ComboFix 08-12-26.03 - Kozmér Árpád 2008-12-28 12:15:12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1038.18.1534.1018 [GMT 1:00]
Running from: c:\documents and settings\Kozmér Árpád\Asztal\ComboFix.exe
Command switches used :: c:\documents and settings\Kozmér Árpád\Asztal\CFScript.txt
AV: ESET NOD32 Antivirus System 2.70 *On-access scanning disabled* (Outdated)
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
c:\windows\_MSRSTRT.EXE
c:\windows\ios.dat
c:\windows\system32\knzg.dll
c:\windows\system32\m3.ico
c:\windows\system32\sf.ico
H:\sal.xls.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Kozmér Árpád\Favorites\Cheap Pharmacy Online.url
c:\documents and settings\Kozmér Árpád\Favorites\Search Online.url
c:\documents and settings\Kozmér Árpád\Favorites\SMS TRAP.url
c:\documents and settings\Kozmér Árpád\Favorites\VIP Casino.url
c:\program files\Mozilla Firefox\components\iamfamous.dll
C:\resycled
c:\resycled\boot.com
c:\windows\ios.dat
c:\windows\system32\404Fix.exe
c:\windows\system32\c.ico
c:\windows\system32\drivers\msqpdxdukxqapb.sys
c:\windows\system32\drivers\msqpdxjeblgibo.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\m.ico
c:\windows\system32\m3.ico
c:\windows\system32\msqpdxpesoirrn.dll
c:\windows\system32\p.ico
c:\windows\system32\Process.exe
c:\windows\system32\s.ico
c:\windows\system32\sf.ico
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
D:\Autorun.inf
D:\resycled
d:\resycled\boot.com
H:\autorun.inf
H:\resycled
h:\resycled\boot.com
.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-28 )))))))))))))))))))))))))))))))
.
2008-12-28 09:49 . 2008-12-28 09:49 <DIR> d-------- c:\program files\Lavasoft
2008-12-28 09:37 . 2008-12-28 10:18 <DIR> d-------- c:\program files\Spyware Terminator
2008-12-28 09:37 . 2008-12-28 09:37 <DIR> d-------- c:\program files\Crawler
2008-12-28 09:37 . 2008-12-28 10:20 <DIR> d-------- c:\documents and settings\Kozmér Árpád\Application Data\Spyware Terminator
2008-12-28 09:37 . 2008-12-28 10:20 <DIR> d-------- c:\documents and settings\Kozmér Árpád\Application Data\Spyware Terminator
2008-12-28 09:37 . 2008-12-28 10:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator
2008-12-28 09:37 . 2008-12-28 09:37 141,312 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2008-12-27 14:55 . 2008-12-27 14:57 <DIR> d-------- c:\program files\Portrait Professional Max 6
2008-12-27 11:12 . 2008-12-27 11:12 167,936 --a------ c:\windows\system32\dhofozr.dll
2008-12-21 12:59 . 2008-12-23 14:43 7,680 --ahs---- c:\windows\Thumbs.db
2008-12-19 15:22 . 2008-12-19 15:23 <DIR> d-------- c:\program files\BS.Player ControlBar
2008-12-19 13:18 . 2008-12-19 14:10 <DIR> d-------- c:\program files\vanBasco's Karaoke Player
2008-12-14 16:41 . 2008-12-14 16:55 <DIR> d-------- c:\program files\SpeedFan
2008-12-14 16:41 . 2008-12-14 16:41 45 --a------ c:\windows\system32\initdebug.nfo
2008-12-11 21:37 . 2008-12-11 21:37 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-12-11 21:33 . 2008-12-11 21:33 <DIR> d-------- c:\program files\PerfMon3x
2008-12-11 21:28 . 2008-12-11 21:28 <DIR> d-------- c:\program files\Lavalys
2008-12-11 17:04 . 2008-12-11 17:04 22,328 --a------ c:\documents and settings\Kozmér Árpád\Application Data\PnkBstrK.sys
2008-12-11 17:04 . 2008-12-11 17:04 22,328 --a------ c:\documents and settings\Kozmér Árpád\Application Data\PnkBstrK.sys
2008-12-11 17:04 . 2008-12-11 17:04 319 --a------ c:\windows\game.ini
2008-12-08 20:29 . 2008-12-08 20:29 <DIR> d-------- c:\program files\Infogrames
2008-12-08 20:04 . 2008-12-08 20:11 <DIR> d-------- c:\documents and settings\Kozmér Árpád\Application Data\Hamachi
2008-12-08 20:04 . 2008-12-08 20:11 <DIR> d-------- c:\documents and settings\Kozmér Árpád\Application Data\Hamachi
2008-12-08 20:03 . 2008-12-08 20:03 25,280 --a------ c:\windows\system32\drivers\hamachi.sys
2008-12-08 18:50 . 2008-12-08 18:50 <DIR> d-------- c:\windows\S.T.A.L.K.E.R. magyar fordítás
2008-12-08 18:14 . 2008-12-08 18:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\NVIDIA
2008-12-07 12:54 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2008-12-07 12:54 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2008-12-07 12:54 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2008-12-07 12:54 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2008-12-07 12:54 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2008-12-07 12:54 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2008-12-07 12:54 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2008-12-07 12:53 . 2008-12-07 12:53 <DIR> d-------- c:\windows\Logs
2008-12-07 12:51 . 2008-12-07 12:51 <DIR> d-------- c:\windows\system32\xlive
2008-12-07 12:51 . 2008-12-07 13:40 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-07 10:50 . 2008-12-07 10:52 <DIR> d-------- c:\program files\Photobie
2008-12-07 10:49 . 2008-12-07 10:49 82 --a------ c:\windows\netdet.ini
2008-12-07 10:49 . 2008-12-07 10:49 0 --ah----- c:\windows\91216742
2008-12-07 10:35 . 2008-12-07 10:50 <DIR> d-------- c:\program files\Minos album
2008-12-07 10:35 . 2008-06-01 17:50 1,056,768 --a------ c:\windows\system32\ChilkatFtp2.dll
2008-12-07 10:35 . 2007-01-08 14:26 856,064 --a------ c:\windows\system32\SWFGen.dll
2008-12-07 10:35 . 2007-02-14 11:49 781,824 --a------ c:\windows\system32\VBOLock.ocx
2008-12-07 10:35 . 2007-11-08 19:04 569,344 --a------ c:\windows\system32\Zip2Exe.dll
2008-12-07 10:35 . 2001-06-27 13:56 233,472 --a------ c:\windows\system32\TidyCOM.dll
2008-12-07 10:35 . 2004-03-09 12:00 132,880 --a------ c:\windows\system32\msinet.ocx
2008-12-07 10:35 . 2000-10-01 23:00 102,160 --a------ c:\windows\system32\VB6CHT.DLL
2008-12-07 10:35 . 2008-05-20 10:11 69,632 --a------ c:\windows\system32\OFBrowser.ocx
2008-12-07 10:35 . 1998-07-05 23:00 28,160 --a------ c:\windows\system32\CMDLGCHT.DLL
2008-12-07 10:35 . 2001-10-10 10:08 20,530 --a------ c:\windows\system32\scrrncht.dll
2008-12-07 10:35 . 1998-07-05 23:00 14,336 --a------ c:\windows\system32\WINSKCHT.DLL
2008-12-07 10:35 . 1998-07-05 23:00 13,824 --a------ c:\windows\system32\INETCHT.DLL
2008-12-07 10:32 . 2008-12-07 10:32 <DIR> d-------- c:\documents and settings\Kozmér Árpád\Application Data\IDimager
2008-12-07 10:32 . 2008-12-07 10:32 <DIR> d-------- c:\documents and settings\Kozmér Árpád\Application Data\IDimager
2008-12-07 10:32 . 2008-12-07 10:32 <DIR> d-------- c:\documents and settings\Kozmér Árpád\Application Data\Anthropics
2008-12-07 10:32 . 2008-12-07 10:32 <DIR> d-------- c:\documents and settings\Kozmér Árpád\Application Data\Anthropics
2008-12-07 10:00 . 2008-12-27 13:11 43 --a------ c:\windows\FFS20ChtReg.ini
2008-12-07 09:59 . 2008-12-07 09:59 <DIR> d-------- c:\documents and settings\Kozmér Árpád\Application Data\Reallusion
2008-12-07 09:59 . 2008-12-07 09:59 <DIR> d-------- c:\documents and settings\Kozmér Árpád\Application Data\Reallusion
2008-12-07 09:33 . 2008-12-27 12:04 <DIR> d-------- c:\documents and settings\Kozmér Árpád\Application Data\ZCDream
2008-12-07 09:33 . 2008-12-27 12:04 <DIR> d-------- c:\documents and settings\Kozmér Árpád\Application Data\ZCDream
2008-12-07 09:32 . 2008-12-07 09:32 <DIR> d-------- C:\ZC Dream Photo Editor
2008-12-07 09:18 . 2008-12-07 09:18 <DIR> d-------- c:\program files\Serif
2008-12-03 13:29 . 2008-12-03 13:29 <DIR> d-------- c:\program files\iTunes
2008-12-03 13:29 . 2008-12-03 13:29 <DIR> d-------- c:\program files\iPod
2008-12-03 13:29 . 2008-12-03 13:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-03 13:27 . 2008-12-03 13:27 <DIR> d-------- c:\program files\QuickTime
2008-12-03 13:26 . 2008-12-03 13:26 <DIR> d-------- c:\program files\Apple Software Update
2008-12-02 18:44 . 2008-12-03 18:01 <DIR> d-------- C:\Ringtones
2008-12-02 18:40 . 2008-12-03 18:10 <DIR> d-------- c:\documents and settings\Kozmér Árpád\Application Data\iPhoneRingToneMaker
2008-12-02 18:40 . 2008-12-03 18:10 <DIR> d-------- c:\documents and settings\Kozmér Árpád\Application Data\iPhoneRingToneMaker
2008-12-01 16:14 . 2008-12-03 11:39 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-01 16:14 . 2008-12-01 16:14 1,409 --a------ c:\windows\QTFont.for
2008-12-01 16:13 . 2008-12-03 13:29 <DIR> d-------- c:\program files\Common Files\Apple
2008-12-01 16:13 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-12-01 16:12 . 2008-12-01 16:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-11-28 23:13 . 2008-11-28 23:13 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Xfire
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 11:19 --------- d-----w c:\documents and settings\Kozmér Árpád\Application Data\uTorrent
2008-12-28 11:19 --------- d-----w c:\documents and settings\Kozmér Árpád\Application Data\uTorrent
2008-12-28 09:05 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-27 17:09 --------- d-----w c:\program files\Omega One
2008-12-27 11:14 --------- d-----w c:\program files\Image-Line
2008-12-27 11:11 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-27 11:11 --------- d-----w c:\program files\ArcSoft
2008-12-27 11:05 --------- d-----w c:\documents and settings\Kozmér Árpád\Application Data\ArcSoft
2008-12-27 11:05 --------- d-----w c:\documents and settings\Kozmér Árpád\Application Data\ArcSoft
2008-12-24 13:10 --------- d-----w c:\documents and settings\Kozmér Árpád\Application Data\LimeWire
2008-12-24 13:10 --------- d-----w c:\documents and settings\Kozmér Árpád\Application Data\LimeWire
2008-12-22 16:26 --------- d-----w c:\program files\Activision
2008-12-22 16:05 --------- d-----w c:\program files\The Cleaner Demo
2008-12-22 16:00 --------- d-----w c:\program files\Rockstar Games
2008-12-21 14:39 --------- d-----w c:\documents and settings\Kozmér Árpád\Application Data\Xfire
2008-12-21 14:39 --------- d-----w c:\documents and settings\Kozmér Árpád\Application Data\Xfire
2008-12-19 14:23 --------- d-----w c:\documents and settings\Kozmér Árpád\Application Data\BSplayer
2008-12-19 14:23 --------- d-----w c:\documents and settings\Kozmér Árpád\Application Data\BSplayer
2008-12-17 14:18 --------- d-----w c:\program files\Xfire
2008-12-14 13:04 --------- d-----w c:\documents and settings\Kozmér Árpád\Application Data\gtk-2.0
2008-12-14 13:04 --------- d-----w c:\documents and settings\Kozmér Árpád\Application Data\gtk-2.0
2008-12-10 19:28 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-10 15:22 --------- d-----w c:\program files\Call of Duty
2008-12-08 17:25 --------- d-----w c:\program files\THQ
2008-12-07 10:01 --------- d-----w c:\program files\Warcraft III
2008-12-03 15:34 --------- d-----w c:\documents and settings\Kozmér Árpád\Application Data\Apple Computer
2008-12-03 15:34 --------- d-----w c:\documents and settings\Kozmér Árpád\Application Data\Apple Computer
2008-12-03 12:28 --------- d-----w c:\program files\Bonjour
2008-12-03 12:27 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-02 13:03 --------- d-----w c:\program files\Messenger Plus! Live
2008-11-28 22:10 --------- d-----w c:\program files\Java
2008-11-23 16:59 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-11-23 14:54 --------- d-----w c:\program files\Recolored
2008-11-23 12:13 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-21 15:10 --------- d-----w c:\documents and settings\NetworkService\Application Data\Xfire
2008-11-20 12:17 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-18 21:45 --------- d-----w c:\program files\Circle Developement
2008-11-18 20:57 5,376 ----a-w c:\windows\system32\drivers\MS1000.sys
2008-11-18 17:50 --------- d-----w c:\program files\Microsoft Games
2008-11-18 17:37 --------- d-----w c:\program files\DIFX
2008-11-18 17:10 --------- d-----w c:\program files\Windows Live
2008-11-17 11:07 --------- d-----w c:\program files\VstPlugins
2008-11-16 22:00 --------- d-----w c:\program files\OpenMortal
2008-11-16 14:07 --------- d-----w c:\program files\DreamLight Photo Editor
2008-11-16 14:04 --------- d-----w c:\program files\Magic Photo Editor
2008-11-11 14:07 --------- d-----w c:\program files\SEGA
2008-11-10 15:51 --------- d-----w c:\program files\Electronic Arts
2008-11-10 12:58 --------- d-----w c:\program files\PowerISO
2008-11-08 11:32 --------- d-----w c:\documents and settings\Kozmér Árpád\Application Data\Microsoft Games
2008-11-08 11:32 --------- d-----w c:\documents and settings\Kozmér Árpád\Application Data\Microsoft Games
2008-11-07 13:12 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-06 18:08 --------- d-----w c:\program files\TuneUp Utilities 2008
2008-11-06 18:07 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-06 18:07 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2008-11-05 20:07 --------- d-----w c:\program files\Avanquest update
2008-11-05 19:20 --------- d-----w c:\program files\FDRLab
2008-11-04 19:07 --------- d-----w c:\program files\JavaSoft
2008-11-03 18:52 --------- d-----w c:\program files\VirtualDJ
2008-11-03 18:39 --------- d-----w c:\program files\FreeNinjaSurfing
2008-11-03 08:48 --------- d-----w c:\program files\NinjaSurfing
2008-11-02 15:47 --------- d-----w c:\documents and settings\Kozmér Árpád\Application Data\Hide IP NG
2008-11-02 15:47 --------- d-----w c:\documents and settings\Kozmér Árpád\Application Data\Hide IP NG
2008-11-02 09:45 --------- d-----w c:\documents and settings\Kozmér Árpád\Application Data\Capcom
2008-11-02 09:45 --------- d-----w c:\documents and settings\Kozmér Árpád\Application Data\Capcom
2008-11-02 08:44 56,572 ----a-w c:\windows\system32\drivers\scdemu.sys
2008-11-01 12:51 --------- d-----w c:\program files\Wondershare
2008-11-01 12:23 --------- d-----w c:\program files\Common Files\Download Manager
2008-10-31 12:08 --------- d-----w c:\documents and settings\Kozmér Árpád\Application Data\Leadertech
2008-10-31 12:08 --------- d-----w c:\documents and settings\Kozmér Árpád\Application Data\Leadertech
2008-10-31 09:24 --------- d-----w c:\program files\Gimp-2.0
2008-10-31 08:51 --------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software
2008-10-31 08:49 --------- d-----w c:\program files\Sony Ericsson
2008-10-31 08:49 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Ericsson
2008-10-31 08:40 --------- d-----w c:\program files\Astroart4 Demo
2008-10-31 08:22 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-10-31 08:22 249,856 ------w c:\windows\Setup1.exe
2008-08-29 15:58 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082920080830\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE2C5EF2-DFBF-49B0-BBF2-3B2805A52722}]
2008-12-27 11:12 167936 --a------ c:\windows\system32\dhofozr.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 143360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Google Update"="c:\documents and settings\Kozmér Árpád\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 360448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"SW20"="c:\windows\system32\sw20.exe" [2006-05-18 208896]
"SW24"="c:\windows\system32\sw24.exe" [2006-05-17 69632]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-12-20 37376]
"Gigaget"="c:\program files\Giganology\Gigaget\GigagetShell.exe" [2006-02-07 495616]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576]
"V0220Mon.exe"="c:\windows\V0220Mon.exe" [2006-05-16 28672]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-09-27 951624]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-28 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"nwiz"="nwiz.exe" [2006-06-01 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 c:\windows\soundman.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Documents and Settings\\Kozmér Árpád\\Dokumentumok\\Videók\\WLM Lite 8.5.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\MC2\\Sniper Elite\\SniperElite.exe"=
"c:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Documents and Settings\\Kozmér Árpád\\Dokumentumok\\First to Fight\\CCF2F.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-09-27 15160]
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys [2008-12-28 141312]
R3 V0220Dev;Live! Cam Video IM;c:\windows\system32\DRIVERS\V0220Dev.sys [2008-08-13 145472]
R3 V0220Vfx;V0220VFX;c:\windows\system32\DRIVERS\V0220Vfx.sys [2008-08-13 6272]
S3 a016bus;Sony Ericsson Device A016 driver (WDM);c:\windows\system32\DRIVERS\a016bus.sys [2008-10-31 83880]
S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter;c:\windows\system32\DRIVERS\a016mdfl.sys [2008-10-31 15016]
S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\a016mdm.sys [2008-10-31 110504]
S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\a016mgmt.sys [2008-10-31 104488]
S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\a016obex.sys [2008-10-31 100648]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2008-12-28 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]
2008-12-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-12-27 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Kozm []
.
- - - - ORPHANS REMOVED - - - -
ShellExecuteHooks-{16664848-0E00-11D2-8059-000000000000} - (no file)
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.bsplayer-search.com/startpage
uInternet Settings,ProxyOverride = *.local
IE: &Download All by Gigaget - c:\program files\Giganology\Gigaget\getallurl.htm
IE: &Download by Gigaget - c:\program files\Giganology\Gigaget\geturl.htm
IE: Crawler Search - tbr:iemenu
IE: Download ALL with IDA
IE: Download with IDA
IE: E&xportálás a Microsoft Excel programba - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint – Gyors nyomtatás - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint – Hozzáadás a nyomtatási listához - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint – Nyomtatás - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint – Nyomtatási kép - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
LSP: c:\windows\system32\imon.dll
TCP: {5B3F1D2A-AE8D-40C3-84AE-747069036762} = 217.145.192.3,217.145.194.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Kozmér Árpád\Application Data\Mozilla\Firefox\Profiles\8czi84zz.default\
FF - prefs.js: browser.search.selectedEngine - BS.Player Search
FF - prefs.js: browser.startup.homepage - google.hu
FF - component: c:\program files\BS.Player ControlBar\FirefoxDTT\components\BSToolbarFF.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\components\iamfamous.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-12-28 12:19:14
Windows 5.1.2600 Szervizcsomag 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(776)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\uTorrent\uTorrent.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-12-28 12:24:51 - machine was rebooted [Kozmér Árpád]
ComboFix-quarantined-files.txt 2008-12-28 11:24:48
Pre-Run: 3,609,296,896 bájt szabad
Post-Run: 4,070,649,856 bájt szabad
366 --- E O F --- 2008-12-18 21:08:18
igy is jo,de eleg let volna a javito telepites is.
