ComboFix 07-10-30.5 - Mato 2007-10-30 18:03:53.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.129 [GMT 1:00]
Running from: C:\Documents and Settings\Mato\Plocha\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ugbtna.dll
.
((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-30 )))))))))))))))))))))))))))))))
.
2007-10-30 18:02 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-30 17:40 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-29 22:21 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-29 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2007-10-29 22:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-29 20:37 <DIR> d-------- C:\Documents and Settings\Mato\Data aplikací\Lavasoft
2007-10-29 20:37 <DIR> d-------- C:\Documents and Settings\Mato\Data aplikací\Lavasoft
2007-10-29 20:37 <DIR> d-------- C:\Documents and Settings\Mato\Data aplikací\Lavasoft
2007-10-29 09:35 <DIR> d-------- C:\Program Files\Video Add-on
2007-10-28 12:33 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2007-10-28 12:33 35,175 --a------ C:\WINDOWS\DIIUnin.dat
2007-10-28 12:33 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2007-10-28 12:17 <DIR> d-------- C:\Program Files\Diablo II
2007-10-28 09:02 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Trymedia
2007-10-28 09:00 <DIR> d-------- C:\Program Files\Peggle
2007-10-28 09:00 <DIR> d-------- C:\Program Files\BFG
2007-10-16 15:39 <DIR> d-------- C:\Program Files\DAZ
2007-10-16 15:39 <DIR> d-------- C:\Program Files\Common Files\DAZ
2007-10-16 14:49 <DIR> d-------- C:\Program Files\Píšeme všetkými desiatimi
2007-10-06 16:09 <DIR> d-------- C:\Program Files\GameSpy Arcade
2007-10-06 15:59 <DIR> d-------- C:\Program Files\Aspyr
2007-10-06 14:40 <DIR> d-------- C:\WINDOWS\pss
2007-10-02 20:10 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-10-02 20:10 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-10-02 20:09 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-10-02 20:09 <DIR> d-------- C:\Program Files\Ahead
2007-10-02 20:09 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-10-02 20:09 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-10-02 20:09 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-10-02 20:09 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-10-02 20:09 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-10-02 20:09 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-09-30 17:12 <DIR> d-------- C:\MMAPP
2007-09-23 16:06 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-09-23 16:06 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2007-09-23 16:06 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2007-09-23 16:06 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2007-09-23 16:05 <DIR> d-------- C:\Program Files\Futuremark
2007-09-21 13:18 <DIR> d-------- C:\Program Files\DC++
2007-09-16 15:36 <DIR> d-------- C:\DUKE3D
2007-09-16 13:31 <DIR> d-------- C:\Documents and Settings\Mato\Battlefield 1942
2007-09-11 17:07 <DIR> d-------- C:\Documents and Settings\Mato\Data aplikací\VideoEgg
2007-09-11 17:07 <DIR> d-------- C:\Documents and Settings\Mato\Data aplikací\VideoEgg
2007-09-11 17:07 <DIR> d-------- C:\Documents and Settings\Mato\Data aplikací\VideoEgg
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-30 16:12 --------- d-----w C:\Program Files\ICQToolbar
2007-10-29 21:26 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Azureus
2007-10-29 21:26 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Azureus
2007-10-29 21:26 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Azureus
2007-10-24 10:00 --------- d-----w C:\Program Files\ICQ6
2007-10-11 15:22 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Hamachi
2007-10-11 15:22 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Hamachi
2007-10-11 15:22 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Hamachi
2007-10-11 15:21 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Skype
2007-10-11 15:21 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Skype
2007-10-11 15:21 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\Skype
2007-10-05 13:17 --------- d-----w C:\Program Files\Warcraft III
2007-10-05 12:07 --------- d-----w C:\Program Files\Azureus
2007-10-03 13:51 16,224 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-02 19:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-21 05:46 --------- d-----w C:\Program Files\Spyware Doctor
2007-08-31 23:54 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\ICQ
2007-08-31 23:54 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\ICQ
2007-08-31 23:54 --------- d-----w C:\Documents and Settings\Mato\Data aplikací\ICQ
2007-08-30 22:40 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-08-30 22:38 --------- d-----w C:\Program Files\Microsoft.NET
2007-08-28 18:44 --------- d-----w C:\Program Files\Truck Dismount
2007-08-28 18:42 --------- d-----w C:\Program Files\MOBILedit!
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-19 20:40 5,625,899 ----a-w C:\WINDOWS\scr_thalia.scr
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-20 12:47 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2007-07-09 13:11 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
2007-07-04 19:56 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2007-07-04 19:23 114,688 ----a-w C:\WINDOWS\system32\nms32.dll
2007-07-04 15:29 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-07-04 14:43 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-07-04 14:43 104,960 ------w C:\WINDOWS\system32\pxinsi64.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}]
2007-10-29 16:37 13312 --a------ C:\Program Files\Video Add-on\isfmdl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}"= C:\Program Files\Video Add-on\ictmdl.dll [2007-10-29 09:35 86016]
[HKEY_CLASSES_ROOT\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}"= C:\Program Files\Video Add-on\ictmdl.dll [2007-10-29 09:35 86016]
[HKEY_CLASSES_ROOT\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-18 13:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-18 13:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-18 13:00]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 08:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 11:41]
"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2005-04-08 10:08]
"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 12:20 C:\WINDOWS\AGRSMMSG.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 12:50]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-25 11:32]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-25 11:29]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-25 11:32]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-09-07 15:28]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 12:24]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-04-27 04:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [2007-07-04 15:44]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 09:59]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2005-03-09 13:54]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 10:27]
"CnxDslTaskBar"="C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe" [2004-05-06 16:01]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-07-04 16:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-04 20:56]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-07-04 21:04]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 13:00]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:00]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:00]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-03-29 14:37:28]
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-07-04 15:48:38]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 10:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 axsaki;axsaki;C:\WINDOWS\system32\DRIVERS\axsaki.sys
S3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-09-18 10:44:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-08-25 10:03:40 C:\WINDOWS\Tasks\Critical Battery Alarm Program.job"
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-10-30 18:10:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????9?2?6?0??????? ???B???????????????B? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-30 18:11:44 - machine was rebooted
.
--- E O F ---
pozitivna sprava 
