Thread: 1.reg virus again :(
View Single Post
Old 10-08-2007, 09:47 AM   #6 (permalink)
chaindler
Registered User
 
Join Date: Oct 2007
Posts: 11
OS: XP SP2


Re: 1.reg virus again :(
ComboFix 07-10-08.3 - xxx 2007-10-08 17:40:52.3 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.285 [GMT 2:00]
Running from: C:\Documents and Settings\xxx\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\xxx\Plocha\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\tsitra860.exe
C:\WINDOWS\wrx10sf.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-08 to 2007-10-08 )))))))))))))))))))))))))))))))
.

2007-10-08 16:18 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-08 16:07 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-08 15:21 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-06 20:05 <DIR> d-------- C:\Program Files\Comodo
2007-10-06 16:28 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-06 16:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-06 16:00 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-06 15:49 <DIR> d-------- C:\Program Files\ie-spyad_zo
2007-10-06 14:43 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-06 13:51 <DIR> d-------- C:\WINDOWS\pss
2007-10-03 20:00 <DIR> d-------- C:\Program Files\Temporary
2007-10-03 09:24 <DIR> d-------- C:\Documents and Settings\xxx\.thumbnails
2007-10-03 09:19 <DIR> d-------- C:\Documents and Settings\xxx\.gimp-2.2
2007-10-03 09:18 <DIR> d-------- C:\Program Files\GIMP-2.0
2007-10-03 09:18 <DIR> d-------- C:\Program Files\Common Files\GTK
2007-10-02 18:48 <DIR> d-------- C:\Program Files\PartyGaming
2007-10-02 01:03 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-30 10:41 <DIR> d-------- C:\Program Files\Nero
2007-09-30 10:41 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-09-29 12:52 <DIR> d-------- C:\WinSPMBT
2007-09-29 12:42 <DIR> d-------- C:\Program Files\InstallShield Installation Information
2007-09-29 12:41 <DIR> d-------- C:\Program Files\PowerQuest
2007-09-28 20:26 <DIR> d-------- C:\Web
2007-09-28 20:24 <DIR> d-------- C:\TF
2007-09-28 17:37 132,864 -ra------ C:\WINDOWS\system32\drivers\Fasttx2k.sys
2007-09-28 15:34 <DIR> d-------- C:\Program Files\LDC++ 1.00 v2a-bin
2007-09-28 15:15 <DIR> d--h----- C:\WINDOWS\PIF
2007-09-28 14:22 <DIR> dr------- C:\_Dokumenty
2007-09-28 13:53 <DIR> d-------- C:\Program Files\Alwil Software
2007-09-28 13:53 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-09-28 13:53 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-09-28 13:53 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-09-28 13:53 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-09-28 13:53 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-28 13:53 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-28 13:53 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-28 13:53 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-28 13:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-27 19:39 <DIR> d-------- C:\Program Files\xp-AntiSpy
2007-09-27 19:03 <DIR> d-------- C:\Downloads
2007-09-27 19:03 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-09-27 19:01 <DIR> d-------- C:\Program Files\BitComet
2007-09-27 18:38 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-09-27 18:37 <DIR> d-------- C:\Program Files\Real
2007-09-27 18:37 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-09-27 18:37 <DIR> d-------- C:\Program Files\Common Files\Real
2007-09-27 18:28 <DIR> d-------- C:\temp\fuji_BIG
2007-09-27 18:28 <DIR> d-------- C:\temp\100_FUJI
2007-09-27 18:28 <DIR> d-------- C:\temp
2007-09-27 18:19 <DIR> d-------- C:\WINDOWS\PrimoPDF
2007-09-27 18:19 <DIR> d-------- C:\Program Files\activePDF
2007-09-27 18:19 176,235 --a------ C:\WINDOWS\system32\Primomonnt.dll
2007-09-27 10:43 <DIR> d-------- C:\Program Files\VideoLAN
2007-09-27 10:41 <DIR> d-------- C:\WINDOWS\system32\C2MP
2007-09-26 12:31 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-09-26 12:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-09-26 12:29 <DIR> dr-h----- C:\MSOCache
2007-09-26 12:27 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-09-26 12:26 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-09-26 12:20 <DIR> d-------- C:\Program Files\Servant Salamander 2.0
2007-09-26 12:10 <DIR> d-------- C:\Program Files\Celtx
2007-09-26 09:31 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-09-26 09:31 46,352 --a------ C:\WINDOWS\setdebug.exe
2007-09-26 09:31 6,550 --a------ C:\WINDOWS\jautoexp.dat
2007-09-26 09:31 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-09-26 09:31 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-09-26 00:15 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-09-26 00:15 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-09-26 00:15 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-09-25 22:33 <DIR> d-------- C:\Program Files\SmartFTP Client
2007-09-25 22:19 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-09-25 17:02 <DIR> d-------- C:\Program Files\Skype
2007-09-25 17:02 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-09-25 16:52 <DIR> d-------- C:\Program Files\Miranda IM
2007-09-25 16:47 <DIR> d-------- C:\Program Files\Opera
2007-09-25 16:38 <DIR> d-------- C:\WINDOWS\nview
2007-09-25 16:38 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-09-25 16:37 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-09-25 16:36 <DIR> d-------- C:\Program Files\NVIDIA
2007-09-25 16:35 <DIR> d-------- C:\Documents and Settings\LocalService\Nabˇdka Start
2007-09-25 15:41 <DIR> d-------- C:\WINDOWS\provisioning
2007-09-25 15:41 <DIR> d-------- C:\WINDOWS\peernet
2007-09-25 15:41 6,807,328 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-09-25 15:41 6,807,328 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys
2007-09-25 15:41 5,690,624 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-09-25 15:41 5,690,624 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
2007-09-25 15:41 2,927,616 --------- C:\WINDOWS\system32\xpsp2res.dll
2007-09-25 15:41 2,113,536 --------- C:\WINDOWS\system32\dxdiagn.dll
2007-09-25 15:41 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2007-09-25 15:41 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2007-09-25 15:41 1,689,088 --------- C:\WINDOWS\system32\d3d9.dll
2007-09-25 15:41 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2007-09-25 15:41 1,116,160 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2007-09-25 15:41 1,116,160 --a--c--- C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
2007-09-25 15:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2007-09-25 15:41 999,424 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2007-09-25 15:41 999,424 --a--c--- C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
2007-09-25 15:41 936,960 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2007-09-25 15:41 936,960 --a--c--- C:\WINDOWS\system32\dllcache\wmspdmoe.dll
2007-09-25 15:41 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-06 12:54 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-09-25 15:41 8972 --a------ C:\WINDOWS\PCHealth\HelpCtr\Config\Cntstore.bin
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))


---- Directory of C:\Program Files\Temporary ----

2007-10-03 20:00 46592 --a------ C:\Program Files\Temporary\wininstall.exe


((((((((((((((((((((((((((((( snapshot@2007-10-08_16.11.07,87 )))))))))))))))))))))))))))))))))))))))))
.
----atw 16,384 2007-10-08 15:37:13 C:\WINDOWS\Temp\Perflib_Perfdata_6e4.dat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-10-06 20:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 usbhub;Ovladač standardního rozbočovače USB;C:\WINDOWS\system32\DRIVERS\usbhub.sys
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-08 17:42:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-08 17:43:29
C:\ComboFix-quarantined-files.txt ... 2007-10-08 17:43
C:\ComboFix2.txt ... 2007-10-08 16:11
.
--- E O F ---

files sent
chaindler is offline