.ComboFix 10-03-08.01 - Jirka 08.03.2010 19:58:03.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2561 [GMT 1:00]
Spuštěný z: c:\downloads\combaT.exe
AV: avast! antivirus 4.8.1368 [VPS 100308-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\setup.exe
E:\Thumbs.db
e:\windows\system32\Cache
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SKYNET
-------\Service_SKYNET
-------\Service_SkyNetBDA
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-08 do 2010-03-08 )))))))))))))))))))))))))))))))
.
2010-03-08 18:32 . 2010-03-08 18:32 2560 ----a-w- e:\windows\system32\bitcometres.dll
2010-03-08 10:55 . 2010-03-08 11:40 -------- d-----w- E:\Nikdy to nevzdávej
2010-03-03 14:34 . 2010-03-03 15:27 -------- d-----w- E:\The Men Who Stare at Goats (2009)
2010-02-28 20:07 . 2010-02-28 20:07 -------- d-----w- e:\windows\Sun
2010-02-28 14:17 . 2010-02-28 14:18 -------- d-----w- E:\W cz
2010-02-28 13:45 . 2008-12-18 11:44 97792 ----a-w- e:\windows\system32\drivers\NSHE.SYS
2010-02-28 13:44 . 2005-07-28 07:18 685056 ----a-w- e:\windows\system32\drivers\hardlock.sys
2010-02-28 13:44 . 2010-02-28 13:44 191488 ----a-w- e:\windows\system32\hlvdd.dll
2010-02-28 13:44 . 2005-09-06 17:06 28672 ----a-w- e:\windows\system32\hlduinst.exe
2010-02-28 13:44 . 2005-10-12 18:49 3063808 ----a-w- e:\windows\system32\hinstd.dll
2010-02-28 13:44 . 2005-09-28 13:24 2164411 ----a-w- e:\windows\system32\haspds_windows.dll
2010-02-28 13:44 . 2001-09-28 18:00 164864 ----a-w- e:\windows\system32\UNWISE.EXE
2010-02-28 13:16 . 2009-08-19 23:20 -------- d-----w- E:\Wolfenstein.CloneDVD-AVENGED
2010-02-23 16:32 . 2010-02-28 12:34 -------- d-----w- E:\BDSM
2010-02-21 11:30 . 2010-02-21 14:30 -------- d-----w- E:\MASON MOORE
2010-02-16 11:46 . 2010-02-16 11:46 -------- d-----w- e:\program files\Electronic Arts
2010-02-16 11:45 . 2010-02-16 11:45 -------- d-----w- e:\windows\system32\AGEIA
2010-02-16 11:45 . 2010-02-16 11:45 -------- d-----w- e:\program files\AGEIA Technologies
2010-02-16 11:44 . 2010-02-16 11:44 -------- d-----w- e:\program files\Common Files\Wise Installation Wizard
2010-02-13 13:26 . 2010-02-13 13:26 -------- d-sh--w- e:\windows\ftpcache
2010-02-13 12:25 . 2010-02-13 12:25 107888 ----a-w- e:\windows\system32\CmdLineExt.dll
2010-02-13 12:20 . 2010-02-13 12:20 22328 ----a-w- e:\windows\system32\drivers\PnkBstrK.sys
2010-02-13 12:20 . 2010-02-13 12:20 107832 ----a-w- e:\windows\system32\PnkBstrB.exe
2010-02-13 12:20 . 2010-02-13 12:20 66872 ----a-w- e:\windows\system32\PnkBstrA.exe
2010-02-13 12:20 . 2010-02-13 12:20 2250024 ----a-w- e:\windows\system32\pbsvc.exe
2010-02-13 12:17 . 2010-02-13 12:17 -------- d-----w- e:\program files\Ubisoft
2010-02-06 19:29 . 2008-11-28 15:19 -------- d-----w- E:\Table
2010-02-06 19:29 . 2008-11-28 20:26 -------- d-----w- E:\Rider
2010-02-06 19:29 . 2008-11-28 20:20 -------- d-----w- E:\Chaise
2010-02-06 19:24 . 2008-11-27 11:24 -------- d-----w- E:\DFJaroslava
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-08 18:58 . 2009-12-22 20:47 -------- d-----w- e:\program files\Eset
2010-03-08 18:43 . 2009-12-23 10:35 -------- d-----w- e:\program files\FlashGet
2010-03-08 18:36 . 2009-12-22 20:47 -------- d-----w- e:\program files\BitComet
2010-02-28 14:09 . 2009-12-22 21:22 -------- d--h--w- e:\program files\InstallShield Installation Information
2010-02-28 14:02 . 2009-12-23 10:32 -------- d-----w- e:\program files\Activision
2010-02-13 12:24 . 2001-10-25 11:00 97836 ----a-w- e:\windows\system32\perfc005.dat
2010-02-13 12:24 . 2001-10-25 11:00 479634 ----a-w- e:\windows\system32\perfh005.dat
2010-01-26 13:23 . 2010-01-26 13:23 -------- d-----w- e:\program files\Tunatic
2010-01-20 11:01 . 2010-01-20 11:01 -------- d-----w- e:\program files\DVDFab 6
2010-01-20 10:53 . 2010-01-20 10:53 -------- d-----w- e:\program files\FairUse Wizard 2
2010-01-14 20:40 . 2010-01-14 20:40 -------- d-----w- e:\program files\CyberLink
2010-01-14 20:40 . 2010-01-14 20:40 -------- d-----w- e:\program files\ASUSTek
2010-01-11 16:16 . 2010-01-11 16:16 -------- d-----w- e:\program files\microsoft frontpage
2010-01-11 16:12 . 2009-12-22 20:45 86327 ----a-w- e:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-11 16:12 . 2009-12-22 20:45 2740 ----a-w- e:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-01-11 12:40 . 2010-01-11 12:29 -------- d-----w- e:\program files\Left 4 Dead 2
2010-01-11 11:26 . 2010-01-11 10:49 -------- d-----w- e:\program files\DVBViewerFULL
2010-01-11 10:40 . 2009-12-22 20:47 -------- d-----w- e:\program files\K-Lite Codec Pack
2010-01-11 10:22 . 2010-01-11 10:22 -------- d-----w- e:\program files\DVBViewer
2010-01-11 09:47 . 2010-01-11 09:47 -------- d-----w- e:\program files\DVBViewer TE2
2010-01-11 09:24 . 2010-01-11 09:24 -------- d-----w- e:\program files\MainConcept
2010-01-04 18:00 . 2009-12-22 20:47 85504 ----a-w- e:\windows\system32\ff_vfw.dll
2009-12-26 10:09 . 2009-12-22 20:45 8972 ----a-w- e:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-12-22 21:22 . 2009-12-22 21:22 315392 ----a-w- e:\windows\HideWin.exe
2009-12-22 21:16 . 2009-12-22 21:16 0 ----a-w- e:\windows\nsreg.dat
2009-12-22 21:07 . 2009-12-22 21:06 664 ----a-w- e:\windows\system32\d3d9caps.dat
2009-12-22 21:07 . 2009-12-22 21:07 552 ----a-w- e:\windows\system32\d3d8caps.dat
2009-12-22 20:47 . 2009-12-22 20:47 512096 ----a-w- e:\windows\system32\drivers\amon.sys
2009-12-22 20:47 . 2009-12-22 20:47 298104 ----a-w- e:\windows\system32\imon.dll
2009-12-22 20:47 . 2009-12-22 20:47 15424 ----a-w- e:\windows\system32\drivers\nod32drv.sys
2009-12-22 20:43 . 2009-12-22 20:43 21812 ----a-w- e:\windows\system32\emptyregdb.dat
2009-12-12 14:15 . 2010-01-11 10:41 178176 ----a-w- e:\windows\system32\unrar.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="e:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="e:\program files\Eset\nod32kui.exe" [2009-12-22 949376]
"Windows Defender"="e:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"GrooveMonitor"="e:\program files\Microsoft Office 2007\Office12\GrooveMonitor.exe" [2007-06-30 33648]
"avast!"="e:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]
"NeroFilterCheck"="e:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"DAEMON Tools-1033"="e:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
e:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - e:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - e:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
RocketDock.lnk - e:\program files\RocketDock\RocketDock.exe [2009-12-22 495616]
VisualTaskTips.lnk - e:\program files\VisualTaskTips\VisualTaskTips.exe [2007-9-5 36352]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office 2007\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"=
"e:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\Program Files\\FlashGet\\flashget.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Left 4 Dead 2\\left4dead2.exe"=
"e:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"e:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"e:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"e:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"e:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"=
"e:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
"e:\\Program Files\\BitComet\\BitComet.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26490:TCP"= 26490:TCP:BitComet 26490 TCP
"26490:UDP"= 26490:UDP:BitComet 26490 UDP
R0 d347bus;d347bus;e:\windows\system32\drivers\d347bus.sys [23.12.2009 11:31 155136]
R0 d347prt;d347prt;e:\windows\system32\drivers\d347prt.sys [23.12.2009 11:31 5248]
R1 aswSP;avast! Self Protection;e:\windows\system32\drivers\aswSP.sys [22.12.2009 22:11 114768]
R1 nod32drv;nod32drv;e:\windows\system32\drivers\nod32drv.sys [22.12.2009 21:47 15424]
R2 aswFsBlk;aswFsBlk;e:\windows\system32\drivers\aswFsBlk.sys [22.12.2009 22:11 20560]
R2 ICQ Service;ICQ Service;e:\program files\ICQ6Toolbar\ICQ Service.exe [22.12.2009 23:23 222968]
R2 NSHE;Guardant Emulator Driver;e:\windows\system32\drivers\NSHE.SYS [28.2.2010 14:45 97792]
R2 WinDefend;Windows Defender;e:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
.
Obsah adresáře 'Naplánované úlohy'
2010-03-08 e:\windows\Tasks\MP Scheduled Scan.job
- e:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz
IE: &Stáhnout &vše FlashGetem - e:\program files\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - e:\program files\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - e:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - e:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - e:\program files\BitComet\BitComet.exe/AddAllLink.htm
LSP: e:\windows\system32\imon.dll
FF - ProfilePath - e:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\vcu9nw8k.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - http://www.centrum.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: e:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: e:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: e:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: e:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: e:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: e:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: e:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: e:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: e:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
---- NASTAVENÍ FIREFOXU ----
e:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(728)
e:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(784)
e:\windows\system32\imon.dll
e:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(148)
e:\program files\RocketDock\RocketDock.dll
e:\program files\VisualTaskTips\VttHooks.dll
e:\windows\system32\ieframe.dll
e:\windows\system32\wpdshserviceobj.dll
e:\windows\system32\portabledevicetypes.dll
e:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
e:\windows\system32\Ati2evxx.exe
e:\program files\Alwil Software\Avast4\aswUpdSv.exe
e:\program files\Alwil Software\Avast4\ashServ.exe
e:\windows\system32\Ati2evxx.exe
e:\windows\system32\inetsrv\inetinfo.exe
e:\program files\Eset\nod32krn.exe
e:\program files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
e:\windows\system32\PnkBstrB.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
e:\windows\RTHDCPL.EXE
e:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
e:\windows\system32\wscntfy.exe
e:\program files\Alwil Software\Avast4\setup\setup.ovr
.
**************************************************************************
.
Celkový čas: 2010-03-08 20:06:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-08 19:06
Před spuštěním: Volných bajtů: 55 275 569 152
Po spuštění: Volných bajtů: 56 764 833 792
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - FA6CAADED631A702F0059AEA47F2CD46
Přispějete na provoz fóra?