ComboFix 08-03-17.1 - PETO 2008-03-24 20:07:34.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.711 [GMT 1:00]
Running from: C:\Setupky\Programy proti vírusom a červom\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM5b9c3577.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cbxwt.dll
C:\WINDOWS\system32\cefhk.ini
C:\WINDOWS\system32\cefhk.ini2
C:\WINDOWS\system32\ftspmlpj.dll
C:\WINDOWS\system32\gikmp.ini
C:\WINDOWS\system32\gikmp.ini2
C:\WINDOWS\system32\jplmpstf.ini
C:\WINDOWS\system32\khfedaw.dll
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\nshgilbg.dll
C:\WINDOWS\system32\propiyjb.dll
C:\WINDOWS\system32\scheakcf.dll
C:\WINDOWS\system32\twxbc.ini
C:\WINDOWS\system32\twxbc.ini2
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\TEMP\salm.exe
C:\WINDOWS\updatetc.exe
.
((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))))
.
2008-03-23 23:14 . 2008-03-23 23:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-23 23:13 . 2008-03-23 23:14 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-23 23:13 . 2008-03-23 23:13 <DIR> d-------- C:\Documents and Settings\PETO\Application Data\SUPERAntiSpyware.com
2008-03-22 23:52 . 2008-03-22 23:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-22 23:49 . 2008-03-22 23:49 15,872 --a------ C:\WINDOWS\2020se~1.dll
2008-03-22 23:39 . 2008-03-24 18:35 <DIR> d-------- C:\Program Files\Bat
2008-03-22 23:38 . 2008-03-22 23:38 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-03-06 17:41 . 2008-03-06 17:56 174 --a------ C:\WINDOWS\wcx_ftp.ini
2008-03-04 23:20 . 2008-03-04 23:20 28 --a------ C:\WINDOWS\pslabeler3.ini
2008-03-03 20:29 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-03 20:28 . 2008-03-03 20:29 <DIR> d-------- C:\Program Files\Java
2008-03-03 20:28 . 2008-03-03 20:28 <DIR> d-------- C:\Program Files\Common Files\Java
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-24 15:47 --------- d-----w C:\Program Files\Total Video Converter
2008-03-23 22:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-23 22:02 --------- d-----w C:\Documents and Settings\PETO\Application Data\Spyware Terminator
2008-03-23 22:01 --------- d-----w C:\Program Files\Spyware Terminator
2008-03-22 23:23 138,752 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-22 23:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-22 22:09 --------- d-----w C:\Documents and Settings\PETO\Application Data\Skype
2008-03-20 20:27 --------- d-----w C:\Documents and Settings\PETO\Application Data\ICQ
2008-03-19 16:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-19 16:08 --------- d-----w C:\Program Files\Sony Ericsson
2008-03-19 16:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-03-19 12:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-17 12:40 --------- d-----w C:\Documents and Settings\PETO\Application Data\skypePM
2008-03-12 23:16 --------- d-----w C:\Documents and Settings\PETO\Application Data\Hamachi
2008-02-22 21:12 --------- d-----w C:\Program Files\directx
2008-02-22 21:11 --------- d-----w C:\Program Files\Common Files\Logitech
2008-02-22 21:09 --------- d-----w C:\Program Files\Windows Media Components
2008-02-22 21:08 --------- d-----w C:\Program Files\Logitech
2008-02-22 09:03 --------- d-----w C:\Program Files\ICQ6
2008-02-20 11:28 --------- d-----w C:\Program Files\RAPID UPLOADER
2008-02-17 20:45 --------- d-----w C:\Program Files\Creative
2008-02-03 17:16 --------- d-----w C:\Program Files\ABBYY FineReader 8.0 Professional Edition
2008-02-03 14:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\ABBYY
2008-02-03 12:50 --------- d-----w C:\Documents and Settings\PETO\Application Data\ABBYY
2008-01-29 20:10 --------- d-----w C:\Program Files\EA SPORTS
2008-01-08 03:20 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-08 02:09 737,280 ----a-w C:\WINDOWS\iun6002.exe
2006-03-20 23:37 5,689,344 ----a-w C:\Program Files\mplayerc.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA2683D6-5700-45ED-AA01-8D66F1637E5D}]
C:\WINDOWS\system32\khfec.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 08:19 4841472]
"nwiz"="nwiz.exe" [2003-07-28 08:19 323584 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-23 00:23 2957824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Samsung Multimedia Keyboard.lnk - C:\Program Files\SAMSUNG\Samsung Multimedia Keyboard\gpkbd.exe [2008-01-08 00:39:37 585728]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Akcelerátor spuštění AutoCADu.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Akcelerátor spuštění AutoCADu.lnk
backup=C:\WINDOWS\pss\Akcelerátor spuštění AutoCADu.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
--a------ 2002-09-11 12:58 155648 C:\Program Files\Logitech\ImageStudio\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
--a------ 2002-09-11 12:57 45056 C:\Program Files\Logitech\ImageStudio\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a------ 2002-09-09 17:16 90112 C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]
--a------ 2003-09-23 11:04 32768 C:\PROGRA~1\Pinnacle Systems\PPE\PPE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--a------ 2003-12-04 12:34 406016 C:\WINDOWS\system32\PSDrvCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a------ 2002-04-17 10:42 69632 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
--a------ 2008-02-20 16:19 356352 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\EA SPORTS\\FIFA 07\\fifa07.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2008-03-23 00:23]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 07:04]
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2002-06-10 14:16]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-02-08 12:55]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-02-08 12:55]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-02-08 12:55]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-02-08 12:56]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-02-08 12:56]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-02-08 12:56]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-02-08 12:56]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-03-24 20:22:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-03-24 20:24:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-24 19:24:17
.
2008-03-12 13:11:43 --- E O F ---
