Tech Support Forum - View Single Post

chaindler · 10-08-2007, 08:22 AM

first - thank you for your help my friend

here are the logs:

SDFix: Version 1.107

Run by xxx on po 08.10.2007 at 15:23

Microsoft Windows XP [Verze 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\b122.exe - Deleted

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Miranda IM\\miranda32.exe"="C:\\Program Files\\Miranda IM\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"C:\\Documents and Settings\\xxx\\Plocha\\semtel-1.0.1\\SemTel-bin\\SemTel32.exe"="C:\\Documents and Settings\\xxx\\Plocha\\semtel-1.0.1\\SemTel-bin\\SemTel32.exe:*:Enabled:SemTel32.exe"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Documents and Settings\\xxx\\Plocha\\gggg\\StrongDC.exe"="C:\\Documents and Settings\\xxx\\Plocha\\gggg\\StrongDC.exe:*:Enabled:StrongDC++"
"C:\\Program Files\\StrongDC\\StrongDC.exe"="C:\\Program Files\\StrongDC\\StrongDC.exe:*:Enabled:StrongDC++"
"C:\\Program Files\\LDC++ 1.00 v2a-bin\\LDCPlusPlus.exe"="C:\\Program Files\\LDC++ 1.00 v2a-bin\\LDCPlusPlus.exe:*:Enabled:LDC++"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\WINDOWS\\system32\\scvhost32.exe"="C:\\WINDOWS\\system32\\scvhost32.exe:*:Disabled:scvhost32"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 30 Sep 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 24 Jan 2006 8,647,680 A..H. --- "C:\_Dokumenty\FEL\!===BP===\~WRL2165.tmp"
Wed 20 Jun 2007 475,648 A..H. --- "C:\_Dokumenty\FEL\!!===Delft\FC\~WRL1058.tmp"
Wed 6 Jun 2007 19,968 A..H. --- "C:\_Dokumenty\FEL\!!===Delft\FC\~WRL3294.tmp"
Fri 15 Jun 2007 21,504 A..H. --- "C:\_Dokumenty\FEL\!!===Delft\FC\~WRL3301.tmp"
Sat 25 Aug 2007 770,560 A..H. --- "C:\_Dokumenty\FEL\!!===Delft\TAF\~WRL1487.tmp"
Sat 23 Jun 2007 782,336 A..H. --- "C:\_Dokumenty\FEL\!!===Delft\BME\__Final Paper\~WRL3433.tmp"

Finished!

ComboFix 07-10-08.3 - xxx 2007-10-08 16:08:16.1 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.276 [GMT 2:00]
Running from: C:\Documents and Settings\xxx\Plocha\combofix.exe
Command switches used :: /killall
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-08 to 2007-10-08 )))))))))))))))))))))))))))))))
.

2007-10-08 16:07 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-08 15:21 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-06 20:05 <DIR> d-------- C:\Program Files\Comodo
2007-10-06 16:28 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-06 16:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-06 16:00 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-06 15:49 <DIR> d-------- C:\Program Files\ie-spyad_zo
2007-10-06 14:43 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-06 13:51 <DIR> d-------- C:\WINDOWS\pss
2007-10-06 13:25 <DIR> d-------- C:\Program Files\HJT
2007-10-03 20:00 <DIR> d-------- C:\Program Files\Temporary
2007-10-03 19:56 35,840 -ra------ C:\WINDOWS\tsitra860.exe
2007-10-03 19:56 9,806 --a------ C:\WINDOWS\wrx10sf.exe
2007-10-03 09:24 <DIR> d-------- C:\Documents and Settings\xxx\.thumbnails
2007-10-03 09:19 <DIR> d-------- C:\Documents and Settings\xxx\.gimp-2.2
2007-10-03 09:18 <DIR> d-------- C:\Program Files\GIMP-2.0
2007-10-03 09:18 <DIR> d-------- C:\Program Files\Common Files\GTK
2007-10-02 18:48 <DIR> d-------- C:\Program Files\PartyGaming
2007-10-02 01:03 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-30 10:41 <DIR> d-------- C:\Program Files\Nero
2007-09-30 10:41 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-09-29 12:52 <DIR> d-------- C:\WinSPMBT
2007-09-29 12:42 <DIR> d-------- C:\Program Files\InstallShield Installation Information
2007-09-29 12:41 <DIR> d-------- C:\Program Files\PowerQuest
2007-09-28 20:26 <DIR> d-------- C:\Web
2007-09-28 20:24 <DIR> d-------- C:\TF
2007-09-28 17:37 132,864 -ra------ C:\WINDOWS\system32\drivers\Fasttx2k.sys
2007-09-28 15:34 <DIR> d-------- C:\Program Files\LDC++ 1.00 v2a-bin
2007-09-28 15:15 <DIR> d--h----- C:\WINDOWS\PIF
2007-09-28 14:22 <DIR> dr------- C:\_Dokumenty
2007-09-28 13:53 <DIR> d-------- C:\Program Files\Alwil Software
2007-09-28 13:53 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-09-28 13:53 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-09-28 13:53 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-09-28 13:53 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-09-28 13:53 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-28 13:53 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-28 13:53 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-28 13:53 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-28 13:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-27 19:39 <DIR> d-------- C:\Program Files\xp-AntiSpy
2007-09-27 19:03 <DIR> d-------- C:\Downloads
2007-09-27 19:03 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-09-27 19:01 <DIR> d-------- C:\Program Files\BitComet
2007-09-27 18:38 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-09-27 18:37 <DIR> d-------- C:\Program Files\Real
2007-09-27 18:37 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-09-27 18:37 <DIR> d-------- C:\Program Files\Common Files\Real
2007-09-27 18:28 <DIR> d-------- C:\temp\fuji_BIG
2007-09-27 18:28 <DIR> d-------- C:\temp\100_FUJI
2007-09-27 18:28 <DIR> d-------- C:\temp
2007-09-27 18:19 <DIR> d-------- C:\WINDOWS\PrimoPDF
2007-09-27 18:19 <DIR> d-------- C:\Program Files\activePDF
2007-09-27 18:19 176,235 --a------ C:\WINDOWS\system32\Primomonnt.dll
2007-09-27 10:43 <DIR> d-------- C:\Program Files\VideoLAN
2007-09-27 10:41 <DIR> d-------- C:\WINDOWS\system32\C2MP
2007-09-26 12:31 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-09-26 12:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-09-26 12:29 <DIR> dr-h----- C:\MSOCache
2007-09-26 12:27 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-09-26 12:26 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-09-26 12:20 <DIR> d-------- C:\Program Files\Servant Salamander 2.0
2007-09-26 12:10 <DIR> d-------- C:\Program Files\Celtx
2007-09-26 09:31 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-09-26 09:31 46,352 --a------ C:\WINDOWS\setdebug.exe
2007-09-26 09:31 6,550 --a------ C:\WINDOWS\jautoexp.dat
2007-09-26 09:31 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-09-26 09:31 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-09-26 00:15 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-09-26 00:15 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-09-26 00:15 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-09-25 22:33 <DIR> d-------- C:\Program Files\SmartFTP Client
2007-09-25 22:19 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-09-25 17:02 <DIR> d-------- C:\Program Files\Skype
2007-09-25 17:02 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-09-25 16:52 <DIR> d-------- C:\Program Files\Miranda IM
2007-09-25 16:47 <DIR> d-------- C:\Program Files\Opera
2007-09-25 16:38 <DIR> d-------- C:\WINDOWS\nview
2007-09-25 16:38 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-09-25 16:37 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-09-25 16:36 <DIR> d-------- C:\Program Files\NVIDIA
2007-09-25 16:35 <DIR> d-------- C:\Documents and Settings\LocalService\Nabˇdka Start
2007-09-25 15:41 <DIR> d-------- C:\WINDOWS\provisioning
2007-09-25 15:41 <DIR> d-------- C:\WINDOWS\peernet
2007-09-25 15:41 6,807,328 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-09-25 15:41 6,807,328 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys
2007-09-25 15:41 5,690,624 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-09-25 15:41 5,690,624 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
2007-09-25 15:41 2,927,616 --------- C:\WINDOWS\system32\xpsp2res.dll
2007-09-25 15:41 2,113,536 --------- C:\WINDOWS\system32\dxdiagn.dll
2007-09-25 15:41 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2007-09-25 15:41 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2007-09-25 15:41 1,689,088 --------- C:\WINDOWS\system32\d3d9.dll
2007-09-25 15:41 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2007-09-25 15:41 1,116,160 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2007-09-25 15:41 1,116,160 --a--c--- C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
2007-09-25 15:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2007-09-25 15:41 999,424 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2007-09-25 15:41 999,424 --a--c--- C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
2007-09-25 15:41 936,960 --a------ C:\WINDOWS\system32\wmspdmoe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-06 12:54 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-09-25 15:41 8972 --a------ C:\WINDOWS\PCHealth\HelpCtr\Config\Cntstore.bin
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-10-06 20:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 usbhub;Ovladač standardního rozbočovače USB;C:\WINDOWS\system32\DRIVERS\usbhub.sys
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-08 16:10:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-08 16:11:24
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:20:14, on 8.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Servant Salamander 2.0\salamand.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1190711763000
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9595F199-1DA7-4453-A920-894FC7690D52}: NameServer = 212.158.128.2,212.158.128.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7285 bytes

i hope its clean..

10-08-2007, 08:22 AM	#4 (permalink)
chaindler Registered User Join Date: Oct 2007 Posts: 11 OS: XP SP2	Re: 1.reg virus again :( first - thank you for your help my friend here are the logs: SDFix: Version 1.107 Run by xxx on po 08.10.2007 at 15:23 Microsoft Windows XP [Verze 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\b122.exe - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Miranda IM\\miranda32.exe"="C:\\Program Files\\Miranda IM\\miranda32.exe::Enabled:Miranda IM" "C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe::Enabled:SmartFTP Client 2.5" "C:\\Documents and Settings\\xxx\\Plocha\\semtel-1.0.1\\SemTel-bin\\SemTel32.exe"="C:\\Documents and Settings\\xxx\\Plocha\\semtel-1.0.1\\SemTel-bin\\SemTel32.exe::Enabled:SemTel32.exe" "C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe::Enabled:BitComet - a BitTorrent Client" "C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe::Enabled:Opera Internet Browser" "C:\\Documents and Settings\\xxx\\Plocha\\gggg\\StrongDC.exe"="C:\\Documents and Settings\\xxx\\Plocha\\gggg\\StrongDC.exe::Enabled:StrongDC++" "C:\\Program Files\\StrongDC\\StrongDC.exe"="C:\\Program Files\\StrongDC\\StrongDC.exe::Enabled:StrongDC++" "C:\\Program Files\\LDC++ 1.00 v2a-bin\\LDCPlusPlus.exe"="C:\\Program Files\\LDC++ 1.00 v2a-bin\\LDCPlusPlus.exe::Enabled:LDC++" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe::Enabled:Skype. Take a deep breath " "C:\\WINDOWS\\system32\\scvhost32.exe"="C:\\WINDOWS\\system32\\scvhost32.exe::Disabled:scvhost32" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Sun 30 Sep 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Tue 24 Jan 2006 8,647,680 A..H. --- "C:\_Dokumenty\FEL\!===BP===\~WRL2165.tmp" Wed 20 Jun 2007 475,648 A..H. --- "C:\_Dokumenty\FEL\!!===Delft\FC\~WRL1058.tmp" Wed 6 Jun 2007 19,968 A..H. --- "C:\_Dokumenty\FEL\!!===Delft\FC\~WRL3294.tmp" Fri 15 Jun 2007 21,504 A..H. --- "C:\_Dokumenty\FEL\!!===Delft\FC\~WRL3301.tmp" Sat 25 Aug 2007 770,560 A..H. --- "C:\_Dokumenty\FEL\!!===Delft\TAF\~WRL1487.tmp" Sat 23 Jun 2007 782,336 A..H. --- "C:\_Dokumenty\FEL\!!===Delft\BME\__Final Paper\~WRL3433.tmp" Finished! ComboFix 07-10-08.3 - xxx 2007-10-08 16:08:16.1 - NTFSx86 Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.276 [GMT 2:00] Running from: C:\Documents and Settings\xxx\Plocha\combofix.exe Command switches used :: /killall * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-09-08 to 2007-10-08 ))))))))))))))))))))))))))))))) . 2007-10-08 16:07 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-08 15:21 <DIR> d-------- C:\WINDOWS\ERUNT 2007-10-06 20:05 <DIR> d-------- C:\Program Files\Comodo 2007-10-06 16:28 <DIR> d-------- C:\Program Files\Lavasoft 2007-10-06 16:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-10-06 16:00 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-10-06 15:49 <DIR> d-------- C:\Program Files\ie-spyad_zo 2007-10-06 14:43 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-10-06 13:51 <DIR> d-------- C:\WINDOWS\pss 2007-10-06 13:25 <DIR> d-------- C:\Program Files\HJT 2007-10-03 20:00 <DIR> d-------- C:\Program Files\Temporary 2007-10-03 19:56 35,840 -ra------ C:\WINDOWS\tsitra860.exe 2007-10-03 19:56 9,806 --a------ C:\WINDOWS\wrx10sf.exe 2007-10-03 09:24 <DIR> d-------- C:\Documents and Settings\xxx\.thumbnails 2007-10-03 09:19 <DIR> d-------- C:\Documents and Settings\xxx\.gimp-2.2 2007-10-03 09:18 <DIR> d-------- C:\Program Files\GIMP-2.0 2007-10-03 09:18 <DIR> d-------- C:\Program Files\Common Files\GTK 2007-10-02 18:48 <DIR> d-------- C:\Program Files\PartyGaming 2007-10-02 01:03 <DIR> d-------- C:\Program Files\MSXML 4.0 2007-09-30 10:41 <DIR> d-------- C:\Program Files\Nero 2007-09-30 10:41 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-09-29 12:52 <DIR> d-------- C:\WinSPMBT 2007-09-29 12:42 <DIR> d-------- C:\Program Files\InstallShield Installation Information 2007-09-29 12:41 <DIR> d-------- C:\Program Files\PowerQuest 2007-09-28 20:26 <DIR> d-------- C:\Web 2007-09-28 20:24 <DIR> d-------- C:\TF 2007-09-28 17:37 132,864 -ra------ C:\WINDOWS\system32\drivers\Fasttx2k.sys 2007-09-28 15:34 <DIR> d-------- C:\Program Files\LDC++ 1.00 v2a-bin 2007-09-28 15:15 <DIR> d--h----- C:\WINDOWS\PIF 2007-09-28 14:22 <DIR> dr------- C:\_Dokumenty 2007-09-28 13:53 <DIR> d-------- C:\Program Files\Alwil Software 2007-09-28 13:53 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-09-28 13:53 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-09-28 13:53 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll 2007-09-28 13:53 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-09-28 13:53 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-28 13:53 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-28 13:53 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-09-28 13:53 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-09-28 13:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-09-27 19:39 <DIR> d-------- C:\Program Files\xp-AntiSpy 2007-09-27 19:03 <DIR> d-------- C:\Downloads 2007-09-27 19:03 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll 2007-09-27 19:01 <DIR> d-------- C:\Program Files\BitComet 2007-09-27 18:38 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2007-09-27 18:37 <DIR> d-------- C:\Program Files\Real 2007-09-27 18:37 <DIR> d-------- C:\Program Files\Common Files\xing shared 2007-09-27 18:37 <DIR> d-------- C:\Program Files\Common Files\Real 2007-09-27 18:28 <DIR> d-------- C:\temp\fuji_BIG 2007-09-27 18:28 <DIR> d-------- C:\temp\100_FUJI 2007-09-27 18:28 <DIR> d-------- C:\temp 2007-09-27 18:19 <DIR> d-------- C:\WINDOWS\PrimoPDF 2007-09-27 18:19 <DIR> d-------- C:\Program Files\activePDF 2007-09-27 18:19 176,235 --a------ C:\WINDOWS\system32\Primomonnt.dll 2007-09-27 10:43 <DIR> d-------- C:\Program Files\VideoLAN 2007-09-27 10:41 <DIR> d-------- C:\WINDOWS\system32\C2MP 2007-09-26 12:31 <DIR> d-------- C:\WINDOWS\SHELLNEW 2007-09-26 12:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-09-26 12:29 <DIR> dr-h----- C:\MSOCache 2007-09-26 12:27 <DIR> d-------- C:\Program Files\DAEMON Tools 2007-09-26 12:26 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-09-26 12:20 <DIR> d-------- C:\Program Files\Servant Salamander 2.0 2007-09-26 12:10 <DIR> d-------- C:\Program Files\Celtx 2007-09-26 09:31 139,536 --a------ C:\WINDOWS\system32\javaee.dll 2007-09-26 09:31 46,352 --a------ C:\WINDOWS\setdebug.exe 2007-09-26 09:31 6,550 --a------ C:\WINDOWS\jautoexp.dat 2007-09-26 09:31 113 --a------ C:\WINDOWS\system32\zonedon.reg 2007-09-26 09:31 113 --a------ C:\WINDOWS\system32\zonedoff.reg 2007-09-26 00:15 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys 2007-09-26 00:15 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe 2007-09-26 00:15 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll 2007-09-25 22:33 <DIR> d-------- C:\Program Files\SmartFTP Client 2007-09-25 22:19 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2007-09-25 17:02 <DIR> d-------- C:\Program Files\Skype 2007-09-25 17:02 <DIR> d-------- C:\Program Files\Common Files\Skype 2007-09-25 16:52 <DIR> d-------- C:\Program Files\Miranda IM 2007-09-25 16:47 <DIR> d-------- C:\Program Files\Opera 2007-09-25 16:38 <DIR> d-------- C:\WINDOWS\nview 2007-09-25 16:38 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-09-25 16:37 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-09-25 16:36 <DIR> d-------- C:\Program Files\NVIDIA 2007-09-25 16:35 <DIR> d-------- C:\Documents and Settings\LocalService\Nabˇdka Start 2007-09-25 15:41 <DIR> d-------- C:\WINDOWS\provisioning 2007-09-25 15:41 <DIR> d-------- C:\WINDOWS\peernet 2007-09-25 15:41 6,807,328 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-09-25 15:41 6,807,328 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys 2007-09-25 15:41 5,690,624 --a------ C:\WINDOWS\system32\nv4_disp.dll 2007-09-25 15:41 5,690,624 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll 2007-09-25 15:41 2,927,616 --------- C:\WINDOWS\system32\xpsp2res.dll 2007-09-25 15:41 2,113,536 --------- C:\WINDOWS\system32\dxdiagn.dll 2007-09-25 15:41 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll 2007-09-25 15:41 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll 2007-09-25 15:41 1,689,088 --------- C:\WINDOWS\system32\d3d9.dll 2007-09-25 15:41 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys 2007-09-25 15:41 1,116,160 --a------ C:\WINDOWS\system32\wmsdmoe2.dll 2007-09-25 15:41 1,116,160 --a--c--- C:\WINDOWS\system32\dllcache\wmsdmoe2.dll 2007-09-25 15:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2007-09-25 15:41 999,424 --a------ C:\WINDOWS\system32\wmvdmoe2.dll 2007-09-25 15:41 999,424 --a--c--- C:\WINDOWS\system32\dllcache\wmvdmoe2.dll 2007-09-25 15:41 936,960 --a------ C:\WINDOWS\system32\wmspdmoe.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-06 12:54 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys 2007-09-25 15:41 8972 --a------ C:\WINDOWS\PCHealth\HelpCtr\Config\Cntstore.bin 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57] "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-10-06 20:05] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03] "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys R3 usbhub;Ovladač standardního rozbočovače USB;C:\WINDOWS\system32\DRIVERS\usbhub.sys R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Schedule Newly Created Service - CATCHME . ************************************************************************ catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-08 16:10:24 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-10-08 16:11:24 . --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:20:14, on 8.10.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Servant Salamander 2.0\salamand.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1190711763000 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9595F199-1DA7-4453-A920-894FC7690D52}: NameServer = 212.158.128.2,212.158.128.3 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7285 bytes i hope its clean..