ComboFix 08-05-07.2 - Maša 2008-05-08 19:39:53.9 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.427 [GMT 2:00]
Running from: C:\Documents and Settings\Maša\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Maša\Plocha\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((( Files Created from 2008-04-08 to 2008-05-08 )))))))))))))))))))))))))))))))
.
2008-05-08 19:10 . 2008-05-08 19:36 <DIR> d-------- C:\SDFix
2008-05-07 17:48 . 2008-05-07 17:48 <DIR> d-------- C:\Documents and Settings\Maša\PSPad
2008-05-07 17:48 . 2008-05-07 17:48 <DIR> d-------- C:\Documents and Settings\Maša\PSPad
2008-05-07 17:45 . 2008-05-07 17:45 <DIR> d-------- C:\PSPad
2008-05-02 21:21 . 2008-05-02 22:49 26 --a------ C:\WINDOWS\system32\satsukidecodersettings.ini
2008-04-26 12:37 . 2008-04-26 12:37 <DIR> d-------- C:\Program Files\Psygnosis
2008-04-25 15:01 . 2008-04-25 15:01 241 --a------ C:\Documents and Settings\Maša\SR.vbs
2008-04-25 15:01 . 2008-04-25 15:01 241 --a------ C:\Documents and Settings\Maša\SR.vbs
2008-04-21 20:10 . 2008-04-21 20:10 <DIR> d-------- C:\Documents and Settings\MaÜa
2008-04-21 19:58 . 2008-04-21 19:58 125,841 --a------ C:\Documents and Settings\Macatchme.zip
2008-04-20 15:30 . 2008-04-20 15:30 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-16 17:20 . 2008-04-16 17:20 <DIR> d-------- C:\Documents and Settings\Maša\Data aplikací\Oxford
2008-04-16 17:19 . 2008-04-16 17:19 <DIR> d-------- C:\Program Files\TEXTware
2008-04-16 17:17 . 2008-04-16 17:17 <DIR> d-------- C:\Program Files\Oxford
2008-04-15 16:21 . 2008-04-15 16:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2008-04-15 16:20 . 2006-06-16 11:12 <DIR> d-------- C:\Documents and Settings\Administrator\Šablony
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2008-04-15 16:20 . 2008-04-15 16:20 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-15 16:20 . 2008-05-08 19:39 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-14 20:31 . 2008-04-14 20:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-14 19:25 . 2006-09-05 18:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-14 19:09 . 2008-04-14 19:09 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-14 18:38 . 2008-04-14 18:38 0 --a------ C:\23990098.$$$
2008-04-13 17:42 . 2008-04-25 14:53 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-09 16:10 . 2008-04-09 16:10 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-09 15:53 . 2008-04-09 15:53 <DIR> d-------- C:\Program Files\CCleaner
2008-04-09 15:49 . 2008-04-09 15:50 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Lavasoft
2008-04-08 20:38 . 2008-04-08 20:38 130 --a------ C:\WINDOWS\wininit.ini
2008-04-08 19:17 . 2008-04-08 19:14 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-08 19:17 . 2008-04-08 19:17 2,550 --a------ C:\WINDOWS\unins000.dat
2008-04-08 19:02 . 2008-04-08 19:35 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-08 19:02 . 2008-04-14 18:47 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-08 10:19 --------- d-----w C:\Program Files\Lx_cats
2008-04-25 15:37 --------- d-----w C:\Documents and Settings\Maša\Data aplikací\ICQ
2008-04-25 12:54 --------- d-----w C:\Program Files\Google
2008-04-25 12:52 --------- d-----w C:\Program Files\ICQToolbar
2008-04-20 19:08 --------- d-----w C:\Program Files\ICQ6
2008-04-20 16:32 --------- d-----w C:\Program Files\ICQLite
2008-04-09 14:43 --------- d-----w C:\Documents and Settings\Maša\Data aplikací\ICQ Toolbar
2008-04-06 17:03 --------- d-----w C:\Documents and Settings\Maša\Data aplikací\uTorrent
2008-04-06 17:01 --------- d-----w C:\Program Files\uTorrent
2008-03-20 08:09 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-09 09:54 --------- d-----w C:\Program Files\Lexmark 2300 Series
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:05 660,480 ----a-w C:\WINDOWS\system32\wininet.dll
2006-02-02 15:08 914 ----a-w C:\Program Files\INSTALL.LOG
2005-12-21 13:13 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER(2).DAT
2005-12-17 10:52 237,568 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER(3).DAT
.
((((((((((((((((((((((((((((( snapshot@2008-04-29_18.26.51,39 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-29 16:08:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-08 17:27:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-29 03:11:08 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-05-07 03:09:44 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
- 2008-04-29 16:00:24 11,386,880 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\
00000001\ntuser.dat
+ 2008-05-08 17:17:50 11,403,264 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\
00000001\ntuser.dat
- 2008-04-29 16:00:24 172,032 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\
00000002\UsrClass.dat
+ 2008-05-08 17:17:50 172,032 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\
00000002\UsrClass.dat
+ 2008-05-08 17:28:18 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_534.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-04-23 00:43 413775]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-07-26 19:14 1867776]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-19 16:59 1449984]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxcgmon.exe"="C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-21 08:07 200704]
"EzPrint"="C:\Program Files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 14:05 94208]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 15:36 299008]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 13:36 229376]
"WireLessMouse "="C:\Program Files\Multimedia Combo Set\MouseDrv.exe" [2004-06-27 15:54 503808]
"WireLessKeyboard "="C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe" [2005-08-02 23:45 253952]
"wcmdmgr"="C:\WINDOWS\wt\updater\wcmdmgrl.exe" [ ]
"LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 19:48 73728]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]
C:\Documents and Settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-02-09 23:12:54 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 08:05:26 29696]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-08-27 09:27:17 106560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"MSACM.CEGSM"= mobilev.acm
"VIDC.ACDV"= ACDV.dll
"VIDC.XVID"= xvid.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Documents and Settings\\Maša\\Dokumenty\\eMule\\emule.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16316:TCP"= 16316:TCP:BitComet 16316 TCP
"16316:UDP"= 16316:UDP:BitComet 16316 UDP
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys [2002-04-15 13:18]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-08 19:42:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-08 19:45:18
ComboFix-quarantined-files.txt 2008-05-08 17:44:21
ComboFix2.txt 2008-05-05 15:54:55
ComboFix3.txt 2008-04-29 16:27:34
Adresářů: 17, Volných bajtů: 9,253,740,544
Adresářů: 20, Volných bajtů: 9,342,976,000
148 --- E O F --- 2008-04-10 06:35:58
