ComboFix 08-08-08.02 - alisek 2008-08-09 12:37:05.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.548 [GMT 2:00]
Running from: C:\Documents and Settings\alisek\Plocha\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\BMc3b820b1.txt
C:\WINDOWS\BMc3b820b1.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\arbumcmj.ini
C:\WINDOWS\system32\ddkfitmh.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\MTuuDJlm.ini
C:\WINDOWS\system32\MTuuDJlm.ini2
C:\WINDOWS\system32\oerqrpnl.dll
C:\WINDOWS\system32\rjacdcoo.dll
C:\WINDOWS\system32\shdhnfrc.ini
C:\WINDOWS\system32\ucufrupx.dll
C:\WINDOWS\system32\ysgppvim.ini
.
((((((((((((((((((((((((( Files Created from 2008-07-09 to 2008-08-09 )))))))))))))))))))))))))))))))
.
2008-08-06 00:03 . 2008-08-06 00:29 <DIR> d-------- C:\Program Files\3ivx
2008-08-05 19:35 . 2008-08-05 20:11 <DIR> d-------- C:\Documents and Settings\alisek\Data aplikací\gtk-2.0
2008-08-05 19:35 . 2008-08-05 19:38 <DIR> d-------- C:\Documents and Settings\alisek\Data aplikací\avidemux
2008-08-05 17:55 . 2008-08-06 00:23 <DIR> d-------- C:\Program Files\Movie Joiner
2008-08-05 17:48 . 2008-08-05 17:53 <DIR> d-------- C:\Program Files\Fx Joiner
2008-08-05 17:48 . 2004-03-08 23:00 662,288 --a------ C:\WINDOWS\system32\MSComCt2.ocx
2008-08-05 17:48 . 2006-01-29 22:05 86,016 --a------ C:\WINDOWS\system32\FxB11Ax1.ocx
2008-08-03 19:14 . 2008-08-03 19:14 141 --a------ C:\WINDOWS\wininit.ini
2008-08-03 16:27 . 2008-08-03 16:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-03 16:24 . 2008-08-03 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-08-02 20:18 . 2008-08-03 16:20 1,487,872 --a------ C:\WINDOWS\system32\rmdjpntr.ini.ren
2008-08-02 20:10 . 2008-08-02 20:12 <DIR> d-------- C:\Program Files\Nová složka
2008-08-01 14:48 . 2008-08-05 12:41 <DIR> dr-h----- C:\$VAULT$.AVG
2008-08-01 14:14 . 2008-08-03 16:56 34,056 --ahs---- C:\WINDOWS\system32\TtDffMoq.ini2.ren
2008-08-01 14:14 . 2008-08-03 16:58 34,056 --ahs---- C:\WINDOWS\system32\TtDffMoq.ini.ren
2008-07-29 10:52 . 2008-08-09 12:31 <DIR> d-------- C:\Program Files\Steam
2008-07-24 14:23 . 2008-07-24 14:23 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\nView_Profiles
2008-07-18 00:18 . 2008-03-28 19:03 120,568 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2008-07-18 00:18 . 2008-03-28 19:03 118,256 --a------ C:\WINDOWS\system32\pxinsi64.exe
2008-07-15 08:30 . 2008-07-16 23:30 <DIR> d-------- C:\Documents and Settings\alisek\Data aplikací\Hamachi
2008-07-15 08:28 . 2008-07-15 08:30 <DIR> d-------- C:\Program Files\Hamachi
2008-07-15 08:28 . 2008-07-15 08:28 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-07-14 23:01 . 2008-07-16 21:40 <DIR> d-------- C:\Documents and Settings\alisek\Data aplikací\My Battle for Middle-earth Files
2008-07-14 19:47 . 2008-07-14 20:05 <DIR> d-------- C:\Program Files\Common Files\EasyInfo
2008-07-13 19:49 . 2008-07-13 19:52 <DIR> d-------- C:\Documents and Settings\alisek\Data aplikací\ICQ
2008-07-12 17:49 . 2008-07-12 17:56 <DIR> d-------- C:\Program Files\Winamp
2008-07-12 17:49 . 2008-07-12 17:53 <DIR> d-------- C:\Documents and Settings\alisek\Data aplikací\Winamp
2008-07-12 17:45 . 2008-07-12 17:45 <DIR> d-------- C:\Documents and Settings\alisek\Data aplikací\Apple Computer
2008-07-12 17:41 . 2008-07-12 17:41 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Apple
2008-07-12 00:58 . 2008-07-22 19:50 <DIR> d-------- C:\Program Files\MediaMonkey
2008-07-10 11:37 . 2008-07-10 11:37 <DIR> d-------- C:\Documents and Settings\alisek\Data aplikací\ICQ Toolbar
2008-07-09 23:56 . 2008-07-09 23:56 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ICQ
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-08 16:30 --------- d-----w C:\Documents and Settings\alisek\Data aplikací\AVG7
2008-08-06 21:15 --------- d-----w C:\Documents and Settings\alisek\Data aplikací\Skype
2008-08-03 15:02 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-08-02 16:56 --------- d-----w C:\Program Files\QIP
2008-08-01 14:36 --------- d-----w C:\Program Files\BitComet
2008-07-09 21:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-08 12:35 --------- d-----w C:\Program Files\Mv2Player
2008-07-05 15:18 --------- d-----w C:\Program Files\Bitcomet Ultra Accelerator
2008-07-05 14:13 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll
2008-06-30 21:59 --------- d-----w C:\Documents and Settings\alisek\Data aplikací\PC Suite
2008-06-30 21:34 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-28 12:55 --------- d-----w C:\Documents and Settings\alisek\Data aplikací\Zoner
2008-06-28 12:35 --------- d-----w C:\Documents and Settings\alisek\Data aplikací\DonationCoder
2008-06-21 19:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-21 17:59 --------- d-----w C:\Program Files\Common Files\Vbox
2008-06-19 14:24 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-06-19 14:24 --------- d-----w C:\Documents and Settings\alisek\Data aplikací\teamspeak2
2008-06-15 14:11 --------- d-----w C:\Program Files\ACE Mega CoDecS Pack
2008-05-31 17:31 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-26 12:49 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-26 12:49 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-26 11:50 472,576 ----a-w C:\WINDOWS\Nvidia Omega Drivers v2.169.21 Uninstall.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-08-01 14:06 1271032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-28 09:19 580096]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-07-09 16:16 36352]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-05-26 14:48 219136]
C:\Documents and Settings\alisek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bitcomet Ultra Accelerator.lnk - C:\Program Files\Bitcomet Ultra Accelerator\BitComet Ultra Accelerator.exe [2006-09-09 18:52:16 425984]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\Steam\\steamapps\\skidomyl\\counter-strike\\hl.exe"=
"C:\\Program Files\\Nová složka\\Counter-Strike 1.6\\cstrike.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10404:TCP"= 10404:TCP:BitComet 10404 TCP
"10404:UDP"= 10404:UDP:BitComet 10404 UDP
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
.
- - - - ORPHANS REMOVED - - - -
BHO-{6EB35830-8222-4990-A484-D21FEDD4B033} - C:\WINDOWS\system32\fccaAqon.dll
BHO-{F0A3F0C7-EAD4-450B-8476-890773DE17C8} - C:\WINDOWS\system32\mlJDuuTM.dll
HKLM-Run-c08b132d - C:\WINDOWS\system32\mivppgsy.dll
HKLM-Run-TrojanScanner - C:\Program Files\Trojan Remover\Trjscan.exe
ShellExecuteHooks-{6EB35830-8222-4990-A484-D21FEDD4B033} - C:\WINDOWS\system32\fccaAqon.dll
Notify-fccaAqon - fccaAqon.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\alisek\Data aplikací\Mozilla\Firefox\Profiles\swwfiz7f.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://
www.google.cz
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPMySrch.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-08-09 12:39:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-09 12:40:50
ComboFix-quarantined-files.txt 2008-08-09 10:40:48
Pre-Run: 6,988,374,016
Post-Run: 6,977,617,920
154 --- E O F --- 2008-05-26 13:47:02