Ok u medjuvremenu sam zamenio AVG sa NOD32 i evo najsvezijeg hijack-a:
Logfile of HijackThis v1.99.1
Scan saved at 12:59:19, on 24/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Outlook Express\msimn.exe
R:\DF31d\BIN\DFRUNCON.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\User3\My Documents\marthy\My marthy\firefox.exe
C:\Documents and Settings\User3\My Documents\marthy\utorrent.exe
C:\Documents and Settings\User3\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Global Startup: CONNX JDBC SERVER (CommandLine).lnk = C:\connx32\CONNXJDBC\BIN\CNXJDBC.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.co...t/wuweb_site.cab?1224254143796
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia....ockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60C92EA9-858F-44A4-A8DC-769798B4B526}: NameServer = 212.56.128.132,212.56.128.196
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CONNX JDBC Server Service (CONNXJDBC) - Unknown owner - C:\CONNX32\CONNXJDBC\bin\CNXJDBC.exe"-imbed (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
A tu je i ovaj Combo Fix Log:
ComboFix 08-10-23.08 - User3 2008-10-24 12:52:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1231 [GMT 2:00]
Running from: C:\Documents and Settings\User3\Desktop\ComboFix.exe
* Created a new restore point
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
Error: Cfiles.dat
((((((((((((((((((((((((( Files Created from 2008-09-24 to 2008-10-24 )))))))))))))))))))))))))))))))
.
2008-10-23 13:59 . 2008-10-23 13:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-10-23 13:59 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-10-23 13:57 . 2008-10-23 13:57 <DIR> d-------- C:\Program Files\ESET
2008-10-23 13:57 . 2008-10-23 13:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-10-22 11:55 . 2008-10-22 11:55 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-10-22 11:55 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-10-22 11:50 . 2008-10-22 12:28 <DIR> d-------- C:\Program Files\Microsoft Games
2008-10-22 11:11 . 2008-10-22 11:11 <DIR> d--h----- C:\WINDOWS\PIF
2008-10-21 16:47 . 2008-10-23 20:52 <DIR> d-------- C:\NLA
2008-10-21 16:36 . 2008-10-23 20:31 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-10-21 16:32 . 2008-10-21 16:32 <DIR> d-------- C:\Documents and Settings\User3\Application Data\Nero
2008-10-21 16:30 . 2008-10-21 16:30 <DIR> d-------- C:\Program Files\Nero
2008-10-21 16:30 . 2008-10-21 16:31 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-10-21 16:30 . 2008-10-21 16:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-10-21 09:30 . 2008-10-21 09:30 0 --a------ C:\WINDOWS\nsreg.dat
2008-10-21 09:27 . 2008-10-24 12:51 <DIR> d-------- C:\Documents and Settings\User3\Application Data\uTorrent
2008-10-18 16:10 . 2008-10-18 16:10 488 --a------ C:\hpfr3420.xml
2008-10-17 17:24 . 2008-04-14 05:42 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-10-17 16:57 . 2008-10-03 19:41 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-10-17 16:57 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-10-17 16:57 . 2007-03-08 07:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-10-17 16:57 . 2008-08-26 09:24 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-10-17 16:57 . 2008-08-26 09:24 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-10-17 16:57 . 2008-08-26 09:24 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-10-17 16:57 . 2008-08-26 09:24 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-10-17 16:57 . 2008-08-26 09:24 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-10-17 16:57 . 2008-08-25 10:38 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-10-17 16:50 . 2008-08-14 12:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-17 16:50 . 2008-08-14 12:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-17 16:50 . 2008-08-14 11:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-17 16:50 . 2008-08-14 11:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-17 16:50 . 2008-09-08 12:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-17 16:49 . 2008-09-15 14:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-17 16:46 . 2008-05-01 16:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-10-17 16:45 . 2008-04-11 21:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-10-17 16:44 . 2008-06-13 13:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-10-17 16:44 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-10-17 16:38 . 2008-10-18 18:07 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-10-17 16:36 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-10-17 16:36 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-10-17 16:36 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-10-17 16:36 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-10-17 16:36 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-17 16:35 . 2008-10-17 16:35 <DIR> d--hs---- C:\Documents and Settings\User3\UserData
2008-10-17 16:29 . 2008-10-17 16:29 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-10-17 16:28 . 2008-10-17 16:28 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-10-17 16:25 . 2008-10-17 16:25 <DIR> d-------- C:\Program Files\Google
2008-10-17 16:24 . 2008-10-17 17:02 <DIR> d-------- C:\Program Files\NOS
2008-10-17 16:24 . 2008-10-17 17:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-10-17 15:48 . 2008-10-17 15:56 <DIR> d-------- C:\connx32
2008-10-17 15:44 . 2008-10-17 15:44 <DIR> d-------- C:\WINDOWS\Sun
2008-10-17 15:44 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-17 15:43 . 2008-10-17 15:44 <DIR> d-------- C:\Program Files\Java
2008-10-17 15:40 . 2008-10-17 15:40 <DIR> d-------- C:\Program Files\Common Files\Java
2008-10-17 15:38 . 2008-10-17 15:57 <DIR> d-------- C:\cyberPOST2
2008-10-17 15:28 . 2008-04-13 22:05 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-10-17 15:28 . 2008-04-13 22:05 20,992 --a--c--- C:\WINDOWS\system32\dllcache\rtl8139.sys
2008-10-17 15:01 . 2008-10-17 15:01 <DIR> d-------- C:\Documents and Settings\User3\Application Data\Hewlett-Packard
2008-10-17 15:00 . 2004-10-08 03:16 35,840 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2008-10-17 14:57 . 2003-03-09 22:31 233,528 -ra------ C:\WINDOWS\system32\HPZidr12.dll
2008-10-17 14:57 . 2003-03-09 22:31 167,936 -ra------ C:\WINDOWS\system32\HPZipr12.dll
2008-10-17 14:57 . 2003-03-09 22:31 94,208 -ra------ C:\WINDOWS\system32\HPZipt12.dll
2008-10-17 14:57 . 2003-03-09 22:31 65,795 -ra------ C:\WINDOWS\system32\HPZipm12.exe
2008-10-17 14:57 . 2003-03-09 22:31 61,699 -ra------ C:\WINDOWS\system32\HPZinw12.exe
2008-10-17 14:57 . 2003-03-09 22:31 57,344 -ra------ C:\WINDOWS\system32\HPZisn12.dll
2008-10-17 14:57 . 2003-03-09 22:31 51,024 -ra------ C:\WINDOWS\system32\drivers\hpzid412.sys
2008-10-17 14:57 . 2003-03-09 22:31 21,456 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-10-17 14:57 . 2003-03-09 22:31 16,080 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-10-17 14:56 . 2008-04-14 00:15 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-10-17 14:56 . 2008-04-14 00:15 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-10-17 14:50 . 2008-10-17 14:50 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-10-17 14:48 . 2008-10-17 15:00 20,475 --a------ C:\WINDOWS\hpoins01.dat
2008-10-17 14:48 . 2003-04-06 06:33 16,622 --------- C:\WINDOWS\hpomdl01.dat
2008-10-17 14:37 . 2008-10-17 14:37 <DIR> d-------- C:\WINLABEL
2008-10-17 14:37 . 2008-04-14 00:15 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-10-17 14:37 . 2008-04-14 00:15 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-10-17 14:34 . 2008-10-17 14:34 <DIR> d-------- C:\Program Files\AvantGo Connect
2008-10-17 14:33 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-10-17 14:33 . 2008-10-17 14:34 2,510 --a------ C:\WINDOWS\Microsoft.MIF
2008-10-17 14:22 . 2008-10-17 14:22 <DIR> d-------- C:\Program Files\AVG
2008-10-17 13:58 . 2008-10-17 13:58 <DIR> d--h----- C:\Program Files\Zenographics
2008-10-17 13:58 . 2008-10-17 15:00 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-10-17 13:58 . 2005-03-18 13:18 574,100 -ra------ C:\WINDOWS\system32\hp1022n.img
2008-10-17 13:58 . 2005-03-18 13:18 397,312 -ra------ C:\WINDOWS\system32\zshp1020.exe
2008-10-17 13:58 . 2005-03-18 13:18 206,768 -ra------ C:\WINDOWS\system32\hp1022.img
2008-10-17 13:58 . 2005-03-18 13:18 143,360 -ra------ C:\WINDOWS\apptune1020.exe
2008-10-17 13:58 . 2005-03-18 13:18 128,612 -ra------ C:\WINDOWS\system32\hp1020.img
2008-10-17 13:58 . 2005-03-18 13:18 106,496 -ra------ C:\WINDOWS\system32\vshp1020.dll
2008-10-17 13:58 . 2005-03-18 13:18 86,016 -ra------ C:\WINDOWS\system32\ZSPOOL.DLL
2008-10-17 13:58 . 2005-03-18 13:18 86,016 -ra------ C:\WINDOWS\system32\ZLhp1020.dll
2008-10-17 13:58 . 2005-03-18 13:18 28,672 -ra------ C:\WINDOWS\system32\zlm.dll
2008-10-17 13:58 . 2005-03-18 13:18 28,672 -ra------ C:\WINDOWS\system32\IMF32.DLL
2008-10-17 13:58 . 2005-03-18 13:18 24,576 -ra------ C:\WINDOWS\system32\ZTAG32.DLL
2008-10-17 13:58 . 2005-03-18 13:18 7,294 -ra------ C:\WINDOWS\system32\ZSHP1020.HLP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-22 10:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-17 13:49 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-17 12:34 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-10-06 10:32 --------- d-----w C:\Program Files\Common Files\L&H
2008-10-06 10:31 --------- d-----w C:\Program Files\Microsoft.NET
2008-10-06 10:29 --------- d-----w C:\Program Files\Microsoft Works
2008-10-06 10:21 --------- d-----w C:\Program Files\VIA
2008-10-06 10:03 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe" [2007-12-20 7151616]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 8491008]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 81920]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"nwiz"="nwiz.exe" [2007-10-04 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
CONNX JDBC SERVER (CommandLine).lnk - C:\connx32\CONNXJDBC\BIN\CNXJDBC.EXE [2008-10-17 335934]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"C:\\connx32\\CONNXJDBC\\BIN\\CNXJDBC.EXE"=
"C:\\Documents and Settings\\User3\\My Documents\\marthy\\utorrent.exe"=
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\WINDOWS\system32\drivers\viahduaa.sys [2007-12-12 212992]
S2 CONNXJDBC;CONNX JDBC Server Service;C:\CONNX32\CONNXJDBC\bin\CNXJDBC.exe-imbed [ ]
S3 USB_RNDIS_51;USB Remote Ndis Cable Modem Network Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-14 12800]
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-10-17 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1224248447.job
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\User3\Application Data\Mozilla\Firefox\Profiles\hsczatik.default\
FF -: plugin - C:\Documents and Settings\User3\My Documents\marthy\My marthy\plugins\npnul32.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-10-24 12:54:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-24 12:55:01
ComboFix-quarantined-files.txt 2008-10-24 10:54:58
Pre-Run: 77,769,949,184 bytes free
Post-Run: 78,783,905,792 bytes free
188 --- E O F --- 2008-10-22 18:41:46