ComboFix 08-05-21.3 - user 2008-05-23 0:14:30.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.492 [GMT 2:00]
Running from: C:\Documents and Settings\user\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Data aplikacˇ\Spybot - Search & Destroy\Recovery\CnsMin.zip
.
((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))
.
2008-05-22 19:57 . 2008-05-22 23:18 <DIR> d-------- C:\Documents and Settings\user\Data aplikací\OnlineArmor
2008-05-22 19:57 . 2008-05-22 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\OnlineArmor
2008-05-22 19:57 . 2008-04-17 05:25 80,584 --a------ C:\WINDOWS\system32\drivers\OADriver.sys
2008-05-22 19:57 . 2008-04-17 05:25 32,456 --a------ C:\WINDOWS\system32\drivers\OAmon.sys
2008-05-22 19:57 . 2008-04-17 05:25 28,872 --a------ C:\WINDOWS\system32\drivers\oanet.sys
2008-05-21 05:54 . 2008-05-21 05:54 <DIR> d-------- C:\Program Files\Auroruns
2008-05-20 16:03 . 2008-05-20 16:03 <DIR> d-------- C:\Program Files\Tall Emu
2008-05-15 15:06 . 2008-05-20 12:00 <DIR> d-------- C:\Documents and Settings\user\Data aplikací\XnView
2008-05-15 15:05 . 2008-05-15 15:05 <DIR> d-------- C:\Program Files\XnView
2008-05-08 09:26 . 2008-05-08 09:26 <DIR> d-------- C:\Program Files\OpenSSL
2008-05-08 09:26 . 2007-10-22 07:10 1,015,808 --a------ C:\WINDOWS\system32\libeay32.dll
2008-05-08 09:26 . 2007-10-22 07:10 196,608 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-05-08 09:26 . 2008-05-08 09:26 196,608 --a------ C:\WINDOWS\system32\libssl32.dll
2008-05-07 22:28 . 2008-05-07 22:28 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\FLEXnet
2008-05-02 14:04 . 2008-05-20 16:54 <DIR> d-------- C:\Documents and Settings\user\Data aplikací\skypePM
2008-05-02 14:04 . 2008-05-02 14:04 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-02 14:03 . 2008-05-02 14:03 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-04-30 17:37 . 2008-04-30 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\MailFrontier
2008-04-30 17:37 . 2008-05-21 10:59 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-30 17:36 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-30 17:35 . 2008-05-22 19:51 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-04-29 11:52 . 2008-04-30 19:30 <DIR> d-------- C:\Program Files\COMODO
2008-04-29 11:52 . 2008-04-30 19:30 <DIR> d-------- C:\Documents and Settings\user\Data aplikací\Comodo
2008-04-23 14:43 . 2008-04-23 14:45 <DIR> d-------- C:\Program Files\Inkscape
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 22:10 --------- d-----w C:\Program Files\BOINC
2008-05-22 20:30 --------- d-----w C:\Program Files\FreeCommander
2008-05-22 15:18 --------- d-----w C:\Program Files\AIMP2
2008-05-22 14:32 --------- d-----w C:\Program Files\Warcraft III
2008-05-22 08:01 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Data aplikací\SolidDocuments
2008-05-22 08:01 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Data aplikací\SolidDocuments
2008-05-21 12:43 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-21 12:43 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-21 11:17 --------- d-----w C:\Documents and Settings\user\Data aplikací\SolidDocuments
2008-05-20 18:30 --------- d-----w C:\Documents and Settings\user\Data aplikací\Skype
2008-05-20 16:25 --------- d-----w C:\Program Files\DOSBox-0.72
2008-05-20 12:59 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-05-14 02:44 --------- d-----w C:\Program Files\MetaTexis
2008-05-08 16:26 --------- d-----w C:\Program Files\SDL International
2008-05-08 05:00 --------- d-----w C:\Program Files\eMule
2008-05-07 18:01 --------- d-----w C:\Program Files\Microsoft Works
2008-05-04 05:07 --------- d-----w C:\Documents and Settings\user\Data aplikací\uTorrent
2008-05-04 05:06 --------- d-----w C:\Program Files\Wise Registry Cleaner
2008-05-04 05:06 --------- d-----w C:\Program Files\Winamp
2008-05-04 04:45 --------- d-----w C:\Documents and Settings\user\Data aplikací\UpdateStar
2008-05-02 12:03 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Skype
2008-05-01 08:13 --------- d-----w C:\Program Files\Trillian
2008-05-01 08:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-30 06:47 --------- d-----w C:\Documents and Settings\user\Data aplikací\OpenOffice.org2
2008-04-23 12:48 --------- d-----w C:\Documents and Settings\user\Data aplikací\gtk-2.0
2008-04-19 22:12 --------- d-----w C:\Documents and Settings\user\Data aplikací\Hamachi
2008-04-19 08:09 --------- d-----w C:\Program Files\Google
2008-04-16 20:56 --------- d-----w C:\Program Files\ICQLite
2008-04-15 17:57 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ABBYY
2008-04-14 12:41 --------- d-----w C:\Program Files\QuickTime
2008-04-10 16:00 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-04-10 16:00 --------- d-----w C:\Program Files\Adobe Media Player
2008-04-09 19:13 --------- d-----w C:\Program Files\MSBuild
2008-04-09 19:11 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-06 16:07 --------- d-----w C:\Program Files\ABBYY FineReader 9.0
2008-04-06 16:06 --------- d-----w C:\Program Files\Common Files\ABBYY
2008-04-06 05:09 --------- d-----w C:\Program Files\Java
2008-04-03 11:09 --------- d-----w C:\Program Files\Opera
2008-03-27 08:06 --------- d-----w C:\Program Files\AHD4withThesaurus
2008-03-20 08:09 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 04:57 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-11 19:12 8,436,620 ----a-w C:\Program Files\KM Player.exe
2008-01-13 17:52 30,659,845 ----a-w C:\Program Files\KM Player.7z
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-12-30 12:23 1365504]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 00:13 1591808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-08-23 16:22 110592]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 04:48 7561216]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-27 04:48 86016]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 08:00 16050176 C:\WINDOWS\RTHDCPL.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-08-07 07:11 573440]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-06-02 12:58 176128]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"CnxDslTaskBar"="C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe" [2004-05-06 17:01 516096]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-06-21 12:03 188416]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136]
"ACU"="C:\Program Files\ASUS WLAN Adapter\ACU.exe" [2006-04-27 14:47 307200]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 18:46 90112]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"nwiz"="nwiz.exe" [2006-04-27 04:48 1519616 C:\WINDOWS\system32\nwiz.exe]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2008-04-17 05:25 5545536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 17:49 15360]
C:\Documents and Settings\user\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [2007-11-13 14:44:44 4141056]
Kalend r.lnk - C:\WINDOWS\MENINY.EXE [2007-05-22 09:10:24 53808]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2006-05-24 14:16:14 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"C:\\Hry\\Medal Of Honor - Alied Assault\\MOHAA.EXE"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ETDED.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\miranda\\miranda32.exe"=
"C:\\Program Files\\Warcraft III\\w3l.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\user\\Data aplikací\\UpdateStar\\UpdateStar.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 OADevice;OADriver;C:\WINDOWS\system32\drivers\OADriver.sys [2008-04-17 05:25]
R1 OAmon;OAmon;C:\WINDOWS\system32\drivers\OAmon.sys [2008-04-17 05:25]
R1 OAnet;OAnet;C:\WINDOWS\system32\drivers\OAnet.sys [2008-04-17 05:25]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;"C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe" -service []
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\ATK0100\ASNDIS5.SYS [2004-05-28 04:13]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 01:04]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;C:\WINDOWS\system32\Drivers\SynMini.sys [2006-01-20 10:59]
R3 SynScan;ASUS WebCam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2006-01-02 12:02]
S2 NewServiceInstall1;NewServiceInstall1;"C:\Program Files\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng" []
S2 SvcOnlineArmor;Online Armor;"C:\Program Files\Tall Emu\Online Armor\oasrv.exe" [2008-04-17 05:25]
S3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2004-04-28 18:47]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2004-04-28 18:48]
S3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2004-04-29 07:51]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-09-05 03:59]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45af6acf-8159-11dc-bb9e-001a92be2173}]
\Shell\AutoRun\command - ie.exe
\Shell\explore\Command - ie.exe
\Shell\open\Command - ie.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b1c737e-7883-11dc-bb62-001a92be2173}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b358cf4-978a-11dc-bc1e-001a927ae52e}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e8fbfdc-7d3e-11dc-bb81-001a92be2173}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7557532-77bc-11dc-bb5e-001a927ae52e}]
\Shell\AutoRun\command - xn1i9x.com
\Shell\explore\Command - xn1i9x.com
\Shell\open\Command - xn1i9x.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f69a1a4c-e856-11db-b907-001a92be2173}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-12 11:18:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-05-23 00:18:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NewServiceInstall1]
"ImagePath"="\"C:\Program Files\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng\""
.
Completion time: 2008-05-23 0:21:30
ComboFix-quarantined-files.txt 2008-05-22 22:21:16
Adresářů: 27, Volných bajtů: 4,098,895,872
Adresářů: 30, Volných bajtů: 4,225,925,120
209 --- E O F --- 2008-05-16 13:57:15