log z combofix
ComboFix 07-11-08.1 - prodigy 2007-11-10 21:57:03.5 - NTFSx86
Running from: D:\Programy\Ochrana\ComboFix.exe
Command switches used :: D:\Programy\Ochrana\CFScript.txt
* Created a new restore point
FILE
C:\gseiejlf.bat
.
((((((((((((((((((((((((( Files Created from 2007-10-10 to 2007-11-10 )))))))))))))))))))))))))))))))
.
2007-11-10 20:26 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-10 18:57 <DIR> d-------- C:\Documents and Settings\Vladimir Malik.MALIK\Data aplikací\Comodo
2007-11-10 15:40 1,056,768 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2007-11-10 15:39 <DIR> d-------- C:\WINDOWS\Noslip
2007-11-10 13:22 <DIR> d-------- C:\Documents and Settings\prodigy\Data aplikací\Comodo
2007-11-10 13:21 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Comodo
2007-11-10 00:21 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-09 23:59 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Prevx
2007-11-09 23:56 <DIR> d-------- C:\Temp
2007-11-09 17:03 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-11-06 16:40 952 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-05 18:15 <DIR> d-------- C:\Documents and Settings\Vladimir Malik.MALIK\Data aplikací\AdobeUM
2007-11-04 13:07 <DIR> d-------- C:\Documents and Settings\prodigy\Data aplikací\InstallShield
2007-11-01 14:21 <DIR> d-------- C:\Program Files\Common Files\ChaosGroup
2007-11-01 13:05 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-11-01 13:01 797,184 --a--c--- C:\WINDOWS\system32\dllcache\d3dim700.dll
2007-11-01 13:01 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll
2007-11-01 13:01 24,064 --a--c--- C:\WINDOWS\system32\dllcache\ddrawex.dll
2007-11-01 13:01 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll
2007-10-30 09:51 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-10-30 09:51 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Adobe Systems
2007-10-28 21:41 <DIR> d-------- C:\www
2007-10-27 15:42 <DIR> d-------- C:\Program Files\DCPFLICS
2007-10-27 14:45 <DIR> d-------- C:\Program Files\Autodesk
2007-10-26 19:41 36,224 --a------ C:\WINDOWS\system32\drivers\an983.sys
2007-10-26 19:41 36,224 --a--c--- C:\WINDOWS\system32\dllcache\an983.sys
2007-10-20 16:10 <DIR> d-------- C:\Documents and Settings\Luk1\Data aplikací\MEGAUPLOADTOOLBAR
2007-10-20 16:10 <DIR> d-------- C:\Documents and Settings\Luk1\Data aplikací\ICQ
2007-10-20 16:09 <DIR> d-------- C:\Documents and Settings\Luk1\Data aplikací\AVG7
2007-10-20 14:04 <DIR> d-------- C:\Documents and Settings\Vladimir Malik.MALIK\Data aplikací\ICQ
2007-10-20 10:52 <DIR> d-------- C:\Documents and Settings\Vladimir Malik.MALIK\Data aplikací\MEGAUPLOADTOOLBAR
2007-10-20 10:50 <DIR> d-------- C:\Documents and Settings\Vladimir Malik.MALIK\Data aplikací\Share-to-Web Upload Folder
2007-10-20 10:50 <DIR> d-------- C:\Documents and Settings\Vladimir Malik.MALIK\Data aplikací\AVG7
2007-10-20 10:49 <DIR> d-------- C:\Documents and Settings\Vladimir Malik.MALIK\Plocha
2007-10-20 10:49 <DIR> d--h----- C:\Documents and Settings\Vladimir Malik.MALIK\Okolní tiskárny
2007-10-20 10:49 <DIR> d--h----- C:\Documents and Settings\Vladimir Malik.MALIK\Okolní síť
2007-10-20 10:49 <DIR> dr------- C:\Documents and Settings\Vladimir Malik.MALIK\Oblíbené položky
2007-10-20 10:49 <DIR> d--h----- C:\Documents and Settings\Vladimir Malik.MALIK\Šablony
2007-10-20 10:49 <DIR> dr------- C:\Documents and Settings\Vladimir Malik.MALIK\Nabídka Start
2007-10-20 10:49 <DIR> dr------- C:\Documents and Settings\Vladimir Malik.MALIK\Dokumenty
2007-10-20 10:49 <DIR> dr-h----- C:\Documents and Settings\Vladimir Malik.MALIK\Data aplikací
2007-10-18 15:08 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-10-18 15:08 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2007-10-18 15:08 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2007-10-18 15:08 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2007-10-18 15:08 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2007-10-18 15:08 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2007-10-18 15:08 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2007-10-18 15:08 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2007-10-18 15:04 <DIR> d-------- C:\Program Files\Video Add-on
2007-10-17 19:51 <DIR> d-------- C:\Documents and Settings\prodigy\Data aplikací\RapidGet
2007-10-17 19:47 50,048 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2007-10-17 19:46 <DIR> d-------- C:\Documents and Settings\prodigy\Data aplikací\PC Tools
2007-10-17 14:21 <DIR> d-------- C:\Documents and Settings\prodigy\Data aplikací\AVG7
2007-10-17 14:19 <DIR> d-------- C:\Documents and Settings\LocalService\Data aplikací\AVG7
2007-10-17 13:32 9,488 --a------ C:\WINDOWS\system32\sporder.dll
2007-10-17 13:25 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Avg7
2007-10-17 13:22 <DIR> d-------- C:\Program Files\Common Files\Panda Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2020-10-21 10:14 223,128 ----a-w C:\WINDOWS\system32\drivers\vaxscsi.sys
2020-10-21 10:09 611,064 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-10 14:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-09 16:25 --------- d-----w C:\Program Files\ICQToolbar
2007-11-09 16:25 --------- d-----w C:\Program Files\HP Travel Idea CD
2007-11-09 10:14 12,800 ----a-w C:\WINDOWS\system32\svchost.exe
2007-11-06 17:29 --------- d-----w C:\Program Files\ReadIris
2007-11-01 13:22 --------- d-----w C:\Program Files\Common Files\ChaosGroup
2007-11-01 13:03 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-10-30 08:52 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-18 14:05 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2007-10-17 13:19 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Grisoft
2007-10-15 12:44 --------- d-----w C:\Program Files\Common Files\Macromedia
2007-10-12 17:18 --------- d-----w C:\Documents and Settings\prodigy\Data aplikací\ICQ
2007-10-11 20:17 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2007-10-10 15:12 --------- d-----w C:\Program Files\MegauploadToolbar
2007-10-09 08:58 --------- d-----w C:\Program Files\Google
2007-10-07 11:27 --------- d-----w C:\Documents and Settings\prodigy\Data aplikací\MegauploadToolbar
2007-10-06 16:05 --------- d-----w C:\Program Files\TV JOJ Media Player
2007-10-03 16:51 --------- d-----w C:\Documents and Settings\prodigy\Data aplikací\vlc
2007-10-01 17:19 --------- d-----w C:\Program Files\Best of My WaterWorks
2007-10-01 17:10 --------- d-----w C:\Documents and Settings\prodigy\Data aplikací\SUPERAntiSpyware.com
2007-10-01 17:10 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2007-10-01 17:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-09-30 11:38 --------- d-----w C:\Documents and Settings\prodigy\Data aplikací\Sony
2007-09-28 15:57 --------- d-----w C:\Documents and Settings\prodigy\Data aplikací\FlashFXP
2007-09-28 15:54 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Macrovision
2007-09-23 16:19 --------- d-----w C:\Documents and Settings\prodigy\Data aplikací\MSN6
2007-09-20 12:35 3,426,072 ----a-w C:\WINDOWS\system32\d3dx9_32.dll
2007-09-18 13:28 --------- d-----w C:\Documents and Settings\prodigy\Data aplikací\CyberLink
2007-09-15 15:07 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-09-14 17:26 --------- d-----w C:\Program Files\ROUTE66
.
((((((((((((((((((((((((((((( snapshot@2007-11-10_ 1.16.36.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-03-13 17:58:20 7,272 ------w C:\WINDOWS\Noslip\Nbupinfo.dat
- 2007-11-09 23:33:12 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-11-10 19:15:11 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-11-09 23:33:12 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-11-10 19:15:11 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-11-09 23:35:00 81,920 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-10 19:15:11 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-10 12:18:04 75,520 ----a-w C:\WINDOWS\system32\drivers\cmdmon.sys
+ 2007-11-10 12:18:04 51,328 ----a-w C:\WINDOWS\system32\drivers\inspect.sys
- 2007-11-04 18:02:45 696,048 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-11-10 15:22:48 696,848 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 1997-07-24 16:41:52 48,640 ------w C:\WINDOWS\system32\INETWH32.DLL
+ 1999-01-28 14:44:20 49,152 ----a-w C:\WINDOWS\system32\INETWH32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="atiptaxx.exe" []
"AVG7_CC"="D:\Programy\AVGANT~1\avgcc.exe" [2007-10-27 16:07]
"COMODO Firewall Pro"="D:\Programy\Ochrana\Comodo\Firewall\CPF.exe" [2007-11-10 13:18]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 19:05]
"ICQ"="D:\Programy\ICQ\ICQ6\ICQ.exe" [2007-08-08 16:03]
"Spyware Doctor"="D:\Programy\Ochrana\Spyware Doctor\swdoctor.exe" [2006-01-10 18:31]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"=D:\Programy\AVGANT~1\avgw.exe /RUNONCE
"Spyware Doctor"="D:\Programy\Ochrana\Spyware Doctor\swdoctor.exe" /Q
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hp instant support.lnk - C:\Program Files\Hewlett-Packard\HP Instant Support DI\bin\matcli.exe [2007-08-09 09:18:53]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-05-29 13:57:06]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-05-29 13:57:28]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoStartMenuMyMusic"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"NoRecentDocsNetHood"=0 (0x0)
"NoInstrumentation"=0 (0x0)
"NoSimpleStartMenu"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoStartMenuMyMusic"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"NoRecentDocsNetHood"=0 (0x0)
"NoUserNameInStartMenu"=0 (0x0)
"NoInstrumentation"=0 (0x0)
"NoStartMenuPinnedList"=0 (0x0)
"ForceStartMenuLogoff"=0 (0x0)
"NoSharedDocuments"=01000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Programy\Ochrana\AntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Programy\Ochrana\AntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 D:\Programy\Ochrana\AntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^prodigy^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
path=C:\Documents and Settings\prodigy\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
"C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
mHotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"D:\Programy\Deamon Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
D:\Programy\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Antispyware]
C:\DOCUME~1\prodigy\LOCALS~1\Temp\3.tmp
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
D:\Programy\Power DVD 5\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"D:\Programy\SE PC Suite\Application Launcher\Application Launcher.exe" /startoptions
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
D:\Programy\Ochrana\AntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LightScribeService"=2 (0x2)
"InCDsrv"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"DCPFLICS"=2 (0x2)
R2 Dnscache;Klient DNS;C:\WINDOWS\System32\svchost.exe -k NetworkService
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\System32\DRIVERS\AN983.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\WINDOWS\System32\DRIVERS\zebrceb.sys
S0 blwgvjgf;blwgvjgf;C:\WINDOWS\System32\drivers\hltfjvhg.sys
S3 ATICDSDr;ATICDSDr;\??\C:\DOCUME~1\prodigy\LOCALS~1\Temp\ATICDSDr.sys
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\System32\DRIVERS\k510bus.sys
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\k510mdfl.sys
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\System32\DRIVERS\k510mdm.sys
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\System32\DRIVERS\k510mgmt.sys
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\System32\DRIVERS\k510obex.sys
S3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\System32\PavSRK.sys
S3 PavTPK.sys;PavTPK.sys;\??\C:\WINDOWS\System32\PavTPK.sys
S3 wampapache;wampapache;"D:\Programy\wamp\apache2\bin\httpd.exe" -k runservice
S3 wampmysqld;wampmysqld;D:\Programy\wamp\mysql\bin\mysqld-nt.exe --defaults-file=D:\Programy\wamp\mysql\my.ini wampmysqld
.
Contents of the 'Scheduled Tasks' folder
"2007-10-31 09:21:15 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1186647607.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-11-10 22:01:28
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-10 22:03:17
.
--- E O F ---
