ComboFix 13-02-22.01 - Administrator 22.02.2013 22:49:06.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.689 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: AVG Internet Security 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2013 *Disabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_21631865
-------\Legacy_EAGLEXNT
-------\Legacy_SKYPEUPDATE
-------\Service_21631865
-------\Service_EagleXNt
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-22 do 2013-02-22 )))))))))))))))))))))))))))))))
.
.
2013-02-22 17:34 . 2013-02-22 17:34 -------- d-----w- c:\windows\nview
2013-02-22 17:13 . 2013-02-22 17:13 -------- d-----w- C:\NVIDIA
2013-02-20 18:36 . 2013-02-20 18:36 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2013-02-20 18:35 . 2013-02-20 18:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-02-20 18:35 . 2013-02-20 18:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-20 18:35 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-20 17:19 . 2013-02-20 17:19 1075464 ----a-w- c:\windows\system32\nvdrsdb0.bin
2013-02-20 17:19 . 2013-02-20 17:19 1 ----a-w- c:\windows\system32\nvdrssel.bin
2013-02-20 17:19 . 2013-02-20 17:19 1075464 ----a-w- c:\windows\system32\nvdrsdb1.bin
2013-02-20 17:16 . 2013-02-20 17:17 -------- d-----w- c:\program files\NVIDIA Corporation
2013-02-20 16:28 . 2013-02-20 16:33 -------- d-----w- C:\Fraps
2013-02-20 16:02 . 2013-02-20 16:02 -------- d-----w- c:\program files\CPUID
2013-02-17 21:19 . 2013-02-17 21:19 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\VOS
2013-02-14 19:16 . 2013-02-14 19:17 -------- d-----w- c:\program files\SpeedItUpFree
2013-02-14 14:03 . 2013-02-14 14:03 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\driveridentifier
2013-02-13 19:20 . 2013-02-13 22:37 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\AVG
2013-02-13 19:18 . 2013-02-21 19:47 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2013-02-13 18:46 . 2013-02-13 18:46 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\AVG2013
2013-02-13 18:45 . 2013-02-13 18:45 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\TuneUp Software
2013-02-13 18:44 . 2013-02-13 18:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG2013
2013-02-13 18:44 . 2013-02-13 18:44 -------- d-----w- C:\$AVG
2013-02-13 18:41 . 2013-02-13 19:05 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Avg2013
2013-02-13 18:41 . 2013-02-13 19:17 -------- d-----w- c:\program files\AVG
2013-02-13 18:31 . 2013-02-13 18:31 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2013-02-13 18:31 . 2013-02-22 18:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2013-02-13 18:31 . 2013-02-13 20:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Avg2013
2013-02-13 18:31 . 2013-02-13 18:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\MFAData
2013-02-12 22:02 . 2013-02-12 22:02 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\YoudaGames
2013-02-02 01:22 . 2013-02-02 01:22 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll
2013-02-02 01:22 . 2013-02-02 01:22 1017120 ----a-w- c:\windows\system32\nvdispco32.dll
2013-02-02 01:22 . 2013-02-02 01:22 6066176 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-02 01:22 . 2013-02-02 01:22 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2013-01-30 17:26 . 2013-01-30 17:26 -------- d-----w- c:\program files\LucasArts
2013-01-27 15:22 . 2013-01-27 15:22 -------- d-----w- c:\program files\Firefly Studios
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-02 01:22 . 2009-07-03 03:11 2725152 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-02 01:22 . 2009-07-03 03:11 1985824 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-01-26 03:55 . 2004-08-17 13:49 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-17 14:04 . 2012-05-11 15:13 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-17 14:04 . 2012-05-11 15:13 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-07 07:26 . 2004-08-17 15:45 2071936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-07 07:26 . 2004-08-17 13:45 2195200 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 10:10 . 2004-08-17 13:44 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-08-17 13:49 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2004-08-17 13:49 1294848 ----a-w- c:\windows\system32\quartz.dll
2012-12-27 10:31 . 2004-08-17 13:49 668160 ----a-w- c:\windows\system32\wininet.dll
2012-12-27 10:31 . 2004-08-03 20:59 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-12-27 10:31 . 2012-03-28 19:52 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-12-27 10:26 . 2004-08-17 13:44 370176 ----a-w- c:\windows\system32\html.iec
2012-12-16 12:23 . 2004-08-17 13:48 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-06 15:16 . 2012-06-10 13:34 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-05-07 879984]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"nwiz"="nwiz.exe" [2008-05-02 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-02 16:00 69632 ----a-r- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 03:22 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-02-13 08:06 3481408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GAINWARD]
2009-05-12 14:43 2181672 ----a-w- c:\program files\EXPERTool\TBPANEL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-02 21:46 13529088 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-02 21:46 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-02 21:46 1630208 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-10-11 11:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-09-11 17:58 16264192 ----a-r- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-15 11:35 17146504 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-15 19:04 2879488 ----a-r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 12:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-05-07 08:27 879984 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.524\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Battle.net\\Agent\\Agent.976\\Agent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Valve\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\\Program Files\\LucasArts\\Star Wars JK II Jedi Outcast\\GameData\\jk2mp.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [15.10.2012 3:48 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21.9.2012 3:46 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [14.9.2012 3:05 35552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [22.10.2012 13:02 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21.9.2012 3:45 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2.10.2012 3:30 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21.9.2012 3:46 164832]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [29.3.2012 19:43 242240]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [22.10.2012 13:05 196664]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12.1.2012 19:52 30944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20.2.2013 19:35 21104]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2013\avgfws.exe [10.12.2012 11:11 1342024]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [15.11.2012 23:34 5814904]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [20.2.2013 19:35 682344]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12.1.2012 19:52 30944]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-01-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-11 14:04]
.
.
------- Doplňkový sken -------
.
uStart Page =
hxxp://www.seznam.cz/IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 176.102.128.2 176.102.128.3
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2013-02-22 23:05
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-220523388-764733703-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7d,ba,d7,ca,e6,1e,fe,4b,8d,27,1b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7d,ba,d7,ca,e6,1e,fe,4b,8d,27,1b,\
.
[HKEY_USERS\S-1-5-21-220523388-764733703-725345543-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3444)
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\10\1029\OWCI10.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\11\1029\OWCI11.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2013-02-22 23:09:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-02-22 22:08
ComboFix2.txt 2013-02-22 12:11
.
Před spuštěním: Volných bajtů: 127 314 137 088
Po spuštění: Volných bajtů: 127 217 713 152
.
- - End Of File - - FA93BE874B746B541A945DF9BE9D7303