ComboFix 13-05-04.01 - DF 05.05.2013 14:39:44.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2529 [GMT 2:00]
Spuštěný z: c:\documents and settings\DF\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\DF\WINDOWS
C:\install.exe
c:\windows\system32\frapsvid.dll
c:\windows\system32\mssaver.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-05 do 2013-05-05 )))))))))))))))))))))))))))))))
.
.
2013-05-04 10:06 . 2013-05-04 10:06 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2013-05-04 08:59 . 2013-05-01 23:34 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-04 08:59 . 2013-05-01 23:34 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-04 08:58 . 2013-05-01 23:34 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-05-04 08:58 . 2013-05-01 23:34 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-04 08:58 . 2013-05-01 23:34 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-04 08:58 . 2013-05-02 14:52 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-04 08:58 . 2013-05-01 23:34 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-04 08:58 . 2013-05-01 23:34 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-04 08:58 . 2013-05-01 23:33 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-04 08:58 . 2013-05-01 23:33 41664 ----a-w- c:\windows\avastSS.scr
2013-05-04 08:44 . 2013-05-05 07:02 -------- d-----w- c:\documents and settings\DF\Data aplikací\vlc
2013-05-04 08:42 . 2013-05-04 08:42 -------- d-----w- c:\program files\Combined Community Codec Pack
2013-05-04 08:11 . 2013-05-04 08:11 -------- d-----w- c:\program files\Common Files\Java
2013-05-04 08:11 . 2013-04-04 03:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-04 08:01 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-05-04 07:51 . 2013-05-04 07:51 -------- d-----w- c:\windows\system32\wbem\Repository
2013-05-04 07:50 . 2013-05-04 10:29 -------- d-----w- c:\documents and settings\DF\Data aplikací\Winamp
2013-05-04 07:50 . 2013-05-04 08:45 -------- d-----w- c:\program files\Winamp
2013-05-04 07:50 . 2013-05-04 07:50 -------- d-----w- c:\program files\Winamp Detect
2013-05-04 07:50 . 2013-05-04 07:50 -------- d-----w- c:\documents and settings\DF\Data aplikací\DarknessII
2013-05-04 07:43 . 2013-05-04 07:43 -------- d-----w- c:\program files\Polda3Mezihry
2013-05-04 07:00 . 2013-05-04 07:00 -------- d-----w- c:\program files\SRS Labs
2013-05-04 06:48 . 2013-05-04 07:56 -------- d-----w- c:\documents and settings\UpdatusUser
2013-05-04 06:48 . 2013-05-04 06:48 -------- d-----w- c:\windows\system32\AGEIA
2013-05-04 06:48 . 2013-05-04 06:48 -------- d-----w- c:\program files\AGEIA Technologies
2013-04-14 12:36 . 2013-04-14 12:36 -------- d-----w- c:\program files\Microsoft.NET
2013-04-14 12:20 . 2013-05-04 07:08 -------- d-----w- c:\program files\Gray Matter
2013-04-08 16:01 . 2013-04-08 16:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\wanted
2013-04-07 14:53 . 2013-04-07 14:53 -------- d-----w- c:\documents and settings\DF\Data aplikací\Atari
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-04 10:06 . 2012-07-03 09:32 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-04 10:06 . 2012-07-03 09:14 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-08 08:36 . 2008-04-14 06:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2008-04-14 08:06 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-07 15:56 . 2008-04-14 06:06 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-06 09:29 . 2012-06-23 09:22 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-06 09:29 . 2011-11-09 15:08 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-02 02:08 . 2008-04-14 06:52 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:08 . 2008-04-14 06:51 43520 ------w- c:\windows\system32\licmgr10.dll
2013-03-02 02:08 . 2008-04-14 06:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:57 . 2008-04-14 05:45 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2008-04-14 05:50 385024 ------w- c:\windows\system32\html.iec
2013-02-27 07:58 . 2011-10-25 12:52 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-21 18:26 . 2013-02-21 09:56 281504 ----a-w- c:\windows\system32\drivers\atksgt.sys
2013-02-21 18:26 . 2013-02-21 09:56 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2013-02-12 00:32 . 2008-04-13 22:26 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:15 . 2008-04-14 06:52 916480 ----a-w- c:\windows\system32\wininet(3).dll
2013-02-05 20:15 . 2008-04-14 06:52 1212928 ----a-w- c:\windows\system32\urlmon(3).dll
2013-02-05 20:15 . 2008-04-14 06:52 105984 ----a-w- c:\windows\system32\url(3).dll
2013-03-08 10:08 . 2013-03-08 10:07 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-01 23:33 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-20 18789408]
"ATKOSD2"="c:\program files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-26 6998656]
"ATKMEDIA"="c:\program files\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-19 170624]
"ATKHOTKEY"="c:\program files\ASUS\ATK Package\ATK Hotkey\HControl.exe" [2009-10-26 174720]
"HControlUser"="c:\program files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-06-12 491520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-01 4858456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-11 13803520]
"nwiz"="nwiz.exe" [2009-12-11 1657448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-12-11 86016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-14 607584]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
SRS Premium Sound.lnk - c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSound_RT.exe [2013-4-23 2987248]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII\\RpcSandraSrv.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Games\\Worms Armageddon - New Edition\\WA.exe"=
"c:\\Program Files\\Java\\jre7\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Screamer Radio\\screamer.exe"=
"c:\\Games\\Dishonored\\Dishonored\\Binaries\\Win32\\Dishonored.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [4.5.2013 10:58 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [4.5.2013 10:58 174664]
R0 pe3ajbeb;L Ile Noyee Environment Driver (pe3ajbeb);c:\windows\system32\drivers\pe3ajbeb.sys [22.8.2007 18:31 64632]
R0 ps7ajbeb;L Ile Noyee Synchronization Driver (ps7ajbeb);c:\windows\system32\drivers\ps7ajbeb.sys [22.8.2007 18:30 68736]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4.5.2013 10:58 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4.5.2013 10:59 368944]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [8.8.2012 15:44 242240]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4.5.2013 10:59 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [4.5.2013 10:58 66336]
S2 pr2ajbeb;L Ile Noyee Drivers Auto Removal (pr2ajbeb);c:\windows\system32\pr2ajbeb.exe svc --> c:\windows\system32\pr2ajbeb.exe svc [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [25.10.2011 15:29 1691480]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [25.10.2011 15:18 90624]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14.1.2008 12:06 21632]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-06 10:06]
.
2013-04-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2013-05-05 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-04 23:33]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://
www.seznam.cz/
uInternet Settings,ProxyOverride = local
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\DF\Data aplikací\Mozilla\Firefox\Profiles\s2kvfx98.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.4&q=
FF - prefs.js: browser.startup.homepage - hxxp://
www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://bw.startnow.com/s/?src=addrbar&provider=&provider_name=yahoo&provider_code=&partner_id=339&product_id=679&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.1.0&install_country=CZ&install_date=20111109&user_guid=795356C5C81B4C4CA0CF2699F1B359D5&machine_id=15e8eacc26247c5630360990aad5dbf9&browser=FF&os=win&os_version=5.1-x86-SP3&q=
FF - ExtSQL: 2013-05-04 10:58;
wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: !HIDDEN! 2011-11-20 12:18; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Official 2012 Countdown_is1 - c:\windows\Official 2012 Countdown Uninstaller\unins000.exe
AddRemove-Side 9 Screensaver - c:\windows\system32\Side 9 Screensaver.scr
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2013-05-05 14:50
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1417001333-2025429265-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{23C7B63B-8F52-80B3-F944-BB31AEF9B6CD}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1417001333-2025429265-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{72C126EF-DF48-3CBE-6546-8E0E400E1BBA}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1417001333-2025429265-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:72,01,4e,c3,9a,90,26,ed,9d,cd,82,0f,3b,50,80,66,43,ff,24,67,cd,ef,2b,
bb,96,01,f0,0e,59,40,d9,82,36,df,eb,22,c7,92,69,5e,50,3e,08,6a,35,9f,15,20,\
"??"=hex:ae,4b,96,bf,d8,be,aa,7a,02,72,39,0d,c9,e0,e7,5d
.
[HKEY_USERS\S-1-5-21-1417001333-2025429265-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:fd,06,a6,92,d9,54,05,cb,31,11,cf,d1,ff,12,17,f1,01,3c,27,52,31,
c4,85,72,f2,6c,b2,93,90,a9,a4,39,33,45,e1,e1,cc,b3,2e,b6,8f,aa,32,d0,6b,42,\
"rkeysecu"=hex:e5,ac,50,25,54,ef,1a,55,62,32,4b,13,74,54,19,4d
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Celkový čas: 2013-05-05 14:52:17
ComboFix-quarantined-files.txt 2013-05-05 12:52
.
Před spuštěním: Volných bajtů: 67 504 447 488
Po spuštění: Volných bajtů: 67 545 231 360
.
- - End Of File - - 27B77D4AD05694BD2B0F9EA4E867BA51
