Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
39 Posts
Discussion Starter · #1 ·
Hello!

Computer runs slower than it used to be. Attached is Panda Activescan log.

Here is DSS main log:

Deckard's System Scanner v20071014.68
Run by jozek on 2008-03-10 10:57:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
50: 2008-03-10 09:58:06 UTC - RP366 - Deckard's System Scanner Restore Point
49: 2008-03-10 06:31:48 UTC - RP365 - Točka preverjanja sistema
48: 2008-03-07 10:13:45 UTC - RP364 - Točka preverjanja sistema
47: 2008-03-06 09:41:02 UTC - RP363 - Točka preverjanja sistema
46: 2008-03-05 09:30:17 UTC - RP362 - Točka preverjanja sistema

-- First Restore Point --
1: 2008-01-03 06:31:55 UTC - RP317 - Točka preverjanja sistema

Backed up registry hives.
Performed disk cleanup.

System Drive C: has 4.65 GiB (less than 15%) free.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-10 11:14:18
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programske datoteke\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlservr.exe
C:\WINDOWS\system32\SmartScaps.exe
C:\WINDOWS\system32\svchost.exe
C:\Programske datoteke\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Programske datoteke\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Programske datoteke\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\explorer.exe
C:\Programske datoteke\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlagent.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\system32\linksts.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\SIEMENS\Common\s7ubtoox\S7ubTstx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\sl-si\msnappau.exe
C:\Programske datoteke\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Programske datoteke\Winamp\winampa.exe
C:\Programske datoteke\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programske datoteke\KONICA MINOLTA\Status Monitor\KMSM.exe
C:\Programske datoteke\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe
C:\Programske datoteke\Capture Express\capexp.exe
C:\Program Files\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe
C:\Program Files\Hamachi\hamachi.exe
C:\SIEMENS\Common\Sqlany\dbsrv7.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programske datoteke\Outlook Express\msimn.exe
C:\Programske datoteke\OpenOffice.org 2.3\program\soffice.exe
C:\Programske datoteke\OpenOffice.org 2.3\program\soffice.bin
C:\Programske datoteke\Messenger\msmsgs.exe
C:\Program Files\DigiPortal Software\ChoiceMail\IzyMail.exe
C:\Program Files\Halcom\Proklik nlb_2\PersonalEBank.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Programske datoteke\Internet Explorer\IEXPLORE.EXE
C:\Programske datoteke\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\notepad.exe
C:\Download\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.process.si/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
O1 - Hosts: 216.239.37.101 kazaagold.com
O1 - Hosts: 216.239.37.101 www.kazaa-download.de
O1 - Hosts: 216.239.37.101 www.mp3downloadhq.com
O1 - Hosts: 216.239.37.101 www.easymusicdownload.com
O1 - Hosts: 216.239.37.101 easymusicdownload.com
O1 - Hosts: 216.239.37.101 www.mp3madeeasy.com
O1 - Hosts: 216.239.37.101 www.monstershare.com
O1 - Hosts: 216.239.37.101 www.kazaa-plus.net
O1 - Hosts: 216.239.37.101 kazaa-plus.net
O1 - Hosts: 216.239.37.101 www.kazaa-plus.com
O1 - Hosts: 216.239.37.101 www.edonkey.com
O1 - Hosts: 216.239.37.101 www.kazaa-file-sharing-downloads.com
O1 - Hosts: 216.239.37.101 www.kazaaplatinum.com
O1 - Hosts: 216.239.37.101 www.madeformusic.com
O1 - Hosts: 216.239.37.101 ikazaa.net
O1 - Hosts: 216.239.37.101 www.mp3u.com
O1 - Hosts: 216.239.37.101 www.mp3specialty.com
O1 - Hosts: 216.239.37.101 music-download-world.com
O1 - Hosts: 216.239.37.101 song-download-world.com
O1 - Hosts: 216.239.37.101 www.flixs.net
O1 - Hosts: 216.239.37.101 www.ishareit.net
O1 - Hosts: 216.239.37.101 www.ishareit.com
O1 - Hosts: 216.239.37.101 www.download-doctor.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programske datoteke\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - C:\DOCUME~1\jozek\LOCALS~1\Temp\itnalru.dat (file missing)
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programske datoteke\NewDotNet\newdotnet7_48.dll (file missing)
O2 - BHO: CATLEvents Object - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - C:\DOCUME~1\jozek\LOCALS~1\Temp\itnalru.dat (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programske datoteke\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programske datoteke\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\sl-si\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\sl-si\msntb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programske datoteke\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ISDN Monitor] Linksts.exe W 1024
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [S7UB Start] "C:\SIEMENS\Common\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [urlanti] C:\WINDOWS\system\urlanti.exe
O4 - HKLM\..\Run: [*svrap] C:\WINDOWS\security\Database\svrap.exe
O4 - HKLM\..\Run: [*netvga] C:\WINDOWS\netvga.exe
O4 - HKLM\..\Run: [*dlltapi] C:\WINDOWS\inf\dlltapi.exe
O4 - HKLM\..\Run: [*wkb] C:\WINDOWS\Fonts\wkb.exe
O4 - HKLM\..\Run: [*avinet] C:\WINDOWS\ServicePackFiles\avinet.exe
O4 - HKLM\..\Run: [*runnet] C:\WINDOWS\AppPatch\runnet.exe
O4 - HKLM\..\Run: [*dvdutil] C:\WINDOWS\Microsoft.NET\dvdutil.exe
O4 - HKLM\..\Run: [*crnet] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\crnet.exe
O4 - HKLM\..\Run: [*javac] C:\WINDOWS\system\javac.exe
O4 - HKLM\..\Run: [*nutacc] C:\WINDOWS\Microsoft.NET\nutacc.exe
O4 - HKLM\..\Run: [*drvtcp] C:\WINDOWS\Driver Cache\drvtcp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\sl-si\msnappau.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programske datoteke\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~2\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [WinampAgent] C:\Programske datoteke\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programske datoteke\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [KM Status] "C:\Programske datoteke\KONICA MINOLTA\Status Monitor\KMSM.EXE" startup
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Programske datoteke\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Programske datoteke\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programske datoteke\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ChoiceMail] "C:\PROGRA~1\DIGIPO~1\CHOICE~1\CHOICE~1.EXE"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programske datoteke\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Outlook Express.lnk = C:\Programske datoteke\Outlook Express\msimn.exe
O4 - Global Startup: Capture Express.lnk = C:\PROGRA~2\CAPTUR~1\capexp.exe
O4 - Global Startup: Certificate Mover.lnk = C:\Program Files\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programske datoteke\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programske datoteke\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programske datoteke\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programske datoteke\Messenger\msmsgs.exe
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164366405858
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164291653073
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://cam1.barlinek.com.pl:8081/activex/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38218.0626041667
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - http://pointa.autodesk.com/portal/lang/enu/InstBanr.Ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{DF6269C1-55AA-4612-B01A-63B4346428E6}: NameServer = 10.0.0.150,193.189.160.14
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programske datoteke\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programske datoteke\MSN Messenger\msgrapp.8.1.0178.00.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programske datoteke\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Programske datoteke\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: SmartTrust Smart Card Server (Smartscaps) - SmartTrust - C:\WINDOWS\system32\SmartScaps.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Programske datoteke\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Programske datoteke\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 13592 bytes

-- File Associations -----------------------------------------------------------

.scr - unable to read key

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BsStor (InCD Storage Helper Driver) - c:\windows\system32\drivers\bsstor.sys <Not Verified; B.H.A Co.,Ltd.; >
R0 giveio - c:\windows\system32\giveio.sys
R0 isdnlink - c:\windows\system32\drivers\linkisdn.sys <Not Verified; ASUSCOM; ISDNLink ISDN Adapter>
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R1 FwKbd - c:\windows\system32\drivers\fwkbd.sys
R2 BsUDF (InCD UDF Driver) - c:\windows\system32\drivers\bsudf.sys <Not Verified; ahead software; UDF File System Driver (WindowsXP)>
R2 Dpmtrcdd - c:\windows\system32\drivers\dpmtrcdd.sys <Not Verified; Siemens AG; SIMATIC NET Software>
R2 s7osmcax - c:\windows\system32\drivers\s7osmcax.sys <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Automatisierungssystem>
R2 s7otranx - c:\windows\system32\drivers\s7otranx.sys <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Automatisierungssystem>
R2 s7otsadx - c:\windows\system32\drivers\s7otsadx.sys <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Automatisierungssystem>
R2 SsfdcPp (Parallel Port Ssfdc Programmer Driver) - c:\windows\system32\drivers\ssfdcpp.sys <Not Verified; Sitek S.p.A.; Ssfdc Programmer>
R2 WibuKey - c:\windows\system32\drivers\wibukey.sys <Not Verified; WIBU-SYSTEMS AG; WIBU-KEY Software Protection System>
R3 BDSelfPr - c:\programske datoteke\bitdefender\bitdefender 2008\bdselfpr.sys <Not Verified; BitDefender S.R.L.; BitDefender>
R3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>
R3 wanlink - c:\windows\system32\drivers\wanlink.sys <Not Verified; ASUSCOM; ISDNLink ISDN Adapter>

S0 sptd - c:\windows\system32\drivers\sptd.sys (file missing)
S3 dpmcslv - c:\windows\system32\drivers\dpmcslv.sys <Not Verified; Siemens AG; SIMATIC NET>
S3 rtl8139 (Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver) - c:\windows\system32\drivers\rtl8139.sys (file missing)
S3 s7oefs_x (SIMATIC MPI/EFS Driver) - c:\windows\system32\drivers\s7oefs_x.sys <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Programmable Controller>
S3 SFC4 - c:\windows\system32\drivers\sfc4.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Smartscaps (SmartTrust Smart Card Server) - c:\windows\system32\smartscaps.exe service <Not Verified; SmartTrust; SmartTrust Smart Card Server>

S3 OpcEnum - c:\windows\system32\opcenum.exe <Not Verified; OPC Foundation; OPC Server Enumerator 1.10>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2008-02-10 and 2008-03-10 -----------------------------

2008-03-10 10:51:14 0 d-------- H:\Deckard
2008-03-10 08:45:06 8576 --a------ C:\WINDOWS\system32\drivers\urrggxosxguu.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-03-07 12:21:01 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-03-07 11:43:50 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-02-29 14:32:07 176235 --a------ C:\WINDOWS\system32\Primomonnt.dll
2008-02-29 14:31:54 0 d-------- C:\WINDOWS\PrimoPDF
2008-02-29 14:31:54 0 d-------- C:\Programske datoteke\activePDF
2008-02-29 07:59:14 0 d-------- C:\Programske datoteke\SpeedFan
2008-02-27 14:41:09 0 d-------- C:\WINDOWS\CF91E5EECE4140F6AD5682770641A19F.TMP

-- Find3M Report ---------------------------------------------------------------

2008-03-10 09:51:10 0 d-------- C:\Programske datoteke\Winamp
2008-03-10 09:45:05 0 d-------- C:\Programske datoteke\Messenger
2008-03-10 09:38:42 0 d-------- C:\Programske datoteke\Capture Express
2008-03-10 08:08:48 0 d-------- C:\Documents and Settings\jozek.PROCESS\Application Data\Hamachi
2008-03-10 07:07:48 0 d-------- C:\Documents and Settings\jozek.PROCESS\Application Data\OpenOffice.org2
2008-03-03 08:23:36 8152 --a------ C:\WINDOWS\mozver.dat
2008-02-29 15:34:02 0 d-------- C:\Documents and Settings\jozek.PROCESS\Application Data\Adobe
2008-02-12 07:20:41 0 d-------- C:\Programske datoteke\Common Files\Adobe

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3EC8E271-FAB9-418a-8A8E-65AEB4029E64}]
C:\DOCUME~1\jozek\LOCALS~1\Temp\itnalru.dat

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}]
C:\Programske datoteke\NewDotNet\newdotnet7_48.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72AC6865-B1D3-4C32-A27B-4B3BF04DE655}]
C:\DOCUME~1\jozek\LOCALS~1\Temp\itnalru.dat

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"="atiptaxx.exe" [26.09.2001 23:39 C:\WINDOWS\system32\atiptaxx.exe]
"ISDN Monitor"="Linksts.exe" [21.12.2001 11:15 C:\WINDOWS\system32\linksts.exe]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 10:50]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [04.03.2003 17:09]
"S7UB Start"="C:\SIEMENS\Common\S7ubtoox\s7ubtstx.exe" [18.11.2002 19:01]
"urlanti"="C:\WINDOWS\system\urlanti.exe" []
"*svrap"="C:\WINDOWS\security\Database\svrap.exe" []
"*netvga"="C:\WINDOWS\netvga.exe" []
"*dlltapi"="C:\WINDOWS\inf\dlltapi.exe" []
"*wkb"="C:\WINDOWS\Fonts\wkb.exe" []
"*avinet"="C:\WINDOWS\ServicePackFiles\avinet.exe" []
"*runnet"="C:\WINDOWS\AppPatch\runnet.exe" []
"*dvdutil"="C:\WINDOWS\Microsoft.NET\dvdutil.exe" []
"*crnet"="C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\crnet.exe" []
"*javac"="C:\WINDOWS\system\javac.exe" []
"*nutacc"="C:\WINDOWS\Microsoft.NET\nutacc.exe" []
"*drvtcp"="C:\WINDOWS\Driver Cache\drvtcp.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [16.02.2005 19:19]
"msnappau"="C:\Program Files\MSN Apps\Updater\01.02.3000.1001\sl-si\msnappau.exe" [13.08.2004 17:41]
"SunJavaUpdateSched"="C:\Programske datoteke\Java\jre1.6.0_03\bin\jusched.exe" [25.09.2007 01:11]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [16.03.2006 00:07]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [16.08.2007 06:16]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [08.11.2005 23:00]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [16.06.2004 05:03]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [16.06.2004 05:03]
"New.net Startup"="C:\PROGRA~2\NEWDOT~1\NEWDOT~2.DLL" []
"WinampAgent"="C:\Programske datoteke\Winamp\winampa.exe" [13.02.2007 19:29]
"Adobe Photo Downloader"="C:\Programske datoteke\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [09.03.2007 10:09]
"@"="" []
"KM Status"="C:\Programske datoteke\KONICA MINOLTA\Status Monitor\KMSM.exe" [01.02.2006 16:14]
"BitDefender Antiphishing Helper"="C:\Programske datoteke\BitDefender\BitDefender 2008\IEShow.exe" [11.01.2008 07:37]
"BDAgent"="C:\Programske datoteke\BitDefender\BitDefender 2008\bdagent.exe" [11.01.2008 07:37]
"Adobe Reader Speed Launcher"="C:\Programske datoteke\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.01.2008 22:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 13:00]
"ChoiceMail"="C:\PROGRA~1\DIGIPO~1\CHOICE~1\CHOICE~1.EXE" [08.04.2003 11:53]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" []

C:\Documents and Settings\jozek.PROCESS\Start Menu\Programs\Startup\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [27.1.2006 12:09:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^jozek.PROCESS^Start Menu^Programs^Startup^Palm Desktop.lnk]
path=C:\Documents and Settings\jozek.PROCESS\Start Menu\Programs\Startup\Palm Desktop.lnk
backup=C:\WINDOWS\pss\Palm Desktop.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\setup.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48614e30-f270-11d8-b7f0-806d6172696f}]
AutoRun\command- D:\IbonSetupLoader.exe

*Newly Created Service* - 3514C54D
*Newly Created Service* - A0F11BA7
*Newly Created Service* - B140BEFE
*Newly Created Service* - URRGGXOSXGUU

-- Hosts -----------------------------------------------------------------------

127.0.0.1 desktop.kazaa.com
127.0.0.1 www.altnetp2p.com
127.0.0.1 alpha.kazaa.com
127.0.0.1 shop.kazaa.com
127.0.0.1 www.bonzi.com
127.0.0.1 www.brilliantdigital.com
127.0.0.1 www.b3d.com
127.0.0.1 media.altnet.com
127.0.0.1 www.altnet.com
127.0.0.1 dev.bde.com.au

2 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-03-10 11:19:32 ------------
 

Attachments

1 - 2 of 2 Posts
Status
Not open for further replies.
Top