ComboFix 08-04-20.5 - Ferko 2008-04-22 9:50:35.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.81 [GMT 2:00]
Running from: I:\Documents and Settings\Ferko\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
I:\Documents and Settings\Ferko\Favorites\Online Security Test.url
I:\Program Files\Helper
I:\Program Files\Helper\1204564812.dll
I:\WINDOWS\system32\e1.dll
.
((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))
.
2008-04-21 14:14 . 2008-04-21 14:14 4 --a------ I:\WINDOWS\system32\vp7vmcia.dat
2008-03-26 17:12 . 2008-03-26 17:20 <DIR> d-------- I:\Documents and Settings\All Users\Application Data\WinZip
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 12:45 7,483 ----a-w I:\WINDOWS\E220AutoRunLog.tmp
2008-04-19 17:09 --------- d-----w I:\Program Files\World of Warcraft
2008-04-15 21:05 --------- d-----w I:\Documents and Settings\Ferko\Application Data\Skype
2008-03-24 16:51 --------- d-----w I:\Documents and Settings\Ferko\Application Data\Canon
2008-03-19 12:04 93,696 ----a-w I:\WINDOWS\system32\wmml1.113.exe
2008-03-18 06:25 619,350 ----a-w I:\WINDOWS\system32\bind.exe
2008-03-18 06:25 298,142 ----a-w I:\WINDOWS\system32\msvc.exe
2008-03-17 20:00 --------- d-----w I:\Program Files\ICQLite
2008-03-16 11:13 402,212 ----a-w I:\WINDOWS\rolfz.exe
2008-03-15 14:41 249,856 ----a-w I:\WINDOWS\system32\named.exe
2008-03-14 15:19 33,792 ----a-w I:\WINDOWS\system32\bindevt.dll
2008-03-14 15:18 925,696 ----a-w I:\WINDOWS\system32\libdns.dll
2008-03-14 15:18 57,344 ----a-w I:\WINDOWS\system32\libisccfg.dll
2008-03-14 15:18 31,232 ----a-w I:\WINDOWS\system32\liblwres.dll
2008-03-14 15:18 26,624 ----a-w I:\WINDOWS\system32\libbind9.dll
2008-03-14 15:11 20,480 ----a-w I:\WINDOWS\system32\libisccc.dll
2008-03-14 15:08 204,800 ----a-w I:\WINDOWS\system32\libisc.dll
2008-03-13 07:57 55,328 ----a-w I:\WINDOWS\system32\sclgdcim.exe
2008-03-13 07:57 32,768 ----a-w I:\WINDOWS\system32\skdlnetm.dll
2008-03-13 07:57 28,672 ----a-w I:\WINDOWS\system32\clicvpcn.dll
2008-03-13 07:57 20,480 ----a-w I:\WINDOWS\system32\slbrdpne.exe
2008-03-13 07:57 118,784 ----a-w I:\WINDOWS\system32\inkenwev.dll
2008-03-05 15:35 20,888 ----a-w I:\Documents and Settings\Ferko\Application Data\GDIPFONTCACHEV1.DAT
2008-03-01 15:41 --------- d--h--w I:\Program Files\InstallShield Installation Information
2008-02-29 10:37 --------- d-----w I:\Program Files\Webroot
2008-02-29 10:37 --------- d-----w I:\Documents and Settings\Ferko\Application Data\Webroot
2008-02-28 20:27 402,325 ----a-w I:\WINDOWS\gonz.exe
2008-02-28 10:46 118,784 ----a-w I:\WINDOWS\system32\execvsut.dll
2008-02-28 10:45 55,413 ----a-w I:\WINDOWS\system32\mcismssi.exe
2008-02-28 10:45 32,768 ----a-w I:\WINDOWS\system32\samlkbdn.dll
2008-02-28 10:45 28,672 ----a-w I:\WINDOWS\system32\expsdsqu.dll
2008-02-28 10:45 24,576 ----a-w I:\WINDOWS\system32\vct3ntsh.exe
2008-02-20 13:23 112,640 ----a-w I:\WINDOWS\system32\wha1.116.exe
2008-02-17 13:48 112,640 ----a-w I:\WINDOWS\system32\wha1.115.exe
2008-02-15 11:16 93,696 ----a-w I:\WINDOWS\wmml1.113.exe
2008-02-12 12:07 112,128 ----a-w I:\WINDOWS\wha1.113.exe
2008-02-08 19:42 155,648 ----a-w I:\WINDOWS\system32\ssleay32.dll
2008-02-08 19:42 155,136 ----a-w I:\WINDOWS\system32\read32.exe
2008-02-08 19:41 741,376 ----a-w I:\WINDOWS\system32\libeay32.dll
2008-02-08 17:03 402,549 ----a-w I:\WINDOWS\elsdw.exe
2008-02-08 15:02 171,008 ----a-w I:\WINDOWS\wmrg110.exe
2008-02-07 13:59 32,768 ----a-w I:\WINDOWS\system32\jitmtxo.dll
2008-02-07 13:59 28,672 ----a-w I:\WINDOWS\system32\msrdmsdi.dll
2008-02-07 13:59 24,576 ----a-w I:\WINDOWS\system32\ncxpgwfs.exe
2008-02-07 13:59 171,008 ----a-w I:\WINDOWS\wmrg109.exe
2008-02-07 13:59 122,880 ----a-w I:\WINDOWS\system32\icm3wmps.dll
2008-02-07 13:58 57,235 ----a-w I:\WINDOWS\system32\wpcadevm.exe
2008-02-01 17:12 92,160 ----a-w I:\WINDOWS\system32\svcmsn.exe
2008-01-29 18:39 93,184 ----a-w I:\WINDOWS\wmml1.108.exe
2008-01-25 13:22 400,337 ----a-w I:\WINDOWS\wensdw.exe
2008-01-24 16:21 32,768 ----a-w I:\WINDOWS\system32\dtctwmpd.dll
2008-01-24 16:21 28,672 ----a-w I:\WINDOWS\system32\msvfgpkc.dll
2008-01-24 16:21 20,480 ----a-w I:\WINDOWS\system32\iashwmne.exe
2008-01-24 16:21 118,784 ----a-w I:\WINDOWS\system32\mtxosmlo.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="I:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="I:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SoundMan"="SOUNDMAN.EXE" [2002-06-18 12:44 46592 I:\WINDOWS\SOUNDMAN.EXE]
"OpwareSE2"="I:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
"SunJavaUpdateSched"="I:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 I:\WINDOWS\system32\bthprops.cpl]
"WinampAgent"="I:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22 35328]
"Adobe Reader Speed Launcher"="I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SpySweeper"="I:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [2006-01-25 12:21 3405312]
"SoundMnEx32"="I:\WINDOWS\System32\ssid.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="I:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]
I:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - I:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\execvsut]
I:\WINDOWS\system32\execvsut.dll 2008-02-28 12:46 118784 I:\WINDOWS\system32\execvsut.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\icm3wmps]
I:\WINDOWS\system32\icm3wmps.dll 2008-02-07 15:59 122880 I:\WINDOWS\system32\icm3wmps.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\inkenwev]
I:\WINDOWS\system32\inkenwev.dll 2008-03-13 09:57 118784 I:\WINDOWS\system32\inkenwev.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msssmsda]
I:\WINDOWS\system32\msssmsda.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mtxosmlo]
I:\WINDOWS\system32\mtxosmlo.dll 2008-01-24 18:21 118784 I:\WINDOWS\system32\mtxosmlo.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\slbipsch]
I:\WINDOWS\system32\slbipsch.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vp7vmcia]
I:\WINDOWS\system32\vp7vmcia.dll 2007-12-15 01:37 118784 I:\WINDOWS\system32\vp7vmcia.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wmvmgr]
wmvmgr32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xpspqdvd]
I:\WINDOWS\system32\xpspqdvd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"I:\\Documents and Settings\\kamilko\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"=
"I:\\WINDOWS\\system32\\jview.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"I:\\Program Files\\ICQLite\\ICQLite.exe"=
"I:\\Program Files\\World of Warcraft\\WoW-2.1.0-enGB-downloader.exe"=
"I:\\WINDOWS\\system32\\gpthread32.exe"=
"I:\\Program Files\\Messenger\\msmsgs.exe"=
"I:\\WINDOWS\\wmrg109.exe"=
"I:\\WINDOWS\\wmrg110.exe"=
"I:\\WINDOWS\\system32\\read32.exe"=
"I:\\WINDOWS\\system32\\named.exe"=
"I:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:blizzard downloader
"6112:TCP"= 6112:TCP:blizzard downloader
R0 SSI;SSI;I:\WINDOWS\system32\Drivers\SSI.SYS [2006-01-25 11:54]
R3 PSched;QoS Packet Scheduler;I:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 cusbohcn;cusbohcn;I:\DOCUME~1\Ferko\LOCALS~1\Temp\cusbohcn.sys []
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;I:\Program Files\Ufasoft\IcqSnif\usft_sn4.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{252dd84d-fcd1-11db-9e38-ede4012506d1}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5142c376-3ab5-11dc-9f11-c165c0c130de}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e59c064-fccb-11db-9e37-dd1864040bd1}]
\Shell\AutoRun\command - F:\AutoRun.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-04-22 09:52:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: I:\WINDOWS\system32\winlogon.exe
-> I:\WINDOWS\system32\execvsut.dll
-> I:\WINDOWS\system32\icm3wmps.dll
-> I:\WINDOWS\system32\inkenwev.dll
-> I:\WINDOWS\system32\mtxosmlo.dll
-> I:\WINDOWS\system32\vp7vmcia.dll
.
Completion time: 2008-04-22 9:55:35
ComboFix-quarantined-files.txt 2008-04-22 07:55:09
Pre-Run: 5,233,164,288 bytes free
Post-Run: 5,220,405,248 bytes free
169 --- E O F --- 2007-12-14 17:59:
ziadam navrhnut riesenie ak ma niekto cas.....
podla inych prispevkov som to vycistit nevedel......
