ComboFix 08-07-05.1 - ` 2008-07-06 19:20:24.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1033.18.840 [GMT 2:00]
Running from: C:\Users`\Downloads\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\AutoRun.inf
.
((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))
.
2008-07-05 23:52 . 2008-07-05 23:52
2008-07-05 22:54 . 2008-07-05 22:54
2008-07-05 22:54 . 2008-07-05 22:54
2008-07-05 22:54 . 2008-07-05 22:54
2008-07-05 22:54 . 2008-07-05 22:54
2008-07-05 22:54 . 2008-07-05 22:54
2008-07-05 22:54 . 2008-07-05 22:54
2008-07-05 22:54 . 2008-07-05 22:54
2008-07-05 22:54 . 2008-07-05 22:54
2008-07-05 22:49 . 2008-07-05 22:50 36,429,824 --a------ C:\Windows\System32\ZTCUQAELEYG
2008-07-05 22:34 . 2008-07-05 22:34
2008-07-05 21:37 . 2008-07-05 21:37
2008-07-05 21:37 . 2008-07-05 21:37 52,736 --a------ C:\Windows\ipuninst.exe
2008-07-02 00:42 . 2008-07-06 10:27
2008-07-01 23:37 . 2008-07-06 10:43
2008-07-01 23:37 . 2008-07-06 19:17
2008-07-01 23:37 . 2008-07-06 10:43
2008-07-01 23:37 . 2008-07-06 19:17
2008-07-01 23:37 . 2008-07-01 23:37 141,312 --a------ C:\Windows\System32\drivers\sp_rsdrv2.sys
2008-07-01 23:14 . 2008-07-01 23:14
2008-07-01 23:11 . 2007-01-18 14:00 3,968 --a------ C:\Windows\System32\drivers\AvgArCln.sys
2008-07-01 17:30 . 2008-07-01 17:30 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-07-01 13:36 . 2008-07-01 13:36
2008-07-01 11:09 . 2008-01-19 09:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
2008-07-01 11:08 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-07-01 11:07 . 2008-01-19 09:32 5,714,432 --a------ C:\Windows\System32\logon.scr
2008-07-01 11:06 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-07-01 11:05 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-07-01 11:05 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-07-01 11:05 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-07-01 11:05 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-07-01 11:05 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-07-01 11:04 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-07-01 11:04 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-07-01 11:04 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-07-01 11:04 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-07-01 11:04 . 2006-11-02 11:39 6,656 --a------ C:\Windows\System32\kbd106.dll
2008-06-29 22:16 . 2008-06-29 22:16
2008-06-29 19:57 . 2008-06-29 19:57
2008-06-29 19:47 . 2008-06-29 19:47
2008-06-29 19:47 . 2008-06-29 19:47 0 --a------ C:\Windows\DXT6958.tmp
2008-06-29 19:44 . 2008-06-29 19:44 0 --a------ C:\Windows\DXT9DA2.tmp
2008-06-29 19:44 . 2008-06-29 19:44 0 --a------ C:\Windows\DXT9D72.tmp
2008-06-29 19:42 . 2008-06-29 19:42
2008-06-29 19:28 . 2008-06-29 19:28
2008-06-29 10:32 . 1999-12-13 01:01 44,032 --------- C:\Windows\System32\CTSVCCDA.EXE
2008-06-29 10:32 . 1999-11-18 01:00 25,088 --------- C:\Windows\System32\CTSVCCTL.EXE
2008-06-28 22:23 . 2008-07-06 19:28 4 --a------ C:\Windows\System32\msdbcrpt.kar.{de6af992-0620-498f-922f-79ce716e7a55}
2008-06-28 22:23 . 2008-07-06 19:28 4 --a------ C:\Windows\System32\fsdbcrpt.kar.{de6af992-0620-498f-922f-79ce716e7a55}
2008-06-28 22:19 . 2008-06-28 22:19
2008-06-28 22:16 . 2008-06-28 22:16
2008-06-28 14:15 . 2008-06-28 14:15
2008-06-28 14:15 . 2008-07-05 22:29
2008-06-28 14:15 . 2008-06-10 21:22 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-06-28 14:15 . 2008-06-02 15:19 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-06-28 14:15 . 2008-06-02 15:19 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-06-28 14:15 . 2008-06-02 15:19 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-06-28 14:04 . 2008-05-16 01:18 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-06-28 14:03 . 2008-06-28 14:03
2008-06-28 13:30 . 2008-06-28 13:30
2008-06-28 13:30 . 2008-06-28 13:30
2008-06-18 13:04 . 2008-06-18 13:04
2008-06-17 11:43 . 2008-06-17 11:43
2008-06-17 11:40 . 2008-06-17 11:43
2008-06-17 11:27 . 2008-06-17 11:27
2008-06-17 10:15 . 2008-06-17 10:15 0 --a------ C:\Windows\nsreg.dat
2008-06-14 18:48 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 18:48 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 18:48 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 18:48 . 2008-01-19 09:33 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-06-14 18:48 . 2008-01-19 09:33 69,632 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-06-14 18:48 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-14 00:45 . 2008-06-14 00:45
2008-06-14 00:45 . 2008-06-14 00:45
2008-06-13 13:18 . 2008-06-13 13:18
2008-06-13 11:44 . 2008-06-13 11:44
2008-06-13 10:25 . 2008-06-13 10:25
2008-06-13 10:25 . 2008-06-13 10:25
2008-06-13 10:24 . 2008-06-13 10:25
2008-06-13 10:24 . 2008-06-13 10:25
2008-06-12 20:17 . 2008-06-17 11:43
2008-06-12 20:07 . 2004-11-08 11:00 523,024 --------- C:\Windows\System32\msxml.dll
2008-06-12 20:06 . 2008-06-17 10:38
2008-06-11 19:40 . 2008-06-11 19:40
2008-06-11 19:40 . 2008-06-11 19:40
2008-06-11 18:45 . 2008-06-11 18:45
2008-06-11 14:01 . 2008-07-06 12:11
2008-06-10 19:58 . 2008-06-10 19:58
2008-06-10 15:25 . 2008-06-13 19:09
2008-06-10 15:25 . 2008-06-13 17:50
2008-06-06 13:06 . 2008-06-06 13:06
2008-06-06 13:06 . 1998-10-07 12:54 327,168 --a------ C:\Windows\IsUn0415.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 17:22 --------- d-----w C:\Users`\AppData\Roaming\uTorrent
2008-07-06 17:21 --------- d—a-w C:\ProgramData\TEMP
2008-07-06 16:23 --------- d-----w C:\ProgramData\Roxio
2008-07-06 10:02 --------- d-----w C:\Users`\AppData\Roaming\Skype
2008-07-06 07:54 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-07-06 07:46 --------- d-----w C:\Program Files\Google
2008-07-06 07:16 --------- d-----w C:\Users`\AppData\Roaming\skypePM
2008-07-05 20:50 26,955 ----a-w C:\Users`\AppData\Roaming\nvModes.dat
2008-07-01 13:27 --------- d-----w C:\ProgramData\Creative
2008-07-01 11:55 --------- d-----w C:\ProgramData\NVIDIA
2008-07-01 11:50 174 --sha-w C:\Program Files\desktop.ini
2008-07-01 11:37 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-01 11:37 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-07-01 11:37 --------- d-----w C:\Program Files\Windows Mail
2008-07-01 11:37 --------- d-----w C:\Program Files\Windows Journal
2008-07-01 11:37 --------- d-----w C:\Program Files\Windows Defender
2008-07-01 11:37 --------- d-----w C:\Program Files\Windows Collaboration
2008-07-01 11:37 --------- d-----w C:\Program Files\Windows Calendar
2008-07-01 11:22 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-07-01 11:22 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-29 20:29 --------- d-----w C:\Program Files\Microsoft Games
2008-06-29 08:35 --------- d–h--w C:\Program Files\Creative Installation Information
2008-06-29 08:29 409,600 ----a-w C:\Windows\System32\wrap_oal.dll
2008-06-29 08:29 114,688 ----a-w C:\Windows\System32\OpenAL32.dll
2008-06-29 07:11 --------- d-----w C:\Program Files\WinTV
2008-06-28 22:30 --------- d-----w C:\Users`\AppData\Roaming\BearShare
2008-06-28 11:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-28 11:25 --------- d-----w C:\ProgramData\Symantec
2008-06-18 11:43 --------- d-----w C:\Users`\AppData\Roaming\Roxio
2008-06-15 11:13 --------- d-----w C:\Program Files\BearShare Applications
2008-06-14 17:34 722 ----a-w C:\Users`\AppData\Roaming\wklnhst.dat
2008-06-13 17:51 --------- d-----w C:\ProgramData{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
2008-06-13 17:51 --------- d-----w C:\Program Files\Modem Diagnostic Tool
2008-06-13 17:50 --------- d-----w C:\Users`\AppData\Roaming\LimeWire
2008-06-13 06:22 --------- d-----w C:\Program Files\Yahoo!
2008-06-10 20:14 --------- d-----w C:\ProgramData\Dell
2008-06-10 15:59 --------- d-----w C:\Users`\AppData\Roaming\GHISLER
2008-06-10 15:58 --------- d-----w C:\Program Files\MoorHunt
2008-06-10 08:55 --------- d-----w C:\ProgramData\HPSSUPPLY
2008-05-15 20:26 --------- d-----w C:\Program Files\Common Files\Onet.pl
2008-05-15 20:25 --------- d-----w C:\Users`\AppData\Roaming\Flircik
2008-05-15 20:25 --------- d-----w C:\Users`\AppData\Roaming\AutoUpdate
2008-05-10 01:33 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-04-29 03:54 181,760 ----a-w C:\Windows\System32\fsquirt.exe
2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll
2007-12-26 19:36 32 ----a-w C:\Users\All Users\ezsid.dat
2007-12-26 19:36 32 ----a-w C:\ProgramData\ezsid.dat
2007-11-20 19:07 76 --sh–r C:\Windows\CT4CET.bin
2008-01-17 17:16 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-17 17:16 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-17 17:16 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“uTorrent”=“C:\Users`\Program Files\uTorrent\uTorrent.exe” [2008-02-08 19:34 219952]
“DellSupportCenter”=“C:\Program Files\Dell Support Center\bin\sprtcmd.exe” [2007-11-15 11:23 202544]
“ISUSPM”=“C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” [2006-03-20 19:34 213936]
“WMPNSCFG”=“C:\Program Files\Windows Media Player\WMPNSCFG.exe” [2008-01-19 09:33 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ECenter”=“C:\Dell\E-Center\EULALauncher.exe” [2007-05-25 08:03 17920]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2007-04-28 02:35 857648]
“OEM02Mon.exe”=“C:\Windows\OEM02Mon.exe” [2007-08-29 07:54 36864]
“SunJavaUpdateSched”=“c:\Program Files\Java\jre1.6.0\bin\jusched.exe” [2007-11-20 20:59 77824]
“UpdReg”=“C:\Windows\UpdReg.EXE” [2000-05-11 01:00 90112]
“DELL Webcam Manager”=“C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe” [2007-07-27 18:43 118784]
“ISUSScheduler”=“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” [2006-03-20 19:34 86960]
“RoxWatchTray”=“C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe” [2006-11-05 13:22 221184]
“PCMService”=“C:\Program Files\Dell\MediaDirect\PCMService.exe” [2007-04-16 18:10 184320]
“dscactivate”=“C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe” [2007-11-15 11:24 16384]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-05-11 05:06 40048]
“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2007-12-20 23:09 180269]
“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2008-01-16 00:54 37376]
“PWRISOVM.EXE”=“C:\Program Files\PowerISO\PWRISOVM.EXE” [2008-01-20 09:05 217088]
“ISUSPM”=“C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” [2006-03-20 19:34 213936]
“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2007-03-11 21:34 49152]
“Onet.pl AutoUpdate”=“C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe” [2006-02-08 16:40 260096]
“DellSupportCenter”=“C:\Program Files\Dell Support Center\bin\sprtcmd.exe” [2007-11-15 11:23 202544]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-05-16 01:19 79224]
“ISTray”=“C:\Program Files\Spyware Doctor\pctsTray.exe” [2008-06-10 21:22 1163656]
“VolPanel”=“C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe” [2006-11-27 09:14 180224]
“MSConfig”=“C:\Windows\System32\msconfig.exe” [2008-01-19 09:33 227840]
“NvSvc”=“C:\Windows\system32\nvsvc.dll” [2007-09-25 10:41 86016]
“NvCplDaemon”=“C:\Windows\system32\NvCpl.dll” [2007-09-25 10:40 8478720]
“NvMediaCenter”=“C:\Windows\system32\NvMcTray.dll” [2007-09-25 10:40 81920]
“NVHotkey”=“C:\Windows\system32\nvHotkey.dll” [2007-09-25 10:40 81920]
“SpywareTerminator”=“C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe” [2008-07-01 23:37 1817600]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [11/3/2006 7:55:50 PM 703280]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [11/20/2007 9:00:41 PM 50688]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [3/11/2007 9:26:24 PM 210520]
QuickSet.lnk - C:\Windows\Installer{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [11/20/2007 9:03:05 PM 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableUIADesktopToggle”= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.ac3filter”= ac3filter.acm
“msacm.l3codec”= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1500205620-3224671638-30330247-1000]
“EnableNotificationsRef”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“{2811DF78-A53E-456F-924F-DF464AFC679D}”= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
“{C53007AC-752F-49EF-9442-E6FBB912D340}”= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
“{3474D7D1-E82B-46A2-9D3F-EF709FD6AEE2}”= C:\Program Files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
“{B61C08C7-9461-4161-9C08-A06E555B7300}”= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
“{98CCA0B3-6A04-4DA3-9633-F216C774D2C7}”= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"TCP Query User{8AB92150-4014-497B-9E07-0FBED91AAC56}C:\users\\\documents\\downloads\\call of duty\\coduomp.exe"= UDP:C:\users\
\documents\downloads\call of duty\coduomp.exe:coduomp.exe
"UDP Query User{793251D4-80D8-4C02-99CA-01B1B295DB09}C:\users\\\documents\\downloads\\call of duty\\coduomp.exe"= TCP:C:\users\
\documents\downloads\call of duty\coduomp.exe:coduomp.exe
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Windows\system32\drivers\sp_rsdrv2.sys [2008-07-01 23:37]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-08-29 23:25]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 GFI LANguard N.S.S. 5.0 attendant service;GFI LANguard N.S.S. 5.0 attendant service;C:\Program Files\GFI\LANguard Network Security Scanner 5.0\lnssatt.exe [2004-04-08 13:10]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 03:37]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 01:13]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 01:13]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-08-29 07:54]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-29 07:55]
S2 HPFECP13;HPFECP13;C:\Windows\system32\drivers\HPFECP13.SYS [1998-09-25 10:55]
S3 AOJD;AOJD;C:\Users`\AppData\Local\Temp\AOJD.exe []
S3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrusb.sys [2006-12-22 22:05]
S3 HauppaugeTVServer;HauppaugeTVServer;C:\PROGRA~1\WinTV\HCWTVS~1.EXE [2007-02-20 17:11]
S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;C:\Windows\system32\Drivers\hcw95bda.sys [2007-04-04 20:45]
S3 hcw95rc;Hauppauge MOD7700 IR Driver;C:\Windows\system32\DRIVERS\hcw95rc.sys [2007-04-04 20:48]
S3 IUE;IUE;C:\Users`\AppData\Local\Temp\IUE.exe []
S3 MODRC;Hauppauge Nova-T IR Driver;C:\Windows\system32\DRIVERS\hcw95rc.sys [2007-04-04 20:48]
S3 SSWP;SSWP;C:\Users`\AppData\Local\Temp\SSWP.exe []
S3 ZYQMEAE;ZYQMEAE;C:\Users`\AppData\Local\Temp\ZYQMEAE.exe []
S4 EPGService;EPGService;C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [2006-11-28 19:17]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-06 19:28:40
Windows 6.0.6001 Service Pack 1 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-06 19:32:15
ComboFix-quarantined-files.txt 2008-07-06 17:32:06
Pre-Run: 91,871,485,952 bytes free
Post-Run: 91,842,068,480 bytes free
269 — E O F — 2008-07-01 11:25:24
W dniu 06.07.2008 , o godzinie 22:14 został dopisany post przez astaroth1
Po sfixowaniu wpisu O23 - Service: ZYQMEAE - Sysinternals - http://www.sysinternals.com - C:\Users`\AppData\Local\Temp\ZYQMEAE.exe IE zaczął śmigać normalnie ale po uruchomieniu combo fixa znowu się wlecze.
Zrobiłem
start >> uruchom >> cmd
sc stop ZYQMEAE >> Enter
sc delete ZYQMEAE >> Enter
ale wyskakuje odmowa dostępu
załączam loga
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:07:46, on 2008-07-06
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Users`\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM…\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM…\Run: [sunJavaUpdateSched] “c:\Program Files\Java\jre1.6.0\bin\jusched.exe”
O4 - HKLM…\Run: [updReg] C:\Windows\UpdReg.EXE
O4 - HKLM…\Run: [DELL Webcam Manager] “C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe” /s
O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
O4 - HKLM…\Run: [RoxWatchTray] “C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe”
O4 - HKLM…\Run: [PCMService] “C:\Program Files\Dell\MediaDirect\PCMService.exe”
O4 - HKLM…\Run: [dscactivate] “C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe”
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 - HKLM…\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM…\Run: [iSUSPM] “C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” -scheduler
O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM…\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr
O4 - HKLM…\Run: [DellSupportCenter] “C:\Program Files\Dell Support Center\bin\sprtcmd.exe” /P DellSupportCenter
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [iSTray] “C:\Program Files\Spyware Doctor\pctsTray.exe”
O4 - HKLM…\Run: [VolPanel] “C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe” /r
O4 - HKLM…\Run: [MSConfig] “C:\Windows\System32\msconfig.exe” /auto
O4 - HKLM…\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM…\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM…\Run: [spywareTerminator] “C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe”
O4 - HKCU…\Run: [uTorrent] “C:\Users`\Program Files\uTorrent\uTorrent.exe”
O4 - HKCU…\Run: [DellSupportCenter] “C:\Program Files\Dell Support Center\bin\sprtcmd.exe” /P DellSupportCenter
O4 - HKCU…\Run: [iSUSPM] “C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” -scheduler
O4 - HKCU…\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device… - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device… - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra ‘Tools’ menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AOJD - Unknown owner - C:\Users`\AppData\Local\Temp\AOJD.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GFI LANguard N.S.S. 5.0 attendant service - GFI Software Ltd. - C:\Program Files\GFI\LANguard Network Security Scanner 5.0\lnssatt.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IUE - Unknown owner - C:\Users`\AppData\Local\Temp\IUE.exe (file missing)
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SSWP - Unknown owner - C:\Users`\AppData\Local\Temp\SSWP.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: ZYQMEAE - Unknown owner - C:\Users`\AppData\Local\Temp\ZYQMEAE.exe (file missing)
–
End of file - 10789 bytes