ComboFix 08-02-14.2 - Biba 2008-02-14 10:44:05.1 - NTFSx86
Systém Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1033.18.246 [GMT 1:00]
Running from: C:\Documents and Settings\Biba\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\acbfaaac_g.dll
C:\WINDOWS\system32\taskmgr.com
.
((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))
.
2008-02-14 05:34 . 2008-02-14 05:34 <DIR> d-------- C:\Documents and Settings\Biba\DoctorWeb
2008-02-14 04:27 . 2008-02-14 04:27 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-09 16:17 . 2008-02-09 16:17 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-02-09 13:29 . 2008-02-09 13:29 <DIR> d--hs---- C:\Documents and Settings\Biba\Phone Browser
2008-02-09 13:18 . 2008-02-09 13:18 <DIR> d-------- C:\Program Files\DIFX
2008-02-09 13:18 . 2008-02-09 13:18 <DIR> d-------- C:\Documents and Settings\Biba\Application Data\PC Suite
2008-02-09 13:18 . 2008-02-09 13:19 <DIR> d-------- C:\Documents and Settings\Biba\Application Data\Nokia
2008-02-09 13:18 . 2008-02-09 13:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-02-09 13:17 . 2008-02-10 10:17 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-02-09 13:17 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-02-09 13:10 . 2008-02-09 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-02-09 13:09 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-02-03 14:12 . 2008-02-05 09:23 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-02-03 14:12 . 2008-02-03 14:13 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-02-03 14:12 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-01-30 17:05 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-30 17:05 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-30 17:05 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-30 17:05 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-30 17:05 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-30 17:05 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-30 17:05 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-30 17:05 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-29 13:08 . 2008-01-29 13:08 <DIR> d-------- C:\Program Files\Innovative Solutions
2008-01-29 13:08 . 2008-01-29 13:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
2008-01-29 12:42 . 2008-01-29 12:44 <DIR> d-------- C:\Program Files\nLite
2008-01-29 12:32 . 2000-01-24 09:01 2,023,424 --a------ C:\WINDOWS\system32\vcl50.bpl
2008-01-29 12:32 . 2003-12-25 22:00 1,873,920 --a------ C:\WINDOWS\system32\Rz30Ctls50.bpl
2008-01-29 12:32 . 2000-01-31 08:00 1,496,064 --a------ C:\WINDOWS\system32\cc3250mt.dll
2008-01-29 12:32 . 2000-01-24 09:01 248,832 --a------ C:\WINDOWS\system32\vclx50.bpl
2008-01-29 12:32 . 2001-08-11 20:50 158,720 --a------ C:\WINDOWS\system32\DM15_50.bpl
2008-01-29 12:32 . 2000-01-31 01:00 147,456 --a------ C:\WINDOWS\system32\Bcbsmp50.bpl
2008-01-29 12:32 . 2000-01-24 08:01 101,888 --a------ C:\WINDOWS\system32\vcljpg50.bpl
2008-01-29 12:32 . 2000-01-31 09:00 25,600 --a------ C:\WINDOWS\system32\BORLNDMM.DLL
2008-01-29 12:32 . 2000-01-31 08:00 9,087 --a------ C:\WINDOWS\system32\wininet.lib
2008-01-28 15:56 . 2008-01-28 15:56 <DIR> d-------- C:\WINDOWS\PIF
2008-01-28 12:52 . 2008-01-28 12:52 <DIR> d-------- C:\Documents and Settings\Biba\Application Data\GlarySoft
2008-01-28 12:41 . 2008-01-30 16:30 <DIR> d-------- C:\Program Files\Absolute Uninstaller
2008-01-27 14:58 . 2008-01-27 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-01-27 14:40 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-01-24 22:12 . 2008-01-24 22:12 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-24 22:12 . 2008-01-24 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-23 13:10 . 2008-01-23 13:10 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-01-23 13:10 . 2008-01-23 13:10 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-01-23 13:10 . 2008-01-23 13:10 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-01-23 13:10 . 2008-01-23 13:10 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-01-23 13:10 . 2008-01-23 13:10 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-01-23 13:10 . 2008-01-23 13:10 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-01-23 13:09 . 2008-02-03 21:52 50 --a------ C:\WINDOWS\Lic.xxx
2008-01-23 13:07 . 2004-08-04 13:00 146,432 --a------ C:\WINDOWS\R.COM
2008-01-23 13:07 . 2004-08-04 13:00 135,680 --a------ C:\WINDOWS\system32\T.COM
2008-01-22 09:00 . 2008-01-22 09:00 <DIR> d-------- C:\Documents and Settings\Biba\Application Data\Pointstone
2008-01-22 08:57 . 2008-01-23 20:49 <DIR> d-------- C:\Program Files\Pointstone
2008-01-22 08:57 . 2008-01-24 03:58 <DIR> d-------- C:\Program Files\Common Files\Pointstone
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 14:22 --------- d-----w C:\Program Files\Ford Racing 3
2008-02-05 08:24 --------- d-----w C:\Documents and Settings\Biba\Application Data\SpinTop
2008-02-03 13:12 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-03 13:07 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-01-29 13:25 --------- d-----w C:\Documents and Settings\Biba\Application Data\TV JOJ Media Player
2008-01-29 11:39 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-29 04:47 --------- d-----w C:\Program Files\TV JOJ Media Player
2007-12-27 17:32 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-25 13:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-12-25 08:37 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-23 19:00 --------- d-----w C:\Program Files\Cimaware
2007-12-23 18:57 --------- d-----w C:\Documents and Settings\Biba\Application Data\Cimaware
2007-12-21 07:21 71,176 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2007-12-21 07:21 53,768 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2007-12-21 07:19 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-15 09:01 155,648 ----a-w C:\WINDOWS\system32\libssl32.dll
2007-12-15 06:54 --------- d-----w C:\Program Files\7-Zip
2007-12-14 09:30 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-07 00:44 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-02 09:17 356,352 ----a-w C:\WINDOWS\eSellerateEngine.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="C:\WINDOWS\TBPanel.exe" [2005-07-25 09:39 2043904]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 14:07 7110656]
"CnxDslTaskBar"="C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" [2004-06-16 10:55 233472]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 19:24 32768]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 13:00]
R3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2004-06-16 10:51]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2004-06-16 10:51]
R3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNP.sys [2004-06-16 10:51]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 13:00]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-03 14:13]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e06086bc-d707-11dc-8cab-001333c27746}]
\Shell\AutoRun\command - E:\Web'n'walk_Helper.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-02-08 16:16:18 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-02-14 10:45:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-14 10:45:42
ComboFix-quarantined-files.txt 2008-02-14 09:45:33
.
2008-02-14 03:28:08 --- E O F ---
teraz restart PC a novy hjt log + combofix log
