Ez lenne a log
ComboFix 08-08-26.03 - Ági 2008-08-27 16:11:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.529 [GMT 2:00]
Running from: C:\Documents and Settings\Ági\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-07-27 to 2008-08-27 )))))))))))))))))))))))))))))))
.
2008-08-27 15:04 . 2008-08-27 15:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-27 14:38 . 2008-08-27 14:38 <DIR> d-------- C:\Program Files\Yahoo!
2008-08-27 14:38 . 2008-08-27 14:38 <DIR> d-------- C:\Program Files\CCleaner
2008-08-27 14:25 . 2008-08-27 14:25 577,024 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2008-08-27 14:24 . 2008-08-27 14:24 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-27 14:11 . 2008-08-27 14:32 <DIR> d-------- C:\SDFix
2008-08-27 14:09 . 2008-08-27 14:09 0 --a------ C:\WINDOWS\VPC32.INI
2008-08-27 11:01 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-27 11:01 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-08-27 11:01 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-27 00:48 . 2008-08-27 00:48 <DIR> d-------- C:\Program Files\iTunes
2008-08-27 00:48 . 2008-08-27 00:48 <DIR> d-------- C:\Program Files\iPod
2008-08-27 00:47 . 2008-08-27 00:47 <DIR> d-------- C:\Program Files\QuickTime
2008-08-27 00:47 . 2008-08-27 00:47 <DIR> d-------- C:\Program Files\Bonjour
2008-08-27 00:25 . 2008-08-27 00:25 <DIR> d-------- C:\Program Files\Safari
2008-08-27 00:02 . 2008-08-27 00:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-27 00:02 . 2008-08-27 00:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-27 00:02 . 2008-08-27 00:03 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-27 00:01 . 2008-08-27 00:01 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-08-27 00:01 . 2008-08-27 10:59 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-27 00:01 . 2008-08-27 00:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-26 13:25 . 2008-08-26 13:25 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-08-26 13:24 . 2008-08-26 13:24 <DIR> d-------- C:\Program Files\Skype
2008-08-26 13:24 . 2008-08-26 13:24 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-08-26 13:24 . 2008-08-26 13:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-08-26 11:03 . 2008-08-26 11:12 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-26 11:02 . 2008-08-26 11:18 <DIR> d-------- C:\Program Files\Windows Live
2008-08-26 11:02 . 2008-08-26 11:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-25 19:24 . 2008-08-25 19:24 <DIR> d-------- C:\Program Files\OpenOffice.org 2.2
2008-08-25 18:15 . 2008-08-25 18:15 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-25 18:15 . 2008-08-25 18:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-25 17:09 . 2008-08-25 17:12 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-25 17:09 . 2008-08-27 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-25 12:09 . 2008-08-25 12:09 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-08-25 11:11 . 2008-08-25 11:11 227 --a------ C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
2008-08-25 11:11 . 2008-08-25 11:11 214 --a------ C:\WINDOWS\HP_48BitScanUpdatePatch.ini
2008-08-25 11:04 . 2008-08-25 11:04 221 --a------ C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
2008-08-25 10:25 . 2008-06-23 18:57 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-25 10:25 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-25 10:25 . 2007-03-08 07:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-25 10:25 . 2008-06-23 18:57 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-25 10:25 . 2008-06-23 18:57 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-25 10:25 . 2008-06-23 18:57 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-25 10:25 . 2008-06-23 18:57 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-25 10:25 . 2008-06-23 18:57 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-25 10:25 . 2008-06-23 11:20 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-25 10:18 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-08-25 10:18 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-25 09:50 . 2008-05-01 16:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-25 09:50 . 2008-05-08 14:28 202,752 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-08-25 09:44 . 2008-08-26 00:31 <DIR> d-------- C:\Program Files\MBMAKA+
2008-08-23 04:19 . 2008-08-23 04:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-08-23 04:18 . 2008-08-23 04:18 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-08-23 04:18 . 2008-08-23 04:18 <DIR> d-------- C:\Program Files\Nokia
2008-08-23 04:18 . 2008-08-23 04:18 <DIR> d-------- C:\Program Files\DIFX
2008-08-23 04:18 . 2008-08-23 04:18 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-08-23 04:18 . 2008-08-23 04:18 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-08-23 04:18 . 2007-02-22 20:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-08-23 04:18 . 2007-02-22 20:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-08-23 04:18 . 2007-02-22 20:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-08-23 04:18 . 2007-02-22 20:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-08-23 04:18 . 2007-02-22 20:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-08-23 04:18 . 2007-02-22 20:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-08-23 04:17 . 2008-08-23 04:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-08-23 04:08 . 2008-08-23 04:08 <DIR> d-------- C:\WINDOWS\system32\Client Security Solution
2008-08-23 04:08 . 2008-08-23 04:08 3,216 --a------ C:\WINDOWS\system32\encobject.dat
2008-08-23 04:03 . 2008-08-23 03:21 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Bluetooth Software
2008-08-23 04:03 . 2008-08-23 04:03 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-08-23 04:03 . <DIR> C:\Documents and Settings\Agi
2008-08-23 04:03 . 2004-08-04 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-23 04:03 . 2008-08-23 04:03 50 --a------ C:\WINDOWS\system32\drivers\LENOVO_1952_VL5.MRK
2008-08-23 04:03 . 2008-08-23 04:03 10 --a------ C:\WINDOWS\system32\firstboot.ibm
2008-08-23 04:02 . 2008-08-23 03:21 <DIR> d-------- C:\Documents and Settings\Default User\Bluetooth Software
2008-08-23 03:56 . 2008-08-23 03:56 61 --a------ C:\WINDOWS\smscfg.ini
2008-08-23 03:47 . 2008-08-23 03:47 <DIR> d-------- C:\Program Files\Microsoft Works
2008-08-23 03:46 . 2008-08-23 03:46 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-08-23 03:44 . 2008-08-22 23:35 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-08-23 03:44 . 2008-08-23 03:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-23 03:43 . 2008-08-23 03:43 <DIR> dr-h----- C:\MSOCache
2008-08-23 03:42 . 2008-08-23 04:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lenovo
2008-08-23 03:42 . 2008-08-23 03:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ThinkVantage
2008-08-23 03:42 . 2008-08-23 04:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lenovo
2008-08-23 03:42 . 2006-05-12 23:26 157,352 --------- C:\WINDOWS\system32\pxwma.dll
2008-08-23 03:38 . 2008-08-23 03:38 <DIR> dr-hs---- C:\RRbackups
2008-08-23 03:35 . 2008-08-23 03:36 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-08-23 03:35 . 2008-08-23 03:35 <DIR> d-------- C:\Program Files\TVT SMBus
2008-08-23 03:35 . 2008-08-23 03:35 <DIR> d-------- C:\Program Files\SMI2
2008-08-23 03:30 . 2008-08-23 03:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-08-23 03:30 . 2008-08-23 03:30 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-08-23 03:30 . 2008-08-27 16:12 40 --a------ C:\WINDOWS\system32\profile.dat
2008-08-23 03:29 . 2008-08-23 03:29 <DIR> d-------- C:\Program Files\Symantec Client Security
2008-08-23 03:29 . 2008-08-23 03:30 <DIR> d-------- C:\Program Files\Symantec
2008-08-23 03:29 . 2008-08-26 21:32 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-23 03:29 . 2008-08-23 03:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-23 03:29 . 2005-04-02 05:36 123,200 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-08-23 03:29 . 2005-04-02 05:36 91,856 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-08-23 03:28 . 2008-08-23 03:29 <DIR> d-------- C:\Program Files\PCDR5
2008-08-23 03:28 . 2008-08-23 03:36 <DIR> d-------- C:\Program Files\Common Files\Lenovo
2008-08-23 03:27 . 2008-08-23 03:27 <DIR> d-------- C:\Program Files\InterVideo
2008-08-23 03:27 . 2002-11-22 11:57 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-08-23 03:27 . 2002-11-22 11:57 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-08-23 03:27 . 2002-11-22 11:57 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-08-23 03:27 . 2002-11-22 11:57 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-08-23 03:27 . 2002-11-22 11:57 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-08-23 03:27 . 2005-11-10 22:03 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-08-23 03:27 . 2002-11-22 11:57 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-08-23 03:26 . 2008-08-23 03:26 <DIR> d-------- C:\Program Files\ThinkVantage
2008-08-23 03:26 . 2008-08-23 03:27 <DIR> d-------- C:\Program Files\Java
2008-08-23 03:26 . 2008-08-23 03:26 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-23 03:26 . 2003-03-19 23:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.DLL
2008-08-23 03:26 . 2003-03-19 23:12 1,047,552 --a------ C:\WINDOWS\system32\MFC71U.DLL
2008-08-23 03:25 . 2006-07-25 08:17 139,264 --a------ C:\WINDOWS\system32\igfxres.dll
2008-08-23 03:24 . 2008-08-23 03:24 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-08-23 03:22 . 2008-08-23 03:22 <DIR> d-------- C:\Program Files\NetWaiting
2008-08-23 03:22 . 2008-08-23 03:22 <DIR> d-------- C:\Program Files\Digital Line Detect
2008-08-23 03:22 . 2008-08-23 03:22 <DIR> d-------- C:\Program Files\CONEXANT
2008-08-23 03:22 . 2008-08-23 03:22 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-08-23 03:21 . 2008-08-23 03:21 <DIR> d-------- C:\Documents and Settings\Administrator\Bluetooth Software
2008-08-23 03:21 . 2001-09-12 00:20 1,285,632 --a------ C:\WINDOWS\system32\SMMedia.dll
2008-08-23 03:20 . 2008-08-27 00:45 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-23 03:20 . 2008-08-23 03:20 <DIR> d-------- C:\Program Files\ThinkVantage Fingerprint Software
2008-08-23 03:20 . 2008-08-23 03:36 <DIR> d-------- C:\Program Files\Lenovo
2008-08-23 03:20 . 2008-08-23 03:20 <DIR> d-------- C:\Program Files\Intel
2008-08-23 03:20 . 2008-08-25 18:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-23 03:20 . 2008-08-23 03:20 <DIR> d-------- C:\Program Files\Common Files\ThinkVantage Fingerprint Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-25 09:04 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll
2008-08-25 07:38 5,427 ----a-w C:\WINDOWS\system32\EGATHDRV.SYS
2008-08-23 01:36 23,552 ----a-w C:\WINDOWS\system32\drivers\psasrv.exe
2008-08-23 01:36 2,560 ----a-w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-08-23 01:36 2,432 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-08-23 01:35 7,012 ----a-w C:\WINDOWS\system32\drivers\pmemnt.sys
2008-08-23 01:35 17,536 ----a-w C:\WINDOWS\system32\drivers\psadd.sys
2008-08-23 01:21 0 ---ha-r C:\WINDOWS\system32\drivers\IBM_1952_VL5_TP.MRK
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 08:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:20 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:36 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:36 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 10:44 360,960 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:32 225,920 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 10:06 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 18:13 151552]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 18:13 208896]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 07:17 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 07:16 512000]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 19:22 237568]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 07:00 856064]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 03:19 94208]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 02:11 925696]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-07-25 08:21 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-07-25 08:17 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-07-25 08:21 118784]
"LPManager"="C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-07-04 18:11 110592]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 22:03 36975]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 03:05 503808]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 18:21 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [2005-08-19 02:22 85696]
"PDService.exe"="C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-14 01:38 41472]
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 03:13 2341632]
"TpShocks"="TpShocks.exe" [2006-03-16 04:04 106496 C:\WINDOWS\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [2005-10-17 10:11 65536 C:\WINDOWS\system32\TP4EX.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 19:17 1241088]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2006-05-31 23:51:02 622653]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-08-23 03:22:19 24576]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2007-02-20 01:03 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-26 04:20 40448 C:\WINDOWS\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 16:45 28672 C:\WINDOWS\system32\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 13:16 24576 C:\WINDOWS\system32\tphklock.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-22 20:42 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 16:24 54840 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-06-19 00:10 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-08-11 17:46 21741864 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2006-03-16 02:08]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 18:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2006-01-13 09:33]
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-20 21:18]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2006-05-25 18:13]
R2 PrivateDisk;PrivateDisk;C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys [2006-03-14 01:05]
R2 smi2;smi2;C:\Program Files\SMI2\smi2.sys [2006-07-15 00:55]
R2 smihlp;SMI helper driver;C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2006-04-26 04:00]
.
Contents of the 'Scheduled Tasks' folder
2008-08-26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-08-27 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-13 00:54]
2008-08-27 C:\WINDOWS\Tasks\PMTask.job
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-05-25 18:13]
2008-08-23 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2005-04-01 02:32]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Ági\Application Data\Mozilla\Firefox\Profiles\95oeku84.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-08-27 16:14:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll
-> C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll
-> C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll
-> C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll
-> C:\WINDOWS\system32\tphklock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSvc.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.bin
C:\WINDOWS\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2008-08-27 16:16:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-27 14:16:55
Pre-Run: 12,473,622,528 bytes free
Post-Run: 12,387,856,384 bytes free
349 --- E O F --- 2008-08-26 08:22:17
Szia Agi_006
