ComboFix 07-07-28 - "User" 2008-10-20 16:48:07.5 [GMT 2:00] - NTFS
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.True
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com
((((((((((((((((((((((((( Files Created from 2008-09-20 to 2008-10-20 )))))))))))))))))))))))))))))))
2008-10-13 19:48 969,216 --a------ C:\WINDOWS\system32\qd3d.dll
2008-10-13 19:48 596,992 --a------ C:\WINDOWS\system32\rave.dll
2008-10-13 19:48 27,136 --a------ C:\WINDOWS\system32\QTUninst.dll
2008-10-13 19:48 126,976 --a------ C:\WINDOWS\system32\3DViewer.dll
2008-10-13 19:45 6,988,075 --a------ C:\WINDOWS\system\QT30.EXE
2008-10-13 19:45 2,058,752 --a------ C:\WINDOWS\system\QT32INST.EXE
2008-10-13 19:45 <DIR> d-------- C:\ZAK
2008-10-13 19:44 246,784 --a------ C:\WINDOWS\UNINST16.EXE
2008-09-24 16:45 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-09-24 16:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-09-23 17:03 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2008-10-13 19:48 --------- d-------- C:\Program Files\QuickTime
2008-09-24 16:55 --------- d-------- C:\Program Files\Messenger
2008-09-23 16:21 --------- d-------- C:\Program Files\ICQ6
2008-09-17 17:53 --------- d-------- C:\Program Files\TO2SSM
2008-09-17 17:53 --------- d-------- C:\DOCUME~1\User\DATAAP~1\Motive
2008-09-17 17:49 --------- d-------- C:\Program Files\Common Files\Motive
2008-09-17 17:46 --------- d-------- C:\Program Files\TO2SAM
2008-09-15 17:40 1846016 --a------ C:\WINDOWS\system32\win32k.sys
2008-09-02 12:36 344064 --a------ C:\WINDOWS\system32\fgkey10.exe
2008-09-02 12:33 --------- d-------- C:\Program Files\Fiendish Entertainment
2008-09-01 11:12 24576 --------- C:\WINDOWS\UniFISH.exe
2008-08-28 12:04 333056 --a------ C:\WINDOWS\system32\drivers\srv.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-07-12 17:33 C:\WINDOWS\mixer.exe]
"AtiPTA"="atiptaxx.exe" [2001-09-27 02:39 C:\WINDOWS\system32\atiptaxx.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-02-21 19:40]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-25 12:01]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 05:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
"TO2SSM_McciTrayApp"="C:\Program Files\TO2SSM\McciTrayApp.exe" [2008-08-15 18:33]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 12:16]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
R1 avgio;avgio;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys
R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys
R1 cdrbsdrv;cdrbsdrv;C:\WINDOWS\system32\drivers\cdrbsdrv.sys
R1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler;C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
R2 ARCGIS License Manager;ARCGIS License Manager;C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
R2 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe"
R2 Sentinel;Sentinel;C:\WINDOWS\system32\Drivers\SENTINEL.SYS
R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
R3 avgntflt;avgntflt;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys
R3 cmpci;C-Media PCI Audio Driver (WDM);C:\WINDOWS\system32\drivers\cmaudio.sys
R3 PSched;Pl novaź paket… technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S2 InCDsrvR;InCD Helper (read only);C:\Program Files\Ahead\InCD\InCDsrv.exe -r
S2 Sntnlusb;Sntnlusb;C:\WINDOWS\system32\Drivers\SNTNLUSB.SYS
S3 E100B;Intel(R) PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
S3 MREMP50;MREMP50 NDIS Protocol Driver;\??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;\??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS
S3 MREMPR5;MREMPR5 NDIS Protocol Driver;\??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver;\??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
S3 MRESP50;MRESP50 NDIS Protocol Driver;\??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;\??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-20 16:52:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\`\1i]
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,..
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\`\1i]
"Inno Setup: Setup Version"="My Inno Setup Extensions 3.0.6.2"
"Inno Setup: App Path"="C:\Program Files\Sifrovani"
"Inno Setup: Icon Group"="\x160ifrov\xe1n\xed"
"Inno Setup: User"="User"
"Inno Setup: Setup Type"="useable"
"Inno Setup: Selected Components"="doc,doc\html"
"Inno Setup: Deselected Components"="doc\hlp,pipe,src,misc,misc\devel,misc\ttf2sff,misc\stat"
"Inno Setup: Selected Tasks"=""
"Inno Setup: Deselected Tasks"="desktopicon"
"DisplayName"="\x160ifrov\xe1n\xed 0.4"
"DisplayIcon"="C:\Program Files\Sifrovani\bin\sifrovani.exe"
"UninstallString"=""C:\Program Files\Sifrovani\unins000.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000016f
"TracesSuccessful"=dword:0000006f
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData"="C:\Documents and Settings\Default User\Data aplikac\xed"
"Cookies"="C:\Documents and Settings\Default User\Cookies"
"Desktop"="C:\Documents and Settings\Default User\Plocha"
"Favorites"="C:\Documents and Settings\Default User\Obl\x00edben\xe9 polo\x17eky"
"NetHood"="C:\Documents and Settings\Default User\Okoln\xed s\xed\x165"
"Personal"="C:\Documents and Settings\Default User\Dokumenty"
"PrintHood"="C:\Documents and Settings\Default User\Okoln\xed tisk\xe1rny"
"Recent"="C:\Documents and Settings\Default User\Recent"
"SendTo"="C:\Documents and Settings\Default User\SendTo"
"Start Menu"="C:\Documents and Settings\Default User\Nab\x00eddka Start"
"Templates"="C:\Documents and Settings\Default User\\x0160ablony"
"Programs"="C:\Documents and Settings\Default User\Nab\x00eddka Start\Programy"
"Startup"="C:\Documents and Settings\Default User\Nab\x00eddka Start\Programy\Po spu\x161t\x11bn\xed"
"Local Settings"="C:\Documents and Settings\Default User\Local Settings"
"Local AppData"="C:\Documents and Settings\Default User\Local Settings\Data aplikac\xed"
"Cache"="C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files"
"History"="C:\Documents and Settings\Default User\Local Settings\History"
"My Pictures"=""
"My Music"=""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SmallIcons]
"SmallIcons"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Personal"=str(2):"USERPROFILE\Dokumenty"
"My Pictures"=str(2):"USERPROFILE\Dokumenty\Obr\xe1zky"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"1004"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"CurrentLevel"=dword:00010500
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
"CurrentLevel"=dword:00010000
"1004"=dword:00000001
"1201"=dword:00000001
"1605"=dword:00000000
"1A02"=dword:00000000
"1A03"=dword:00000000
"1A06"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"CurrentLevel"=dword:00011000
"1601"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
"CurrentLevel"=dword:00012000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager]
"LoadedBefore"="0"
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"load"=""
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AntiVirScheduler]
"ImagePath"="C:\Program Files\AntiVir PersonalEdition Classic\sched.exe"
Completion time: 2008-10-20 16:55:58
C:\ComboFix-quarantined-files.txt ... 2008-10-20 16:53
C:\ComboFix2.txt ... 2008-01-18 19:50
C:\ComboFix3.txt ... 2007-10-13 19:07
--- E O F ---
děkuju
