ComboFix 08-06-20.4 - danny 2008-06-21 21:12:20.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.537 [GMT 2:00]
Running from: C:\Documents and Settings\danny\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\LocalService\Data aplikací\758559962.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\ssprs.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CBEVTSVC
((((((((((((((((((((((((( Files Created from 2008-05-21 to 2008-06-21 )))))))))))))))))))))))))))))))
.
2008-06-21 16:07 . 2008-06-21 16:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-21 15:55 . 2008-06-21 15:55 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-21 15:55 . 2008-06-21 15:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-21 15:07 . 2004-09-13 17:45 <DIR> d--h----- C:\Documents and Settings\Administrator.DILLIT\ćablony
2008-06-21 15:07 . 2008-06-21 21:20 <DIR> d-------- C:\Documents and Settings\Administrator.DILLIT\Plocha
2008-06-21 15:07 . 2004-09-13 17:45 <DIR> d--h----- C:\Documents and Settings\Administrator.DILLIT\Okolnˇ tisk rny
2008-06-21 15:07 . 2004-09-13 17:45 <DIR> d--h----- C:\Documents and Settings\Administrator.DILLIT\Okolnˇ sˇś
2008-06-21 15:07 . 2004-09-13 18:00 <DIR> dr------- C:\Documents and Settings\Administrator.DILLIT\Oblˇben‚ polo§ky
2008-06-21 15:07 . 2004-09-13 17:45 <DIR> dr------- C:\Documents and Settings\Administrator.DILLIT\Nabˇdka Start
2008-06-21 15:07 . 2004-09-13 18:00 <DIR> dr------- C:\Documents and Settings\Administrator.DILLIT\Dokumenty
2008-06-21 15:07 . 2004-09-13 17:45 <DIR> dr-h----- C:\Documents and Settings\Administrator.DILLIT\Data aplikacˇ
2008-06-21 15:07 . 2008-03-12 19:04 <DIR> d-------- C:\Documents and Settings\Administrator.DILLIT\Bluetooth Software
2008-06-21 15:07 . 2008-06-21 15:07 <DIR> d-------- C:\Documents and Settings\Administrator.DILLIT
2008-06-21 14:17 . 2008-06-21 14:17 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-21 14:12 . 2008-06-21 15:30 <DIR> d-------- C:\SDFix
2008-06-21 10:50 . 2008-06-21 10:50 <DIR> dr------- C:\Documents and Settings\LocalService\Oblˇben‚ polo§ky
2008-06-21 10:48 . 2008-06-21 10:48 109,056 --a------ C:\WINDOWS\system32\lphcrc4j0eva3.exe
2008-06-21 10:48 . 2008-06-21 10:48 90,838 --a------ C:\WINDOWS\system32\phcrc4j0eva3.bmp
2008-06-21 10:48 . 2008-06-21 10:48 60,928 --a------ C:\WINDOWS\system32\blphcrc4j0eva3.scr
2008-06-19 18:04 . 2008-06-21 21:21 61,874 --a------ C:\WINDOWS\system32\hxaqsper.sys
2008-06-19 13:37 . 2008-06-19 13:37 691,545 --a------ C:\WINDOWS\unins000.exe
2008-06-19 13:37 . 2008-06-19 13:37 2,544 --a------ C:\WINDOWS\unins000.dat
2008-06-19 13:04 . 2008-06-19 13:04 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-19 12:12 . 2008-06-19 12:12 <DIR> d-------- C:\dvdC
2008-06-19 11:06 . 2008-06-19 12:12 <DIR> d-------- C:\dvd
2008-06-18 20:27 . 2008-06-11 16:48 4,001,179 --a------ C:\2008_RT_riesenia.rar
2008-06-18 18:45 . 2008-06-10 21:37 13,463,532 --a------ C:\skuska RT 23.05.2007.rar
2008-06-15 21:14 . 2004-08-17 15:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-06-15 21:14 . 2004-08-17 15:45 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-06-15 21:13 . 2008-06-15 21:13 <DIR> d-------- C:\Documents and Settings\Owner\Bluetooth Software
2008-06-10 18:22 . 2008-06-10 18:22 <DIR> d-------- C:\Matrix.Revolutions.Revisited.2004.DVDR.PAL.CZSub-DVDrCZ
2008-06-05 01:33 . 2008-06-05 01:53 <DIR> d-------- C:\kebodvd
2008-05-30 23:54 . 2008-05-30 23:54 <DIR> d-------- C:\Program Files\Common Files\Control Panels
2008-05-30 23:33 . 2008-05-30 23:33 <DIR> d-------- C:\Program Files\QuickTime
2008-05-30 23:12 . 2008-05-30 23:12 <DIR> d-------- C:\Program Files\Bonjour
2008-05-30 23:06 . 2008-05-30 23:06 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-23 21:38 . 2008-05-23 21:38 1,025 --a------ C:\WINDOWS\system32\sysprs7.tgz
2008-05-23 21:38 . 2008-05-23 21:38 1,025 --a------ C:\WINDOWS\system32\sysprs7.dll
2008-05-23 21:38 . 2008-05-23 21:38 1,025 --a------ C:\WINDOWS\system32\clauth2.dll
2008-05-23 21:38 . 2008-05-23 21:38 1,025 --a------ C:\WINDOWS\system32\clauth1.dll
2008-05-23 21:38 . 2008-05-31 00:28 219 --a------ C:\WINDOWS\system32\lsprst7.tgz
2008-05-23 21:38 . 2008-05-31 00:28 87 --a------ C:\WINDOWS\system32\ssprs.tgz
2008-05-23 17:21 . 2004-08-03 23:10 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2008-05-23 17:21 . 2004-08-03 23:10 51,328 --a------ C:\WINDOWS\system32\dllcache\msdv.sys
2008-05-23 17:21 . 2004-08-03 23:10 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2008-05-23 17:21 . 2004-08-03 23:10 48,128 --a------ C:\WINDOWS\system32\dllcache\61883.sys
2008-05-23 17:21 . 2004-08-03 23:10 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys
2008-05-23 17:21 . 2004-08-03 23:10 38,912 --a------ C:\WINDOWS\system32\dllcache\avc.sys
2008-05-22 19:35 . 2008-05-22 19:37 <DIR> d-------- C:\daemon
2008-05-21 18:31 . 2008-05-21 18:32 <DIR> d-------- C:\Program Files\ATnotes
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-21 18:35 22,528 ----a-w C:\WINDOWS\system32\drivers\nhcDriver.sys
2008-06-19 12:53 --------- d-----w C:\Program Files\Google
2008-06-19 11:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-16 14:56 --------- d-----w C:\Program Files\Seznam DVD
2008-06-16 11:38 --------- d-----w C:\Program Files\Opera
2008-05-30 21:57 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-23 08:36 --------- d-----w C:\Program Files\Anvil Studio
2008-04-29 12:43 --------- d-----w C:\Program Files\DivX
2008-04-29 12:42 --------- d-----w C:\Program Files\AskTBar
2008-04-23 20:08 --------- d-----w C:\Program Files\uTorrent
2008-04-23 20:00 --------- d-----w C:\Program Files\BitTorrent
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 15:00 15360]
"ATnotes.exe"="C:\Program Files\ATnotes\ATnotes.exe" [2005-01-05 15:45 1015808]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMHandler"="C:\WINDOWS\system32\PMHandler.exe" [2006-05-20 10:28 24576]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2005-10-20 15:18 339968]
"OmniPass"="C:\Program Files\Softex\OmniPass\scureapp.exe" [2006-02-28 01:20 2076672]
"NotebookHardwareControl"="C:\Program Files\Notebook Hardware Control\nhc.exe" [2007-05-04 02:33 2629632]
"TPWAUDAP"="C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe" [2006-09-06 17:38 54824]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 15:51 774233]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 15:50 88204 C:\WINDOWS\AGRSMMSG.exe]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 13:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 13:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 13:17 118784]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 10:34 487424]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 15:00 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2006-02-28 01:21 49152 C:\Program Files\Softex\OmniPass\OPXPGina.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 2007-12-14 17:36 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\c:^documents and settings^danny^nabídka start^programy^po spuštění^powerreg schedulerv2.exe]
path=C:\Documents and Settings\danny\Nabídka Start\Programy\Po spuštění\PowerReg SchedulerV2.exe
backup=C:\WINDOWS\pss\PowerReg SchedulerV2.exeStartup
--a------ 2007-05-10 22:46 624248 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\acrobat assistant 8.0]
--a------ 2007-05-10 22:46 624248 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobe_id0eythm]
--a------ 2007-03-20 16:40 1884160 C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-10-09 11:28 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 12:48 157592 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
--a------ 2005-11-29 11:55 196696 C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 21:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 17:22 21898024 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 07:28 36352 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"=
"C:\\Program Files\\Anvil Studio\\astudio.exe"=
"C:\\Program Files\\miranda\\miranda32.exe"=
"C:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:@xpsp2res.dll,-22002
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 PMHler;PMHler;C:\WINDOWS\system32\drivers\PMHler.sys [2005-12-21 15:09]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 FNF5SVC;Fn+F5 Service;C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [2007-04-09 11:24]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 15:00]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-10-17 17:16]
S3 MMIOPORT;MMIOPORT;C:\WINDOWS\system32\drivers\MMIOPORT.sys [2000-03-03 05:16]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b99f0c36-1123-11dd-b586-000fb0cbdb13}]
\Shell\AutoRun\command - E:\.\run\autorun.exe
\Shell\open\Command - E:\.\run\autorun.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-06-21 21:20:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Softex\OmniPass\opxpgina.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Softex\OmniPass\SCUREDLL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\Program Files\Softex\OmniPass\OmniServ.exe
C:\MATLAB6p5\bin\win32\matlab.exe
C:\WINDOWS\system32\PMSveH.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
.
**************************************************************************
.
Completion time: 2008-06-21 21:30:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-21 19:29:51
Adresářů: 19, Volných bajtů: 25,497,300,992
Adres ý…: 22, Volněch bajt…: 25,402,957,824
231 --- E O F --- 2008-03-31 22:00:56
ok poslal som
