ComboFix 07-09-13.1 - "majso" 2007-09-13 17:18:34.2 - NTFSx86 MINIMAL
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.379 [GMT 2:00]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\FunWebProducts
C:\Program Files\inetget2
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\winpop
C:\Program Files\winpop\UnInstall.exe
C:\WINDOWS\wr.txt
.
((((((((((((((((((((((((( Files Created from 2007-08-13 to 2007-09-13 )))))))))))))))))))))))))))))))
.
2007-09-12 20:38 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-12 20:02 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-09-12 20:02 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-09-12 20:01 2,444,320 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-12 20:01 11,296 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-09-12 20:01 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-09-12 20:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Kaspersky Lab
2007-09-12 20:00 <DIR> d-------- C:\Program Files\kav7.0
2007-09-12 18:09 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-09-09 19:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-09 15:37 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-09-06 22:22 <DIR> d-------- C:\Program Files\Orbitdownloader
2007-09-06 22:22 <DIR> d-------- C:\Downloads
2007-09-01 10:43 <DIR> d-------- C:\fotky
2007-08-28 23:28 <DIR> dr------- C:\DOCUME~1\ocko\Oblˇben‚ polo§ky
2007-08-28 21:33 <DIR> d-------- C:\DOCUME~1\ocko\foto
2007-08-13 18:52 <DIR> d-------- C:\Program Files\i2p
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-13 17:09 34856 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-13 17:09 3176 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-09-13 16:27 --------- d-------- C:\Program Files\Last.fm
2007-09-09 15:37 --------- d-------- C:\Program Files\Skype
2007-09-06 22:34 --------- d-------- C:\Program Files\IrfanView
2007-08-21 20:36 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-21 20:36 --------- d-------- C:\Program Files\Creative
2007-08-01 10:12 --------- d-------- C:\Program Files\Linearteam
2007-07-21 09:48 --------- d-------- C:\Program Files\SpeedFan
2007-07-13 17:05 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Creative
2007-07-04 14:41 94208 --a------ C:\WINDOWS\DIIUnin.exe
2007-06-28 12:51 206088 --a------ C:\WINDOWS\system32\klogon.dll
2006-12-06 17:51 1 --a------ C:\DOCUME~1\majso\SI.bin
1999-05-19 08:56 36864 --a------ C:\DOCUME~1\majso\VOLUMEID.EXE
1997-10-24 14:20 25088 --a--c--- C:\WINDOWS\inf\regl3acm.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 16:29]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51]
"SoundMan"="SOUNDMAN.EXE" [2002-08-02 13:00 C:\WINDOWS\SOUNDMAN.EXE]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 16:29]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe -trayboot
C:\DOCUME~1\ALLUSE~1\NABDKA~1\Programy\POSPUT~1\
Akceler tor spuçtŘnˇ AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2004-02-25 02:35:22]
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-07-12 17:08:41]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Orbit.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Orbit.lnk
backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^majso^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
path=C:\Documents and Settings\majso\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^majso^Nabídka Start^Programy^Po spuštění^CPU Meter.lnk]
path=C:\Documents and Settings\majso\Nabídka Start\Programy\Po spuštění\CPU Meter.lnk
backup=C:\WINDOWS\pss\CPU Meter.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^majso^Nabídka Start^Programy^Po spuštění^Yahoo! Widget Engine.lnk]
path=C:\Documents and Settings\majso\Nabídka Start\Programy\Po spuštění\Yahoo! Widget Engine.lnk
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"C:\Program Files\ICQLite\ICQLite.exe" -minimize
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
D:\Games\Valve\Steam\\Steam.exe -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
"C:\Program Files\Save\Save.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"CiSvc"=3 (0x3)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys
S3 cglptnt;cglptnt;\??\C:\totalcmd\cglptnt.sys
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt
S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
S3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 RivaTunerEx;RivaTunerEx;\??\C:\Program Files\RivaTuner v2.0 RC 15.4\RivaTunerEx.sys
S3 SANDRA;SANDRA;\??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Sandra.sys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-09-13 17:20:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-13 17:21:57
C:\ComboFix-quarantined-files.txt ... 2007-09-13 17:21
.
--- E O F ---
