:32 . 2007-03-08 00:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2009-01-04 20:25 . 2009-01-04 20:25 <DIR> d--hs---- C:\FOUND.000
2008-07-31 19:36 . 2008-07-31 19:36 577,024 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2008-07-31 19:35 . 2008-07-31 19:35 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-31 19:31 . 2008-07-31 19:31 <DIR> d-------- C:\SDFix
2008-07-31 19:17 . 2008-07-31 19:17 <DIR> d-------- C:\Documents and Settings\Admin\DoctorWeb
2008-07-30 19:01 . 2008-07-30 19:01 <DIR> d--hs---- C:\FOUND.002
2008-07-16 08:59 . 2008-07-16 08:59 <DIR> d-------- C:\Program Files\QIP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-22 19:32 --------- d-----w C:\Documents and Settings\Admin\Application Data\Winamp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56 15360]
"OM_Monitor"="C:\Program Files\OLYMPUS Master\Monitor.exe" [2005-11-29 19:19 57344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-07-15 11:42 4112384]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-07-15 11:42 81920]
"OM_Monitor"="C:\Program Files\OLYMPUS Master\FirstStart.exe" [2005-11-29 19:19 40960]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 13:06 40048]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
"nwiz"="nwiz.exe" [2004-07-15 11:42 843776 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2003-12-19 11:53 65024 C:\WINDOWS\SOUNDMAN.EXE]
"CHotkey"="zHotkey.exe" [2003-07-29 18:06 515584 C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2003-09-19 09:09 36864 C:\WINDOWS\ShowWnd.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:56 15360]
C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
SaveSnap.lnk.disabled [2007-09-19 21:24:12 646]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office2000\Office\OSA9.EXE [1999-02-18 02:05:56 65588]
HP Digital Imaging Monitor.lnk.disabled [2006-12-24 21:10:12 1718]
InterVideo WinCinema Manager.lnk.disabled [2004-09-21 18:56:28 1687]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" -minimize
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\System32\\dpvsetup.exe"=
"C:\\WINDOWS\\System32\\ftp.exe"=
"C:\\Program Files\\Totalcmd\\TOTALCMD.EXE"=
"C:\\WINDOWS\\System32\\dplaysvr.exe"=
"E:\\Call of Duty\\CoDMP.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"E:\\AoE2\\empires2.exe"=
"E:\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 prodrv03;Star Force copy protection driver v3;C:\WINDOWS\system32\drivers\prodrv03.sys [2004-10-07 19:32]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 08:04]
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2001-08-23 12:00]
S3 MapMem;MapMem;F:\mapmem.sys []
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-{10C52ED5-0965-1051-0308-0408010301a5} - C:\Program Files\Common Files\{10C52ED5-0965-1051-0308-0408010301a5}\Update.exe
Notify-WRNotifier - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\gic2oh86.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.zoznam.sk/
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Mozilla\plugins\npnul32.dll
FF -: plugin - C:\Program Files\Mozilla\plugins\nppdf32.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 19:53:54
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"CHotkey"="zHotkey.exe"
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\ESET\ESET SMART SECURITY\EKRN.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\WINDOWS\SYSTEM32\WSCNTFY.EXE
.
**************************************************************************
.
Completion time: 2008-07-31 19:55:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-31 18:55:38
Pre-Run: 7,325,425,664 bytes free
Post-Run: 7,351,762,944 vo–něch bajtov
325
------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------
SDFix: Version 1.210
Run by Admin on çt 31.07.2008 at 19:37
Microsoft Windows XP [Verzia 5.1.2600]
Running From: C:\SDFix\SDFix
Checking Services :
Name :
{DEF85C80-216A-43ab-AF70-1665EDBE2780}
Path :
\??\C:\WINDOWS\TEMP\14EC.tmp
{DEF85C80-216A-43ab-AF70-1665EDBE2780} - Deleted
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\Temp\bca4e2da.$$$ - Deleted
C:\WINDOWS\Temp\ed47fa.$ - Deleted
C:\WINDOWS\Temp\fa56d7ec.$$$ - Deleted
Note - Files associated with the MBR Rootkit have been found on this system, to check the PC use the MBR Rootkit Detector by Gmer or CureIt by Dr.Web
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 19:43:35
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\\need for speed\\Speed.exe"="E:\\need for speed\\Speed.exe:*:Disabled:Speed"
"C:\\WINDOWS\\System32\\dpvsetup.exe"="C:\\WINDOWS\\System32\\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Disabled:ICQ Lite"
"D:\\Mimi\\Hry\\TTDX\\TTDLOADW.OVL"="D:\\Mimi\\Hry\\TTDX\\TTDLOADW.OVL:*:Disabled:TTDLOADW"
"C:\\WINDOWS\\System32\\ftp.exe"="C:\\WINDOWS\\System32\\ftp.exe:*:Enabled:File Transfer Program"
"C:\\Program Files\\Totalcmd\\TOTALCMD.EXE"="C:\\Program Files\\Totalcmd\\TOTALCMD.EXE:*:Disabled:Total Commander 32 bit international version, file manager replacement for Windows"
"E:\\TrackMania Nations\\TmNationsESWC.exe"="E:\\TrackMania Nations\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"E:\\AgeofEmpires3\\empires2.exe"="E:\\AgeofEmpires3\\empires2.exe:*:Enabled:Age of Empires II"
"C:\\WINDOWS\\System32\\dplaysvr.exe"="C:\\WINDOWS\\System32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"D:\\Mimi\\DC++\\DCPlusPlus.exe"="D:\\Mimi\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"E:\\PES5\\game\\PES5.exe"="E:\\PES5\\game\\PES5.exe:*:Disabled:pes5.exe"
"E:\\Call of Duty\\CoDMP.exe"="E:\\Call of Duty\\CoDMP.exe:*:Disabled:CoDMP"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"E:\\FM2007\\fm.exe"="E:\\FM2007\\fm.exe:*:Enabled:Football Manager 2007"
"E:\\Starcraft\\StarCraft.exe"="E:\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft"
"E:\\HoMaMIII\\HEROES3.EXE"="E:\\HoMaMIII\\HEROES3.EXE:*:Enabled:Heroes of Might and MagicR III"
"E:\\AoE2\\empires2.exe"="E:\\AoE2\\empires2.exe:*:Enabled:Age of Empires II"
"E:\\FarCry\\Bin32\\FarCry.exe"="E:\\FarCry\\Bin32\\FarCry.exe:*:Enabled:Far Cry"
"E:\\Boiling Point - Cesta do pekel\\XENUS.EXE"="E:\\Boiling Point - Cesta do pekel\\XENUS.EXE:*:Disabled:XENUS"
"E:\\Football Manager 2008\\fm.exe"="E:\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\SDFix\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 3 Mar 2008 568 A..H. --- "C:\WINDOWS\nod32fixtemdono.reg"
Mon 3 Mar 2008 5,702 A..H. --- "C:\WINDOWS\nod32restoretemdono.reg"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 22 Mar 2007 28,672 ...H. --- "C:\Documents and Settings\Admin\Application Data\Microsoft\Word\~WRL0005.tmp"
Finished!
------------------------------------------------------------------------------------------
ComboFix 08-07-31.01 - Admin 2008-07-31 19:49:28.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.81 [GMT 1:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Antispyware_Spybot - Search & Destroy
C:\Program Files\Antispyware_Spybot - Search & Destroy\advcheck.dll
C:\Program Files\Antispyware_Spybot - Search & Destroy\aports.dll
C:\Program Files\Antispyware_Spybot - Search & Destroy\blindman.exe
C:\Program Files\Antispyware_Spybot - Search & Destroy\borlndmm.dll
C:\Program Files\Antispyware_Spybot - Search & Destroy\Default configuration.ini
C:\Program Files\Antispyware_Spybot - Search & Destroy\delphimm.dll
C:\Program Files\Antispyware_Spybot - Search & Destroy\Dummies\dummy.cd_clint.dll
C:\Program Files\Antispyware_Spybot - Search & Destroy\Dummies\dummy.dap.gif
C:\Program Files\Antispyware_Spybot - Search & Destroy\Dummies\dummy.data.xml
C:\Program Files\Antispyware_Spybot - Search & Destroy\Dummies\dummy.default.gif
C:\Program Files\Antispyware_Spybot - Search & Destroy\Dummies\dummy.related.htm
C:\Program Files\Antispyware_Spybot - Search & Destroy\Help\Brasil.license.txt
C:\Program Files\Antispyware_Spybot - Search & Destroy\Help\Cesky.license.txt
C:\Program Files\Antispyware_Spybot - Search & Destroy\Help\Cesky.Resident.chm
C:\Program Files\Antispyware_Spybot - Search & Destroy\Help\Deutsch.license.txt
C:\Program Files\Antispyware_Spybot - Search & Destroy\Help\English.chm
C:\Program Files\Antispyware_Spybot - Search & Destroy\Help\English.license.txt
C:\Program Files\Antispyware_Spybot - Search & Destroy\Help\English.Resident.chm
C:\Program Files\Antispyware_Spybot - Search & Destroy\Help\Espanol.license.txt
C:\Program Files\Antispyware_Spybot - Search & Destroy\Help\Francais.license.txt
C:\Program Files\Antispyware_Spybot - Search & Destroy\Help\Italiano.license.txt
C:\Program Files\Antispyware_Spybot - Search & Destroy\Help\Japanese.license.txt
C:\Program Files\Antispyware_Spybot - Search & Destroy\Help\Nederlands.license.txt
C:\Program Files\Antispyware_Spybot - Search & Destroy\Help\Polski.license.txt
C:\Program Files\Antispyware_Spybot - Search & Destroy\Help\Slovensky.license.txt
C:\Program Files\Antispyware_Spybot - Search & Destroy\Help\Slovensky.Resident.chm
C:\Program Files\Antispyware_Spybot - Search & Destroy\Help\Srpski.license.txt
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Browserpages.sbs
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\CLSIDs.sbs
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Cookies.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Cookies.sbs
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Dialer.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Dialer.sbs
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\DialerC.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Domains.sbs
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\HeavyDuty.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Hijackers.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\HijackersC.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Keyloggers.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\KeyloggersC.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Logs.uts
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\LSP.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\LSP.sbs
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Malware.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\MalwareC.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\OperaPlugins.sbs
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\ProcWatch.sbs
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\PUPS.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\PUPSC.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\RegDFLinks.sbs
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\RegWatch.sbs
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Revision.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Revision.sbs
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Searchpages.sbs
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Security.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\SecurityC.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Services.sbs
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Spybots.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\SpybotsC.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Startup.tnfo
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Targets.nfo
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Tracks.uti
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\Trojans.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\TrojansC.sbi
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\URL-Blacklist.sbs
C:\Program Files\Antispyware_Spybot - Search & Destroy\Includes\X509White.sbs
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Arabic.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Bosanski.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Brasil.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Bulgarski.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Catalan.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Cesky.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Dansk.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Deutsch.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Eesti.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\English.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Espanol.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Esperanto.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Euskera.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Farsi.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Francais.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Galego.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Greek.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Hebrew.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Hrvatski.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Chinese (simplified).sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Chinese (traditional).sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Italiano.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Japanese.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Korean.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Latvian.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Letzebuergesch.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Lietuviu.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Magyar.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Makedonski.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Melayu.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Nederlands.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Norsk.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Polski.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Portugues.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Romaneste.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Russkiy.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Shqip.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Slovenscina.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Slovensky.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Srpski.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Suomi.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Svenska.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Thai.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Turkce.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Ukrainian.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\Languages\Uzbek.sbl
C:\Program Files\Antispyware_Spybot - Search & Destroy\messages.zres
C:\Program Files\Antispyware_Spybot - Search & Destroy\OptOut.ini
C:\Program Files\Antispyware_Spybot - Search & Destroy\Plugins\TCPIPAddress.dll
C:\Program Files\Antispyware_Spybot - Search & Destroy\SDHelper.dll
C:\Program Files\Antispyware_Spybot - Search & Destroy\Skins\Colorblind.ini
C:\Program Files\Antispyware_Spybot - Search & Destroy\Skins\Italia.ini
C:\Program Files\Antispyware_Spybot - Search & Destroy\Skins\Italia.jpg
C:\Program Files\Antispyware_Spybot - Search & Destroy\Skins\Peace.ini
C:\Program Files\Antispyware_Spybot - Search & Destroy\Skins\Peace.jpg
C:\Program Files\Antispyware_Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Antispyware_Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Antispyware_Spybot - Search & Destroy\Tools.dll
C:\Program Files\Antispyware_Spybot - Search & Destroy\unins000.dat
C:\Program Files\Antispyware_Spybot - Search & Destroy\unins000.exe
C:\Program Files\Antispyware_Spybot - Search & Destroy\UnzDll.dll
C:\Program Files\Antispyware_Spybot - Search & Destroy\Update.exe
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\advcheck.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\advcheck15.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\advcheck151.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\advcheck152.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\advcheck153.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\clsid.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\desc.english.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\downloaded.ini
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\help.cesky.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\help.english.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\helpres.cesky.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\helpres.english.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\helpres.slovensky.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\includes.dialer.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\includes.hijackers.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\includes.keyloggers.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\includes.malware.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\includes.pups.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\includes.security.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\includes.spybots.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\includes.trojans.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\includes.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\lang.cesky.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\lang.english.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\lang.slovensky.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\mainapp152.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\online.ini
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\plugtcpip.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\sbsd152upd.exe
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\sbsd152upd.wem
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\skins.main.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\startup.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\tools.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\tools15.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\Updates\tools212.zip
C:\Program Files\Antispyware_Spybot - Search & Destroy\ZipDll.dll
C:\Program Files\Common Files\{10C52~1
C:\Program Files\Common Files\{10C52~2
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\mhjnfpskaq.dat
C:\WINDOWS\system32\mhjnfpskaq_nav.dat
C:\WINDOWS\system32\mhjnfpskaq_navps.dat
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\obmtjiuvsn_navtmp.dat
C:\WINDOWS\system32\trdphnu_navtmp.dat
C:\WINDOWS\system32\valeva.dat
C:\WINDOWS\system32\valeva.exe
C:\WINDOWS\system32\valeva_nav.dat
C:\WINDOWS\system32\valeva_navps.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_{DEF85C80-216A-43AB-AF70-1665EDBE2780}
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-31 )))))))))))))))))))))))))))))))
.
2009-04-08 11:36 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg
2009-04-08 11:36 . 2008-03-03 18:21 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2009-04-08 11:32 . 2009-04-08 11:32 <DIR> d-------- C:\Program Files\ESET
2009-03-02 15:46 . 2009-03-02 15:46 <DIR> d-------- C:\Program Files\Opera
2009-02-25 14:54 . 2006-02-28 08:53 2,936,832 --a------ C:\WINDOWS\system32\MA2_6.scr
2009-01-31 15:14 . 2009-01-31 15:14 <DIR> d--hs---- C:\FOUND.001
2009-01-22 22:10 . 2004-08-04 09:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2009-01-22 20:32 . 2009-01-22 20:32 <DIR> d-------- C:\Program Files\Winamp
2009-01-22 20:32 . 2007-03-08 00:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2009-01-04 20:25 . 2009-01-04 20:25 <DIR> d--hs---- C:\FOUND.000
2008-07-31 19:36 . 2008-07-31 19:36 577,024 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2008-07-31 19:35 . 2008-07-31 19:35 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-31 19:31 . 2008-07-31 19:31 <DIR> d-------- C:\SDFix
2008-07-31 19:17 . 2008-07-31 19:17 <DIR> d-------- C:\Documents and Settings\Admin\DoctorWeb
2008-07-30 19:01 . 2008-07-30 19:01 <DIR> d--hs---- C:\FOUND.002
2008-07-16 08:59 . 2008-07-16 08:59 <DIR> d-------- C:\Program Files\QIP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-22 19:32 --------- d-----w C:\Documents and Settings\Admin\Application Data\Winamp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56 15360]
"OM_Monitor"="C:\Program Files\OLYMPUS Master\Monitor.exe" [2005-11-29 19:19 57344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-07-15 11:42 4112384]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-07-15 11:42 81920]
"OM_Monitor"="C:\Program Files\OLYMPUS Master\FirstStart.exe" [2005-11-29 19:19 40960]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 13:06 40048]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
"nwiz"="nwiz.exe" [2004-07-15 11:42 843776 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2003-12-19 11:53 65024 C:\WINDOWS\SOUNDMAN.EXE]
"CHotkey"="zHotkey.exe" [2003-07-29 18:06 515584 C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2003-09-19 09:09 36864 C:\WINDOWS\ShowWnd.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:56 15360]
C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
SaveSnap.lnk.disabled [2007-09-19 21:24:12 646]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office2000\Office\OSA9.EXE [1999-02-18 02:05:56 65588]
HP Digital Imaging Monitor.lnk.disabled [2006-12-24 21:10:12 1718]
InterVideo WinCinema Manager.lnk.disabled [2004-09-21 18:56:28 1687]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" -minimize
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\System32\\dpvsetup.exe"=
"C:\\WINDOWS\\System32\\ftp.exe"=
"C:\\Program Files\\Totalcmd\\TOTALCMD.EXE"=
"C:\\WINDOWS\\System32\\dplaysvr.exe"=
"E:\\Call of Duty\\CoDMP.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"E:\\AoE2\\empires2.exe"=
"E:\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 prodrv03;Star Force copy protection driver v3;C:\WINDOWS\system32\drivers\prodrv03.sys [2004-10-07 19:32]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 08:04]
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2001-08-23 12:00]
S3 MapMem;MapMem;F:\mapmem.sys []
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-{10C52ED5-0965-1051-0308-0408010301a5} - C:\Program Files\Common Files\{10C52ED5-0965-1051-0308-0408010301a5}\Update.exe
Notify-WRNotifier - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\gic2oh86.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.zoznam.sk/
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Mozilla\plugins\npnul32.dll
FF -: plugin - C:\Program Files\Mozilla\plugins\nppdf32.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 19:53:54
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"CHotkey"="zHotkey.exe"
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\ESET\ESET SMART SECURITY\EKRN.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\WINDOWS\SYSTEM32\WSCNTFY.EXE
.
**************************************************************************
.
Completion time: 2008-07-31 19:55:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-31 18:55:38
Pre-Run: 7,325,425,664 bytes free
Post-Run: 7,351,762,944 vo–něch bajtov
325
------------------------------------------------------------------------------------------