ComboFix 14-07-17.03 - PC 19.07.2014 16:09:26.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2039.1520 [GMT 2:00]
Spuštěný z: c:\documents and settings\PC\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\PC\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\tasks\Adobe Flash Player Updater.job"
"c:\windows\tasks\AppleSoftwareUpdate.job"
"c:\windows\tasks\avast! Emergency Update.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-606747145-682003330-1003Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-606747145-682003330-1003UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Lavasoft
c:\program files\Enigma Software Group
c:\program files\Enigma Software Group\SpyHunter\cos.dat
c:\program files\Enigma Software Group\SpyHunter\gas.dat
c:\program files\Enigma Software Group\SpyHunter\gil.dat
c:\program files\Enigma Software Group\SpyHunter\INSTALL.LOG
c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20131204_122254.log
c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20131204_123143.log
c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20131204_131052.log
c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20131204_155322.log
c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20131204_160946.log
c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20131204_232425.log
c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20140627_132217.log
c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20140627_201303.log
c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20140627_204041.log
c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20140628_164428.log
c:\program files\Enigma Software Group\SpyHunter\Rollback\arch_130306399123590000.xml
c:\program files\Enigma Software Group\SpyHunter\Rollback\arch_13eafaae681e9bc2d16a47cc2e574692_130306399115000000.esg
c:\program files\Enigma Software Group\SpyHunter\safeol.dat
c:\program files\Enigma Software Group\SpyHunter\scanlog.log
c:\program files\Enigma Software Group\SpyHunter\supportlog.txt
c:\program files\Enigma Software Group\SpyHunter\unkcache.dat
c:\program files\Spybot - Search & Destroy 2
c:\program files\Spybot - Search & Destroy 2\SDTray.exe.log
c:\program files\Spybot - Search & Destroy 2\spybotsd2-install-bdcore-update.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ESGIGUARD
-------\Service_esgiguard
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-06-19 do 2014-07-19 )))))))))))))))))))))))))))))))
.
.
2014-07-19 12:45 . 2008-04-14 03:22 39424 ----a-w- c:\windows\system32\grpconv.exe
2014-07-19 11:56 . 2014-07-19 11:59 -------- d-----w- C:\AdwCleaner
2014-07-19 11:44 . 2014-07-19 11:44 -------- d-----w- C:\rsit
2014-07-19 11:44 . 2014-07-19 11:44 -------- d-----w- c:\program files\trend micro
2014-07-12 08:14 . 2014-07-12 08:14 -------- d-----w- c:\documents and settings\PC\Data aplikací\Malwarebytes
2014-07-12 08:14 . 2014-07-12 08:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2014-07-06 11:12 . 2014-07-06 11:12 -------- d-----w- c:\windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-06-30 08:04 . 2014-06-30 08:04 -------- d-----w- c:\documents and settings\PC\Data aplikací\APP_NAME_NON_STRING
2014-06-27 18:49 . 2014-06-27 18:49 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2014-06-27 18:40 . 2014-06-27 18:40 -------- d-----w- c:\windows\220FB0354744483A9A0B41DF77061583.TMP
2014-06-27 18:33 . 2014-06-27 18:33 -------- d-----w- c:\documents and settings\PC\Data aplikací\LavasoftStatistics
2014-06-27 18:28 . 2014-06-27 18:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 10:31 . 2012-07-21 19:57 699056 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-09 10:31 . 2011-09-12 19:22 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2008-08-10 12:17 . 2008-08-10 12:17 1495112 -c--a-w- c:\program files\install_flash_player.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-22 13:51 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 57344]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 177456]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2014-01-22 4858968]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 01:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
Notification Packages REG_MULTI_SZ SbHpNp scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"WatchDog"=c:\program files\InterVideo\DVD Check\DVDCheck.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\PC\\Plocha\\Mir4nda-IM-0.7.1-Pack-v2.0\\miranda32.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Documents and Settings\\PC\\Plocha\\bulanci.exe"=
"c:\\Documents and Settings\\PC\\Plocha\\PROGRAMY\\sdc230\\StrongDC.exe"=
"c:\\Documents and Settings\\PC\\Plocha\\PROGRAMY\\PDFedit\\PDFEdit.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [14.6.2013 21:13 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [14.6.2013 21:13 175176]
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [22.4.2007 16:24 100095]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [9.10.2006 13:31 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [29.3.2007 16:54 13696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [20.9.2011 20:11 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.9.2011 20:11 369584]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [22.4.2007 16:25 5808]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2.3.2006 14:00 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2.3.2006 14:00 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.9.2011 20:11 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [14.6.2013 21:13 66336]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [22.4.2007 16:32 221184]
R2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files\PDF Architect\HelperService.exe [22.11.2012 17:58 1522312]
R2 PDF Architect Service;PDF Architect Service;c:\program files\PDF Architect\ConversionService.exe [22.11.2012 17:56 905864]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [7.8.2008 19:14 540448]
R2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [4.12.2006 16:13 292384]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7.8.2008 18:54 36608]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [7.8.2008 19:49 39488]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5.9.2013 11:34 171680]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [13.9.2013 13:16 12400]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [7.8.2008 18:58 33024]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [2.3.2006 14:00 14336]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [19.8.2013 11:17 155824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2014-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-21 10:31]
.
2014-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2014-07-19 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-06-14 13:51]
.
2014-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-07 19:02]
.
2014-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-07 19:02]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://
www.google.com/ie
uSearchAssistant = hxxp://
www.google.com/ie
uSearchURL,(Default) = hxxp://
www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 194.228.41.65 194.228.41.65
TCP: Interfaces\{9A067AB6-ECE1-499D-A741-D9A3B6A15D75}: NameServer = 8.8.8.8
FF - ProfilePath - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\a43gjvg7.default\
FF - prefs.js: browser.startup.homepage - hxxps://
www.google.cz/?gws_rd=ssl
FF - ExtSQL: !HIDDEN! 2009-09-16 14:42; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2014-07-19 16:16
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|p>?|????i>?|&?@
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1976)
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
.
- - - - - - - > 'lsass.exe'(212)
c:\windows\SbHpNp.dll
.
- - - - - - - > 'explorer.exe'(3116)
c:\windows\system32\APSHook.dll
c:\windows\system32\msi.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Hewlett-Packard\IAM\bin\asghost.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Celkový čas: 2014-07-19 16:19:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-07-19 14:19
ComboFix2.txt 2014-07-19 12:52
.
Před spuštěním: 257 142 784
Po spuštění: 241 217 536
.
- - End Of File - - 80DD1B3C47570C2E1A85686740F6D3A7
413FC2A0C716421B3158746D63736515
Spybota i Terminatora odinstalujte - uz maji nejlepsi za sebou
od 1. února 2011.
Přispějete na provoz fóra?