ComboFix 13-07-27.01 - Administrator 28.07.2013  17:14:19.1.2 - x86
Systm Microsoft Windows XP Professional  5.1.2600.3.1250.420.1029.18.1022.632 [GMT 2:00]
Sputn z: c:\documents and settings\Kajo\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Ostatn vmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\UNWISE.EXE
c:\windows\iun6002.exe
c:\windows\Options\Cabs\_desktop.ini
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
d:\instalacky\ovlAdace\LAN_Realtek_5.649.0615.2006_XPx86\WIN2000\_desktop.ini
d:\instalacky\ovlAdace\LAN_Realtek_5.649.0615.2006_XPx86\WIN98SE\_desktop.ini
d:\instalacky\ovlAdace\LAN_Realtek_5.649.0615.2006_XPx86\WINME\_desktop.ini
d:\instalacky\ovlAdace\LAN_Realtek_5.649.0615.2006_XPx86\WINXP\_desktop.ini
.
.
(((((((((((((((((((((((((   Soubory vytvoen od 2013-06-28 do 2013-07-28  )))))))))))))))))))))))))))))))
.
.
2013-07-28 15:10 . 2013-07-28 15:10	--------	d-----w-	c:\documents and settings\Administrator.FLIRT-C77AFE09A
2013-07-27 16:44 . 2013-07-27 16:44	--------	d-----w-	c:\documents and settings\All Users\Data aplikac\{D76294E6-03B8-4971-AF2E-3F846161A690}
2013-07-27 16:44 . 2013-07-27 16:44	--------	d-----w-	c:\documents and settings\Kajo\Data aplikac\Apple Computer
2013-07-27 16:44 . 2013-07-27 16:44	--------	d-----w-	c:\documents and settings\Kajo\AppData
2013-07-27 16:44 . 2013-07-27 16:44	--------	d-----w-	C:\IObit
2013-07-27 16:44 . 2013-07-27 16:44	--------	d-----w-	c:\documents and settings\All Users\Data aplikac\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-07-27 16:42 . 2013-07-27 16:44	--------	d-----w-	c:\documents and settings\All Users\Data aplikac\IObit
2013-07-27 16:42 . 2013-07-28 09:43	--------	d-----w-	c:\program files\Common Files\Spigot
2013-07-27 16:42 . 2013-07-27 16:44	--------	d-----w-	c:\documents and settings\Kajo\Data aplikac\IObit
2013-07-27 16:42 . 2013-07-27 16:44	--------	d-----w-	c:\program files\IObit
2013-07-27 13:49 . 2013-07-27 13:49	--------	d-----w-	c:\program files\trend micro
2013-07-27 13:49 . 2013-07-27 13:49	--------	d-----w-	C:\rsit
2013-07-25 18:20 . 2013-07-25 18:20	--------	d-----w-	c:\documents and settings\Kajo\Data aplikac\SUPERAntiSpyware.com
2013-07-25 18:20 . 2013-07-25 18:20	--------	d-----w-	c:\documents and settings\All Users\Data aplikac\SUPERAntiSpyware.com
2013-07-25 18:20 . 2013-07-25 18:21	--------	d-----w-	c:\program files\SUPERAntiSpyware
2013-07-25 17:29 . 2009-01-09 09:46	39776	----a-w-	c:\windows\system32\DfSdkBt64.exe
2013-07-25 17:29 . 2009-01-09 09:46	33632	----a-w-	c:\windows\system32\DfSdkBt.exe
2013-07-25 17:29 . 2013-07-25 17:29	--------	d-----w-	c:\program files\Ashampoo
2013-07-25 17:23 . 2013-07-27 12:44	175176	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-07-25 17:23 . 2013-05-09 08:59	49376	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-07-25 17:23 . 2013-05-09 08:59	66336	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-07-25 17:08 . 2013-07-25 17:08	--------	d-----w-	c:\program files\CCleaner
2013-07-12 09:05 . 2013-07-12 09:05	--------	d-----w-	c:\documents and settings\Kajo\Local Settings\Data aplikac\Adobe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M vpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-28 14:14 . 2013-01-03 09:06	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-07-28 14:14 . 2012-03-02 15:20	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-27 12:44 . 2013-02-13 20:33	369584	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-07-27 12:44 . 2013-02-13 20:33	770344	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2013-02-13 20:33	56080	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2013-02-13 20:33	49760	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2013-05-09 08:59 . 2013-02-13 20:33	29816	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2013-02-13 20:33	41664	----a-w-	c:\windows\avastSS.scr
2013-05-09 08:58 . 2013-02-13 20:33	229648	----a-w-	c:\windows\system32\aswBoot.exe
2011-12-21 08:07 . 2013-07-27 19:52	121816	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((   Spoutc body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznmka* przdn zznamy a legitimn vchoz daje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58	121968	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabdka Start^Programy^Po sputn^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
2005-01-31 08:05	253952	----a-w-	c:\program files\Atheros\ACU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-23 19:43	926896	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 18:43	69632	----a-w-	c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 17:41	45056	----a-w-	c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2006-07-17 22:40	53248	------w-	c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-11-16 19:04	139264	----a-w-	c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 06:52	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40	155648	----a-w-	c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-04-10 16:52	16861184	----a-w-	c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-02-07 12:14	17706088	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftAuto.exe]
2008-08-13 03:49	405504	----a-w-	c:\program files\Creative\Software Update 3\SoftAuto.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-03-09 14:49	37888	----a-w-	d:\instalacky\winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"btwdins"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"ACS"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [25.7.2013 19:23 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [25.7.2013 19:23 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [13.2.2013 22:33 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13.2.2013 22:33 369584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12.7.2011 23:55 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 23:55 67664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.2.2013 22:33 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [25.7.2013 19:23 66336]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7.2.2013 14:10 161384]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21.5.2008 13:42 64000]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [25.7.2013 19:29 410976]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2.3.2012 17:08 30576]
S3 SMIGrabber3C;SMI Grabber Device Tuner Filter 3C;c:\windows\system32\drivers\SmiUsbGrabber3C.sys [3.1.2012 21:33 799232]
.
Obsah adrese 'Naplnovan lohy'
.
2013-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-03 14:14]
.
2013-07-28 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-02-13 08:58]
.
.
------- Doplkov sken -------
.
TCP: DhcpNameServer = 192.168.1.1 192.168.4.1
FF - ProfilePath - 
.
- - - - NEPLATN POLOKY ODSTRANN Z REGISTRU - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-28 17:23
Windows 5.1.2600 Service Pack 3 NTFS
.
skenovn skrytch proces ...  
.
skenovn skrytch poloek 'Po sputn' ... 
.
skenovn skrytch soubor ...  
.
sken byl spen dokonen
skryt soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUT KLE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\(*|]
"DisplayName"="??"
"DeviceDesc"="??"
"ProviderName"="?\11???\11\08"
"MFG"="?\08???"
"ReinstallString"=".10.1000.5"
"DeviceInstanceIds"=multi:"c:\\documents and settings\\kajo\\plocha\\chipset_ati_8.251.060427_xpx86\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navzan na bc procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(840)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
Celkov as: 2013-07-28  17:25:31
ComboFix-quarantined-files.txt  2013-07-28 15:25
.
Ped sputnm: Volnch bajt: 50947416064
Po sputn: Volnch bajt: 51055677440
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 4BE0BCE084201DA0BA5D84754BB18CB0
413FC2A0C716421B3158746D63736515
