Here is the first Combofix log :
ComboFix 07-07-30.2 - "q(o.O)P" 2007-07-30 23:42:47.1 [GMT 2:00] - NTFS
Syst‚m Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.True
* Created a new restore point
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\aelpustb.dll
C:\WINDOWS\system32\ahyqwinl.dll
C:\WINDOWS\system32\cdhhuxbm.dll
C:\WINDOWS\system32\cpfkatxk.dll
C:\WINDOWS\system32\cuyhjatt.dll
C:\WINDOWS\system32\cvnsqgyg.dll
C:\WINDOWS\system32\dcfbypda.dll
C:\WINDOWS\system32\dibavyys.dll
C:\WINDOWS\system32\euxqysrj.dll
C:\WINDOWS\system32\faprwdjs.dll
C:\WINDOWS\system32\gifgyxat.dll
C:\WINDOWS\system32\gpycjexc.dll
C:\WINDOWS\system32\hakpiwmh.dll
C:\WINDOWS\system32\jghspmkr.dll
C:\WINDOWS\system32\jujhbsjj.dll
C:\WINDOWS\system32\leyrqjur.dll
C:\WINDOWS\system32\lubnnpkp.dll
C:\WINDOWS\system32\lungesmg.dll
C:\WINDOWS\system32\njykrfhw.dll
C:\WINDOWS\system32\ojpsonqf.dll
C:\WINDOWS\system32\qavugfxr.dll
C:\WINDOWS\system32\rsfqvcle.dll
C:\WINDOWS\system32\snghnpul.dll
C:\WINDOWS\system32\tgchxgjh.dll
C:\WINDOWS\system32\tgncrijb.dll
C:\WINDOWS\system32\tjgsavvu.dll
C:\WINDOWS\system32\tunupheb.dll
C:\WINDOWS\system32\uaitmdin.dll
C:\WINDOWS\system32\vsowpfqv.dll
C:\WINDOWS\system32\wovfrsty.dll
C:\WINDOWS\system32\xaywpuvl.dll
C:\WINDOWS\system32\xwpvbxop.dll
C:\WINDOWS\system32\lnnmp.bak1
C:\WINDOWS\system32\lnnmp.bak2
C:\WINDOWS\system32\lnnmp.ini
C:\WINDOWS\system32\lnnmp.ini2
C:\WINDOWS\system32\lnnmp.tmp
C:\WINDOWS\system32\lnnmp.bak1
C:\WINDOWS\system32\lnnmp.bak2
C:\WINDOWS\system32\lnnmp.ini
C:\WINDOWS\system32\lnnmp.ini2
C:\WINDOWS\system32\lnnmp.tmp
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\abafcwpf.exe
C:\WINDOWS\system32\aogqtkgq.exe
C:\WINDOWS\system32\ashbdqpp.exe
C:\WINDOWS\system32\asllljpv.exe
C:\WINDOWS\system32\aubecfmd.exe
C:\WINDOWS\system32\bhlgovrv.exe
C:\WINDOWS\system32\bkjkycxn.exe
C:\WINDOWS\system32\Cfx32.lic
C:\WINDOWS\system32\cfx32.ocx
C:\WINDOWS\system32\fsiqjrdq.exe
C:\WINDOWS\system32\hbbakgdn.exe
C:\WINDOWS\system32\hwadnswc.exe
C:\WINDOWS\system32\isgvbofd.exe
C:\WINDOWS\system32\jnmbkdvd.exe
C:\WINDOWS\system32\kuiqvojh.exe
C:\WINDOWS\system32\lcamckwq.exe
C:\WINDOWS\system32\lqqpexgx.exe
C:\WINDOWS\system32\ludptpau.exe
C:\WINDOWS\system32\mbcbhdbd.exe
C:\WINDOWS\system32\mcujfprn.exe
C:\WINDOWS\system32\ngtycwca.exe
C:\WINDOWS\system32\njemljce.exe
C:\WINDOWS\system32\nmltdyhl.exe
C:\WINDOWS\system32\oevwvnyi.exe
C:\WINDOWS\system32\pkhikebt.exe
C:\WINDOWS\system32\qhhxjoli.exe
C:\WINDOWS\system32\qtmivdfd.exe
C:\WINDOWS\system32\tjhkvrih.exe
C:\WINDOWS\system32\tyyrhmtq.exe
C:\WINDOWS\system32\ugklfovi.exe
C:\WINDOWS\system32\usrvtmcd.exe
C:\WINDOWS\system32\veefypcr.exe
C:\WINDOWS\system32\vlfcgikk.exe
C:\WINDOWS\system32\vswnccjf.exe
C:\WINDOWS\system32\vybsoxss.exe
C:\WINDOWS\system32\xiexxlhb.exe
C:\WINDOWS\system32\xvamxwea.exe
C:\WINDOWS\system32\xypgalll.exe
C:\WINDOWS\system32\yrtmkgmc.exe
C:\WINDOWS\updater.exe
((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-30 )))))))))))))))))))))))))))))))
2007-07-30 23:41 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-27 12:56 <DIR> d-------- C:\Program Files\FOTOLAB Home Print Service
2007-07-27 12:51 <DIR> d-------- C:\DOCUME~1\Janek\DATAAP~1\Leadertech
2007-07-27 12:51 <DIR> d-------- C:\DOCUME~1\Janek\DATAAP~1\AdobeUM
2007-07-27 12:51 <DIR> d-------- C:\DOCUME~1\Janek\DATAAP~1\AdobeAUM
2007-07-27 02:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\TEMP
2007-07-27 02:18 76,288 --a------ C:\WINDOWS\system32\rlddi.dll
2007-07-27 02:18 76,288 --a------ C:\WINDOWS\system32\rlddf.dll
2007-07-27 02:18 <DIR> d-------- C:\WINDOWS\system32\rl
2007-07-27 02:17 322,832 --a------ C:\WINDOWS\system32\Mfc30.dll
2007-07-27 02:17 289,280 --a------ C:\WINDOWS\uninst.exe
2007-07-27 02:17 15,872 --a------ C:\WINDOWS\system32\Mfcn30.dll
2007-07-25 02:52 <DIR> d-------- C:\DOCUME~1\q(o.O)P\DATAAP~1\BSplayer Pro
2007-07-23 13:29 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-07-23 13:29 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-07-23 02:28 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-07-23 02:19 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-07-22 23:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Spybot - Search & Destroy
2007-07-21 17:37 <DIR> d-------- C:\DOCUME~1\Janek\DATAAP~1\Webroot
2007-07-21 10:45 <DIR> d-------- C:\DOCUME~1\Jitka\DATAAP~1\Webroot
2007-07-19 13:25 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-19 11:30 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-07-19 11:30 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-07-19 11:30 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-07-19 11:30 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-07-19 11:30 <DIR> d-------- C:\DOCUME~1\LOCALS~1\DATAAP~1\Webroot
2007-07-19 11:29 <DIR> d-------- C:\DOCUME~1\q(o.O)P\DATAAP~1\Webroot
2007-07-19 11:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Webroot
2007-07-15 08:52 <DIR> d-------- C:\DOCUME~1\q(o.O)P\Incomplete
2007-07-15 08:48 <DIR> d-------- C:\DOCUME~1\q(o.O)P\DATAAP~1\LimeWire
2007-07-15 05:33 <DIR> d-------- C:\DOCUME~1\q(o.O)P\DATAAP~1\My Games
2007-07-11 17:07 <DIR> d-------- C:\Program Files\QuickTime
2007-07-11 17:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Apple Computer
2007-07-11 17:06 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-07-11 17:06 150,528 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-07-11 17:06 <DIR> d-------- C:\WINDOWS\system32\BWKDLogs
2007-07-11 17:05 <DIR> d-------- C:\Program Files\Kodak
2007-07-11 17:05 <DIR> d-------- C:\Program Files\Common Files\Kodak
2007-07-11 17:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Kodak
2007-07-10 12:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Lavasoft
2007-07-07 23:41 <DIR> d-------- C:\KBcertifikat
2007-07-07 23:27 <DIR> d-------- C:\DOCUME~1\Janek\kbpki
2007-07-03 17:31 <DIR> d-------- C:\DOCUME~1\Janek\DATAAP~1\ATI
2007-07-03 10:03 <DIR> d-------- C:\DOCUME~1\q(o.O)P\DATAAP~1\ATI
2007-06-26 12:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\InstallShield
2007-06-24 09:58 <DIR> d--h----- C:\WINDOWS\HUL
2007-06-24 09:34 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-06-23 13:32 <DIR> d-------- C:\DOCUME~1\q(o.O)P\WINDOWS
2007-06-17 10:41 <DIR> d---s---- C:\DOCUME~1\q(o.O)P\UserData
2007-06-13 21:25 339,968 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
2007-06-13 21:24 268,288 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-06-13 21:24 2,155,520 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-06-13 21:23 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2007-06-13 21:17 42,496 --a------ C:\WINDOWS\system32\ati2edxx.dll
2007-06-13 21:17 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2007-06-13 21:17 139,264 --a------ C:\WINDOWS\system32\atipdlxx.dll
2007-06-13 21:17 118,784 --a------ C:\WINDOWS\system32\Oemdspif.dll
2007-06-13 21:16 118,784 --a------ C:\WINDOWS\system32\ati2evxx.dll
2007-06-13 21:15 483,328 --a------ C:\WINDOWS\system32\ati2evxx.exe
2007-06-13 21:14 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2007-06-13 21:10 8,097,792 --a------ C:\WINDOWS\system32\atioglx2.dll
2007-06-13 21:07 2,922,208 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-06-13 20:57 972,072 --a------ C:\WINDOWS\system32\ativva6x.dat
2007-06-13 20:57 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat
2007-06-13 20:57 1,512,960 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-06-13 20:46 5,431,296 --a------ C:\WINDOWS\system32\atioglxx.dll
2007-06-13 20:43 262,144 --a------ C:\WINDOWS\system32\atikvmag.dll
2007-06-13 20:42 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll
2007-06-13 20:41 50,176 --a------ C:\WINDOWS\system32\atiok3x2.dll
2007-06-13 20:41 49,152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll
2007-06-13 20:36 368,640 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-06-10 12:01 <DIR> d-------- C:\Program Files\Autodesk
2007-06-08 15:24 <DIR> d-------- C:\DOCUME~1\q(o.O)P\DATAAP~1\Autodesk
2007-06-07 16:29 <DIR> d-------- C:\DOCUME~1\Jitka\DATAAP~1\Autodesk
2007-06-07 16:28 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2007-06-07 16:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Autodesk
2007-06-07 14:44 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-06-07 14:44 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-06-07 14:44 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-06-06 15:04 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-06-06 15:04 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-06-06 15:04 <DIR> d-------- C:\Program Files\Xvid
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-03 20:53 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-06-03 20:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Adobe Systems
2007-06-03 11:21 <DIR> d-------- C:\CRANK
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-23 02:22 --------- d-------- C:\Program Files\Common Files\Agnitum Shared
2007-07-22 23:44 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-14 23:20 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-02 13:33 --------- d-------- C:\Program Files\ATI Technologies
2007-06-25 19:07 73416 --a------ C:\WINDOWS\system32\perfc005.dat
2007-06-25 19:07 398746 --a------ C:\WINDOWS\system32\perfh005.dat
2007-06-13 21:50 43152 --a------ C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-06-13 14:29 520192 --a------ C:\WINDOWS\system32\ati2sgag.exe
2007-05-30 22:12 69119 --a------ C:\WINDOWS\hpoins05.dat
2007-05-30 22:10 --------- d-------- C:\Program Files\Common Files\HP
2007-05-30 22:09 --------- d-------- C:\Program Files\Hewlett-Packard
2007-05-30 22:08 --------- d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-05-30 22:03 --------- d-------- C:\Program Files\HP
2007-05-30 21:59 --------- d--h----- C:\Program Files\WindowsUpdate
2007-05-30 21:24 --------- d-------- C:\Program Files\AGEIA Technologies
2007-05-28 12:24 71539 --a------ C:\WINDOWS\War3Unin.dat
2007-05-18 15:16 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-05-18 15:16 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-04-01 09:02 456 --a------ C:\Program Files\INSTALL.LOG
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 10:31 C:\WINDOWS\SOUNDMAN.EXE]
"SpywareTerminator"="D:\SPYWAR~1\SpywareTerminatorShield.exe" [2007-01-23 22:55]
"nod32kui"="D:\Eset\nod32kui.exe" [2007-06-07 14:44]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 20:12]
"HP Software Update"="E:\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49]
"Adobe Reader Speed Launcher"="D:\Acrobat Reader 8\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]
"SpySweeper"="D:\Spy Sweeper\SpySweeperUI.exe" [2007-03-01 19:55]
"!AVG Anti-Spyware"="D:\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"!ewido"="D:\ewido anti-spyware 4.0\ewido.exe" [2007-07-22 22:46]
"ZoneAlarm Client"="D:\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"Adobe Photo Downloader"="D:\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="E:\Steam\Steam.exe" []
"BlazeServoTool"="D:\BlazeDVD 5 Professional\MediaDetector.exe" [2006-06-29 10:54]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 18:05]
"SpybotSD TeaTimer"="D:\Spybot - Search & Destroy\TeaTimer.exe" [2007-07-10 21:47]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe -trayboot
C:\Documents and Settings\q(o.O)P\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 21:18:22]
HP Digital Imaging Monitor.lnk - E:\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - E:\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]
Software Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-02-20 05:10:26]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=0 (0x0)
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=1 (0x1)
"NoStrCmpLogical"=1 (0x1)
"NoClose"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=1 (0x1)
"NoSaveSettings"=0 (0x0)
"NoRecentDocsHistory"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"MemCheckBoxInRunDlg"=0 (0x0)
"NoClose"=0 (0x0)
"NoAutoTrayNotify"=0 (0x0)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoStartBanner"=01000000
"NoWelcomeScreen"=1 (0x1)
"NoRecentDocsNetHood"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoSharedDocuments"=1 (0x1)
"NoThemesTab"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
R0 SSFS0509;Spy Sweeper File System Filer Driver: 0509;C:\WINDOWS\System32\Drivers\SSFS0509.SYS
R0 SSHRMD;Spy Sweeper Hookrack MiniDriver;C:\WINDOWS\System32\Drivers\SSHRMD.SYS
R0 SSIDRV;Spy Sweeper Interdiction Driver;C:\WINDOWS\System32\Drivers\SSIDRV.SYS
R1 AmdK8;Ovladaź procesoru AMD Athlon64;C:\WINDOWS\System32\DRIVERS\AmdK8.sys
R1 nod32drv;nod32drv;C:\WINDOWS\System32\drivers\nod32drv.sys
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
R2 InterBaseGuardian;InterBase Guardian;D:\Borland\InterBase\bin\ibguard.exe
R3 ALCXSENS;Service for WDM 3D Audio Driver;C:\WINDOWS\System32\drivers\ALCXSENS.SYS
R3 InterBaseServer;InterBase Server;D:\Borland\InterBase\bin\ibserver.exe
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINDOWS\System32\drivers\msmpu401.sys
R3 pcouffin;VSO Software pcouffin;C:\WINDOWS\System32\Drivers\pcouffin.sys
R3 PSched;Pl novaź paket… technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter;C:\WINDOWS\System32\Drivers\sskbfd.sys
R3 usbohci;Ovladaź Miniport otevýen‚ho hostitelsk‚ho ýadiźe Microsoft USB;C:\WINDOWS\System32\DRIVERS\usbohci.sys
S3 InterServer;InterBase InterClient Server;D:\Borland\InterBase\InterClient\bin\interserver.exe
S3 nm;Ovladaź programu Sledov nˇ sˇtŘ;C:\WINDOWS\System32\DRIVERS\NMnt.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\System32\drivers\npf.sys
S3 usbccgp;Obecně nadýazeně ovladaź Microsoft USB;C:\WINDOWS\System32\DRIVERS\usbccgp.sys
S3 USBSTOR;Ovladaź velkokapacitnˇho pamŘśov‚ho zaýˇzenˇ USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
Contents of the 'Scheduled Tasks' folder
2007-07-11 15:08:37 C:\WINDOWS\Tasks\EasyShare Registration Task.job - C:\WINDOWS\System32\rundll32.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-07-30 23:48:00
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9CB1D540-D31A-63AA-7167-402D681BE3DB}]
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-30 23:50:05 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-30 23:49
--- E O F ---
And combofix quarantined files log from the first scan :
1995-12-22 12:16 432 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\CFX32.LIC.vir
1996-06-10 16:24 307200 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\CFX32.OCX.vir
2006-10-22 16:00 1167360 --a------ C:\Qoobox\Quarantine\C\WINDOWS\Updater.exe.vir
2007-03-20 20:56 478436 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\lnnmp.tmp.vir
2007-03-20 22:39 479752 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\lnnmp.ini.vir
2007-07-11 17:16 66580 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\njykrfhw.dll.vir
2007-07-11 21:10 66580 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jujhbsjj.dll.vir
2007-07-11 21:13 66580 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\uaitmdin.dll.vir
2007-07-12 11:37 66580 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\gpycjexc.dll.vir
2007-07-12 12:42 66580 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xaywpuvl.dll.vir
2007-07-12 15:23 66580 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\hakpiwmh.dll.vir
2007-07-12 19:27 66580 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\aelpustb.dll.vir
2007-07-12 19:39 66580 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\lungesmg.dll.vir
2007-07-13 09:00 66580 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ahyqwinl.dll.vir
2007-07-13 16:08 66580 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xwpvbxop.dll.vir
2007-07-13 20:38 66580 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vsowpfqv.dll.vir
2007-07-13 21:08 66580 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cuyhjatt.dll.vir
2007-07-14 21:08 66580 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\leyrqjur.dll.vir
2007-07-14 23:34 66580 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tgchxgjh.dll.vir
2007-07-15 15:17 66580 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tgncrijb.dll.vir
2007-07-16 10:32 66580 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tjgsavvu.dll.vir
2007-07-16 15:43 66580 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\dibavyys.dll.vir
2007-07-16 15:47 66580 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qavugfxr.dll.vir
2007-07-16 16:26 66580 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\dcfbypda.dll.vir
2007-07-16 22:02 66580 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jghspmkr.dll.vir
2007-07-16 23:36 1031310 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\lnnmp.bak1.vir
2007-07-16 23:37 66580 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cdhhuxbm.dll.vir
2007-07-17 15:14 66580 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\euxqysrj.dll.vir
2007-07-17 15:37 66580 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\faprwdjs.dll.vir
2007-07-18 01:06 66580 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\snghnpul.dll.vir
2007-07-18 17:35 66580 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cpfkatxk.dll.vir
2007-07-18 18:10 66580 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ojpsonqf.dll.vir
2007-07-19 10:17 66580 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tunupheb.dll.vir
2007-07-19 11:05 66580 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\lubnnpkp.dll.vir
2007-07-19 11:40 66580 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\gifgyxat.dll.vir
2007-07-19 13:06 66580 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cvnsqgyg.dll.vir
2007-07-19 13:19 66580 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wovfrsty.dll.vir
2007-07-19 20:45 893353 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\lnnmp.bak2.vir
2007-07-19 20:46 66580 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\rsfqvcle.dll.vir
2007-07-19 20:48 892969 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\lnnmp.ini2.vir
Věpis CESTY slo§ky
S‚riov‚ źˇslo svazku je 71F8E346 3C21:5D8A
C:\QOOBOX
\---Quarantine
+---C
| \---WINDOWS
| | Updater.exe.vir
| |
| \---system32
| aelpustb.dll.vir
| ahyqwinl.dll.vir
| cdhhuxbm.dll.vir
| CFX32.LIC.vir
| CFX32.OCX.vir
| cpfkatxk.dll.vir
| cuyhjatt.dll.vir
| cvnsqgyg.dll.vir
| dcfbypda.dll.vir
| dibavyys.dll.vir
| euxqysrj.dll.vir
| faprwdjs.dll.vir
| gifgyxat.dll.vir
| gpycjexc.dll.vir
| hakpiwmh.dll.vir
| jghspmkr.dll.vir
| jujhbsjj.dll.vir
| leyrqjur.dll.vir
| lnnmp.bak1.vir
| lnnmp.bak2.vir
| lnnmp.ini.vir
| lnnmp.ini2.vir
| lnnmp.tmp.vir
| lubnnpkp.dll.vir
| lungesmg.dll.vir
| njykrfhw.dll.vir
| ojpsonqf.dll.vir
| qavugfxr.dll.vir
| rsfqvcle.dll.vir
| snghnpul.dll.vir
| tgchxgjh.dll.vir
| tgncrijb.dll.vir
| tjgsavvu.dll.vir
| tunupheb.dll.vir
| uaitmdin.dll.vir
| vsowpfqv.dll.vir
| wovfrsty.dll.vir
| xaywpuvl.dll.vir
| xwpvbxop.dll.vir
|
\---Registry_backups
Show Posts
http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'
\' />. Not so smooth, but its much better than before my first post here.