Dik Palo.
Spoiler: ukázať
ComboFix 08-12-12.01 - pavol 2008-12-12 21:50:44.1 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1250.1.1051.18.998 [GMT 1:00]
Running from: c:\users\pavol\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\x64
.
((((((((((((((((((((((((( Files Created from 2008-11-12 to 2008-12-12 )))))))))))))))))))))))))))))))
.
2008-12-12 22:14 . 2008-12-12 22:15 307,326,381 --a------ c:\windows\MEMORY.DMP
2008-12-11 17:01 . 2008-12-11 17:01 1,246,752 --a------ c:\windows\System32\AutoPartNt.exe
2008-12-11 17:01 . 2008-12-11 17:02 1,024 --a------ c:\windows\System32\AutoPartNt.let
2008-12-10 15:06 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-09 12:27 . 2008-12-09 12:27 <DIR> d-------- c:\program files\Noel Danjou
2008-12-05 00:11 . 2008-12-05 00:12 <DIR> d-------- c:\program files\Opera
2008-12-02 01:05 . 2008-12-08 23:55 <DIR> d-------- c:\program files\Free Video Converter
2008-12-02 01:04 . 2008-12-02 01:04 <DIR> d-------- c:\users\pavol\AppData\Roaming\vlc
2008-12-02 00:59 . 2006-06-22 12:44 2,201,224 --a------ c:\windows\System32\Flash9.ocx
2008-11-29 19:11 . 2008-11-29 19:12 <DIR> d-------- c:\users\pavol\AppData\Roaming\Kaspersky_Key_Finder_(KKF
2008-11-29 18:57 . 2008-11-29 18:57 <DIR> d-------- c:\program files\Kaspersky Lab
2008-11-26 14:49 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 14:49 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 14:49 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 14:49 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 14:49 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-24 22:27 . 2008-11-24 22:27 <DIR> d-------- c:\users\pavol\AppData\Roaming\PC Tools
2008-11-24 22:27 . 2008-12-11 16:20 <DIR> d-------- c:\program files\Spyware Doctor
2008-11-24 22:27 . 2008-11-24 22:30 81,288 --a------ c:\windows\System32\drivers\iksyssec.sys
2008-11-24 22:27 . 2008-11-24 22:30 66,952 --a------ c:\windows\System32\drivers\iksysflt.sys
2008-11-24 22:27 . 2008-11-24 22:30 40,840 --a------ c:\windows\System32\drivers\ikfilesec.sys
2008-11-24 22:27 . 2008-06-02 15:19 29,576 --a------ c:\windows\System32\drivers\kcom.sys
2008-11-24 20:25 . 2008-11-24 21:39 <DIR> d-------- c:\program files\QIP
2008-11-23 20:22 . 2008-11-23 21:33 <DIR> d-------- c:\users\All Users\Acronis
2008-11-23 20:22 . 2008-11-23 21:33 <DIR> d-------- c:\programdata\Acronis
2008-11-23 20:10 . 2008-11-23 20:10 392,320 --a------ c:\windows\System32\drivers\timntr.sys
2008-11-23 20:10 . 2008-11-23 20:10 32,768 --a------ c:\windows\System32\drivers\tifsfilt.sys
2008-11-23 20:09 . 2008-11-23 20:09 <DIR> d-------- c:\program files\Common Files\Acronis
2008-11-23 20:09 . 2008-11-23 20:09 <DIR> d-------- c:\program files\Acronis
2008-11-23 20:09 . 2008-11-23 20:09 114,048 --a------ c:\windows\System32\drivers\snapman.sys
2008-11-23 13:26 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-23 13:26 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-23 13:26 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-23 13:26 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-23 13:26 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-23 13:26 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-23 13:26 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-23 13:26 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-23 13:26 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-23 00:07 . 2008-11-23 00:07 <DIR> d-------- c:\users\All Users\DigitalChocolate
2008-11-23 00:07 . 2008-11-23 00:07 <DIR> d-------- c:\programdata\DigitalChocolate
2008-11-23 00:06 . 2008-11-23 00:06 <DIR> d-------- C:\games
2008-11-21 21:09 . 2008-11-21 21:09 <DIR> d-------- c:\users\pavol\AppData\Roaming\Malwarebytes
2008-11-21 21:09 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-21 21:09 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-21 21:08 . 2008-11-21 21:08 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-11-21 21:08 . 2008-11-21 21:08 <DIR> d-------- c:\programdata\Malwarebytes
2008-11-21 21:08 . 2008-12-12 00:13 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-12 16:34 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 16:34 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 16:34 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 17:26 --------- d-----w c:\programdata\TrackMania
2008-12-11 23:11 --------- d---a-w c:\programdata\TEMP
2008-12-11 17:30 --------- d-----w c:\program files\SUPERAntiSpyware
2008-12-10 21:58 --------- d-----w c:\program files\Windows Mail
2008-12-09 11:42 921,632 ----a-w C:\PA207.DAT
2008-12-03 18:57 --------- d-----w c:\programdata\Test Drive Unlimited
2008-12-02 21:59 --------- d-----w c:\program files\Google
2008-11-29 18:54 --------- d-----w c:\users\pavol\AppData\Roaming\uTorrent
2008-11-21 20:45 --------- d-----w c:\users\pavol\AppData\Roaming\Desktopicon
2008-11-21 14:54 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-21 14:43 --------- d-----w c:\programdata\Kaspersky Lab Setup Files
2008-11-17 21:11 --------- d-----w c:\program files\Folding@home
2008-11-15 02:37 --------- d-----w c:\programdata\NVIDIA
2008-11-13 16:40 --------- d-----w c:\program files\AGEIA Technologies
2008-11-06 20:07 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-06 20:07 --------- d-----w c:\program files\Rail Simulator
2008-11-06 19:12 --------- d-----w c:\programdata\Media Center Programs
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll
2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-27 10:24 6,656 ----a-w c:\windows\System32\lpcio.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-03 19:35 174 --sha-w c:\program files\desktop.ini
2008-02-05 12:21 2 --shatr c:\windows\winstart.bat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-08-06 115560]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1282048]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 92704]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.10\RivaTunerWrapper.exe" [2008-08-31 24576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13584928]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-11 18:30 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.10\RivaTunerWrapper.exe" /S
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"AcronisTimounterMonitor"=c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{728C9AE3-A676-4C5A-8E84-49B28C7280A7}"= UDP:c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
"{E377EF79-4CF6-48E6-B24E-174A870FBCE4}"= TCP:c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
"{B99D1343-ECFA-4797-A58A-7055D1FEC69A}"= UDP:c:\program files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
"{7D776505-86EA-4887-9528-C95E36AF84CB}"= TCP:c:\program files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
"{97904C1A-CBB9-4628-AD81-F7D35785C3A7}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{5C373315-8EDA-4839-82FF-4471DFC346C2}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{B6805A1D-0C1E-4526-AEAC-187DCC9C959C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4BB28799-0E2C-4E27-8EF1-7AC0F98C71FB}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{9A2BD610-1F0E-486F-83F4-3178B78C80B1}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{0CDF96DD-9072-4B3F-89E8-B224CB1B4381}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{4585A654-CB2F-4B9C-B36F-A9CE8CC714A7}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{72ADB84D-B115-42A7-B76B-78A6147D1757}c:\\users\\pavol\\desktop\\hry\\tdu rip\\files\\[pc] test drive unlimited [rip] [dopeman]\\testdriveunlimited.exe"= UDP:c:\users\pavol\desktop\hry\tdu rip\files\[pc] test drive unlimited [rip] [dopeman]\testdriveunlimited.exe:testdriveunlimited.exe
"UDP Query User{A7F98C89-589E-49DA-82C6-EA288D408A8E}c:\\users\\pavol\\desktop\\hry\\tdu rip\\files\\[pc] test drive unlimited [rip] [dopeman]\\testdriveunlimited.exe"= TCP:c:\users\pavol\desktop\hry\tdu rip\files\[pc] test drive unlimited [rip] [dopeman]\testdriveunlimited.exe:testdriveunlimited.exe
"TCP Query User{DC5AF3BE-46FA-4FFB-8146-B2A238E97519}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{81E0BCAE-C8C7-4E85-A563-CF807E13ACCB}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{BDD0390C-515E-4997-A769-9D4EDF5B1D7E}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\czech\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\czech\setup.exe:Kaspersky Anti-Virus 2009 Setup
"UDP Query User{677162D4-1452-4178-BB38-571AA149324F}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\czech\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\czech\setup.exe:Kaspersky Anti-Virus 2009 Setup
R1 PSched;QoS Packet Scheduler;c:\windows\system32\DRIVERS\pacer.sys [2008-07-09 72192]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-08-19 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-08-19 55024]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-10 99376]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2008-07-18 4224]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2007-05-29 23888]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-08-11 13352]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\PFC027.SYS [2006-11-20 506112]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-08-19 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-11-24 356920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1aea2959-c07b-11dc-a65e-eba62ca24507}]
\shell\AutoRun\command - L:\USBNB.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff1b17b6-307f-11dd-8742-001cc4d4f4d5}]
\shell\AutoRun\command - J:\t9peum02.exe
\shell\explore\Command - J:\t9peum02.exe
\shell\open\Command - J:\t9peum02.exe
.
Contents of the 'Scheduled Tasks' folder
2008-12-12 c:\windows\Tasks\User_Feed_Synchronization-{3BC93973-25FF-429F-902C-DB978FB3FE92}.job
- c:\windows\system32\msfeedssync.exe [2008-01-18 22:33]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-Symantec Antvirus
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/" onclick="window.open(this.href);return false;
uInternet Settings,ProxyOverride = *.local
IE: &Stáhnout &vše FlashGetem - c:\program files\FlashGet\jc_all.htm
c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab3.cab" onclick="window.open(this.href);return false;
c:\windows\Downloaded Program Files\SysReqLab3.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2008-12-12 22:17:24
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(772)
c:\windows\system32\relog_ap.dll
- - - - - - - > 'Explorer.exe'(1152)
c:\windows\system32\ieframe.dll
c:\windows\system32\NetworkExplorer.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\System32\AEADISRV.EXE
c:\windows\System32\IoctlSvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-12-12 22:21:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-12 21:21:27
Pre-Run: 43 139 452 928 bytes free
Post-Run: 43,517,550,592 bytes free
241 --- E O F --- 2008-12-11 15:29:32
Microsoft® Windows Vista™ Business 6.0.6001.1.1250.1.1051.18.998 [GMT 1:00]
Running from: c:\users\pavol\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\x64
.
((((((((((((((((((((((((( Files Created from 2008-11-12 to 2008-12-12 )))))))))))))))))))))))))))))))
.
2008-12-12 22:14 . 2008-12-12 22:15 307,326,381 --a------ c:\windows\MEMORY.DMP
2008-12-11 17:01 . 2008-12-11 17:01 1,246,752 --a------ c:\windows\System32\AutoPartNt.exe
2008-12-11 17:01 . 2008-12-11 17:02 1,024 --a------ c:\windows\System32\AutoPartNt.let
2008-12-10 15:06 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-09 12:27 . 2008-12-09 12:27 <DIR> d-------- c:\program files\Noel Danjou
2008-12-05 00:11 . 2008-12-05 00:12 <DIR> d-------- c:\program files\Opera
2008-12-02 01:05 . 2008-12-08 23:55 <DIR> d-------- c:\program files\Free Video Converter
2008-12-02 01:04 . 2008-12-02 01:04 <DIR> d-------- c:\users\pavol\AppData\Roaming\vlc
2008-12-02 00:59 . 2006-06-22 12:44 2,201,224 --a------ c:\windows\System32\Flash9.ocx
2008-11-29 19:11 . 2008-11-29 19:12 <DIR> d-------- c:\users\pavol\AppData\Roaming\Kaspersky_Key_Finder_(KKF
2008-11-29 18:57 . 2008-11-29 18:57 <DIR> d-------- c:\program files\Kaspersky Lab
2008-11-26 14:49 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 14:49 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 14:49 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 14:49 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 14:49 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-24 22:27 . 2008-11-24 22:27 <DIR> d-------- c:\users\pavol\AppData\Roaming\PC Tools
2008-11-24 22:27 . 2008-12-11 16:20 <DIR> d-------- c:\program files\Spyware Doctor
2008-11-24 22:27 . 2008-11-24 22:30 81,288 --a------ c:\windows\System32\drivers\iksyssec.sys
2008-11-24 22:27 . 2008-11-24 22:30 66,952 --a------ c:\windows\System32\drivers\iksysflt.sys
2008-11-24 22:27 . 2008-11-24 22:30 40,840 --a------ c:\windows\System32\drivers\ikfilesec.sys
2008-11-24 22:27 . 2008-06-02 15:19 29,576 --a------ c:\windows\System32\drivers\kcom.sys
2008-11-24 20:25 . 2008-11-24 21:39 <DIR> d-------- c:\program files\QIP
2008-11-23 20:22 . 2008-11-23 21:33 <DIR> d-------- c:\users\All Users\Acronis
2008-11-23 20:22 . 2008-11-23 21:33 <DIR> d-------- c:\programdata\Acronis
2008-11-23 20:10 . 2008-11-23 20:10 392,320 --a------ c:\windows\System32\drivers\timntr.sys
2008-11-23 20:10 . 2008-11-23 20:10 32,768 --a------ c:\windows\System32\drivers\tifsfilt.sys
2008-11-23 20:09 . 2008-11-23 20:09 <DIR> d-------- c:\program files\Common Files\Acronis
2008-11-23 20:09 . 2008-11-23 20:09 <DIR> d-------- c:\program files\Acronis
2008-11-23 20:09 . 2008-11-23 20:09 114,048 --a------ c:\windows\System32\drivers\snapman.sys
2008-11-23 13:26 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-23 13:26 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-23 13:26 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-23 13:26 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-23 13:26 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-23 13:26 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-23 13:26 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-23 13:26 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-23 13:26 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-23 00:07 . 2008-11-23 00:07 <DIR> d-------- c:\users\All Users\DigitalChocolate
2008-11-23 00:07 . 2008-11-23 00:07 <DIR> d-------- c:\programdata\DigitalChocolate
2008-11-23 00:06 . 2008-11-23 00:06 <DIR> d-------- C:\games
2008-11-21 21:09 . 2008-11-21 21:09 <DIR> d-------- c:\users\pavol\AppData\Roaming\Malwarebytes
2008-11-21 21:09 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-21 21:09 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-21 21:08 . 2008-11-21 21:08 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-11-21 21:08 . 2008-11-21 21:08 <DIR> d-------- c:\programdata\Malwarebytes
2008-11-21 21:08 . 2008-12-12 00:13 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-12 16:34 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 16:34 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 16:34 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 17:26 --------- d-----w c:\programdata\TrackMania
2008-12-11 23:11 --------- d---a-w c:\programdata\TEMP
2008-12-11 17:30 --------- d-----w c:\program files\SUPERAntiSpyware
2008-12-10 21:58 --------- d-----w c:\program files\Windows Mail
2008-12-09 11:42 921,632 ----a-w C:\PA207.DAT
2008-12-03 18:57 --------- d-----w c:\programdata\Test Drive Unlimited
2008-12-02 21:59 --------- d-----w c:\program files\Google
2008-11-29 18:54 --------- d-----w c:\users\pavol\AppData\Roaming\uTorrent
2008-11-21 20:45 --------- d-----w c:\users\pavol\AppData\Roaming\Desktopicon
2008-11-21 14:54 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-21 14:43 --------- d-----w c:\programdata\Kaspersky Lab Setup Files
2008-11-17 21:11 --------- d-----w c:\program files\Folding@home
2008-11-15 02:37 --------- d-----w c:\programdata\NVIDIA
2008-11-13 16:40 --------- d-----w c:\program files\AGEIA Technologies
2008-11-06 20:07 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-06 20:07 --------- d-----w c:\program files\Rail Simulator
2008-11-06 19:12 --------- d-----w c:\programdata\Media Center Programs
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll
2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-27 10:24 6,656 ----a-w c:\windows\System32\lpcio.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-03 19:35 174 --sha-w c:\program files\desktop.ini
2008-02-05 12:21 2 --shatr c:\windows\winstart.bat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-08-06 115560]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1282048]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 92704]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.10\RivaTunerWrapper.exe" [2008-08-31 24576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13584928]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-11 18:30 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.10\RivaTunerWrapper.exe" /S
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"AcronisTimounterMonitor"=c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{728C9AE3-A676-4C5A-8E84-49B28C7280A7}"= UDP:c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
"{E377EF79-4CF6-48E6-B24E-174A870FBCE4}"= TCP:c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
"{B99D1343-ECFA-4797-A58A-7055D1FEC69A}"= UDP:c:\program files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
"{7D776505-86EA-4887-9528-C95E36AF84CB}"= TCP:c:\program files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
"{97904C1A-CBB9-4628-AD81-F7D35785C3A7}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{5C373315-8EDA-4839-82FF-4471DFC346C2}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{B6805A1D-0C1E-4526-AEAC-187DCC9C959C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4BB28799-0E2C-4E27-8EF1-7AC0F98C71FB}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{9A2BD610-1F0E-486F-83F4-3178B78C80B1}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{0CDF96DD-9072-4B3F-89E8-B224CB1B4381}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{4585A654-CB2F-4B9C-B36F-A9CE8CC714A7}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{72ADB84D-B115-42A7-B76B-78A6147D1757}c:\\users\\pavol\\desktop\\hry\\tdu rip\\files\\[pc] test drive unlimited [rip] [dopeman]\\testdriveunlimited.exe"= UDP:c:\users\pavol\desktop\hry\tdu rip\files\[pc] test drive unlimited [rip] [dopeman]\testdriveunlimited.exe:testdriveunlimited.exe
"UDP Query User{A7F98C89-589E-49DA-82C6-EA288D408A8E}c:\\users\\pavol\\desktop\\hry\\tdu rip\\files\\[pc] test drive unlimited [rip] [dopeman]\\testdriveunlimited.exe"= TCP:c:\users\pavol\desktop\hry\tdu rip\files\[pc] test drive unlimited [rip] [dopeman]\testdriveunlimited.exe:testdriveunlimited.exe
"TCP Query User{DC5AF3BE-46FA-4FFB-8146-B2A238E97519}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{81E0BCAE-C8C7-4E85-A563-CF807E13ACCB}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{BDD0390C-515E-4997-A769-9D4EDF5B1D7E}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\czech\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\czech\setup.exe:Kaspersky Anti-Virus 2009 Setup
"UDP Query User{677162D4-1452-4178-BB38-571AA149324F}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\czech\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\czech\setup.exe:Kaspersky Anti-Virus 2009 Setup
R1 PSched;QoS Packet Scheduler;c:\windows\system32\DRIVERS\pacer.sys [2008-07-09 72192]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-08-19 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-08-19 55024]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-10 99376]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2008-07-18 4224]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2007-05-29 23888]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-08-11 13352]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\PFC027.SYS [2006-11-20 506112]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-08-19 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-11-24 356920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1aea2959-c07b-11dc-a65e-eba62ca24507}]
\shell\AutoRun\command - L:\USBNB.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff1b17b6-307f-11dd-8742-001cc4d4f4d5}]
\shell\AutoRun\command - J:\t9peum02.exe
\shell\explore\Command - J:\t9peum02.exe
\shell\open\Command - J:\t9peum02.exe
.
Contents of the 'Scheduled Tasks' folder
2008-12-12 c:\windows\Tasks\User_Feed_Synchronization-{3BC93973-25FF-429F-902C-DB978FB3FE92}.job
- c:\windows\system32\msfeedssync.exe [2008-01-18 22:33]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-Symantec Antvirus
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/" onclick="window.open(this.href);return false;
uInternet Settings,ProxyOverride = *.local
IE: &Stáhnout &vše FlashGetem - c:\program files\FlashGet\jc_all.htm
c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab3.cab" onclick="window.open(this.href);return false;
c:\windows\Downloaded Program Files\SysReqLab3.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2008-12-12 22:17:24
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(772)
c:\windows\system32\relog_ap.dll
- - - - - - - > 'Explorer.exe'(1152)
c:\windows\system32\ieframe.dll
c:\windows\system32\NetworkExplorer.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\System32\AEADISRV.EXE
c:\windows\System32\IoctlSvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-12-12 22:21:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-12 21:21:27
Pre-Run: 43 139 452 928 bytes free
Post-Run: 43,517,550,592 bytes free
241 --- E O F --- 2008-12-11 15:29:32
Spoiler: ukázať
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:36:41, on 12. 12. 2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\system32\AEADISRV.EXE
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Explorer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Users\pavol\Desktop\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157" onclick="window.open(this.href);return false;
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.10\RivaTunerWrapper.exe" /S
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net ... plugin.cab" onclick="window.open(this.href);return false;
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab" onclick="window.open(this.href);return false;
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab" onclick="window.open(this.href);return false;
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab" onclick="window.open(this.href);return false;
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Aplikace Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Aplikace Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Aplikace Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
--
End of file - 7260 bytes
Scan saved at 22:36:41, on 12. 12. 2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\system32\AEADISRV.EXE
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Explorer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Users\pavol\Desktop\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157" onclick="window.open(this.href);return false;
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.10\RivaTunerWrapper.exe" /S
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net ... plugin.cab" onclick="window.open(this.href);return false;
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab" onclick="window.open(this.href);return false;
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab" onclick="window.open(this.href);return false;
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab" onclick="window.open(this.href);return false;
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Aplikace Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Aplikace Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Aplikace Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
--
End of file - 7260 bytes
