Re: Pomalé načítaní plochy
Napsal: 02 říj 2014 10:03
ComboFix 14-10-02.01 - Děti 02.10.2014 10:45:19.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1506 [GMT 2:00]
Spuštěný z: c:\documents and settings\Děti\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Děti\Plocha\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
SP: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7094}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SPTD
-------\Service_hznozqek
-------\Service_sptd
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-09-02 do 2014-10-02 )))))))))))))))))))))))))))))))
.
.
2014-10-02 07:48 . 2014-10-02 07:48 -------- d-----w- c:\documents and settings\Děti\Data aplikací\Opera Software
2014-10-01 15:17 . 2014-10-01 15:17 -------- d-----w- c:\documents and settings\Děti\.IBot
2014-10-01 15:17 . 2014-10-01 15:17 -------- d-----w- c:\program files\Profibot
2014-10-01 11:21 . 2014-10-01 11:21 -------- d-----w- c:\documents and settings\Děti\Data aplikací\Malwarebytes
2014-10-01 11:21 . 2014-10-01 11:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-10-01 11:21 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-01 10:21 . 2014-10-01 10:22 -------- d-----w- c:\program files\CCleaner
2014-10-01 06:24 . 2014-10-01 06:24 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\AVAST Software
2014-09-29 09:26 . 2014-09-29 09:26 -------- d-----w- c:\program files\Common Files\Java
2014-09-29 09:26 . 2014-09-29 09:26 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-09-28 17:50 . 2014-10-02 07:48 -------- d-----w- c:\program files\Opera
2014-09-24 11:39 . 2014-09-24 11:39 -------- d-----w- c:\windows\Flash
2014-09-21 19:11 . 2014-09-21 19:11 -------- d-----w- c:\documents and settings\uživatel\.IBot
2014-09-20 13:45 . 2013-06-21 12:02 893728 ----a-w- c:\windows\system32\nvdispgenco3232049.dll
2014-09-20 13:45 . 2013-06-21 12:02 1024288 ----a-w- c:\windows\system32\nvdispco3232049.dll
2014-09-09 04:55 . 2014-09-09 17:36 -------- d-----w- c:\program files\Prime95
2014-09-09 04:47 . 2014-09-09 04:47 -------- d-----w- c:\documents and settings\Děti\Local Settings\Data aplikací\OCCT_-_Ocbase_-_Adrien_Me
2014-09-08 11:40 . 2014-09-08 11:40 -------- d-----w- c:\windows\system32\HtmlData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-29 09:26 . 2014-08-21 13:54 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-09-20 08:37 . 2012-10-02 14:18 701104 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-20 08:37 . 2012-10-02 14:18 71344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-03 05:08 . 2010-06-26 08:56 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2014-07-13 17:20 . 2014-07-13 17:20 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-07-13 17:20 . 2014-07-13 17:20 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-07-13 17:20 . 2014-07-13 17:20 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-13 17:20 . 2014-07-13 17:20 57800 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-07-13 17:20 . 2014-07-13 17:20 55112 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-07-13 17:20 . 2014-07-13 17:20 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-13 17:20 . 2014-07-13 17:20 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-13 17:20 . 2014-07-13 17:20 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-13 17:20 . 2014-07-13 17:20 276432 ----a-w- c:\windows\system32\aswBoot.exe
2014-07-13 17:20 . 2014-07-13 17:20 43152 ----a-w- c:\windows\avastSS.scr
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 06:51 . E7B375DFFB68A16659CA66474A280C47 . 806912 . . [2001.12.4414.700] . . c:\windows\NiwradSoft Shell Pack\Backup\comres.dll
[-] 2008-04-14 06:51 . 672582A3849B24B67C237D13E79CE672 . 1508864 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 06:51 . 672582A3849B24B67C237D13E79CE672 . 1508864 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[7] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[7] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2008-04-14 . D63C59BB0CA2F83B62D003FD52863090 . 1541120 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 . D63C59BB0CA2F83B62D003FD52863090 . 1541120 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
.
[-] 2008-04-14 . 6915639F41228891A883B2DA59AA7429 . 277504 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[7] 2008-04-14 . FDEB1D02CAE38665CBF114F44E6B997E . 147968 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\regedit.exe
[-] 2008-04-14 . 6915639F41228891A883B2DA59AA7429 . 277504 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
.
[7] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . 0415E09C0BCCBF8B5CD5A05889EFB962 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[7] 2008-04-14 . ED18ADEE4AA21EB26977260152D7241A . 345088 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\hnetcfg.dll
[-] 2008-04-14 . FDE84E2C6D0E1F75D61D7CC111A1DA5A . 369152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . FDE84E2C6D0E1F75D61D7CC111A1DA5A . 369152 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-13 17:20 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-01 4085896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 40448]
.
c:\documents and settings\BartimeusCZ\Nabídka Start\Programy\Po spuštění\
SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2013-3-15 4683768]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"83.125.22.190,255.255.255.255,92.240.176.74,1"=""
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Děti^Nabídka Start^Programy^Po spuštění^SpeedFan.lnk]
path=c:\documents and settings\Děti\Nabídka Start\Programy\Po spuštění\SpeedFan.lnk
backup=c:\windows\pss\SpeedFan.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppsHat]
2012-10-26 06:49 202752 ----a-w- c:\documents and settings\Děti\Local Settings\Data aplikací\WebPlayer\AppsHat\WebPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 20:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2014-09-25 14:45 4810520 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 06:52 40448 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-16 04:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 04:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR.exe]
2014-06-14 04:31 843568 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2014-06-14 04:30 1563440 ----a-w- c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2014-06-14 04:30 310064 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Math Optimize]
2014-01-20 16:36 67740 ----a-w- c:\documents and settings\Děti\Local Settings\Data aplikací\Math Problem Solver\Optimize.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2013-06-21 09:54 15677728 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2013-06-21 09:54 223008 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2013-06-21 12:02 2586912 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2012-06-06 13:00 20065936 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2014-09-23 04:32 1938112 ----a-w- d:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-07-25 10:29 256896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebCake Desktop Updater"=2 (0x2)
"AdvancedSystemCareService7"=2 (0x2)
"MBAMService"=2 (0x2)
"MBAMScheduler"=2 (0x2)
"ekrn"=2 (0x2)
"avast! Antivirus"=2 (0x2)
"Steam Client Service"=3 (0x3)
"SBUpd"=2 (0x2)
"PnkBstrA"=2 (0x2)
"osppsvc"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NVSvc"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MDM"=2 (0x2)
"LiveUpdateSvc"=2 (0x2)
"LicCtrlService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"IJPLMSVC"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"FsUsbExService"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"ERSvc"=2 (0x2)
"WebClient"=2 (0x2)
"SysmonLog"=3 (0x3)
"Alerter"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"TermService"=3 (0x3)
"TlntSvr"=3 (0x3)
"ClipSrv"=3 (0x3)
"VSS"=3 (0x3)
"RDSessMgr"=3 (0x3)
"NetDDEdsdm"=3 (0x3)
"SCardSvr"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"ImapiService"=3 (0x3)
"ALG"=3 (0x3)
"NetDDE"=3 (0x3)
"Nla"=3 (0x3)
"seclogon"=2 (0x2)
"Browser"=3 (0x3)
"helpsvc"=2 (0x2)
"mnmsrvc"=3 (0x3)
"SwPrv"=3 (0x3)
"Messenger"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"CiSvc"=3 (0x3)
"upnphost"=3 (0x3)
"wscsvc"=2 (0x2)
"SharedAccess"=2 (0x2)
"wuauserv"=2 (0x2)
"Dot3svc"=3 (0x3)
"WZCSVC"=2 (0x2)
"SkypeUpdate"=2 (0x2)
"NvNetworkService"=2 (0x2)
"SbieSvc"=2 (0x2)
"WmiApSrv"=3 (0x3)
"Prime95 Service"=2 (0x2)
"MozillaMaintenance"=3 (0x3)
"AODService"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"cz.seznam.software.szndesktop"="c:\documents and settings\Děti\Data aplikací\Seznam.cz\bin\wszndesktop.exe" -q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
"nwiz"=c:\program files\NVIDIA Corporation\nView\nwiz.exe /install
"MP10_EnsureFileVer"=c:\windows\inf\unregmp2.exe /EnsureFileVersions
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiSpyWareDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\Czech\\setup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre7\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Torrent Download\\TorrentDownload.exe"=
"c:\\Documents and Settings\\Děti\\Data aplikací\\uTorrent\\utorrent.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\SoundSpectrum\\G-Force\\G-Force Standalone.exe"=
"c:\\Documents and Settings\\Děti\\Plocha\\Nová složka\\eg.dlleg"=
"d:\\Hry\\Etacidnys\\eg.dlleg"=
"d:\\Program Files\\Steam\\SteamApps\\common\\Team Fortress 2\\hl2.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
"57491:TCP"= 57491:TCP:Pando Media Booster
"57491:UDP"= 57491:UDP:Pando Media Booster
"56193:TCP"= 56193:TCP:Pando Media Booster
"56193:UDP"= 56193:UDP:Pando Media Booster
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [13.7.2014 19:20 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [13.7.2014 19:20 192352]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [13.5.2014 14:17 237848]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13.5.2014 14:04 27416]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [13.7.2014 19:20 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [13.7.2014 19:20 414520]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [13.5.2014 14:19 192280]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [13.7.2014 19:20 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [13.7.2014 19:20 67824]
S2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\Drivers\Scutum50.sys --> c:\windows\system32\Drivers\Scutum50.sys [?]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\DTI~1\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\DTI~1\LOCALS~1\Temp\ALSysIO.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [14.12.2012 18:45 1691480]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [24.7.2014 9:27 32064]
S3 cpuz136;cpuz136;\??\c:\docume~1\DTI~1\LOCALS~1\Temp\cpuz136\cpuz136_x32.sys --> c:\docume~1\DTI~1\LOCALS~1\Temp\cpuz136\cpuz136_x32.sys [?]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [14.12.2012 19:35 96256]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [24.7.2014 9:28 89856]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [18.5.2014 10:32 20032]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [14.12.2012 19:49 23456]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 FairplayKD;FairplayKD;\??\c:\documents and settings\All Users\Data aplikací\MTA San Andreas All\Common\temp\FairplayKD.sys --> c:\documents and settings\All Users\Data aplikací\MTA San Andreas All\Common\temp\FairplayKD.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [17.5.2014 14:46 37344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1.10.2014 13:21 22856]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [25.7.2014 8:52 15688]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [25.7.2014 8:52 10320]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys --> c:\windows\system32\DRIVERS\RTL8192cu.sys [?]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [16.12.2010 17:05 98672]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [16.12.2010 17:05 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [16.12.2010 17:05 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [16.12.2010 17:05 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [16.12.2010 17:05 123504]
S3 SBUpdd;SpeedBit UpdateD;\??\c:\program files\Common Files\SpeedBit\SBUpdate\sbw.sys --> c:\program files\Common Files\SpeedBit\SBUpdate\sbw.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [24.7.2014 9:27 136904]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [24.7.2014 9:27 17864]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [24.7.2014 9:27 153672]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [24.7.2014 9:27 130248]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [24.7.2014 9:28 184192]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudserd.sys [24.7.2014 9:28 184192]
S4 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe --> c:\program files\AMD\OverDrive\AODAssist.exe [?]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [17.5.2014 14:46 233472]
S4 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [22.3.2011 9:32 2560]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1.10.2014 13:21 701512]
.
Obsah adresáře 'Naplánované úlohy'
.
2014-10-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-02 08:37]
.
2014-10-02 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-13 17:20]
.
2014-10-02 c:\windows\Tasks\Opera scheduled Autoupdate 1412236074.job
- c:\program files\Opera\launcher.exe [2014-10-02 08:37]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
mStart Page = www.google.com
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 94.74.192.252 94.74.192.244
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Děti\Data aplikací\Mozilla\Firefox\Profiles\cgw5io15.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-10-02 10:56
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-507921405-287218729-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:75,1c,fb,10,c9,b8,6e,d0,15,d7,8a,17,18,6c,1a,a7,89,4d,59,7f,8c,39,d7,
a9,32,a5,c5,30,d8,6d,ea,8d,bc,fc,54,77,48,00,a9,87,cb,7f,c3,25,aa,67,9f,ed,\
"??"=hex:01,a7,52,aa,0d,56,14,3c,08,8a,45,82,f4,d1,90,84
.
[HKEY_USERS\S-1-5-21-507921405-287218729-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:d5,a3,52,cf,7c,a3,f7,3d,7b,77,78,1b,4c,d0,1c,bf,1b,7d,e1,cd,47,
cd,22,d8,29,2c,05,36,e3,3e,ae,64,20,9b,5e,ff,fe,4c,09,2c,31,61,61,97,11,a2,\
"rkeysecu"=hex:56,c9,f0,a6,ef,05,63,1c,67,54,95,66,23,93,c1,6b
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{34323ca7-fb9b-4ce1-9f75-a114bc81ad77}]
@Denied: (Full) (Everyone)
"Model"=dword:000000a0
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,fb,b7,f5,f8,f7,48,11,a9,d4,4f,c0,13,79,51,b0,f6,dd,8b,37,7c,c0,a0,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):7a,cd,84,cd,f8,af,a8,67,c2,c9,5f,4c,e2,af,3b,52,09,4a,cb,2e,72,
23,a5,6b,cc,4b,76,48,94,63,90,d2,a4,45,6a,7c,5e,5a,e7,e3,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347]
"1"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,60,bf,2f,c2,35,91,ae,
25
"2"=hex:fb,e6,50,7f,41,f4,51,a7,7f,ec,2d,f9,42,45,3a,02,3a,b7,45,15,3f,9d,8b,
c3
"3"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,5d,f5,58,d1,21,e0,48,
8b,38,57,44,9c,4e,8d,78,88,fd,f1,01,9d,86,d8,b5,cb,d9,bf,23,55,4a,bb,31,1f
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\CF5A76C0F6C2981F786388D07A007CED]
"1"=hex:b0,57,4a,e6,b6,28,dc,b1,c7,47,8a,c4,80,0d,73,fa,b6,aa,88,ab,a1,2d,c7,
8d,a1,70,b2,9c,4e,a1,a9,b9
"2"=hex:14,ce,87,8d,79,74,ee,b2
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:97,e4,84,cd,95,83,bf,82,66,bb,1b,76,ec,7c,06,9a,0e,0b,6d,a2,47,37,9f,
b6,d4,bb,5e,31,68,e2,cb,1a,ee,af,25,28,3c,06,fa,02,cf,94,9f,2c,18,df,5b,c1,\
"8"=hex:a1,11,fb,7d,b5,63,02,11,bd,c0,a0,b7,23,89,28,af,b1,37,b1,d8,74,bd,e9,
e2,00,36,f3,a8,8e,35,d9,f4,b6,f9,64,d3,f7,56,9e,fc,7a,fa,72,12,f5,99,6b,b6,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:b6,dd,00,4d,9d,38,11,d1
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG16.00.00.01PROFESSIONAL"="DF94E96E6FB76F928DD36DE06DD94C506BB8EBF0F8F18035D8B7CD89DFF31A48B0E4F2442BA70AF5766550066179904A173729E0C234B785B4C2C852A3F15D7C8942DDC9D3EE4EC6CF71578013A3F042481A57A29BB1FE5E405E3A473223CF45B666A23AD0F0B341094FA0925DE5DE88AEF1E09D70C6E0460BF7749327D035FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407FEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98088976080BD4C204173508A75BAC4C7ABC6E95BEA2E7655FC9A60C3782E6190F39C0D903E1488A2A891C44A9349FCB12CB78BF2F44FB4931B725DF471D46B79EDE84DADC78E223065E570C644631FE64B1DF21FDB84DCF9304D4BDEDEA2C62AC241E3FE09104112BF665887E3E8597F308F8E3CDB4627F96A1FC6D6C472511F37467938C4EDDDCA458D5A655281551B68F29F4F94D99E13C28F87C3772153C25E15426933876906CA9CF9476F4AAE61727E9860C7D23047CD0B6BEF78E30E3E39DE58A5ABDA93DF6398BC8A77A6698F2554A0C47A283F6C0FA3C4A0E23010A4980B5977D2CA575A67857F9DE72BBAC1D44ECBF1E8094D269AB1EF7091D65B56007EFE84BBA6E51D57A93A3C77973EA59C1879E3ABC02AE4A0709672FCA8EF02A5054DDC4FE596DD07A34084191289F634063E9F761CC2AA7D93CF8FA5E824B9822B898A1F711685853452AE09FC99BE9D56027675D4A643F120AD417719BD7166183814D0516E5A28763D16C6D1C350DBA711ECC84A286BE425A63E87E86ABFD9C3242E36AB90D58BA3E8ADFA938C2644F9A5C228A52374AA22AD303E4C5611F81D44BB94FA20A17B61CA76B6308A1F9137634928AAB25778D859830E62F19BE668FCFD4C2CC0E6DE7D63AF1914C33C9ADB53AFE05D103D10111E66D2E6B7595C01AC5703305CA635FD99A8A8C19DA486897C67C593E04592185B96D467A9CCC2E41E8F8F5EFF7EFD029668213D503DA31F478D2D03D647E342C4E949B2CB7876EE638944484D10218D7FB57C4BE965A98B6307E13F0602C25E5A77C832778D7E47CF716388C98F7AF10813DA8E10716D6D99131B04CBAB903A48B7235E40FC7190B2E0AD3A50F2AB80F5E9CA726494FC47386CE9B1AB6F8807004F84CB2325138B026AE7A457D5E78263E8F0F40553D6029BCEEA97521AAF463DEC448349DE4909BEE7576302E54D7BA12668F3D2808CA33A55E954E45075B2F2F3F8BDC90E617905C07710372BA64458C25BFFB43504B61751F7D6C76B9D1944B075EF7CBAF63E8853CFEAA9C38CDD3A7819832A9A4CB962664E36609E09C6C4CECECA2970BB110C4A310E985656A871FE97766648E58C773972FAA560F202111F5454FBE396186B9010059874F3195F17B9EF30285247F"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(880)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\psbase.dll
.
- - - - - - - > 'explorer.exe'(3144)
c:\windows\system32\COMRes.dll
c:\windows\system32\msi.dll
c:\windows\System32\cscui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2014-10-02 10:59:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-10-02 08:59
ComboFix2.txt 2014-10-01 18:21
.
Před spuštěním: Volných bajtů: 47 693 041 664
Po spuštění: Volných bajtů: 47 557 234 688
.
- - End Of File - - D2F4C46EE786A61011A90D142E581685
413FC2A0C716421B3158746D63736515
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1506 [GMT 2:00]
Spuštěný z: c:\documents and settings\Děti\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Děti\Plocha\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
SP: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7094}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SPTD
-------\Service_hznozqek
-------\Service_sptd
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-09-02 do 2014-10-02 )))))))))))))))))))))))))))))))
.
.
2014-10-02 07:48 . 2014-10-02 07:48 -------- d-----w- c:\documents and settings\Děti\Data aplikací\Opera Software
2014-10-01 15:17 . 2014-10-01 15:17 -------- d-----w- c:\documents and settings\Děti\.IBot
2014-10-01 15:17 . 2014-10-01 15:17 -------- d-----w- c:\program files\Profibot
2014-10-01 11:21 . 2014-10-01 11:21 -------- d-----w- c:\documents and settings\Děti\Data aplikací\Malwarebytes
2014-10-01 11:21 . 2014-10-01 11:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-10-01 11:21 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-01 10:21 . 2014-10-01 10:22 -------- d-----w- c:\program files\CCleaner
2014-10-01 06:24 . 2014-10-01 06:24 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\AVAST Software
2014-09-29 09:26 . 2014-09-29 09:26 -------- d-----w- c:\program files\Common Files\Java
2014-09-29 09:26 . 2014-09-29 09:26 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-09-28 17:50 . 2014-10-02 07:48 -------- d-----w- c:\program files\Opera
2014-09-24 11:39 . 2014-09-24 11:39 -------- d-----w- c:\windows\Flash
2014-09-21 19:11 . 2014-09-21 19:11 -------- d-----w- c:\documents and settings\uživatel\.IBot
2014-09-20 13:45 . 2013-06-21 12:02 893728 ----a-w- c:\windows\system32\nvdispgenco3232049.dll
2014-09-20 13:45 . 2013-06-21 12:02 1024288 ----a-w- c:\windows\system32\nvdispco3232049.dll
2014-09-09 04:55 . 2014-09-09 17:36 -------- d-----w- c:\program files\Prime95
2014-09-09 04:47 . 2014-09-09 04:47 -------- d-----w- c:\documents and settings\Děti\Local Settings\Data aplikací\OCCT_-_Ocbase_-_Adrien_Me
2014-09-08 11:40 . 2014-09-08 11:40 -------- d-----w- c:\windows\system32\HtmlData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-29 09:26 . 2014-08-21 13:54 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-09-20 08:37 . 2012-10-02 14:18 701104 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-20 08:37 . 2012-10-02 14:18 71344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-03 05:08 . 2010-06-26 08:56 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2014-07-13 17:20 . 2014-07-13 17:20 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-07-13 17:20 . 2014-07-13 17:20 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-07-13 17:20 . 2014-07-13 17:20 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-13 17:20 . 2014-07-13 17:20 57800 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-07-13 17:20 . 2014-07-13 17:20 55112 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-07-13 17:20 . 2014-07-13 17:20 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-13 17:20 . 2014-07-13 17:20 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-13 17:20 . 2014-07-13 17:20 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-13 17:20 . 2014-07-13 17:20 276432 ----a-w- c:\windows\system32\aswBoot.exe
2014-07-13 17:20 . 2014-07-13 17:20 43152 ----a-w- c:\windows\avastSS.scr
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 06:51 . E7B375DFFB68A16659CA66474A280C47 . 806912 . . [2001.12.4414.700] . . c:\windows\NiwradSoft Shell Pack\Backup\comres.dll
[-] 2008-04-14 06:51 . 672582A3849B24B67C237D13E79CE672 . 1508864 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 06:51 . 672582A3849B24B67C237D13E79CE672 . 1508864 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[7] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[7] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2008-04-14 . D63C59BB0CA2F83B62D003FD52863090 . 1541120 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 . D63C59BB0CA2F83B62D003FD52863090 . 1541120 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
.
[-] 2008-04-14 . 6915639F41228891A883B2DA59AA7429 . 277504 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[7] 2008-04-14 . FDEB1D02CAE38665CBF114F44E6B997E . 147968 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\regedit.exe
[-] 2008-04-14 . 6915639F41228891A883B2DA59AA7429 . 277504 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
.
[7] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . 0415E09C0BCCBF8B5CD5A05889EFB962 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[7] 2008-04-14 . ED18ADEE4AA21EB26977260152D7241A . 345088 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\hnetcfg.dll
[-] 2008-04-14 . FDE84E2C6D0E1F75D61D7CC111A1DA5A . 369152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . FDE84E2C6D0E1F75D61D7CC111A1DA5A . 369152 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-13 17:20 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-01 4085896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 40448]
.
c:\documents and settings\BartimeusCZ\Nabídka Start\Programy\Po spuštění\
SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2013-3-15 4683768]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"83.125.22.190,255.255.255.255,92.240.176.74,1"=""
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Děti^Nabídka Start^Programy^Po spuštění^SpeedFan.lnk]
path=c:\documents and settings\Děti\Nabídka Start\Programy\Po spuštění\SpeedFan.lnk
backup=c:\windows\pss\SpeedFan.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppsHat]
2012-10-26 06:49 202752 ----a-w- c:\documents and settings\Děti\Local Settings\Data aplikací\WebPlayer\AppsHat\WebPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 20:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2014-09-25 14:45 4810520 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 06:52 40448 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-16 04:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 04:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR.exe]
2014-06-14 04:31 843568 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2014-06-14 04:30 1563440 ----a-w- c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2014-06-14 04:30 310064 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Math Optimize]
2014-01-20 16:36 67740 ----a-w- c:\documents and settings\Děti\Local Settings\Data aplikací\Math Problem Solver\Optimize.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2013-06-21 09:54 15677728 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2013-06-21 09:54 223008 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2013-06-21 12:02 2586912 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2012-06-06 13:00 20065936 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2014-09-23 04:32 1938112 ----a-w- d:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-07-25 10:29 256896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebCake Desktop Updater"=2 (0x2)
"AdvancedSystemCareService7"=2 (0x2)
"MBAMService"=2 (0x2)
"MBAMScheduler"=2 (0x2)
"ekrn"=2 (0x2)
"avast! Antivirus"=2 (0x2)
"Steam Client Service"=3 (0x3)
"SBUpd"=2 (0x2)
"PnkBstrA"=2 (0x2)
"osppsvc"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NVSvc"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MDM"=2 (0x2)
"LiveUpdateSvc"=2 (0x2)
"LicCtrlService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"IJPLMSVC"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"FsUsbExService"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"ERSvc"=2 (0x2)
"WebClient"=2 (0x2)
"SysmonLog"=3 (0x3)
"Alerter"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"TermService"=3 (0x3)
"TlntSvr"=3 (0x3)
"ClipSrv"=3 (0x3)
"VSS"=3 (0x3)
"RDSessMgr"=3 (0x3)
"NetDDEdsdm"=3 (0x3)
"SCardSvr"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"ImapiService"=3 (0x3)
"ALG"=3 (0x3)
"NetDDE"=3 (0x3)
"Nla"=3 (0x3)
"seclogon"=2 (0x2)
"Browser"=3 (0x3)
"helpsvc"=2 (0x2)
"mnmsrvc"=3 (0x3)
"SwPrv"=3 (0x3)
"Messenger"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"CiSvc"=3 (0x3)
"upnphost"=3 (0x3)
"wscsvc"=2 (0x2)
"SharedAccess"=2 (0x2)
"wuauserv"=2 (0x2)
"Dot3svc"=3 (0x3)
"WZCSVC"=2 (0x2)
"SkypeUpdate"=2 (0x2)
"NvNetworkService"=2 (0x2)
"SbieSvc"=2 (0x2)
"WmiApSrv"=3 (0x3)
"Prime95 Service"=2 (0x2)
"MozillaMaintenance"=3 (0x3)
"AODService"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"cz.seznam.software.szndesktop"="c:\documents and settings\Děti\Data aplikací\Seznam.cz\bin\wszndesktop.exe" -q
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
"nwiz"=c:\program files\NVIDIA Corporation\nView\nwiz.exe /install
"MP10_EnsureFileVer"=c:\windows\inf\unregmp2.exe /EnsureFileVersions
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiSpyWareDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\Czech\\setup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre7\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Torrent Download\\TorrentDownload.exe"=
"c:\\Documents and Settings\\Děti\\Data aplikací\\uTorrent\\utorrent.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\SoundSpectrum\\G-Force\\G-Force Standalone.exe"=
"c:\\Documents and Settings\\Děti\\Plocha\\Nová složka\\eg.dlleg"=
"d:\\Hry\\Etacidnys\\eg.dlleg"=
"d:\\Program Files\\Steam\\SteamApps\\common\\Team Fortress 2\\hl2.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
"57491:TCP"= 57491:TCP:Pando Media Booster
"57491:UDP"= 57491:UDP:Pando Media Booster
"56193:TCP"= 56193:TCP:Pando Media Booster
"56193:UDP"= 56193:UDP:Pando Media Booster
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [13.7.2014 19:20 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [13.7.2014 19:20 192352]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [13.5.2014 14:17 237848]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13.5.2014 14:04 27416]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [13.7.2014 19:20 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [13.7.2014 19:20 414520]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [13.5.2014 14:19 192280]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [13.7.2014 19:20 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [13.7.2014 19:20 67824]
S2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\Drivers\Scutum50.sys --> c:\windows\system32\Drivers\Scutum50.sys [?]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\DTI~1\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\DTI~1\LOCALS~1\Temp\ALSysIO.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [14.12.2012 18:45 1691480]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [24.7.2014 9:27 32064]
S3 cpuz136;cpuz136;\??\c:\docume~1\DTI~1\LOCALS~1\Temp\cpuz136\cpuz136_x32.sys --> c:\docume~1\DTI~1\LOCALS~1\Temp\cpuz136\cpuz136_x32.sys [?]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [14.12.2012 19:35 96256]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [24.7.2014 9:28 89856]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [18.5.2014 10:32 20032]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [14.12.2012 19:49 23456]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 FairplayKD;FairplayKD;\??\c:\documents and settings\All Users\Data aplikací\MTA San Andreas All\Common\temp\FairplayKD.sys --> c:\documents and settings\All Users\Data aplikací\MTA San Andreas All\Common\temp\FairplayKD.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [17.5.2014 14:46 37344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1.10.2014 13:21 22856]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [25.7.2014 8:52 15688]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [25.7.2014 8:52 10320]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys --> c:\windows\system32\DRIVERS\RTL8192cu.sys [?]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [16.12.2010 17:05 98672]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [16.12.2010 17:05 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [16.12.2010 17:05 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [16.12.2010 17:05 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [16.12.2010 17:05 123504]
S3 SBUpdd;SpeedBit UpdateD;\??\c:\program files\Common Files\SpeedBit\SBUpdate\sbw.sys --> c:\program files\Common Files\SpeedBit\SBUpdate\sbw.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [24.7.2014 9:27 136904]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [24.7.2014 9:27 17864]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [24.7.2014 9:27 153672]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [24.7.2014 9:27 130248]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [24.7.2014 9:28 184192]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudserd.sys [24.7.2014 9:28 184192]
S4 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe --> c:\program files\AMD\OverDrive\AODAssist.exe [?]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [17.5.2014 14:46 233472]
S4 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [22.3.2011 9:32 2560]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1.10.2014 13:21 701512]
.
Obsah adresáře 'Naplánované úlohy'
.
2014-10-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-02 08:37]
.
2014-10-02 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-13 17:20]
.
2014-10-02 c:\windows\Tasks\Opera scheduled Autoupdate 1412236074.job
- c:\program files\Opera\launcher.exe [2014-10-02 08:37]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
mStart Page = www.google.com
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 94.74.192.252 94.74.192.244
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Děti\Data aplikací\Mozilla\Firefox\Profiles\cgw5io15.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-10-02 10:56
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-507921405-287218729-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:75,1c,fb,10,c9,b8,6e,d0,15,d7,8a,17,18,6c,1a,a7,89,4d,59,7f,8c,39,d7,
a9,32,a5,c5,30,d8,6d,ea,8d,bc,fc,54,77,48,00,a9,87,cb,7f,c3,25,aa,67,9f,ed,\
"??"=hex:01,a7,52,aa,0d,56,14,3c,08,8a,45,82,f4,d1,90,84
.
[HKEY_USERS\S-1-5-21-507921405-287218729-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:d5,a3,52,cf,7c,a3,f7,3d,7b,77,78,1b,4c,d0,1c,bf,1b,7d,e1,cd,47,
cd,22,d8,29,2c,05,36,e3,3e,ae,64,20,9b,5e,ff,fe,4c,09,2c,31,61,61,97,11,a2,\
"rkeysecu"=hex:56,c9,f0,a6,ef,05,63,1c,67,54,95,66,23,93,c1,6b
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{34323ca7-fb9b-4ce1-9f75-a114bc81ad77}]
@Denied: (Full) (Everyone)
"Model"=dword:000000a0
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,fb,b7,f5,f8,f7,48,11,a9,d4,4f,c0,13,79,51,b0,f6,dd,8b,37,7c,c0,a0,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):7a,cd,84,cd,f8,af,a8,67,c2,c9,5f,4c,e2,af,3b,52,09,4a,cb,2e,72,
23,a5,6b,cc,4b,76,48,94,63,90,d2,a4,45,6a,7c,5e,5a,e7,e3,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347]
"1"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,60,bf,2f,c2,35,91,ae,
25
"2"=hex:fb,e6,50,7f,41,f4,51,a7,7f,ec,2d,f9,42,45,3a,02,3a,b7,45,15,3f,9d,8b,
c3
"3"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,5d,f5,58,d1,21,e0,48,
8b,38,57,44,9c,4e,8d,78,88,fd,f1,01,9d,86,d8,b5,cb,d9,bf,23,55,4a,bb,31,1f
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\CF5A76C0F6C2981F786388D07A007CED]
"1"=hex:b0,57,4a,e6,b6,28,dc,b1,c7,47,8a,c4,80,0d,73,fa,b6,aa,88,ab,a1,2d,c7,
8d,a1,70,b2,9c,4e,a1,a9,b9
"2"=hex:14,ce,87,8d,79,74,ee,b2
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:97,e4,84,cd,95,83,bf,82,66,bb,1b,76,ec,7c,06,9a,0e,0b,6d,a2,47,37,9f,
b6,d4,bb,5e,31,68,e2,cb,1a,ee,af,25,28,3c,06,fa,02,cf,94,9f,2c,18,df,5b,c1,\
"8"=hex:a1,11,fb,7d,b5,63,02,11,bd,c0,a0,b7,23,89,28,af,b1,37,b1,d8,74,bd,e9,
e2,00,36,f3,a8,8e,35,d9,f4,b6,f9,64,d3,f7,56,9e,fc,7a,fa,72,12,f5,99,6b,b6,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:b6,dd,00,4d,9d,38,11,d1
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG16.00.00.01PROFESSIONAL"="DF94E96E6FB76F928DD36DE06DD94C506BB8EBF0F8F18035D8B7CD89DFF31A48B0E4F2442BA70AF5766550066179904A173729E0C234B785B4C2C852A3F15D7C8942DDC9D3EE4EC6CF71578013A3F042481A57A29BB1FE5E405E3A473223CF45B666A23AD0F0B341094FA0925DE5DE88AEF1E09D70C6E0460BF7749327D035FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407FEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98088976080BD4C204173508A75BAC4C7ABC6E95BEA2E7655FC9A60C3782E6190F39C0D903E1488A2A891C44A9349FCB12CB78BF2F44FB4931B725DF471D46B79EDE84DADC78E223065E570C644631FE64B1DF21FDB84DCF9304D4BDEDEA2C62AC241E3FE09104112BF665887E3E8597F308F8E3CDB4627F96A1FC6D6C472511F37467938C4EDDDCA458D5A655281551B68F29F4F94D99E13C28F87C3772153C25E15426933876906CA9CF9476F4AAE61727E9860C7D23047CD0B6BEF78E30E3E39DE58A5ABDA93DF6398BC8A77A6698F2554A0C47A283F6C0FA3C4A0E23010A4980B5977D2CA575A67857F9DE72BBAC1D44ECBF1E8094D269AB1EF7091D65B56007EFE84BBA6E51D57A93A3C77973EA59C1879E3ABC02AE4A0709672FCA8EF02A5054DDC4FE596DD07A34084191289F634063E9F761CC2AA7D93CF8FA5E824B9822B898A1F711685853452AE09FC99BE9D56027675D4A643F120AD417719BD7166183814D0516E5A28763D16C6D1C350DBA711ECC84A286BE425A63E87E86ABFD9C3242E36AB90D58BA3E8ADFA938C2644F9A5C228A52374AA22AD303E4C5611F81D44BB94FA20A17B61CA76B6308A1F9137634928AAB25778D859830E62F19BE668FCFD4C2CC0E6DE7D63AF1914C33C9ADB53AFE05D103D10111E66D2E6B7595C01AC5703305CA635FD99A8A8C19DA486897C67C593E04592185B96D467A9CCC2E41E8F8F5EFF7EFD029668213D503DA31F478D2D03D647E342C4E949B2CB7876EE638944484D10218D7FB57C4BE965A98B6307E13F0602C25E5A77C832778D7E47CF716388C98F7AF10813DA8E10716D6D99131B04CBAB903A48B7235E40FC7190B2E0AD3A50F2AB80F5E9CA726494FC47386CE9B1AB6F8807004F84CB2325138B026AE7A457D5E78263E8F0F40553D6029BCEEA97521AAF463DEC448349DE4909BEE7576302E54D7BA12668F3D2808CA33A55E954E45075B2F2F3F8BDC90E617905C07710372BA64458C25BFFB43504B61751F7D6C76B9D1944B075EF7CBAF63E8853CFEAA9C38CDD3A7819832A9A4CB962664E36609E09C6C4CECECA2970BB110C4A310E985656A871FE97766648E58C773972FAA560F202111F5454FBE396186B9010059874F3195F17B9EF30285247F"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(880)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\psbase.dll
.
- - - - - - - > 'explorer.exe'(3144)
c:\windows\system32\COMRes.dll
c:\windows\system32\msi.dll
c:\windows\System32\cscui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2014-10-02 10:59:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-10-02 08:59
ComboFix2.txt 2014-10-01 18:21
.
Před spuštěním: Volných bajtů: 47 693 041 664
Po spuštění: Volných bajtů: 47 557 234 688
.
- - End Of File - - D2F4C46EE786A61011A90D142E581685
413FC2A0C716421B3158746D63736515
ak ano - ake ?
