ComboFix 08-01-23.2 - ddd 2008-01-23 15:20:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.386.1033.18.164 [GMT 1:00]
Running from: C:\Documents and Settings\ddd\Desktop\ComboFix.exe
* Created a new restore point
[color=red]
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\dfrgu.dll
C:\WINDOWS\system32\drivers\jsflbcso.dat
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_SROSA
-------\LEGACY_TLRLKINA
-------\srosa
-------\tlrlkina
((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))
.
2008-01-23 15:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-22 09:00 . 2008-01-22 09:03 10,485,760 --a------ C:\WINDOWS\system32\cxl1705
2008-01-22 08:57 . 2008-01-22 12:27 <DIR> d-------- C:\Program Files\ElcomSoft
2008-01-22 08:57 . 2008-01-22 09:04 920 --a------ C:\WINDOWS\ARCHPR.INI
2008-01-21 22:54 . 2008-01-21 22:55 <DIR> d-------- C:\Program Files\Wormux 0.7
2008-01-21 22:50 . 2008-01-21 22:50 <DIR> d-------- C:\Programas
2008-01-21 21:08 . 2004-05-10 12:42 110,592 --a------ C:\WINDOWS\system32\suppdll.dll
2008-01-21 21:08 . 2008-01-21 21:08 35,363 --a------ C:\WINDOWS\system32\windrvNT.sys
2008-01-21 19:01 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-21 15:55 . 2008-01-21 19:04 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-21 15:55 . 2008-01-21 15:55 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-21 15:55 . 2008-01-21 15:55 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-21 15:55 . 2008-01-21 15:55 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-20 14:55 . 2008-01-21 19:11 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-20 14:55 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-20 14:55 . 2007-04-19 15:18 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-20 14:55 . 2007-04-19 15:18 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-20 14:55 . 2007-04-19 15:18 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-20 14:55 . 2007-04-19 15:18 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2008-01-20 14:55 . 2007-04-19 15:18 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-19 09:26 . 2008-01-22 10:58 70,660 --a------ C:\WINDOWS\system32\mdelk.exe
2008-01-19 07:26 . 2006-01-18 03:01 827,442 --------- C:\WINDOWS\system32\drivers\hldrrr.exe
2008-01-19 07:21 . 2008-01-22 11:04 <DIR> d-------- C:\WINDOWS\system32\drivers\down
2008-01-19 07:13 . 2006-10-07 17:31 221,184 --a------ C:\WINDOWS\system32\rspencr330.ocx
2008-01-19 07:07 . 2008-01-23 15:27 448,032 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-19 07:07 . 2008-01-23 15:26 8,096 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-19 07:03 . 2007-11-14 16:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-01-07 16:56 . 2008-01-07 17:35 <DIR> d-------- C:\Downloads
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-21 20:10 --------- d-----w C:\Program Files\Folder Lock
2008-01-21 15:16 --------- d-----w C:\Program Files\MediaMonkey
2008-01-21 15:15 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-01-20 13:33 --------- d-----w C:\Program Files\Google
2008-01-19 07:28 --------- d-----w C:\Program Files\eMule
2007-12-20 12:02 --------- d-----w C:\Program Files\Apple Software Update
2007-12-20 12:01 --------- d-----w C:\Program Files\Common Files\Apple
2007-12-01 16:45 --------- d-----w C:\Program Files\janusware
2007-11-30 19:57 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-11-30 19:57 --------- d-----w C:\Program Files\Nokia
2007-11-30 19:57 --------- d-----w C:\Program Files\DIFX
2007-11-30 19:57 --------- d-----w C:\Program Files\Common Files\PCSuite
2007-11-30 19:57 --------- d-----w C:\Program Files\Common Files\Nokia
2007-11-26 18:37 --------- d-----w C:\Program Files\MP3Gain
2007-11-14 15:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-10-24 10:30 512 ----a-w C:\ScanSectorLog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"german.exe"="C:\WINDOWS\system32\wintems.exe" [ ]
"mule_st_key"="C:\Documents and Settings\ddd\Application Data\m\flec006.exe" [2008-01-22 10:58 96260]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-07 20:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-10-31 21:15 163840 C:\WINDOWS\system32\VTTrayp.exe]
"C-Media Mixer"="Mixer.exe" [2001-10-22 10:24 1216512 C:\WINDOWS\mixer.exe]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
[color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Metacafe.lnk
backup=C:\WINDOWS\pss\Metacafe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Network Chat AutoStart.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Network Chat AutoStart.lnk
backup=C:\WINDOWS\pss\Network Chat AutoStart.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^ddd^Start Menu^Programs^Startup^Metacafe.lnk]
path=C:\Documents and Settings\ddd\Start Menu\Programs\Startup\Metacafe.lnk
backup=C:\WINDOWS\pss\Metacafe.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-12-23 17:05 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer]
--a------ 2004-08-04 00:56 208896 C:\WINDOWS\inf\unregmp2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 14:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-11-09 13:16 688128 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2006-01-18 03:01 827442 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2003-12-13 01:50 33792 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2008-01-23 15:20 919016 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 04:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 04:39]
S3 BSJYS;BSJYS;C:\DOCUME~1\ddd\LOCALS~1\Temp\BSJYS.exe [2008-01-21 19:06]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-18 20:58:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-01-23 15:27:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
disk error: C:\WINDOWS\
**************************************************************************
.
aj daj jos po jednu...