tu su aktualne logy :
Hijack This
--------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:41:32, on 2.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
C:\Programy\ESET Smart Security\ekrn.exe
C:\Programy\HDDlife 3\hldasvc.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
D:\WINDOWS\system32\nvsvc32.exe
C:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\SoftwareDistribution\Download\Install\MPSetup_MUISKY.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Programy\CloneCD\CloneCDTray.exe
C:\Programy\VirtualCloneDrive\VCDDaemon.exe
C:\Programy\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Lexmark 2300 Series\lxcgmon.exe
D:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Programy\Nokia PC Suite\Nokia PC Suite 6\LaunchApplication.exe
D:\WINDOWS\system32\lxcgcoms.exe
C:\Programy\Nero 7\Nero BackItUp\NBKeyScan.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\RTHDCPL.EXE
C:\Programy\ESET Smart Security\egui.exe
D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
D:\WINDOWS\system32\ctfmon.exe
C:\Programy\ICQ6\ICQ.exe
D:\WINDOWS\OETRN.EXE
C:\Programy\AnyDVD\AnyDVD.exe
C:\Programy\GetRight\getright.exe
C:\Programy\HDDlife 3\HDDlifePro.exe
C:\Programy\LimeWire PRO\LimeWire.exe
C:\Programy\Opera\Opera.exe
D:\Documents and Settings\Nexus\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:81
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programy\SnagIt 8\SnagItBHO.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programy\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - D:\WINDOWS\WebIE.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programy\GetRight\xx2gr.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programy\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: rightonadz browser optimizer - {971C3384-F75E-4562-95B3-CBE7417529BC} - D:\WINDOWS\system32\gzmrotate.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programy\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - D:\WINDOWS\WebIE.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X Configure] D:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programy\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programy\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programy\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "D:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCGCATS] rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "D:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "D:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programy\Nokia PC Suite\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programy\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LClock] D:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Programy\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [nod32kui] "C:\Programy\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [hid_start] D:\WINDOWS\System32\Rundll32.exe "D:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programy\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "c:\programy\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [uTorrent] "D:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Programy\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [Skype] "C:\Programy\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AnyDVD] C:\Programy\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programy\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [OEXPRESS] D:\WINDOWS\OETRN.EXE
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Programy\Hide IP Platinum\hideippla.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: HDDlife.lnk = C:\Programy\HDDlife 3\HDDlifePro.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programy\Adobe Reader 8\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programy\Adobe Reader 8\Reader\AdobeCollabSync.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programy\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight Pro - C:\Programy\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\Programy\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Programy\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programy\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programy\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programy\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - D:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programy\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - D:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - D:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\WINDOWS\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programy\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programy\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 0539611953
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programy\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Programy\HDDlife 3\hlAPP.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Programy\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - Eset - C:\Programy\ESET Smart Security\ekrn.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Ltd. - C:\Programy\HDDlife 3\hldasvc.exe
O23 - Service: lxcg_device - - D:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Macromedia Licensing Service - Macromedia - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Programy\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programy\Eset\nod32krn.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 11149 bytes
--------------------------------
a tu log s combofixu :
--------------------------------ComboFix 07-10.1.2 - Nexus 2007-10-02 20:30:30.2 - NTFSx86
Syst‚m Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1033.18.1513 [GMT 2:00]
Running from: D:\Documents and Settings\Nexus\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-09-02 to 2007-10-02 )))))))))))))))))))))))))))))))
.
2007-10-02 20:26 <DIR> d-------- D:\Documents and Settings\Nexus\Application Data\ICQLite
2007-10-02 17:39 <DIR> d-------- D:\WINDOWS\LastGood
2007-10-01 20:03 51,200 --a------ D:\WINDOWS\NirCmd.exe
2007-10-01 20:03 <DIR> d-------- D:\__qoobox
2007-10-01 20:02 <DIR> d-------- D:\__ComboFix
2007-10-01 17:38 512,096 --a------ D:\WINDOWS\system32\drivers\amon.sys
2007-10-01 17:38 298,104 --a------ D:\WINDOWS\system32\imon.dll
2007-10-01 17:38 15,424 --a------ D:\WINDOWS\system32\drivers\nod32drv.sys
2007-10-01 16:49 <DIR> d-------- D:\Documents and Settings\Nexus\Application Data\Eset
2007-10-01 16:48 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Eset
2007-09-30 21:07 <DIR> d-------- D:\Documents and Settings\Nexus\Application Data\uTorrent
2007-09-30 20:34 <DIR> d-------- D:\Documents and Settings\Nexus\Application Data\uTorrent(2)
2007-09-30 19:56 <DIR> d-------- D:\!KillBox
2007-09-30 19:31 <DIR> d-------- D:\WINDOWS\system32\config\systemprofile\Pracovn plocha
2007-09-30 19:15 24,661 --a--c--- D:\WINDOWS\system32\dllcache\spxcoins.dll
2007-09-30 19:15 24,661 --a------ D:\WINDOWS\system32\spxcoins.dll
2007-09-30 19:15 13,312 --a--c--- D:\WINDOWS\system32\dllcache\irclass.dll
2007-09-30 19:15 13,312 --a------ D:\WINDOWS\system32\irclass.dll
2007-09-30 19:15 <DIR> dr------- D:\Documents and Settings\Default User\Ponuka ćtart
2007-09-30 19:15 <DIR> dr------- D:\Documents and Settings\All Users\Ponuka ćtart
2007-09-30 19:15 <DIR> dr------- D:\Documents and Settings\All Users\Dokumenty
2007-09-30 19:15 <DIR> d--h----- D:\Documents and Settings\Default User\ćabl˘ny
2007-09-30 19:15 <DIR> d--h----- D:\Documents and Settings\All Users\ćabl˘ny
2007-09-30 19:15 <DIR> d-------- D:\Documents and Settings\Default User\Pracovn plocha
2007-09-30 19:15 <DIR> d-------- D:\Documents and Settings\Default User\Ob–Łben‚ polo§ky
2007-09-30 19:15 <DIR> d-------- D:\Documents and Settings\Default User\Moje dokumenty
2007-09-30 19:15 <DIR> d-------- D:\Documents and Settings\All Users\Pracovn plocha
2007-09-30 19:15 <DIR> d-------- D:\Documents and Settings\All Users\Ob–Łben‚ polo§ky
2007-09-29 21:11 <DIR> d-------- D:\WINDOWS\system32\VIRepair
2007-09-29 18:14 <DIR> d-------- D:\Program Files\Common Files\Blizzard Entertainment
2007-09-29 16:26 40,733 --a------ D:\WINDOWS\system32\rightonadz-uninst.exe
2007-09-29 15:33 19,968 --a------ D:\WINDOWS\system32\reico.exe
2007-09-29 15:14 <DIR> d-------- D:\Documents and Settings\Nexus\Shared
2007-09-29 15:13 <DIR> d-------- D:\Documents and Settings\Nexus\Incomplete
2007-09-29 15:13 <DIR> d-------- D:\Documents and Settings\Nexus\Application Data\LimeWire
2007-09-29 15:04 1,136 --a------ D:\WINDOWS\mozver.dat
2007-09-29 15:00 <DIR> d-------- D:\Documents and Settings\Nexus\Application Data\Talkback
2007-09-26 17:28 <DIR> d-------- D:\Documents and Settings\Nexus\Application Data\RapidGet
2007-09-25 15:13 <DIR> d-------- D:\Documents and Settings\Nexus\Application Data\URSoft
2007-09-24 16:28 491,520 --a------ D:\WINDOWS\WebIE.dll
2007-09-24 16:28 45,056 --a------ D:\WINDOWS\TRNOEH.DLL
2007-09-24 16:28 356,352 --a------ D:\WINDOWS\TrnOutl.dll
2007-09-24 16:28 294,912 --a------ D:\WINDOWS\TrnWord.dll
2007-09-24 16:28 26,624 --a------ D:\WINDOWS\OETRN.EXE
2007-09-24 16:28 200,704 --a------ D:\WINDOWS\TRNOET.DLL
2007-09-24 16:26 516,096 --a------ D:\WINDOWS\UN32.EXE
2007-09-24 16:19 43,520 --a------ D:\WINDOWS\system32\CmdLineExt03.dll
2007-09-24 14:33 107,864 --a------ D:\WINDOWS\system32\tsccvid.dll
2007-09-24 14:33 <DIR> d-------- D:\WINDOWS\system32\QuickTime
2007-09-24 14:15 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\TechSmith
2007-09-24 14:13 <DIR> d-------- D:\Program Files\Common Files\Wise Installation Wizard
2007-09-24 13:50 <DIR> d-------- D:\Program Files\MSXML 4.0
2007-09-23 18:42 <DIR> d-------- D:\Program Files\MSXML 6.0
2007-09-23 18:42 <DIR> d-------- D:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-09-23 11:29 271,224 --a------ D:\WINDOWS\system32\mucltui.dll
2007-09-23 11:24 <DIR> d---s---- D:\Documents and Settings\Nexus\UserData
2007-09-23 09:44 <DIR> d-------- D:\Documents and Settings\Nexus\Application Data\Google
2007-09-22 19:40 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-21 15:49 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-09-21 09:17 52,232 --a------ D:\WINDOWS\system32\drivers\epfwtdi.sys
2007-09-21 09:17 50,184 --a------ D:\WINDOWS\system32\drivers\epfw.sys
2007-09-21 09:17 30,728 --a------ D:\WINDOWS\system32\drivers\epfwndis.sys
2007-09-21 09:15 33,288 --a------ D:\WINDOWS\system32\drivers\eamon.sys
2007-09-21 09:15 25,096 --a------ D:\WINDOWS\system32\drivers\easdrv.sys
2007-09-20 18:28 <DIR> d-------- D:\Program Files\Windows Media Connect 2
2007-09-20 18:27 <DIR> d-------- D:\WINDOWS\system32\LogFiles
2007-09-20 18:27 <DIR> d-------- D:\WINDOWS\system32\drivers\UMDF
2007-09-20 17:54 <DIR> d-------- D:\Documents and Settings\Nexus\Application Data\Switchball
2007-09-20 17:54 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Trymedia
2007-09-20 17:11 <DIR> d-------- D:\Program Files\Skype
2007-09-20 17:11 <DIR> d-------- D:\Program Files\Common Files\Skype
2007-09-20 17:11 <DIR> d-------- D:\Documents and Settings\Nexus\Application Data\Skype
2007-09-20 16:06 <DIR> d-------- D:\Program Files\AskPBar
2007-09-20 16:04 <DIR> d-------- D:\Program Files\Google
2007-09-20 15:53 <DIR> d-------- D:\Documents and Settings\Nexus\Application Data\ICQ Toolbar
2007-09-20 15:51 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Skype
2007-09-20 15:29 <DIR> d-------- D:\Documents and Settings\Nexus\Application Data\WinRAR
2007-09-19 18:03 <DIR> d-------- D:\Documents and Settings\Nexus\Application Data\Ahead
2007-09-19 18:03 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Ahead
2007-09-19 18:01 <DIR> d-------- D:\Program Files\Common Files\Ahead
2007-09-19 18:01 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Nero
2007-09-19 16:20 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2007-09-19 15:56 <DIR> d-------- D:\Program Files\Common Files\EZB Systems
2007-09-19 15:55 <DIR> d-------- D:\Documents and Settings\Nexus\Application Data\SlySoft
2007-09-19 15:38 <DIR> d-------- D:\Documents and Settings\Nexus\Application Data\InstallShield
2007-09-19 15:26 <DIR> d-------- D:\Documents and Settings\Nexus\Application Data\Miranda
2007-09-19 15:16 <DIR> d-------- D:\Documents and Settings\Nexus\Application Data\Miranda IM
2007-09-17 17:37 <DIR> d-------- D:\Documents and Settings\All Users\Application DataTechSmith
2007-09-17 15:28 <DIR> d-------- D:\Program Files\Common Files\Macromedia Shared
2007-09-16 20:21 86,016 --a------ D:\WINDOWS\system32\OpenAL32.dll
2007-09-16 20:21 262,144 --a------ D:\WINDOWS\system32\wrap_oal.dll
2007-09-16 20:18 5,632 --a------ D:\WINDOWS\system32\drivers\Entech64.sys
2007-09-16 20:18 3,972 --a------ D:\WINDOWS\system32\drivers\PciBus.sys
2007-09-16 20:18 21,664 --a------ D:\WINDOWS\system32\drivers\Entech.sys
2007-09-16 20:18 <DIR> d-------- D:\WINDOWS\system32\Futuremark
2007-09-14 17:42 <DIR> d-------- D:\Documents and Settings\Nexus\Application Data\Nokia Multimedia Player
2007-09-13 18:14 306,688 --a------ D:\WINDOWS\IsUninst.exe
2007-09-13 18:14 <DIR> d-------- D:\Documents and Settings\Nexus\WINDOWS
2007-09-12 15:02 <DIR> d-------- D:\Documents and Settings\Nexus\Application Data\Nokia
2007-09-12 15:02 <DIR> d-------- D:\Documents and Settings\Nexus\Application Data\DataLayer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-28 19:41 1653 --a------ D:\WINDOWS\system32\drivers\fwdrv.err
2007-09-24 16:18 --------- d--h----- D:\Program Files\InstallShield Installation Information
2007-09-16 19:47 --------- d-------- D:\Program Files\Common Files\InstallShield
2007-09-12 16:18 --------- d-------- D:\Documents and Settings\Nexus\Application Data\ImgBurn
2007-09-07 16:48 --------- d-------- D:\Program Files\MSBuild
2007-09-06 20:00 --------- d-------- D:\Program Files\Reference Assemblies
2007-09-06 19:48 --------- d-------- D:\Program Files\Combined Community Codec Pack
2007-09-06 19:33 --------- d-------- D:\Program Files\VIA
2007-09-06 19:28 --------- d-------- D:\Program Files\Realtek
2007-09-06 19:27 --------- d-------- D:\Documents and Settings\All Users\Application Data\muvee Technologies
2007-09-06 19:16 --------- d-------- D:\Program Files\microsoft frontpage
2007-08-10 21:56 93128 --a------ D:\WINDOWS\system32\ElbyCDIO.dll
2007-08-07 21:48 25160 --a------ D:\WINDOWS\system32\drivers\ElbyCDIO.sys
2007-07-30 19:19 92504 --a------ D:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ D:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ D:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ D:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ D:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ D:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ D:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ D:\WINDOWS\system32\wups.dll
2007-07-30 19:18 207736 --a------ D:\WINDOWS\system32\muweb.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{971C3384-F75E-4562-95B3-CBE7417529BC}]
D:\WINDOWS\system32\gzmrotate.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="D:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2006-02-28 14:00]
"MSPY2002"="D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" []
"PHIME2002ASync"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" []
"PHIME2002A"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" []
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43]
"nwiz"="nwiz.exe" [2006-08-11 15:43 D:\WINDOWS\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 D:\WINDOWS\SkyTel.exe]
"JMB36X Configure"="D:\WINDOWS\system32\JMRaidTool.exe" [2006-08-14 04:51]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"CloneCDTray"="C:\Programy\CloneCD\CloneCDTray.exe" [2006-09-28 21:21]
"VirtualCloneDrive"="C:\Programy\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 15:21]
"GrooveMonitor"="C:\Programy\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"FaxCenterServer"="D:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 15:36]
"LXCGCATS"="D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 19:48]
"lxcgmon.exe"="D:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-21 08:07]
"EzPrint"="D:\Program Files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 14:05]
"PCSuiteTrayApplication"="C:\Programy\Nokia PC Suite\Nokia PC Suite 6\LaunchApplication.exe" [2006-06-15 12:36]
"NeroFilterCheck"="D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"NBKeyScan"="C:\Programy\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-06-29 19:16]
"LClock"="D:\Program Files\LClock\LClock.exe" []
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 15:43]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 08:00 D:\WINDOWS\RTHDCPL.exe]
"egui"="C:\Programy\ESET Smart Security\egui.exe" [2007-09-21 09:16]
"nod32kui"="C:\Programy\Eset\nod32kui.exe" []
"hid_start"="D:\WINDOWS\system32\gzmrotate.dll" []
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Programy\Google\Gmail Notifier\gnotify.exe" []
"ICQ Lite"="C:\Programy\ICQ\ICQLite.exe" [2006-07-27 20:12]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2006-02-28 14:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03]
"Steam"="c:\programy\valve\steam\steam.exe" [2007-09-19 20:22]
"uTorrent"="D:\Program Files\uTorrent\uTorrent.exe" []
"Skype"="C:\Programy\Skype\Phone\Skype.exe" [2007-09-13 13:31]
"AnyDVD"="C:\Programy\AnyDVD\AnyDVD.exe" [2007-09-15 15:23]
"AlcoholAutomount"="C:\Programy\Alcohol 120\axcmd.exe" [2007-07-02 12:29]
"OEXPRESS"="D:\WINDOWS\OETRN.EXE" [2007-09-24 16:28]
"Hide IP Platinum"="C:\Programy\Hide IP Platinum\hideippla.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Programy\ICQ\ICQLite.exe -trayboot
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"KB926239"=rundll32.exe apphelp.dll,ShimFlushCache
D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Programy\Adobe Reader 8\Reader\reader_sl.exe [2006-10-23 02:48:00]
Adobe Reader Synchronizer.lnk - C:\Programy\Adobe Reader 8\Reader\AdobeCollabSync.exe [2006-10-23 01:01:00]
GetRight - Tray Icon.lnk - C:\Programy\GetRight\getright.exe [2007-09-29 16:09:50]
D:\Documents and Settings\Nexus\Start Menu\Programs\Startup\
HDDlife.lnk - C:\Programy\HDDlife 3\HDDlifePro.exe [2007-09-20 15:32:30]
D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Programy\Adobe Reader 8\Reader\reader_sl.exe [2006-10-23 02:48:00]
Adobe Reader Synchronizer.lnk - C:\Programy\Adobe Reader 8\Reader\AdobeCollabSync.exe [2006-10-23 01:01:00]
GetRight - Tray Icon.lnk - C:\Programy\GetRight\getright.exe [2007-09-29 16:09:50]
R0 JGOGO;JMicron Hot-Plug Driver;D:\WINDOWS\system32\DRIVERS\JGOGO.sys
R0 JRAID;JRAID;D:\WINDOWS\system32\DRIVERS\jraid.sys
R0 videX32;videX32;D:\WINDOWS\system32\DRIVERS\videX32.sys
R0 xfilt;VIA SATA IDE Hot-plug Driver;D:\WINDOWS\system32\DRIVERS\xfilt.sys
R1 easdrv;easdrv;D:\WINDOWS\system32\DRIVERS\easdrv.sys
R1 epfwtdi;epfwtdi;D:\WINDOWS\system32\DRIVERS\epfwtdi.sys
R1 ISODrive;ISO DVD/CD-ROM Device Driver;\??\C:\Programy\UltraISO\drivers\ISODrive.sys
R1 oreans32;oreans32;\??\D:\WINDOWS\system32\drivers\oreans32.sys
R2 eamon;EAMON;D:\WINDOWS\system32\DRIVERS\eamon.sys
R2 ekrn;Eset Service;"C:\Programy\ESET Smart Security\ekrn.exe"
R2 epfw;epfw;D:\WINDOWS\system32\DRIVERS\epfw.sys
R2 HDDlife HDD Access service;HDDlife HDD Access service;"C:\Programy\HDDlife 3\hldasvc.exe"
R3 Epfwndis;Eset Personal Firewall;D:\WINDOWS\system32\DRIVERS\Epfwndis.sys
R3 Maplom;Maplom;D:\WINDOWS\system32\drivers\Maplom.sys
R3 PSched;QoS Packet Scheduler;D:\WINDOWS\system32\DRIVERS\psched.sys
S3 EhttpSrv;Eset HTTP Server;"C:\Programy\ESET Smart Security\EHttpSrv.exe"
S3 PciBus;PciBus;\??\D:\WINDOWS\system32\drivers\PciBus.sys
S3 tap0901_2gm;VPN Anonymizer Adapter;D:\WINDOWS\system32\DRIVERS\tap0901_2gm.sys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-10-02 20:31:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-02 20:32:08
.
--- E O F ---
--------------------------------
Nexus
