Je to adware?

Precasal som Pc s HijackThis-om, dal som na analyzu na stranku hijackthis.de a len tento jeden problem tam bol - neznáma aplikace:

O4 - HKLM\..\Run: [BMdbafa548] Rundll32.exe "C:\WINDOWS\system32\upcvlwqo.dll",s

Je to adware?

Nikto sa k tomu nevie vyjadrit???

Ahoj,

vyzera to na zastupcu rodiny Win32/Adware.Virtumonde.

Combofix by to odstranil?

Neviem, ci to ma v databaze. Zmaz to cez UnDLL.

Dik, volaco musim s tym spravit, lebo ma to vel.hnevá.. Neda sa to vobec odstranit.. Este raz dik..

COMBOFIX je fantastická aplikácia, opravil chod Pc!!! Pozrite sa, kolko vselicoho tam bolo.. Je tu niekto, kto to vie skontrolovat? Vopred dakujem..


ComboFix 08-08-21.02 - AN 2008-08-23 19:18:43.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.181 [GMT 2:00]
Running from: F:\ComboFix\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\csrss.exe
C:\WINDOWS\b152.exe
C:\WINDOWS\BMdbafa548.txt
C:\WINDOWS\BMdbafa548.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bvqymxxw.dll
C:\WINDOWS\system32\c4
C:\WINDOWS\system32\eoedpwns.dll
C:\WINDOWS\system32\hryobtje.ini
C:\WINDOWS\system32\iiffFwww.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\p1
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qtDJQBeg.ini
C:\WINDOWS\system32\qtDJQBeg.ini2
C:\WINDOWS\system32\spgmiqxv.ini
C:\WINDOWS\system32\tshuugpj.dll
C:\WINDOWS\system32\upcvlwqo.dll
C:\WINDOWS\system32\UwGQstwa.ini
C:\WINDOWS\system32\UwGQstwa.ini2
C:\WINDOWS\system32\wwwFffii.ini
C:\WINDOWS\system32\wwwFffii.ini2

.
((((((((((((((((((((((((( Files Created from 2008-07-23 to 2008-08-23 )))))))))))))))))))))))))))))))
.

2008-08-23 18:58 . 2008-08-23 18:58 353,674 ---h----- C:\TREEINFO.WC
2008-08-23 18:14 . 2008-08-23 18:14 <DIR> d-------- C:\Program Files\Webroot
2008-08-23 18:14 . 2007-12-10 20:08 1,526,584 --a------ C:\WINDOWS\WRSetup.dll
2008-08-23 18:14 . 2007-12-10 19:47 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-08-23 18:14 . 2007-12-10 19:47 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-08-23 18:14 . 2007-12-10 19:47 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-08-23 18:14 . 2007-12-10 19:47 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-08-23 13:14 . 2008-08-23 13:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-23 11:49 . 2008-08-23 11:49 <DIR> d-------- C:\VundoFix Backups
2008-08-22 21:18 . 2008-08-22 21:18 <DIR> d-------- C:\Program Files\Glary Utilities
2008-08-22 20:02 . 2008-08-22 20:02 <DIR> d-------- C:\Documents and Settings\LocalService\Plocha
2008-08-22 20:02 . 2008-08-22 20:02 <DIR> d--h----- C:\Documents and Settings\LocalService\Okolnˇ sˇś
2008-08-22 20:02 . 2008-08-22 20:02 <DIR> dr------- C:\Documents and Settings\LocalService\Oblˇben‚ polo§ky
2008-08-22 20:02 . 2008-08-22 20:02 <DIR> d-------- C:\Documents and Settings\LocalService\Nabˇdka Start
2008-08-22 20:02 . 2008-08-22 20:02 <DIR> dr------- C:\Documents and Settings\LocalService\Dokumenty
2008-08-22 20:02 . 2004-08-17 15:49 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-21 16:38 . 2008-08-21 16:39 <DIR> d-------- C:\Program Files\TuneUp Utilities 2006
2008-08-21 15:38 . 2008-08-21 15:38 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-20 17:11 . 2008-08-20 17:11 <DIR> d-------- C:\Program Files\ESET
2008-08-20 16:44 . 2008-08-20 16:45 <DIR> d-------- C:\Program Files\1
2008-08-20 16:29 . 2005-12-13 21:24 <DIR> d--h----- C:\Documents and Settings\Administrator\ćablony
2008-08-20 16:29 . 2008-08-20 16:42 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-08-20 16:29 . 2005-12-13 22:19 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ tisk rny
2008-08-20 16:29 . 2005-12-13 22:19 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ sˇś
2008-08-20 16:29 . 2005-12-13 22:19 <DIR> d-------- C:\Documents and Settings\Administrator\Oblˇben‚ polo§ky
2008-08-20 16:29 . 2005-12-13 22:19 <DIR> dr------- C:\Documents and Settings\Administrator\Nabˇdka Start
2008-08-20 16:29 . 2005-12-13 22:19 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-08-20 16:29 . 2008-08-20 16:50 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikacˇ
2008-08-20 16:29 . 2008-08-20 16:29 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-20 08:55 . 2008-08-21 16:42 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-20 08:54 . 2008-08-21 16:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-19 22:00 . 2008-08-19 22:00 71 --a------ C:\Documents and Settings\AN\2544.bat
2008-08-18 23:46 . 2008-08-18 23:46 71 --a------ C:\Documents and Settings\AN\3272.bat
2008-08-18 22:33 . 2008-08-18 22:33 <DIR> d-------- C:\Program Files\Mjcore
2008-08-17 21:46 . 2008-08-17 21:46 <DIR> d--hs---- C:\WINDOWS\QU4
2008-08-17 21:44 . 2008-08-20 17:38 <DIR> d-------- C:\WINDOWS\system32\kBin02
2008-08-17 21:44 . 2008-08-17 21:44 71 --a------ C:\Documents and Settings\AN\2641.bat
2008-08-16 18:28 . 2008-08-16 18:28 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-08-16 18:26 . 2008-08-16 18:26 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-08-16 18:23 . 2008-08-16 18:23 10,121,656 --a------ C:\Alcohol120_trial_1.9.7.6221.exe
2008-08-13 14:49 . 2008-08-13 14:49 227 --a------ C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
2008-08-13 14:49 . 2008-08-13 14:49 214 --a------ C:\WINDOWS\HP_48BitScanUpdatePatch.ini
2008-08-13 14:42 . 2008-08-13 14:42 221 --a------ C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
2008-07-29 20:34 . 2008-07-29 20:34 <DIR> d-------- C:\Program Files\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 14:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-20 16:00 --------- d-----w C:\Program Files\Symantec
2008-08-20 16:00 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-20 15:51 --------- d-----w C:\Program Files\Norton SystemWorks
2008-08-20 14:42 --------- d-----w C:\Program Files\Totalcmd
2008-08-13 12:41 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll
2008-07-29 18:34 --------- d-----w C:\Program Files\Java
2008-07-12 20:15 --------- d-----w C:\Program Files\Kids Colouring Book 2006
2008-07-12 16:00 --------- d-----w C:\Program Files\Google
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:41 660,480 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:42 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-18 18:52 7,721,920 ----a-w C:\Firefox Setup 3.0.exe
2004-05-15 15:03 1,300,260 ----a-w C:\Documents and Settings\DVD Audio Ripper 1.0.17.202\dvd-audio-ripper.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 12:14 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 16:10 271360]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-12-10 20:08 5367608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 11:17 1241088]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2003-08-13 19:38 54472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
"BMdbafa548"=Rundll32.exe "C:\WINDOWS\system32\tshuugpj.dll",s
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"LvHidSvc"=C:\WINDOWS\system32\lvhidsvc.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{105857c8-6ced-11da-81a6-0013d4dd174d}]
\Shell\Auto\command - G:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5101906f-c81c-11dc-890b-0013d4dd174d}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5885f75a-c267-11db-860e-0013d4dd174d}]
\Shell\AutoRun\command - F:\PortableRoboForm.exe
\Shell\RoboForm2Go\command - F:\PortableRoboForm.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-21 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-10-20 00:11]

2008-08-23 C:\WINDOWS\Tasks\GlaryInitialize.job
- C:\Program Files\Glary Utilities\initialize.exe [2008-07-18 11:08]

2008-08-23 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-13 19:38]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-BMdbafa548 - C:\WINDOWS\system32\eoedpwns.dll
ShellExecuteHooks-{C3F6F4FE-85F6-4D0C-98DE-15324B09F149} - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\AN\Data aplikací\Mozilla\Firefox\Profiles\4s3s5vzk.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 19:23:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\system32\ATL.DLL
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
.
**************************************************************************
.
Completion time: 2008-08-23 19:25:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-23 17:25:50

Pre-Run: 4,682,682,368
Post-Run: 4,638,052,352

204 --- E O F --- 2008-08-16 07:48:21

ComboFix je fantasticky dovtedy, kym ho nezrusi nejaka infiltracia alebo neobsahuje techniky na jeho oklamanie. Inak je zalozena na databaze "zlych" suborov, takze ak v nej este nie je, nezmaze ho.


Este dokoncime cistenie. Pouzi ComboFix s tymto skriptom:



LiveUpdate tam mas na co?

Vlozil som text do combofixu a je tu novy log:

ComboFix 08-08-21.02 - AN 2008-08-23 22:17:47.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.244 [GMT 2:00]
Running from: C:\Documents and Settings\AN\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\AN\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\AN\2641.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\AN\2641.bat

.
((((((((((((((((((((((((( Files Created from 2008-07-23 to 2008-08-23 )))))))))))))))))))))))))))))))
.

2008-08-23 18:14 . 2008-08-23 18:14 <DIR> d-------- C:\Program Files\Webroot
2008-08-23 18:14 . 2008-08-23 18:14 <DIR> d-------- C:\Documents and Settings\LocalService\Data aplikací\Webroot
2008-08-23 18:14 . 2008-08-23 18:14 <DIR> d-------- C:\Documents and Settings\AN\Data aplikací\Webroot
2008-08-23 18:14 . 2008-08-23 18:14 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Webroot
2008-08-23 18:14 . 2007-12-10 20:08 1,526,584 --a------ C:\WINDOWS\WRSetup.dll
2008-08-23 18:14 . 2007-12-10 19:47 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-08-23 18:14 . 2007-12-10 19:47 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-08-23 18:14 . 2007-12-10 19:47 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-08-23 18:14 . 2007-12-10 19:47 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-08-22 21:20 . 2008-08-22 21:20 <DIR> d-------- C:\Documents and Settings\AN\Data aplikací\GlarySoft
2008-08-22 20:02 . 2008-08-22 20:02 <DIR> d-------- C:\Documents and Settings\LocalService\Plocha
2008-08-22 20:02 . 2008-08-22 20:02 <DIR> d--h----- C:\Documents and Settings\LocalService\Okolní síť
2008-08-22 20:02 . 2008-08-22 20:02 <DIR> dr------- C:\Documents and Settings\LocalService\Oblíbené položky
2008-08-22 20:02 . 2008-08-22 20:02 <DIR> d-------- C:\Documents and Settings\LocalService\Nabídka Start
2008-08-22 20:02 . 2008-08-22 20:02 <DIR> dr------- C:\Documents and Settings\LocalService\Dokumenty
2008-08-22 20:02 . 2004-08-17 15:49 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-21 16:38 . 2008-08-21 16:39 <DIR> d-------- C:\Program Files\TuneUp Utilities 2006
2008-08-21 16:38 . 2008-08-21 16:38 <DIR> d-------- C:\Documents and Settings\AN\Data aplikací\TuneUp Software
2008-08-21 16:38 . 2008-08-21 16:38 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2008-08-21 15:39 . 2008-08-21 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-08-21 15:38 . 2008-08-21 15:38 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-20 17:11 . 2008-08-20 17:11 <DIR> d-------- C:\Program Files\ESET
2008-08-20 17:11 . 2008-08-20 17:11 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ESET
2008-08-20 16:50 . 2008-08-20 16:50 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\Symantec
2008-08-20 16:44 . 2008-08-20 16:45 <DIR> d-------- C:\Program Files\1
2008-08-20 16:29 . 2008-08-20 16:42 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-08-20 16:29 . 2005-12-13 22:19 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2008-08-20 16:29 . 2005-12-13 22:19 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2008-08-20 16:29 . 2005-12-13 22:19 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2008-08-20 16:29 . 2005-12-13 21:24 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2008-08-20 16:29 . 2005-12-13 22:19 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2008-08-20 16:29 . 2005-12-13 22:19 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-08-20 16:29 . 2008-08-20 16:50 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2008-08-20 16:29 . 2008-08-20 16:29 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-20 08:55 . 2008-08-21 16:42 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-20 08:54 . 2008-08-21 16:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-19 22:00 . 2008-08-19 22:00 71 --a------ C:\Documents and Settings\AN\2544.bat
2008-08-18 23:46 . 2008-08-18 23:46 71 --a------ C:\Documents and Settings\AN\3272.bat
2008-08-18 22:33 . 2008-08-18 22:33 <DIR> d-------- C:\Program Files\Mjcore
2008-08-17 21:46 . 2008-08-17 21:46 <DIR> d--hs---- C:\WINDOWS\QU4
2008-08-17 21:44 . 2008-08-20 17:38 <DIR> d-------- C:\WINDOWS\system32\kBin02
2008-08-16 18:28 . 2008-08-16 18:28 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-08-16 18:26 . 2008-08-16 18:26 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-08-13 14:49 . 2008-08-13 14:49 227 --a------ C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
2008-08-13 14:49 . 2008-08-13 14:49 214 --a------ C:\WINDOWS\HP_48BitScanUpdatePatch.ini
2008-08-13 14:42 . 2008-08-13 14:42 221 --a------ C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
2008-07-29 20:34 . 2008-07-29 20:34 <DIR> d-------- C:\Program Files\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-23 10:01 --------- d-----w C:\Documents and Settings\AN\Data aplikací\Skype
2008-08-21 14:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-20 16:00 --------- d-----w C:\Program Files\Symantec
2008-08-20 16:00 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-20 15:51 --------- d-----w C:\Program Files\Norton SystemWorks
2008-08-20 15:09 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Symantec
2008-08-20 14:42 --------- d-----w C:\Program Files\Totalcmd
2008-08-13 12:41 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll
2008-07-29 18:34 --------- d-----w C:\Program Files\Java
2008-07-12 20:15 --------- d-----w C:\Program Files\Kids Colouring Book 2006
2008-07-12 16:00 --------- d-----w C:\Program Files\Google
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:41 660,480 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:42 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-18 18:52 7,721,920 ----a-w C:\Firefox Setup 3.0.exe
2006-06-26 17:17 17,144 ----a-w C:\Documents and Settings\AN\Data aplikací\GDIPFONTCACHEV1.DAT
2004-05-15 15:03 1,300,260 ----a-w C:\Documents and Settings\DVD Audio Ripper 1.0.17.202\dvd-audio-ripper.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\1 ----

2008-08-20 16:32 312528 --a------ C:\Program Files\1\em001_32.dat
2008-08-20 16:32 195 --a------ C:\Program Files\1\mod_comp.dat
2008-08-20 16:32 11487850 --a------ C:\Program Files\1\em002_32.dat
2008-08-04 22:21 433723 --a------ C:\Program Files\1\em004_32.dat
2008-07-30 16:07 220424 --a------ C:\Program Files\1\em003_32.dat
2008-07-24 10:53 43291 --a------ C:\Program Files\1\em005_32.dat
2008-07-23 13:39 10393 --a------ C:\Program Files\1\em006_32.dat
2008-07-15 22:12 49503 --a------ C:\Program Files\1\em000_32.dat
2008-07-15 22:11 18224128 --a------ C:\Program Files\1\eav_nt32_sky.msi


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 12:14 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 16:10 271360]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-12-10 20:08 5367608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 11:17 1241088]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2003-08-13 19:38 54472]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"LvHidSvc"=C:\WINDOWS\system32\lvhidsvc.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-08-21 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-10-20 00:11]

2008-08-23 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-13 19:38]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 22:19:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-23 22:19:58
ComboFix-quarantined-files.txt 2008-08-23 20:19:55
ComboFix2.txt 2008-08-23 17:26:01

Pre-Run: 4,713,246,720
Post-Run: 4,702,531,584

170 --- E O F --- 2008-08-16 07:48:21

ok

VELMI PEKNE DAKUJEM ZA POMOC!!!