Total comander
Napsal: 15 kvě 2010 17:32
Dobry Den
Potreboval by som poradit asi od stvrtku 13.5.2010 riesim problem z total comanderom mi vypisuje pri akejkolvek nainstalovanej verzii asi toto:
TOTALCMD executable file is corrupted. a potom daco v tom zmysle ze mam virus a mam spustit antivirus na preskenovanie. Niekedy mi nenacitava web ani google alebo len velmi pomaly a z nodom su tiez problemy.
Podla nod32 sa tam virus nenachadza.
Prosim o odpoved a pripajam vam log z combofixu.
Dakujem s pozdravom
ComboFix 10-05-14.06 - Stanley Basta . 05. 2010 13:32:59.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.511.267 [GMT 2:00]
Running from: d:\install\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Stanley Basta\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\Install.txt
c:\windows\system32\Install.txt
c:\windows\system32\tmp.reg
c:\windows\system32\x.exe
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2010-04-15 to 2010-05-15 )))))))))))))))))))))))))))))))
.
2010-05-15 11:12 . 2010-05-15 11:12 69632 ----a-r- c:\documents and settings\Stanley Basta\Application Data\Microsoft\Installer\{750B9AD1-4C63-4143-94C5-6FB304199BAD}\ARPPRODUCTICON.exe
2010-05-15 11:08 . 2010-05-15 11:08 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-15 10:54 . 2010-05-15 11:12 -------- d-----w- c:\program files\Opera
2010-05-15 10:54 . 2010-05-15 10:54 -------- d-----w- c:\program files\DivX
2010-05-15 10:52 . 2010-05-15 10:52 -------- d-----w- c:\program files\totalcmd
2010-05-15 10:52 . 2010-05-15 10:52 -------- d-----w- c:\program files\ICQ6.5
2010-05-15 10:43 . 2010-05-15 10:48 -------- d-----w- C:\32788R22FWJFW(2)
2010-05-14 22:02 . 2010-05-15 10:49 -------- d-----w- c:\program files\ICQ6(3).5
2010-05-14 21:49 . 2010-05-15 10:50 -------- d-----w- c:\program files\Opera(3)
2010-05-14 21:49 . 2010-05-15 10:50 -------- d-----w- c:\program files\DivX(3)
2010-05-14 21:12 . 2010-05-15 10:52 -------- d-----w- c:\program files\ICQ6(2).5
2010-05-14 20:54 . 2010-05-14 20:54 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\Lavasoft
2010-05-14 20:54 . 2010-05-14 20:54 -------- d---a-w- C:\!KillBox
2010-05-14 20:53 . 2010-05-15 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-06 17:08 . 2010-05-06 17:08 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\DivX
2010-05-06 17:05 . 2010-05-15 10:54 -------- d-----w- c:\program files\DivX(2)
2010-05-04 20:31 . 2010-05-15 10:54 -------- d-----w- c:\documents and settings\Stanley Basta\Local Settings\Application Data\Google
2010-04-28 20:45 . 2010-04-28 20:45 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\MSN6
2010-04-28 15:29 . 2010-04-28 15:29 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-04-23 09:15 . 2010-05-15 10:55 -------- d-----w- c:\program files\UltraISO
2010-04-23 09:11 . 2010-04-23 09:11 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2010-04-23 09:11 . 2010-05-15 10:55 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-04-23 09:11 . 2010-04-23 09:11 -------- d-----w- c:\program files\ACD Systems
2010-04-22 14:52 . 2010-04-22 14:52 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\Ahead
2010-04-22 14:51 . 2003-03-29 13:45 89184 ----a-w- c:\windows\system32\drivers\imagedrv.sys
2010-04-22 14:51 . 2001-07-06 15:24 283920 ----a-w- c:\windows\system32\ImagXpr5.dll
2010-04-22 14:51 . 2001-07-06 11:41 569344 ----a-w- c:\windows\system32\imagr5.dll
2010-04-22 14:51 . 2001-07-06 09:44 544768 ----a-w- c:\windows\system32\imagx5.dll
2010-04-22 14:51 . 2001-06-26 05:15 38912 ----a-w- c:\windows\system32\picn20.dll
2010-04-22 14:51 . 2010-04-22 14:51 -------- d-----w- c:\program files\Common Files\Ahead
2010-04-22 14:51 . 2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2010-04-22 14:51 . 2010-04-22 14:51 -------- d-----w- c:\program files\Ahead
2010-04-21 07:42 . 2010-04-21 07:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-15 10:55 . 2010-03-29 18:01 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\uTorrent
2010-05-15 10:55 . 2010-03-26 10:14 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-15 10:54 . 2010-04-09 07:48 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-15 10:29 . 2010-03-26 15:10 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\ICQ
2010-04-09 07:55 . 2010-04-09 07:55 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-09 07:48 . 2010-04-09 07:54 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-04-01 14:17 . 2010-04-01 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\GRETECH
2010-04-01 14:17 . 2010-04-01 14:17 -------- d-----w- c:\program files\GRETECH
2010-04-01 10:02 . 2010-03-26 11:43 42944 ----a-w- c:\documents and settings\Stanley Basta\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-01 10:00 . 2010-04-01 10:00 -------- d-----w- c:\program files\Microsoft.NET
2010-03-29 18:01 . 2010-03-26 15:32 -------- d-----w- c:\program files\uTorrent
2010-03-27 18:34 . 2010-03-27 18:34 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\ACD Systems
2010-03-27 18:33 . 2010-03-27 18:33 9856 ----a-w- c:\windows\system32\drivers\pfc.sys
2010-03-27 18:24 . 2010-03-27 18:24 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\InterVideo
2010-03-27 18:24 . 2010-03-27 18:22 -------- d-----w- c:\program files\Common Files\InterVideo
2010-03-27 18:23 . 2010-03-27 18:23 -------- d-----w- c:\program files\InterActual
2010-03-27 18:23 . 2010-03-27 18:23 -------- d-----w- c:\program files\MSXML 4.0
2010-03-27 18:22 . 2010-03-27 18:21 -------- d-----w- c:\program files\InterVideo
2010-03-27 18:22 . 2010-03-26 10:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-27 18:22 . 2010-03-27 18:22 -------- d-----w- c:\program files\Creative
2010-03-27 18:16 . 2010-03-27 18:16 -------- d-----w- c:\program files\Disk Explorer Professional 3
2010-03-27 18:14 . 2010-03-27 18:10 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\Winamp
2010-03-27 18:12 . 2010-03-27 18:10 -------- d-----w- c:\program files\Winamp
2010-03-27 18:08 . 2010-03-27 18:08 -------- d-----w- c:\program files\Trend Micro
2010-03-27 18:07 . 2010-03-27 18:06 -------- d-----w- c:\program files\AIDA32 - Enterprise System Information
2010-03-27 18:05 . 2010-03-27 18:05 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\AdobeUM
2010-03-27 18:05 . 2010-03-27 18:05 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-26 22:04 . 2010-03-26 22:04 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\Media Player Classic
2010-03-26 15:10 . 2010-03-26 15:10 -------- d-----w- c:\program files\ICQ6Toolbar
2010-03-26 15:10 . 2010-03-26 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2010-03-26 12:16 . 2010-03-26 12:15 -------- d-----w- c:\program files\The KMPlayer
2010-03-26 11:49 . 2010-03-26 11:49 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-26 11:37 . 2010-03-26 09:35 3316 ----a-w- c:\windows\PCHEALTH\HELPCTR\PackageStore\SkuStore.bin
2010-03-26 11:37 . 2010-03-26 09:35 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2010-03-26 11:35 . 2010-03-26 09:35 8972 ----a-w- c:\windows\PCHEALTH\HELPCTR\Config\Cntstore.bin
2010-03-26 10:25 . 2010-03-26 10:25 -------- d-----w- c:\program files\ESET
2010-03-26 09:43 . 2010-03-26 09:43 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\ESET
2010-03-26 09:42 . 2010-03-26 09:42 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-03-26 09:36 . 2010-03-26 09:36 -------- d-----w- c:\program files\microsoft frontpage
2010-03-26 09:33 . 2010-03-26 09:33 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.
------- Sigcheck -------
[-] 2004-08-03 . 9332932F3579D326D7F046D692D125B3 . 118272 . . [5.4.3790.2180] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2004-08-03 . 7C90AE046E570852DD020DBE17E5A220 . 118272 . . [5.4.3790.2180] . . c:\windows\system32\wuauclt.exe
[-] 2002-08-29 . B7B2508ADAFC608849135756F9450B68 . 146944 . . [5.4.3630.1106] . . c:\windows\$NtServicePackUninstall$\wuauclt.exe
[-] 2004-08-03 . DA5551180456E633C90F09235788D463 . 31744 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2004-08-03 . 1930DE2187D9345C8B7CD508CFCD3927 . 31744 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
[-] 2002-08-29 . C3ADAA9DCB9CC6E7A23D41843E33EC9A . 29184 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2004-08-03 . B977849F20A4DFBDBD8F57989A1FED96 . 20992 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2004-08-03 . B26C1AE48139AF298023A3008777E0C5 . 20992 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-03 . 4A99043FE005301E23D44206CD962053 . 22528 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2004-08-03 . 64783877322CCACAE0A938D7162FBC9B . 22528 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2002-08-29 . D26E5E192F8B0BD73DEA65957E8599D5 . 20480 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-03 23:56 22528 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-03 23:56 1667584 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
S4 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [26. 3. 2010 17:10 222968]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-LiveMonitor - c:\program files\MSI\Live Update 2\LMonitor.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-15 13:36
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-05-15 13:38:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-15 11:38
Pre-Run: 22 235 541 504 bytes free
Post-Run: 22 191 923 200 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - 366429ED1B092A480CFBE79C655D0884
Stano z Presova
Potreboval by som poradit asi od stvrtku 13.5.2010 riesim problem z total comanderom mi vypisuje pri akejkolvek nainstalovanej verzii asi toto:
TOTALCMD executable file is corrupted. a potom daco v tom zmysle ze mam virus a mam spustit antivirus na preskenovanie. Niekedy mi nenacitava web ani google alebo len velmi pomaly a z nodom su tiez problemy.
Podla nod32 sa tam virus nenachadza.
Prosim o odpoved a pripajam vam log z combofixu.
Dakujem s pozdravom
ComboFix 10-05-14.06 - Stanley Basta . 05. 2010 13:32:59.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.511.267 [GMT 2:00]
Running from: d:\install\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Stanley Basta\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\Install.txt
c:\windows\system32\Install.txt
c:\windows\system32\tmp.reg
c:\windows\system32\x.exe
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2010-04-15 to 2010-05-15 )))))))))))))))))))))))))))))))
.
2010-05-15 11:12 . 2010-05-15 11:12 69632 ----a-r- c:\documents and settings\Stanley Basta\Application Data\Microsoft\Installer\{750B9AD1-4C63-4143-94C5-6FB304199BAD}\ARPPRODUCTICON.exe
2010-05-15 11:08 . 2010-05-15 11:08 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-15 10:54 . 2010-05-15 11:12 -------- d-----w- c:\program files\Opera
2010-05-15 10:54 . 2010-05-15 10:54 -------- d-----w- c:\program files\DivX
2010-05-15 10:52 . 2010-05-15 10:52 -------- d-----w- c:\program files\totalcmd
2010-05-15 10:52 . 2010-05-15 10:52 -------- d-----w- c:\program files\ICQ6.5
2010-05-15 10:43 . 2010-05-15 10:48 -------- d-----w- C:\32788R22FWJFW(2)
2010-05-14 22:02 . 2010-05-15 10:49 -------- d-----w- c:\program files\ICQ6(3).5
2010-05-14 21:49 . 2010-05-15 10:50 -------- d-----w- c:\program files\Opera(3)
2010-05-14 21:49 . 2010-05-15 10:50 -------- d-----w- c:\program files\DivX(3)
2010-05-14 21:12 . 2010-05-15 10:52 -------- d-----w- c:\program files\ICQ6(2).5
2010-05-14 20:54 . 2010-05-14 20:54 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\Lavasoft
2010-05-14 20:54 . 2010-05-14 20:54 -------- d---a-w- C:\!KillBox
2010-05-14 20:53 . 2010-05-15 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-06 17:08 . 2010-05-06 17:08 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\DivX
2010-05-06 17:05 . 2010-05-15 10:54 -------- d-----w- c:\program files\DivX(2)
2010-05-04 20:31 . 2010-05-15 10:54 -------- d-----w- c:\documents and settings\Stanley Basta\Local Settings\Application Data\Google
2010-04-28 20:45 . 2010-04-28 20:45 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\MSN6
2010-04-28 15:29 . 2010-04-28 15:29 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-04-23 09:15 . 2010-05-15 10:55 -------- d-----w- c:\program files\UltraISO
2010-04-23 09:11 . 2010-04-23 09:11 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2010-04-23 09:11 . 2010-05-15 10:55 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-04-23 09:11 . 2010-04-23 09:11 -------- d-----w- c:\program files\ACD Systems
2010-04-22 14:52 . 2010-04-22 14:52 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\Ahead
2010-04-22 14:51 . 2003-03-29 13:45 89184 ----a-w- c:\windows\system32\drivers\imagedrv.sys
2010-04-22 14:51 . 2001-07-06 15:24 283920 ----a-w- c:\windows\system32\ImagXpr5.dll
2010-04-22 14:51 . 2001-07-06 11:41 569344 ----a-w- c:\windows\system32\imagr5.dll
2010-04-22 14:51 . 2001-07-06 09:44 544768 ----a-w- c:\windows\system32\imagx5.dll
2010-04-22 14:51 . 2001-06-26 05:15 38912 ----a-w- c:\windows\system32\picn20.dll
2010-04-22 14:51 . 2010-04-22 14:51 -------- d-----w- c:\program files\Common Files\Ahead
2010-04-22 14:51 . 2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2010-04-22 14:51 . 2010-04-22 14:51 -------- d-----w- c:\program files\Ahead
2010-04-21 07:42 . 2010-04-21 07:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-15 10:55 . 2010-03-29 18:01 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\uTorrent
2010-05-15 10:55 . 2010-03-26 10:14 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-15 10:54 . 2010-04-09 07:48 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-15 10:29 . 2010-03-26 15:10 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\ICQ
2010-04-09 07:55 . 2010-04-09 07:55 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-09 07:48 . 2010-04-09 07:54 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-04-01 14:17 . 2010-04-01 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\GRETECH
2010-04-01 14:17 . 2010-04-01 14:17 -------- d-----w- c:\program files\GRETECH
2010-04-01 10:02 . 2010-03-26 11:43 42944 ----a-w- c:\documents and settings\Stanley Basta\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-01 10:00 . 2010-04-01 10:00 -------- d-----w- c:\program files\Microsoft.NET
2010-03-29 18:01 . 2010-03-26 15:32 -------- d-----w- c:\program files\uTorrent
2010-03-27 18:34 . 2010-03-27 18:34 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\ACD Systems
2010-03-27 18:33 . 2010-03-27 18:33 9856 ----a-w- c:\windows\system32\drivers\pfc.sys
2010-03-27 18:24 . 2010-03-27 18:24 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\InterVideo
2010-03-27 18:24 . 2010-03-27 18:22 -------- d-----w- c:\program files\Common Files\InterVideo
2010-03-27 18:23 . 2010-03-27 18:23 -------- d-----w- c:\program files\InterActual
2010-03-27 18:23 . 2010-03-27 18:23 -------- d-----w- c:\program files\MSXML 4.0
2010-03-27 18:22 . 2010-03-27 18:21 -------- d-----w- c:\program files\InterVideo
2010-03-27 18:22 . 2010-03-26 10:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-27 18:22 . 2010-03-27 18:22 -------- d-----w- c:\program files\Creative
2010-03-27 18:16 . 2010-03-27 18:16 -------- d-----w- c:\program files\Disk Explorer Professional 3
2010-03-27 18:14 . 2010-03-27 18:10 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\Winamp
2010-03-27 18:12 . 2010-03-27 18:10 -------- d-----w- c:\program files\Winamp
2010-03-27 18:08 . 2010-03-27 18:08 -------- d-----w- c:\program files\Trend Micro
2010-03-27 18:07 . 2010-03-27 18:06 -------- d-----w- c:\program files\AIDA32 - Enterprise System Information
2010-03-27 18:05 . 2010-03-27 18:05 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\AdobeUM
2010-03-27 18:05 . 2010-03-27 18:05 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-26 22:04 . 2010-03-26 22:04 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\Media Player Classic
2010-03-26 15:10 . 2010-03-26 15:10 -------- d-----w- c:\program files\ICQ6Toolbar
2010-03-26 15:10 . 2010-03-26 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2010-03-26 12:16 . 2010-03-26 12:15 -------- d-----w- c:\program files\The KMPlayer
2010-03-26 11:49 . 2010-03-26 11:49 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-26 11:37 . 2010-03-26 09:35 3316 ----a-w- c:\windows\PCHEALTH\HELPCTR\PackageStore\SkuStore.bin
2010-03-26 11:37 . 2010-03-26 09:35 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2010-03-26 11:35 . 2010-03-26 09:35 8972 ----a-w- c:\windows\PCHEALTH\HELPCTR\Config\Cntstore.bin
2010-03-26 10:25 . 2010-03-26 10:25 -------- d-----w- c:\program files\ESET
2010-03-26 09:43 . 2010-03-26 09:43 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\ESET
2010-03-26 09:42 . 2010-03-26 09:42 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-03-26 09:36 . 2010-03-26 09:36 -------- d-----w- c:\program files\microsoft frontpage
2010-03-26 09:33 . 2010-03-26 09:33 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.
------- Sigcheck -------
[-] 2004-08-03 . 9332932F3579D326D7F046D692D125B3 . 118272 . . [5.4.3790.2180] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2004-08-03 . 7C90AE046E570852DD020DBE17E5A220 . 118272 . . [5.4.3790.2180] . . c:\windows\system32\wuauclt.exe
[-] 2002-08-29 . B7B2508ADAFC608849135756F9450B68 . 146944 . . [5.4.3630.1106] . . c:\windows\$NtServicePackUninstall$\wuauclt.exe
[-] 2004-08-03 . DA5551180456E633C90F09235788D463 . 31744 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2004-08-03 . 1930DE2187D9345C8B7CD508CFCD3927 . 31744 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
[-] 2002-08-29 . C3ADAA9DCB9CC6E7A23D41843E33EC9A . 29184 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2004-08-03 . B977849F20A4DFBDBD8F57989A1FED96 . 20992 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2004-08-03 . B26C1AE48139AF298023A3008777E0C5 . 20992 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-03 . 4A99043FE005301E23D44206CD962053 . 22528 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2004-08-03 . 64783877322CCACAE0A938D7162FBC9B . 22528 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2002-08-29 . D26E5E192F8B0BD73DEA65957E8599D5 . 20480 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-03 23:56 22528 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-03 23:56 1667584 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
S4 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [26. 3. 2010 17:10 222968]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-LiveMonitor - c:\program files\MSI\Live Update 2\LMonitor.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-15 13:36
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-05-15 13:38:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-15 11:38
Pre-Run: 22 235 541 504 bytes free
Post-Run: 22 191 923 200 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - 366429ED1B092A480CFBE79C655D0884
Stano z Presova