ComboFix 09-01-19.03 - Georgy 2009-01-22 0:40:41.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1253.1.1033.18.2047.1488 [GMT 2:00]
Running from: c:\downloads\ComboFix.exe
Command switches used :: c:\downloads\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
c:\windows\system32\drivers\ndisprot.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\ndisprot.sys
.
((((((((((((((((((((((((( Files Created from 2008-12-21 to 2009-01-21 )))))))))))))))))))))))))))))))
.
2009-01-20 11:36 . 2009-01-20 11:40 <DIR> d-------- c:\windows\LastGood
2009-01-20 06:41 . 2009-01-20 06:41 <DIR> d-------- c:\documents and settings\Georgy\Application Data\Malwarebytes
2009-01-20 06:40 . 2009-01-20 06:40 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-20 06:40 . 2009-01-20 06:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-20 06:40 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-20 06:40 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-10 01:05 . 2009-01-10 01:05 <DIR> d-------- c:\documents and settings\Georgy\Application Data\Nokia Multimedia Player
2009-01-10 01:04 . 2009-01-10 01:04 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-10 01:04 . 2009-01-10 01:04 1,409 --a------ c:\windows\QTFont.for
2009-01-07 17:21 . 2009-01-07 17:21 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-07 16:59 . 2009-01-07 16:59 <DIR> d-------- c:\documents and settings\Georgy\Application Data\Locktime
2009-01-07 16:59 . 2009-01-07 16:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP
2009-01-07 16:58 . 2009-01-07 16:58 <DIR> d-------- c:\program files\NetLimiter 2 Pro
2009-01-07 16:58 . 2009-01-07 16:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Locktime
2009-01-07 16:57 . 2009-01-07 17:00 <DIR> d-------- c:\program files\SpywareBlaster
2009-01-05 15:14 . 2009-01-05 15:14 <DIR> d-------- c:\program files\Trend Micro
2008-12-24 12:41 . 2009-01-20 11:46 <DIR> d-------- c:\program files\NOD32view
2008-12-21 23:59 . 2008-12-21 23:59 <DIR> d-------- c:\program files\IrfanView
2008-12-21 16:24 . 2008-12-21 16:24 <DIR> d-------- C:\ATI
2008-12-21 15:33 . 2008-12-21 15:33 <DIR> d-------- c:\program files\Uniblue
2008-12-21 15:33 . 2008-12-21 15:33 <DIR> d-------- c:\documents and settings\Georgy\Application Data\Uniblue
2008-12-21 15:33 . 2008-12-21 15:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2008-12-21 15:31 . 2008-12-21 15:31 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-21 15:30 . 2008-12-21 15:33 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-12-21 15:27 . 2008-04-14 00:16 121,984 --------- c:\windows\system32\drivers\usbvideo.sys
2008-12-21 15:23 . 2008-12-21 15:23 <DIR> d-------- c:\program files\Ashampoo
2008-12-21 15:17 . 2008-12-21 15:21 <DIR> d-------- c:\program files\Yamicsoft
2008-12-21 14:59 . 2008-12-21 14:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-12-21 14:48 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-12-21 14:42 . 2008-12-21 14:42 <DIR> d-------- c:\program files\Microsoft.NET
2008-12-21 14:31 . 2008-12-21 14:31 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-21 22:28 --------- d-----w c:\program files\FlashGet
2009-01-09 23:57 --------- d-----w c:\documents and settings\Georgy\Application Data\dvdcss
2009-01-05 12:57 --------- d-----w c:\program files\Microsoft AntiSpyware
2009-01-05 12:57 --------- d-----w c:\program files\MagicDisc
2009-01-05 12:57 --------- d-----w c:\program files\KEPLER70
2009-01-05 12:57 --------- d-----w c:\program files\Four_Pillars
2008-12-21 14:03 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-21 14:03 --------- d-----w c:\program files\Sony
2008-12-21 13:16 715,248 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-21 13:15 --------- d-----w c:\program files\Alcohol Soft
2008-12-21 13:02 --------- d-----w c:\program files\ESET
2008-12-21 12:54 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-21 12:44 --------- d-----w c:\program files\Microsoft Works
2008-12-21 12:22 --------- d-----w c:\program files\U.S. Robotics
2008-12-21 12:18 --------- d-----w c:\program files\OpenOffice.org 2.3
2008-12-21 12:12 --------- d-----w c:\program files\DAEMON Tools
2008-12-17 22:13 --------- d-----w c:\program files\Avant Browser
2008-12-09 21:21 --------- d-----w c:\documents and settings\Georgy\Application Data\vlc
.
((((((((((((((((((((((((((((( snapshot@2009-01-20_ 7.02.10,09 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-21 13:00:09 10,134 ----a-r c:\windows\Installer\{3407FD83-0A2F-475E-BE94-34F1FA342C84}\callmsi.exe
+ 2009-01-20 09:50:41 10,134 ----a-r c:\windows\Installer\{3407FD83-0A2F-475E-BE94-34F1FA342C84}\callmsi.exe
- 2008-12-21 13:00:09 136,448 ----a-r c:\windows\Installer\{3407FD83-0A2F-475E-BE94-34F1FA342C84}\egui.exe
+ 2009-01-20 09:50:41 136,448 ----a-r c:\windows\Installer\{3407FD83-0A2F-475E-BE94-34F1FA342C84}\egui.exe
+ 2007-07-30 16:19:20 92,504 ----a-w c:\windows\LastGood\system32\cdm.dll
+ 2007-07-30 16:19:10 271,224 ----a-w c:\windows\LastGood\system32\mucltui.dll
+ 2007-07-30 16:19:04 207,736 ----a-w c:\windows\LastGood\system32\muweb.dll
+ 2007-07-30 16:19:36 549,720 ----a-w c:\windows\LastGood\system32\wuapi.dll
+ 2007-07-30 16:19:16 53,080 ----a-w c:\windows\LastGood\system32\wuauclt.exe
+ 2007-07-30 16:19:42 1,712,984 ----a-w c:\windows\LastGood\system32\wuaueng.dll
+ 2007-07-30 16:19:32 325,976 ----a-w c:\windows\LastGood\system32\wucltui.dll
+ 2007-07-30 16:18:40 33,624 ----a-w c:\windows\LastGood\system32\wups.dll
+ 2007-07-30 16:19:12 43,352 ----a-w c:\windows\LastGood\system32\wups2.dll
+ 2007-07-30 16:19:28 203,096 ----a-w c:\windows\LastGood\system32\wuweb.dll
- 2007-07-30 16:19:20 92,504 ----a-w c:\windows\system32\cdm.dll
+ 2008-10-16 12:09:44 92,696 ----a-w c:\windows\system32\cdm.dll
- 2007-07-30 16:19:20 92,504 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 12:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2007-07-30 16:19:36 549,720 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 12:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2007-07-30 16:19:16 53,080 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 12:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2007-07-30 16:19:42 1,712,984 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 12:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2007-07-30 16:19:32 325,976 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 12:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2007-07-30 16:19:28 203,096 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 12:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
- 2007-07-30 16:19:10 271,224 ----a-w c:\windows\system32\mucltui.dll
+ 2008-10-16 12:06:48 268,648 ----a-w c:\windows\system32\mucltui.dll
- 2007-07-30 16:19:04 207,736 ----a-w c:\windows\system32\muweb.dll
+ 2008-10-16 12:06:48 208,744 ----a-w c:\windows\system32\muweb.dll
+ 2008-10-16 12:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 12:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2007-07-30 16:19:36 549,720 ----a-w c:\windows\system32\wuapi.dll
+ 2008-10-16 12:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll
- 2007-07-30 16:19:16 53,080 ----a-w c:\windows\system32\wuauclt.exe
+ 2008-10-16 12:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe
- 2007-07-30 16:19:42 1,712,984 ----a-w c:\windows\system32\wuaueng.dll
+ 2008-10-16 12:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
- 2007-07-30 16:19:32 325,976 ----a-w c:\windows\system32\wucltui.dll
+ 2008-10-16 12:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll
- 2007-07-30 16:19:28 203,096 ----a-w c:\windows\system32\wuweb.dll
+ 2008-10-16 12:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
- 2009-01-20 04:50:59 32,768 --sha-w c:\windows\Temp\History\History.IE5\MSHist012009012020090121\index.dat
+ 2009-01-20 06:40:13 65,536 --sha-w c:\windows\Temp\History\History.IE5\MSHist012009012020090121\index.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="c:\windows\ATK0100\Hcontrol.exe" [2004-07-19 61440]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-07 114688]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-10-06 344064]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-09-14 157592]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"NodLogin"="c:\program files\ESET\ESET NOD32 Antivirus\nodlogin.exe" [2008-11-19 359656]
"Flashget"="c:\program files\FlashGet\flashget.exe" [2007-09-25 2007088]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/24/2005 8:05:26 AM 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2004-10-27 17:40 73728 c:\windows\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i263_32.drv
"vidc.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Georgy^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Georgy\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Georgy^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=c:\documents and settings\Georgy\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced LAN Pump]
--a------ 2006-04-01 13:30 1177600 c:\program files\SoftSolo\Advanced LAN Pump\alp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D_V_T]
--a------ 2006-07-09 01:57 3584 C:\dvt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
--a------ 2004-02-20 16:12 32768 c:\program files\Sony\ISB Utility\ISBMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-04-13 11:09 49152 c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 14:44 196608 c:\program files\Logitech\Video\ManifestEngine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 c:\program files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 c:\program files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 17:32 221184 c:\windows\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2005-08-31 20:27 1658592 c:\progra~1\MESSEN~1\Msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-03-26 17:41 1232896 c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-04-16 11:53 1079808 c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrepareYourVAIO]
--a------ 2004-09-09 23:57 106496 c:\program files\Sony\Prepare your VAIO\PYVAlert.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2005-12-07 22:57 30208 c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
--a------ 2004-10-21 21:12 184320 c:\program files\Sony\VAIO Power Management\SPMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher.exe]
--a------ 2006-02-14 12:11 176128 c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VzFw"=3 (0x3)
"VzCdbSvc"=3 (0x3)
"VAIOMediaPlatform-Mobile-Gateway"=3 (0x3)
"VAIOMediaPlatform-IntegratedServer-UPnP"=3 (0x3)
"VAIOMediaPlatform-IntegratedServer-HTTP"=3 (0x3)
"VAIOMediaPlatform-IntegratedServer-AppServer"=3 (0x3)
"VAIO Entertainment TV Device Arbitration Service"=3 (0x3)
"VAIO Entertainment Task Scheduler"=3 (0x3)
"WMPNetworkSvc"=2 (0x2)
"VMware NAT Service"=3 (0x3)
"vmount2"=3 (0x3)
"VMnetDHCP"=3 (0x3)
"VMAuthdService"=3 (0x3)
"RichVideo"=2 (0x2)
"NBService"=3 (0x3)
"ServiceLayer"=3 (0x3)
"idsvc"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VAIO Update 4"="c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe" /Stationary
"c:\windows\system32\kdcwr.exe"=c:\windows\system32\kdcwr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [7/1/2008 9:04:40 AM 34312]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [4/23/2007 1:03:04 PM 82200]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [11/15/2004 3:49:53 AM 71961]
R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7/1/2008 9:02:28 AM 468224]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys --> c:\windows\system32\drivers\Ndisprot.sys [?]
S3 Orphalese Deck Service;Orphalese Deck Service;c:\program files\Orphalese\Orphalese Tarot\DeckService.exe [4/21/2007 11:27:18 AM 36864]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://192.168.1.20/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = 10.192.1.82:3128
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: &Λήψη όλων με το FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Λήψη με χρήση του FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&ξαγωγή στο Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: Ε&ξαγωγή στο Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {60A41531-C6FA-4AF5-A35A-1F4E2CF493AA} = 194.219.227.2,193.92.150.3
FF - ProfilePath - c:\documents and settings\Georgy\Application Data\Mozilla\Firefox\Profiles\7lxaruuw.Backed\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\Georgy\Application Data\Mozilla\Firefox\Profiles\7lxaruuw.Backed\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Georgy\Application Data\Mozilla\Firefox\Profiles\7lxaruuw.Backed\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - component: c:\documents and settings\Georgy\Application Data\Mozilla\Firefox\Profiles\7lxaruuw.Backed\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPOJI610.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-22 00:41:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-197632628-1338670180-3431288156-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ac,d0,3d,c1,e4,74,cc,8e,45,fa,59,b9,62,69,28,88,b6,07,7c,fc,54,31,21,
9c,f3,d2,2b,2d,03,ee,7a,ab,8a,c7,f5,f0,d2,46,9a,7c,e8,ac,2f,89,ec,bc,7c,f1,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1500)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\VESWinlogon.dll
.
Completion time: 2009-01-22 0:43:59
ComboFix-quarantined-files.txt 2009-01-21 22:43:13
ComboFix2.txt 2009-01-20 05:04:11
Pre-Run: 32.321.695.744 bytes free
Post-Run: 32,303,095,808 bytes free
310 --- E O F --- 2008-12-21 17:27:23
Malwarebytes' Anti-Malware 1.33
Database version: 1675
Windows 5.1.2600 Service Pack 3
22/1/2009 12:48:51 πμ
mbam-log-2009-01-22 (00-48-51).txt
Scan type: Quick Scan
Objects scanned: 60927
Time elapsed: 3 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49:16 πμ, on 22/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://192.168.1.20/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.192.1.82:3128
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [NodLogin] "C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe" /o
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Λήψη όλων με το FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Λήψη με χρήση του FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Αποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Α&ποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) -
http://maps.flash.gr/inc/activex/mgaxctrl.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/microsoftu...b?1185836820875O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microsoftu...b?1185835903187O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{60A41531-C6FA-4AF5-A35A-1F4E2CF493AA}: NameServer = 194.219.227.2,193.92.150.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: Orphalese Deck Service - Orphalese Data Solutions Ltd - C:\Program Files\Orphalese\Orphalese Tarot\DeckService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
--
End of file - 10004 bytes