ComboFix 08-06-20.4 - tatulda 2008-06-23 16:35:39.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.428 [GMT 2:00]
Running from: C:\Documents and Settings\tatulda\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\tatulda\Plocha\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\inf\COM2B8.tmp
C:\WINDOWS\system32\1.ext
C:\WINDOWS\system32\2.ext
C:\WINDOWS\system32\3.ext
C:\WINDOWS\system32\bing.ext
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\!KillBox
C:\!KillBox\Logs\kb.log
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla.31E96541_5977_446A_9397_22DA57E04BAB.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla.3670E45E_F597_44DC_8445_B30B72AC1FA3.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla.6F92E03F_40CE_4760_8D0B_B2B9EECCBF83.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla.6FDD6204_04EF_488E_9610_5FD5A46BDE30.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla.D44510BD_E8D6_49AE_B888_112D87C9C161.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla.FAF8A314_E56E_45D7_BEE9_65A690C7198C.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.00572D8A_1A73_4E5D_A46B_6EFDE691C218.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.12F9FD19_1994_419B_9C84_B3BF45693899.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.1B52089C_6701_42A0_89CA_7B933A931DF3.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.2AD90733_4466_4DD1_AAC2_2D483DAB8FE4.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.2C086B75_55FC_4C05_AB40_BB3EB84F6328.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.43C5331B_E676_43FF_8FC2_B4819B909B85.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.4613DC68_CB36_4D11_BCBF_4E57372A7F0A.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.492EDA4F_0AD5_48E5_9EA0_89E62AA41E2F.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.4E827EA0_9C9A_4D1B_81C3_76489B68A99A.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.5E812FC8_5D2C_4762_90FD_969FA3D8E5B3.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.5FB79635_0941_43C8_9A50_81BF9B954BA6.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.690902FB_CE2B_4E0F_879D_F1EC8A0BBEA7.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.6E5A7B86_D068_47A0_8520_EF28243DDB8F.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.6E6707B2_B726_47AC_AF34_064D79BFE936.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.7DE6324D_42A7_41B1_968A_DEB2B22A4545.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.93C233A4_2586_44C9_AD8C_A050FA91D51E.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.9E0FE730_F4A9_4210_B551_5B2DA66F162E.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.9F9E7040_314F_41D4_8279_D07D229A052B.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.A0EAF5F9_367F_484D_B885_F776EFEEA05E.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.A6B8BC6C_FB66_49C2_8E3A_5D9624334BBD.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.ADE1D959_6508_41EE_881A_B753E14752A6.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.B4733F37_D4D8_4085_94FE_8A78FEB5D157.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.C0D49D98_6F16_4B5F_AAC1_C12ECA02364C.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.FBE69EB0_39A5_48C7_84B0_4577EAD3F47C.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla2.31E96541_5977_446A_9397_22DA57E04BAB.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla20.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla22.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla24.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla28.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla3.1DCDDFD3_9BEF_4F44_BF65_0605E8FA1B4D.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla3.500F1E4F_607F_4B5C_AA73_1EE07CB67F95.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla3.A3C8CE51_0693_485E_9D7E_5599B664C3CD.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla3.E41808F3_5CAF_4C3A_84C8_04328A1F6092.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla3.FAF8A314_E56E_45D7_BEE9_65A690C7198C.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla31.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla35.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla36.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla39.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla4.316FF00F_788B_4C9D_B87F_F6B99DE5AD83.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla4.917B2E4C_4780_4F4B_981F_00C79F001E25.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla46.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla48.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla49.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla51.dll
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseData.ini
C:\WINDOWS\inf\COM2B8.tmp
C:\WINDOWS\system32\1.ext
C:\WINDOWS\system32\2.ext
C:\WINDOWS\system32\3.ext
C:\WINDOWS\system32\bing.ext
.
((((((((((((((((((((((((( Files Created from 2008-05-23 to 2008-06-23 )))))))))))))))))))))))))))))))
.
2008-06-22 14:05 . 2008-06-22 14:05 <DIR> d-------- C:\Documents and Settings\PECHY.JINDěICHPECHAL
2008-06-22 12:36 . 2008-06-22 12:36 <DIR> d-------- C:\Documents and Settings\tatulda\Data aplikací\SUPERAntiSpyware.com
2008-06-16 21:34 . 2008-06-16 21:34 <DIR> d-------- C:\Program Files\Asseco
2008-06-13 12:26 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-13 11:57 . 2008-06-13 12:26 <DIR> d-------- C:\Program Files\Java
2008-06-13 11:57 . 2008-06-13 11:57 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-12 15:09 . 2008-06-12 15:18 <DIR> d-------- C:\fixwareout
2008-06-10 16:33 . 2008-06-10 16:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-04 19:13 . 2008-06-04 19:13 <DIR> d-------- C:\Program Files\directx
2008-06-04 19:10 . 2008-06-04 19:10 <DIR> d-------- C:\Program Files\JoWooD
2008-06-04 18:54 . 2008-06-04 18:54 <DIR> d-------- C:\Program Files\NovaLogic
2008-06-01 07:53 . 2008-06-01 07:57 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-05-30 17:47 . 2008-06-13 11:30 <DIR> d-------- C:\Program Files\Webteh
2008-05-30 17:47 . 2008-05-30 17:47 <DIR> d-------- C:\Documents and Settings\tatulda\Data aplikací\BSplayer Pro
2008-05-30 17:47 . 2008-06-13 11:30 <DIR> d-------- C:\Documents and Settings\tatulda\Data aplikací\BSplayer
2008-05-30 17:40 . 2008-05-30 17:41 <DIR> d-------- C:\Documents and Settings\tatulda\Data aplikací\Media Player Classic
2008-05-29 15:10 . 2008-05-29 15:10 <DIR> d--h----- C:\Program Files\Zenographics
2008-05-28 20:49 . 2008-05-28 20:49 <DIR> d-------- C:\Program Files\Microsoft Silverlight
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 14:34 --------- d-----w C:\Program Files\Crawler
2008-06-23 12:48 --------- d-----w C:\Documents and Settings\tatulda\Data aplikací\OpenOffice.org2
2008-06-23 06:12 --------- d-----w C:\Program Files\RegVac Registry Cleaner
2008-06-22 10:37 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-21 18:27 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-06-21 09:06 --------- d-----w C:\Program Files\Spyware Terminator
2008-06-21 09:00 --------- d-----w C:\Documents and Settings\tatulda\Data aplikací\Spyware Terminator
2008-06-09 13:43 --------- d-----w C:\Program Files\WarRock
2008-06-02 17:53 --------- d-----w C:\Documents and Settings\tatulda\Data aplikací\Skype
2008-06-02 16:23 --------- d-----w C:\Documents and Settings\tatulda\Data aplikací\skypePM
2008-05-29 13:10 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-07 13:25 141,312 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-04-27 17:18 --------- d-----w C:\Program Files\Counter-Strike
2007-12-13 19:23 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
2007-05-26 13:15 6,010,880 ----a-w C:\Documents and Settings\Guest\icq5_1_Atlas.exe
2007-01-01 18:26 40,006,376 ----a-w C:\Program Files\ec_602pcsuite41.exe
2006-06-27 18:56 138 -c--a-w C:\Program Files\INSTALL.LOG
2005-09-22 15:53 718,336 ----a-w C:\Program Files\ABBYY FineReader 8.0 Professional Edition.msi
2005-09-21 05:54 3,584 ----a-w C:\Program Files\1033.mst
2005-09-21 05:54 154,624 ----a-w C:\Program Files\1049.mst
2005-09-20 21:59 360 ----a-w C:\Program Files\setup.ini
2005-09-20 18:38 356,352 ----a-w C:\Program Files\setup.exe
2003-04-21 13:09 245,408 ----a-w C:\Program Files\unicows.dll
2002-03-11 10:06 1,822,520 ----a-w C:\Program Files\instmsiW.exe
2001-11-23 04:08 712,704 -c--a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2005-07-27 21:11 56 -csha-r C:\WINDOWS\system32\E5753A6A96.sys
2005-11-02 15:47 10,856 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-22_14.04.41.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-22 11:59:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-23 12:46:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 16:00 15360]
"pdfSaver3"="c:\Program Files\PDF\pdfSaver\pdfSaver3.exe" [2004-05-19 15:29 385024]
"W_MRPPRN"="C:\Program Files\MRP\Tiskový manažer\W_mrpprn.exe" [2003-11-24 18:20 1134080]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 10:44 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2004-07-13 02:50 843776 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-13 02:50 4112384]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-07 15:25 1817600]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 21:44 65536]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-13 02:50 81920]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 20:12 3142236]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 16:00 15360]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
"Shell"="C:\WINDOWS\system32\shell32.dll" [2004-08-18 16:00 8388096]
C:\Documents and Settings\PECHY.JINDüICHPECHAL\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56 393216]
C:\Documents and Settings\tatulda\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56 393216]
RegVac.lnk - C:\Program Files\RegVac Registry Cleaner\regvac.exe [2006-12-16 12:11:51 2633216]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIM1"= pclepim1.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"msacm.avis"= ff_acm.acm
"VIDC.AP41"= APmpg4v1.dll
"VIDC.VP40"= vp4vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Hry\\Empire Earth\\Empire Earth.exe"=
"C:\\Hry\\-Aoe2conquer\\age2_x1.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
[HKLM\~\Services\\_common\\RWVoice.exe"=]
"C:\\Program Files\\Counter-Strike\\hl.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\MumboJumbo\\Luxor\\luxor.exe"=
"C:\\Program Files\\Strong DC++\\StrongDC.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"WinUpdate.exe"= 6667:TCP
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-05-07 15:25]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 16:00]
S2 ArcGIS License Manager;ArcGIS License Manager;C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe []
S2 USBBC;USB Bridge Cable (Windows 2000);C:\WINDOWS\system32\USBBC20.sys [1999-08-09 15:31]
S3 genmcmn;Genius NetScroll Wireless Mouse Driver;C:\WINDOWS\system32\DRIVERS\gmfiltr.sys [2001-10-16 11:56]
S3 RegVacService;RegVac Registry Service;C:\Program Files\RegVac Registry Cleaner\RegVserv.exe [2006-11-21 17:02]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 23:41]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 16:40:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-23 16:42:39
ComboFix-quarantined-files.txt 2008-06-23 14:41:49
ComboFix2.txt 2008-06-22 12:05:20
Adresářů: 26, Volných bajtů: 22,166,106,112
Adresářů: 28, Volných bajtů: 22,550,667,264
228 --- E O F --- 2007-10-12 19:11:27
ještě se chci zeptat na pár procesů... jestli sou důležitý??
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [pdfSaver3] "c:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
