ComboFix 13-12-18.01 - BoodLuke 19.12.2013 20:20:24.1.3 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3583.2893 [GMT 1:00]
Spuštěný z: c:\documents and settings\BoodLuke\Plocha\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\frapsvid.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-19 do 2013-12-19 )))))))))))))))))))))))))))))))
.
.
2013-12-10 13:37 . 2013-12-10 13:37 -------- d-----w- C:\Dev-Pas
2013-12-07 11:26 . 2013-12-19 16:27 -------- d-----w- c:\documents and settings\BoodLuke\Data aplikací\.minecraft
2013-12-03 19:07 . 2013-12-03 19:07 -------- d-----w- c:\program files\Rovio
2013-12-02 17:29 . 2013-12-02 17:31 -------- d-----w- c:\program files\RegCleaner
2013-12-01 10:18 . 2013-12-02 13:32 -------- d-----w- c:\windows\SxsCaPendDel
2013-11-29 15:48 . 2013-11-29 15:48 -------- d-----w- C:\Users
2013-11-29 15:47 . 2013-12-03 19:09 -------- d-----w- c:\documents and settings\BoodLuke\Data aplikací\Rovio
2013-11-29 15:40 . 2013-11-29 15:42 -------- d-----w- c:\program files\Angry Birds 3.3.2
2013-11-25 15:31 . 2013-11-25 15:31 -------- d-----w- c:\documents and settings\BoodLuke\Data aplikací\AVAST Software
2013-11-19 20:47 . 2013-11-19 20:48 -------- d-----w- c:\documents and settings\BoodLuke\Data aplikací\Minecraft Skin Viewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-24 17:59 . 2013-03-05 21:34 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-24 17:59 . 2013-03-05 21:34 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-24 17:59 . 2013-03-05 21:34 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-24 17:59 . 2012-12-17 17:27 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-11-24 17:59 . 2012-12-17 17:27 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-11-24 17:59 . 2012-12-17 17:27 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-24 17:59 . 2012-12-17 17:27 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-11-24 17:59 . 2012-12-17 17:27 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-11-24 17:59 . 2012-12-17 17:26 43152 ----a-w- c:\windows\avastSS.scr
2013-11-24 17:59 . 2012-12-17 17:26 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-11-23 09:34 . 2013-03-09 11:04 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-23 09:34 . 2013-03-09 11:04 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-16 14:10 . 2012-12-18 15:37 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-11-16 14:10 . 2012-12-18 15:37 138056 ----a-w- c:\documents and settings\BoodLuke\Data aplikací\PnkBstrK.sys
2013-11-16 14:10 . 2012-12-18 15:37 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-11-16 14:10 . 2012-12-18 15:37 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-11-14 16:14 . 2013-02-01 14:45 143 ----a-w- c:\documents and settings\All Users\Data aplikací\LaunchURL.bat
2013-11-05 14:45 . 2012-12-18 16:29 282296 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-11-05 13:56 . 2012-12-18 15:37 282296 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-11-03 11:21 . 2009-03-18 15:35 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2013-11-01 13:18 . 2013-01-26 08:29 840264 ----a-w- c:\windows\system32\pbsvc.exe
2013-10-13 11:42 . 2012-12-18 14:30 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:12 . 2012-12-18 14:30 43520 ------w- c:\windows\system32\licmgr10.dll
2013-10-13 07:12 . 2012-12-18 14:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:12 . 2012-12-18 14:30 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57 . 2012-12-18 14:30 385024 ------w- c:\windows\system32\html.iec
2013-10-12 15:57 . 2012-12-18 14:30 279552 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:13 . 2012-12-18 14:30 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-08 05:50 . 2013-10-20 09:53 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-08 05:29 . 2013-10-20 09:53 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-07 11:00 . 2012-12-18 14:30 606208 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 06:12 . 2010-08-13 17:44 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-09-24 16:18 . 2012-12-17 16:38 71192 ----a-w- c:\windows\system32\atimpc32.dll
2013-09-24 16:18 . 2012-12-17 16:38 71192 ----a-w- c:\windows\system32\amdpcom32.dll
2013-09-24 16:16 . 2012-12-17 16:38 6852096 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2013-09-24 16:09 . 2013-05-27 15:07 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2013-09-24 16:08 . 2012-12-17 16:38 306176 ----a-w- c:\windows\system32\ati2dvag.dll
2013-09-24 15:45 . 2012-12-17 16:38 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2013-09-24 15:45 . 2013-05-27 18:23 163840 ----a-w- c:\windows\system32\Oemdspif.dll
2013-09-24 15:45 . 2013-05-27 18:23 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2013-09-24 15:44 . 2012-12-17 16:38 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2013-09-24 15:44 . 2012-12-17 16:38 192512 ----a-w- c:\windows\system32\ati2evxx.dll
2013-09-24 15:43 . 2012-12-17 16:38 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2013-09-24 15:42 . 2013-05-27 18:23 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2013-09-24 15:27 . 2012-12-17 16:38 4847488 ----a-w- c:\windows\system32\ati3duag.dll
2013-09-24 15:14 . 2013-05-27 18:23 18964480 ----a-w- c:\windows\system32\atioglxx.dll
2013-09-24 15:07 . 2013-05-27 18:23 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2013-09-24 15:05 . 2012-12-17 16:38 2380800 ----a-w- c:\windows\system32\ativvaxx.dll
2013-09-24 14:51 . 2012-12-17 16:38 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2013-09-24 14:46 . 2012-12-17 16:38 929792 ----a-w- c:\windows\system32\atikvmag.dll
2013-09-24 14:41 . 2012-12-17 16:38 245760 ----a-w- c:\windows\system32\atiadlxx.dll
2013-09-24 14:41 . 2013-05-27 18:23 17408 ----a-w- c:\windows\system32\atitvo32.dll
2013-09-24 14:40 . 2012-12-17 16:38 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-09-24 14:39 . 2012-12-17 16:38 495616 ----a-w- c:\windows\system32\atiok3x2.dll
2013-09-24 14:35 . 2012-12-17 16:38 663552 ----a-w- c:\windows\system32\ati2cqag.dll
2008-03-09 05:25 . 2013-04-13 15:56 236 ---ha-w- c:\program files\Common Files\dx.reg
2013-11-15 20:46 . 2013-11-15 20:45 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-07-25 10:16 35320 --sha-w- c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-04-21 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[-] 2013-04-21 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-24 17:59 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 14:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 14:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 14:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 14:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 14:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 14:47 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE" [2013-06-07 774680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-10-19 1202560]
"GB_UPDATE"="c:\program files\Razer\Razer Game Booster\AutoUpdate.exe" [2013-06-05 2051688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Wireless Utility.lnk]
backup=c:\windows\pss\Wireless Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^BoodLuke^Nabídka Start^Programy^Po spuštění^hamachi.lnk]
path=c:\documents and settings\BoodLuke\Nabídka Start\Programy\Po spuštění\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^BoodLuke^Nabídka Start^Programy^Po spuštění^PSPdisp.lnk]
path=c:\documents and settings\BoodLuke\Nabídka Start\Programy\Po spuštění\PSPdisp.lnk
backup=c:\windows\pss\PSPdisp.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GB_UPDATE]
c:\program files\Razer\Razer Game Booster\AutoUpdate.exe/AUTORUN [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Manager
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\20131121]
2013-11-25 15:32 180184 ----a-w- c:\program files\AVAST Software\Avast\Setup\emupdate\0bbbe67a-3659-4e7e-ba02-40257a75237f.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 04:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2012-03-09 14:26 1073312 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 19:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cFosSpeed]
2011-10-19 14:19 1202560 ----a-r- c:\program files\ASRock\XFast LAN\cfosspeed.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clownfish]
2013-11-14 15:42 20584608 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 08:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate]
2013-05-16 13:25 1062472 ----a-w- c:\documents and settings\BoodLuke\Data aplikací\Seznam.cz\szninstall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop]
2013-04-12 08:10 92664 ----a-w- c:\documents and settings\BoodLuke\Data aplikací\Seznam.cz\bin\wszndesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
2013-10-22 19:54 3561816 ----a-w- c:\program files\Origin\Origin.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX100 Series]
2008-02-05 15:00 188928 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIEDE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2013-07-23 09:55 138096 ----atw- c:\documents and settings\BoodLuke\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-05-31 09:56 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 13:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2013-10-01 14:51 2345296 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NtVdmSrv]
2013-06-14 07:24 884 --s-a-w- c:\windows\inf\ntvdm.vbe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
2013-05-16 13:25 1062472 ----a-w- c:\program files\Seznam.cz\distribution\szninstall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2013-09-24 09:33 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-12-11 19:40 1823656 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2010-05-20 13:27 762736 ----a-w- c:\windows\vVX1000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Autoupdate]
2013-06-07 14:51 774680 ----a-w- c:\program files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TeamViewer8"=2 (0x2)
"SwitchBoard"=3 (0x3)
"SkypeUpdate"=2 (0x2)
"RalinkRegistryWriter"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"NAUpdate"=2 (0x2)
"MSCamSvc"=2 (0x2)
"MozillaMaintenance"=3 (0x3)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"Hamachi2Svc"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"cFosSpeedS"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\WarThunder\\launcher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Team Fortress 2\\hl2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [5.3.2013 22:34 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [5.3.2013 22:34 178304]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [10.6.2013 17:35 14776]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [17.12.2012 18:27 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17.12.2012 18:27 403440]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.12.2012 18:27 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [5.3.2013 22:34 70384]
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [15.11.2013 21:55 2150208]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [31.3.2013 19:16 19072]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [30.5.2013 15:10 103040]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [25.11.2009 20:57 1617408]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [26.8.2013 16:46 375056]
S3 AMBFilt;AMBFilt;c:\windows\system32\drivers\Ambfilt.sys [26.6.2009 15:29 1656960]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [6.2.2013 17:34 30312]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2.10.2010 9:09 35392]
S3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [8.1.2013 14:33 9216]
S3 pspdisp;pspdisp;c:\windows\system32\drivers\pspdisp.sys [18.1.2011 14:47 3072]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [24.8.2012 5:37 2699488]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [6.2.2013 17:34 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [6.2.2013 17:34 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [6.2.2013 17:34 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [6.2.2013 17:34 114280]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\Razer\Razer Game Booster\Driver\WinRing0.sys [16.5.2013 19:31 14416]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [1.10.2013 15:51 1612112]
S4 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [13.7.2012 16:27 769432]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5.9.2013 10:34 171680]
S4 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S4 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [28.4.2013 12:54 3574624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 18:26 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-12-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-09 09:34]
.
2013-08-25 c:\windows\Tasks\Auslogics Disk Defrag Prof Task {00000001-46EC-44A7-9B6B-6777D338F665} for BoodLuke.job
- c:\program files\Auslogics\Auslogics Disk Defrag Professional\DiskDefragPro.exe [2013-07-15 15:57]
.
2013-12-15 c:\windows\Tasks\Auslogics Disk Defrag Prof Task {00000001-9B89-48AF-A87B-53413E3B5CA9} for BoodLuke.job
- c:\program files\Auslogics\Auslogics Disk Defrag Professional\DiskDefragPro.exe [2013-07-15 15:57]
.
2013-12-19 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-12-17 17:59]
.
2013-12-19 c:\windows\Tasks\SmartDefragUpdate.job
- c:\program files\IObit\Smart Defrag 2\AutoUpdate.exe [2013-06-10 09:06]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
TCP: Interfaces\{CEB50289-AA74-4579-A4E9-F457ECABF7D5}: NameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\BoodLuke\Data aplikací\Mozilla\Firefox\Profiles\8il94vqn.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-11-15 22:56;
ascsurfingprotection@iobit.com; c:\documents and settings\BoodLuke\Data aplikacĂÂ\Mozilla\Firefox\Profiles\8il94vqn.default\extensions\
ascsurfingprotection@iobit.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-Advanced SystemCare 6 - c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe
MSConfigStartUp-Advanced SystemCare 7 - c:\program files\IObit\Advanced SystemCare 7\ASCTray.exe
MSConfigStartUp-Modem Booster - c:\program files\inKline Global\Modem Booster\ModemBtr.exe
MSConfigStartUp-ONAIR - c:\program files\ONAIR\ONAIR.exe
MSConfigStartUp-RDReminder - c:\program files\Dll-Files.com Fixer\DLLFixer.exe
MSConfigStartUp-WebCake Desktop - c:\documents and settings\BoodLuke\Data aplikací\Movdap\WebCakeDesktop.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2013-12-19 20:26
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\avast! sandbox
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1424)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2013-12-19 20:27:53
ComboFix-quarantined-files.txt 2013-12-19 19:27
.
Před spuštěním: Volných bajtů: 301 731 524 608
Po spuštění: Volných bajtů: 301 680 750 592
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 99A11B44EFB21FA2DE20B6B70E58678F
413FC2A0C716421B3158746D63736515
