"Iva" - 2007-07-27 10:25:38 - ComboFix 07-07-23.6 - Service Pack 2 NTFS
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\lhmyvjdm.exe
C:\WINDOWS\system32\gebyaxy.dll
C:\WINDOWS\system32\gebyaxy.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\ntvvehen.dat
C:\WINDOWS\system32\ntvvehen.exe
C:\WINDOWS\system32\ntvvehen_nav.dat
C:\WINDOWS\system32\ntvvehen_navps.dat
((((((((((((((((((((((((( Files Created from 2007-06-27 to 2007-07-27 )))))))))))))))))))))))))))))))
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\lhmyvjdm.exe
C:\WINDOWS\system32\gebyaxy.dll
C:\WINDOWS\system32\gebyaxy.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\ntvvehen.dat
C:\WINDOWS\system32\ntvvehen.exe
C:\WINDOWS\system32\ntvvehen_nav.dat
C:\WINDOWS\system32\ntvvehen_navps.dat
((((((((((((((((((((((((( Files Created from 2007-06-27 to 2007-07-27 )))))))))))))))))))))))))))))))
2007-07-27 10:23 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-27 10:23 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-27 09:40 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-07-27 09:40 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-07-27 09:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Spyware Terminator
2007-07-27 09:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Spyware Terminator
2007-07-27 09:35 126,016 --a------ C:\WINDOWS\system32\srvtftur.dll
2007-07-27 09:35 126,016 --a------ C:\WINDOWS\system32\srvtftur.dll
2007-07-26 19:38 <DIR> d-------- C:\DOCUME~1\Iva\DATAAP~1\WinRAR
2007-07-26 19:38 <DIR> d-------- C:\DOCUME~1\Iva\DATAAP~1\WinRAR
2007-07-26 19:18 <DIR> d-------- C:\Program Files\XoftSpySE
2007-07-26 19:18 <DIR> d-------- C:\Program Files\XoftSpySE
2007-07-26 10:00 254,464 --a------ C:\WINDOWS\system32\ctmbjekzhy.exe
2007-07-26 10:00 254,464 --a------ C:\WINDOWS\system32\ctmbjekzhy.exe
2007-07-25 17:14 256,512 --a------ C:\WINDOWS\system32\cltjhmois.exe
2007-07-25 17:14 256,512 --a------ C:\WINDOWS\system32\cltjhmois.exe
2007-07-24 17:35 256,512 --a------ C:\WINDOWS\system32\vsgzyprteb.exe
2007-07-24 17:35 256,512 --a------ C:\WINDOWS\system32\vsgzyprteb.exe
2007-07-23 08:20 254,976 --a------ C:\WINDOWS\system32\yrcoztalv.exe
2007-07-23 08:20 254,976 --a------ C:\WINDOWS\system32\yrcoztalv.exe
2007-07-19 07:16 256,000 --a------ C:\WINDOWS\system32\lgzwoh.exe
2007-07-19 07:16 256,000 --a------ C:\WINDOWS\system32\lgzwoh.exe
2007-07-18 20:44 257,024 --a------ C:\WINDOWS\system32\qhyxegdc.exe
2007-07-18 20:44 257,024 --a------ C:\WINDOWS\system32\qhyxegdc.exe
2007-07-17 20:54 257,536 --a------ C:\WINDOWS\system32\xiavcq.exe
2007-07-17 20:54 257,536 --a------ C:\WINDOWS\system32\xiavcq.exe
2007-07-17 12:41 258,048 --a------ C:\WINDOWS\system32\pratizglk.exe
2007-07-17 12:41 258,048 --a------ C:\WINDOWS\system32\pratizglk.exe
2007-07-17 06:24 254,976 --a------ C:\WINDOWS\system32\pzontrjx.exe
2007-07-17 06:24 254,976 --a------ C:\WINDOWS\system32\pzontrjx.exe
2007-07-16 16:38 254,976 --a------ C:\WINDOWS\system32\lercvpmg.exe
2007-07-16 16:38 254,976 --a------ C:\WINDOWS\system32\lercvpmg.exe
2007-07-16 12:11 257,024 --a------ C:\WINDOWS\system32\binxeq.exe
2007-07-16 12:11 257,024 --a------ C:\WINDOWS\system32\binxeq.exe
2007-07-16 07:24 257,024 --a------ C:\WINDOWS\system32\nwacqfz.exe
2007-07-16 07:24 257,024 --a------ C:\WINDOWS\system32\nwacqfz.exe
2007-07-15 20:25 257,024 --a------ C:\WINDOWS\system32\gbjqni.exe
2007-07-15 20:25 257,024 --a------ C:\WINDOWS\system32\gbjqni.exe
2007-07-15 18:40 258,048 --a------ C:\WINDOWS\system32\semyfn.exe
2007-07-15 18:40 258,048 --a------ C:\WINDOWS\system32\semyfn.exe
2007-07-13 05:00 255,488 --a------ C:\WINDOWS\system32\slkmrb.exe
2007-07-13 05:00 255,488 --a------ C:\WINDOWS\system32\slkmrb.exe
2007-07-11 12:11 257,536 --a------ C:\WINDOWS\system32\ohmegwk.exe
2007-07-11 12:11 257,536 --a------ C:\WINDOWS\system32\ohmegwk.exe
2007-07-10 06:55 253,952 --a------ C:\WINDOWS\system32\psfzljwqvc.exe
2007-07-10 06:55 253,952 --a------ C:\WINDOWS\system32\psfzljwqvc.exe
2007-07-09 07:20 257,536 --a------ C:\WINDOWS\system32\rhxwnfiv.exe
2007-07-09 07:20 257,536 --a------ C:\WINDOWS\system32\rhxwnfiv.exe
2007-07-08 18:19 258,560 --a------ C:\WINDOWS\system32\tunayod.exe
2007-07-08 18:19 258,560 --a------ C:\WINDOWS\system32\tunayod.exe
2007-07-08 08:04 257,024 --a------ C:\WINDOWS\system32\dtrcyam.exe
2007-07-08 08:04 257,024 --a------ C:\WINDOWS\system32\dtrcyam.exe
2007-07-08 07:38 254,464 --a------ C:\WINDOWS\system32\lanyekv.exe
2007-07-08 07:38 254,464 --a------ C:\WINDOWS\system32\lanyekv.exe
2007-07-07 17:31 257,024 --a------ C:\WINDOWS\system32\zcfbgrso.exe
2007-07-07 17:31 257,024 --a------ C:\WINDOWS\system32\zcfbgrso.exe
2007-07-07 06:56 259,072 --a------ C:\WINDOWS\system32\plqdtyg.exe
2007-07-07 06:56 259,072 --a------ C:\WINDOWS\system32\plqdtyg.exe
2007-07-07 06:40 258,048 --a------ C:\WINDOWS\system32\hcqnyazti.exe
2007-07-07 06:40 258,048 --a------ C:\WINDOWS\system32\hcqnyazti.exe
2007-07-06 07:29 257,536 --a------ C:\WINDOWS\system32\mryhjob.exe
2007-07-06 07:29 257,536 --a------ C:\WINDOWS\system32\mryhjob.exe
2007-07-06 03:08 254,976 --a------ C:\WINDOWS\system32\xndjkf.exe
2007-07-06 03:08 254,976 --a------ C:\WINDOWS\system32\xndjkf.exe
2007-07-05 18:10 257,536 --a------ C:\WINDOWS\system32\ewxaupd.exe
2007-07-05 18:10 257,536 --a------ C:\WINDOWS\system32\ewxaupd.exe
2007-07-05 16:28 258,048 --a------ C:\WINDOWS\system32\kfmljts.exe
2007-07-05 16:28 258,048 --a------ C:\WINDOWS\system32\kfmljts.exe
2007-07-05 06:04 257,536 --a------ C:\WINDOWS\system32\lzthexbak.exe
2007-07-05 06:04 257,536 --a------ C:\WINDOWS\system32\lzthexbak.exe
2007-07-04 11:47 254,976 --a------ C:\WINDOWS\system32\uhygtwpf.exe
2007-07-04 11:47 254,976 --a------ C:\WINDOWS\system32\uhygtwpf.exe
2007-07-04 06:25 256,000 --a------ C:\WINDOWS\system32\anrqxp.exe
2007-07-04 06:25 256,000 --a------ C:\WINDOWS\system32\anrqxp.exe
2007-07-03 13:28 257,536 --a------ C:\WINDOWS\system32\rqmjwx.exe
2007-07-03 13:28 257,536 --a------ C:\WINDOWS\system32\rqmjwx.exe
2007-07-03 06:15 257,024 --a------ C:\WINDOWS\system32\jpqulmyh.exe
2007-07-03 06:15 257,024 --a------ C:\WINDOWS\system32\jpqulmyh.exe
2007-07-02 18:58 257,024 --a------ C:\WINDOWS\system32\fvngocxqme.exe
2007-07-02 18:58 257,024 --a------ C:\WINDOWS\system32\fvngocxqme.exe
2007-07-02 06:22 256,512 --a------ C:\WINDOWS\system32\jhrdksm.exe
2007-07-02 06:22 256,512 --a------ C:\WINDOWS\system32\jhrdksm.exe
2007-07-01 18:45 256,512 --a------ C:\WINDOWS\system32\lguitskj.exe
2007-07-01 18:45 256,512 --a------ C:\WINDOWS\system32\lguitskj.exe
2007-06-28 11:28 258,560 --a------ C:\WINDOWS\system32\klfadvymj.exe
2007-06-28 11:28 258,560 --a------ C:\WINDOWS\system32\klfadvymj.exe
2007-06-27 19:08 254,464 --a------ C:\WINDOWS\system32\sparfxwz.exe
2007-06-27 19:08 254,464 --a------ C:\WINDOWS\system32\sparfxwz.exe
2007-06-27 11:33 257,024 --a------ C:\WINDOWS\system32\ieqncxdkt.exe
2007-06-27 11:33 257,024 --a------ C:\WINDOWS\system32\ieqncxdkt.exe
2007-06-27 06:14 258,560 --a------ C:\WINDOWS\system32\grhjalspnt.exe
2007-06-27 06:14 258,560 --a------ C:\WINDOWS\system32\grhjalspnt.exe
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
No new files created in this timespan
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-26 16:28:38 259,072 ----a-w C:\WINDOWS\system32\nrjhxe.exe
2007-06-26 09:25:03 257,024 ----a-w C:\WINDOWS\system32\bstzmgirx.exe
2007-06-26 04:44:58 256,512 ----a-w C:\WINDOWS\system32\vupchtjna.exe
2007-06-25 16:37:53 257,024 ----a-w C:\WINDOWS\system32\ozhfivs.exe
2007-06-25 10:07:04 257,024 ----a-w C:\WINDOWS\system32\syikebn.exe
2007-06-25 04:24:32 256,512 ----a-w C:\WINDOWS\system32\nwmdljv.exe
2007-06-24 15:25:19 257,024 ----a-w C:\WINDOWS\system32\blheyxduw.exe
2007-06-24 04:36:29 258,048 ----a-w C:\WINDOWS\system32\etjqsiz.exe
2007-06-23 14:13:06 253,952 ----a-w C:\WINDOWS\system32\fzqduek.exe
2007-06-23 04:27:39 257,536 ----a-w C:\WINDOWS\system32\oviunlzm.exe
2007-06-22 17:03:48 258,560 ----a-w C:\WINDOWS\system32\bzpcsmn.exe
2007-06-22 10:45:03 258,560 ----a-w C:\WINDOWS\system32\chiedjfsxb.exe
2007-06-22 04:01:55 259,072 ----a-w C:\WINDOWS\system32\xtgywamirh.exe
2007-06-21 17:20:01 258,048 ----a-w C:\WINDOWS\system32\jvhfibmy.exe
2007-06-21 10:15:49 256,512 ----a-w C:\WINDOWS\system32\jykaghb.exe
2007-06-21 04:22:45 258,048 ----a-w C:\WINDOWS\system32\uvqswjgyl.exe
2007-06-20 04:21:30 255,488 ----a-w C:\WINDOWS\system32\jihmcelx.exe
2007-06-19 09:27:33 258,560 ----a-w C:\WINDOWS\system32\uajwplmd.exe
2007-06-19 03:05:18 259,072 ----a-w C:\WINDOWS\system32\mzawqrode.exe
2007-06-18 16:49:34 255,488 ----a-w C:\WINDOWS\system32\yujefgs.exe
2007-06-18 09:45:25 258,560 ----a-w C:\WINDOWS\system32\bkzjvf.exe
2007-06-18 04:31:51 254,976 ----a-w C:\WINDOWS\system32\tzcwnxesg.exe
2007-06-17 16:18:01 257,024 ----a-w C:\WINDOWS\system32\mgxdzst.exe
2007-06-16 16:30:23 253,952 ----a-w C:\WINDOWS\system32\mkolwfbvzc.exe
2007-06-16 05:05:08 257,536 ----a-w C:\WINDOWS\system32\xkvjtifnyc.exe
2007-06-15 17:58:57 254,464 ----a-w C:\WINDOWS\system32\rngpclyeq.exe
2007-06-15 04:10:17 254,976 ----a-w C:\WINDOWS\system32\dpaofj.exe
2007-06-14 09:42:16 259,072 ----a-w C:\WINDOWS\system32\xtdrbojlc.exe
2007-06-12 03:52:57 257,024 ----a-w C:\WINDOWS\system32\cpaxurygv.exe
2007-06-11 10:03:18 257,024 ----a-w C:\WINDOWS\system32\ebaothnw.exe
2007-06-10 16:08:46 254,976 ----a-w C:\WINDOWS\system32\qjkbyvmt.exe
2007-06-10 04:25:57 258,560 ----a-w C:\WINDOWS\system32\kaxbdo.exe
2007-06-09 04:36:16 257,024 ----a-w C:\WINDOWS\system32\skdbrye.exe
2007-06-08 06:01:03 260,608 ----a-w C:\WINDOWS\system32\vljzpbnxoi.exe
2007-06-08 04:15:31 259,072 ----a-w C:\WINDOWS\system32\qrhtke.exe
2007-06-07 09:18:00 256,512 ----a-w C:\WINDOWS\system32\ntwxqesy.exe
2007-06-07 04:28:43 258,560 ----a-w C:\WINDOWS\system32\mlszgcjru.exe
2007-06-06 14:00:30 259,072 ----a-w C:\WINDOWS\system32\hcqsvbgx.exe
2007-06-06 10:43:17 258,560 ----a-w C:\WINDOWS\system32\iexkho.exe
2007-06-05 17:53:49 255,488 ----a-w C:\WINDOWS\system32\holeyus.exe
2007-06-05 10:02:57 256,512 ----a-w C:\WINDOWS\system32\lxgmibtfj.exe
2007-06-05 09:59:00 256,000 ----a-w C:\WINDOWS\system32\ytxlnisj.exe
2007-06-05 04:57:20 260,096 ----a-w C:\WINDOWS\system32\kugbcfsori.exe
2007-06-04 04:23:22 254,976 ----a-w C:\WINDOWS\system32\uibgxwmj.exe
2007-06-03 17:52:54 258,048 ----a-w C:\WINDOWS\system32\rzcfupqnb.exe
2007-06-03 16:11:57 259,584 ----a-w C:\WINDOWS\system32\wifcvh.exe
2007-06-03 04:41:28 255,488 ----a-w C:\WINDOWS\system32\pclwgf.exe
2007-06-02 06:25:50 258,048 ----a-w C:\WINDOWS\system32\huctbjpr.exe
2007-06-02 03:59:04 258,560 ----a-w C:\WINDOWS\system32\bishayoq.exe
2007-06-01 04:51:54 258,048 ----a-w C:\WINDOWS\system32\uvzchqdy.exe
2007-05-31 09:27:43 254,464 ----a-w C:\WINDOWS\system32\wnhlqfpsi.exe
2007-05-31 03:35:05 258,560 ----a-w C:\WINDOWS\system32\xfacdgqs.exe
2007-05-30 09:15:56 255,488 ----a-w C:\WINDOWS\system32\wafhzmec.exe
2007-05-30 05:13:05 257,024 ----a-w C:\WINDOWS\system32\hydgbnpjex.exe
2007-05-29 09:18:28 257,024 ----a-w C:\WINDOWS\system32\qeimxtlfhd.exe
2007-05-29 04:00:09 258,048 ----a-w C:\WINDOWS\system32\yvsqbmpaid.exe
2007-05-27 18:50:06 253,952 ----a-w C:\WINDOWS\system32\cebqzrx.exe
2007-05-27 14:51:17 257,024 ----a-w C:\WINDOWS\system32\augvjchdp.exe
2007-05-27 04:15:55 258,048 ----a-w C:\WINDOWS\system32\vxnhmyt.exe
2007-05-26 04:53:29 258,048 ----a-w C:\WINDOWS\system32\qbejmh.exe
2007-05-25 20:54:01 255,488 ----a-w C:\WINDOWS\system32\pceify.exe
2007-05-25 17:31:11 257,024 ----a-w C:\WINDOWS\system32\wiqypdzaum.exe
2007-05-25 09:06:24 256,000 ----a-w C:\WINDOWS\system32\ngqvyhruw.exe
2007-05-25 04:23:12 260,096 ----a-w C:\WINDOWS\system32\bjaydlxotz.exe
2007-05-24 04:42:48 256,512 ----a-w C:\WINDOWS\system32\rqkbyh.exe
2007-05-23 04:11:42 255,488 ----a-w C:\WINDOWS\system32\lzodch.exe
2007-05-22 15:47:26 256,512 ----a-w C:\WINDOWS\system32\osyphwxel.exe
2007-05-21 04:21:19 256,512 ----a-w C:\WINDOWS\system32\hnjpyfav.exe
2007-05-19 16:57:12 258,048 ----a-w C:\WINDOWS\system32\xhvbmiure.exe
2007-05-19 04:57:22 257,024 ----a-w C:\WINDOWS\system32\ygnlmvaq.exe
2007-05-18 10:26:04 254,976 ----a-w C:\WINDOWS\system32\yrwxgp.exe
2007-05-17 03:58:48 254,464 ----a-w C:\WINDOWS\system32\umlqsbktri.exe
2007-05-16 15:18:40 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-10 17:10:19 257,024 ----a-w C:\WINDOWS\system32\utsjmb.exe
2007-05-10 09:21:11 254,976 ----a-w C:\WINDOWS\system32\nvefar.exe
2007-05-09 09:15:11 254,976 ----a-w C:\WINDOWS\system32\rwzstgfi.exe
2007-05-08 17:40:10 258,048 ----a-w C:\WINDOWS\system32\jcesdnfm.exe
2007-05-07 09:56:32 260,096 ----a-w C:\WINDOWS\system32\vfleuiwrh.exe
2007-05-06 04:49:03 259,072 ----a-w C:\WINDOWS\system32\cverznkbg.exe
2007-05-03 04:30:23 258,560 ----a-w C:\WINDOWS\system32\uvbexzm.exe
2007-05-02 10:15:41 256,512 ----a-w C:\WINDOWS\system32\pneqsgctl.exe
2007-05-02 06:20:57 258,560 ----a-w C:\WINDOWS\system32\qgrvedjpc.exe
2007-05-02 04:36:08 256,512 ----a-w C:\WINDOWS\system32\kdmfalb.exe
2007-05-01 07:50:07 256,512 ----a-w C:\WINDOWS\system32\iscflyqp.exe
2007-05-01 04:33:16 254,976 ----a-w C:\WINDOWS\system32\ytlohqwre.exe
2007-05-01 04:26:42 258,560 ----a-w C:\WINDOWS\system32\sjnkwv.exe
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-27 03:54:42 259,072 ----a-w C:\WINDOWS\system32\kdmrqfg.exe
2006-06-01 13:36:10 20,888 ----a-w C:\DOCUME~1\Iva\DATAAP~1\GDIPFONTCACHEV1.DAT
2006-01-28 17:04:50 457 ----a-w C:\Program Files\INSTALL.LOG
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E205227E-8CA6-48E8-827C-B7219DD17C5A}]
2007-07-26 19:45 228864 --a------ C:\DOCUME~1\Iva\LOCALS~1\Temp\system2.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E205227E-8CA6-48E8-827C-B7219DD17C5A}]
2007-07-26 19:45 228864 --a------ C:\DOCUME~1\Iva\LOCALS~1\Temp\system2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-11 20:21:21]
D-Link AirPlus.lnk - C:\Program Files\D-Link AirPlus\AirPlus.exe [2005-03-14 13:13:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 12:01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\system2]
C:\DOCUME~1\Iva\LOCALS~1\Temp\system2.dll 2007-07-26 19:45 228864 C:\DOCUME~1\Iva\LOCALS~1\Temp\system2.dll
R3 AIRPLUS;D-Link AirPlus Wireless Adapter;C:\WINDOWS\system32\DRIVERS\airplus.sys
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINDOWS\system32\drivers\msmpu401.sys
R3 PSched;Pl novaź paket… technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 vulfnths;VIA USB Host Controller Lower Filter;C:\WINDOWS\system32\Drivers\vulfnth.sys
R3 vulfntrs;VIA USB Roothub Lower Filter;C:\WINDOWS\system32\Drivers\vulfntr.sys
S3 k750bus;Sony Ericsson 750 driver (WDM);C:\WINDOWS\system32\DRIVERS\k750bus.sys
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k750mdfl.sys
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k750mdm.sys
S3 rtl8029;Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8029.SYS
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
Schedule
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-27 10:35:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
scanning hidden files ...
scan completed successfully
hidden files: 0
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-27 10:39:08 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-27 10:38
--- E O F ---
r626 0 Newbie Poster
gerbil 216 Industrious Poster
Interesting. Could you pls do this [it is only the second time I have been presented with AVsystem care, and that other chap didn come back, so bear with me, please...]?
==Download SmitfraudFix (by S!Ri) from http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract the content (a folder named SmitfraudFix) to your Desktop.
- Open the SmitfraudFix folder and double-click smitfraudfix.cmd, select option #1 - Search [type 1 and Enter]; a text file will appear which lists infected files (if present). It will also create a log named rapport.txt in the root of your drive, eg: Local Disk C:\ .. Please paste the report in your next reply. DO NOT RUN OPTION 2 YET!!!
==download hijackthis: http://www.majorgeeks.com/download5554.html
-install it to a new folder alongside your program files and then rename the Hijackthis.exe to bunny.exe.
-in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.
We'll go from there.
Snertly 0 Newbie Poster
Goodness. Where I'm from, we'd say you're PC is just et'up with badness.
Because I just got finished wrestling with the system2.dll chunk your logfiles mention above, I can tell you a couple things about it. (In fact, I found your posting, because I was googling about trying to learn more myself.) Anyhoo...
You're going to need a PE style boot disk to get rid of the system2.dll. It's wired into winlogon and notify so it starts very early in the boot process and even runs in safe mode. You'll find registry entries pointing to it down in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify but if the system2.dll is running, any attempts to delete or rename the key will be quickly undone.
In my example, system2.dll was in the %temp% folder. There was a second piece in system32 that also had a winlogon\notify entry. It had a random looking filename, in my case called ljjigff.dll. Both of these were also registered as browser helper objects.
A curious sidenote, while the system2.dll was running, hijackthis could not see BHOs or winlogon notify entries. (O2 and O20 stuff respectively in hijackthis.)
Most obvious symptom was explorer.exe running at 99% CPU. Problem was not profile dependent.
Good luck!
gerbil 216 Industrious Poster
Snertly, just looking at that combofix log I was really thinking format n reinstall....
Thanks for your info. But that's the second AVsystem chap who has died on me..... so I will wait to research it more. 2/2 is not good.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.