Re: Prosim o kontrolu LOGU Pawel akutní a naléhavé!!!
Napsal: 22 lis 2014 12:20
ComboFix 14-11-18.01 - Pawel 11/22/2014 11:03:19.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2008.1105 [GMT 0:00]
Running from: c:\users\Pawel\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Pawel\AppData\Local\Temp\TeamViewer\Version9\TeamViewer.exe
c:\users\Pawel\AppData\Local\Temp\TeamViewer\Version9\TeamViewer_Resource_cs.dll
c:\users\Pawel\AppData\Local\Temp\TeamViewer\Version9\TeamViewer_StaticRes.dll
.
.
((((((((((((((((((((((((( Files Created from 2014-10-22 to 2014-11-22 )))))))))))))))))))))))))))))))
.
.
2014-11-22 11:13 . 2014-11-22 11:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-21 22:15 . 2014-11-21 22:15 4 ----a-w- c:\users\Pawel\AppData\Roaming\appdataFr2.bin
2014-11-21 19:16 . 2014-11-02 04:17 8941456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7AC28C4-1FA2-48E4-A1FE-3028A2186096}\mpengine.dll
2014-11-19 03:21 . 2014-10-24 01:03 499200 ----a-w- c:\windows\system32\kerberos.dll
2014-11-18 18:46 . 2013-08-27 01:52 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2014-11-18 18:46 . 2013-08-27 01:50 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2014-11-18 18:46 . 2013-08-27 02:47 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-11-18 18:46 . 2013-08-27 02:47 189952 ----a-w- c:\windows\system32\d3d10core.dll
2014-11-18 18:46 . 2013-08-27 02:47 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2014-11-18 18:46 . 2013-08-27 02:47 1029120 ----a-w- c:\windows\system32\d3d10.dll
2014-11-18 18:46 . 2013-08-27 01:32 683008 ----a-w- c:\windows\system32\d2d1.dll
2014-11-18 18:46 . 2013-08-27 01:28 1069056 ----a-w- c:\windows\system32\DWrite.dll
2014-11-18 18:46 . 2013-08-27 01:28 798208 ----a-w- c:\windows\system32\FntCache.dll
2014-11-18 18:46 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2014-11-18 05:30 . 2014-11-18 05:30 -------- d-----w- c:\program files\Windows Portable Devices
2014-11-18 05:09 . 2014-10-25 06:21 304128 ----a-w- c:\program files\Internet Explorer\ieuser.exe
2014-11-18 04:59 . 2014-06-26 22:17 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-11-18 04:59 . 2014-06-26 22:17 8856 ----a-w- c:\windows\system32\icardres.dll
2014-11-18 04:59 . 2014-06-26 22:17 619664 ----a-w- c:\windows\system32\icardagt.exe
2014-11-18 04:59 . 2014-06-06 04:28 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-11-18 04:56 . 2014-06-15 22:18 1131664 ----a-w- c:\windows\system32\dfshim.dll
2014-11-18 04:56 . 2014-06-13 18:22 81560 ----a-w- c:\windows\system32\mscories.dll
2014-11-18 04:56 . 2014-06-13 18:22 156824 ----a-w- c:\windows\system32\mscorier.dll
2014-11-18 04:53 . 2014-10-10 01:00 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-18 04:53 . 2014-10-09 23:22 619520 ----a-w- c:\windows\system32\adtschema.dll
2014-11-18 04:52 . 2014-10-10 01:01 449536 ----a-w- c:\windows\system32\termsrv.dll
2014-11-18 04:52 . 2014-10-10 01:00 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-18 04:51 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2014-11-18 04:51 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2014-11-18 04:51 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2014-11-18 04:45 . 2014-08-27 00:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-18 04:45 . 2014-08-27 00:55 1249280 ----a-w- c:\windows\system32\msxml3.dll
2014-11-18 04:37 . 2014-09-19 00:50 278528 ----a-w- c:\windows\system32\schannel.dll
2014-11-18 04:35 . 2014-10-24 01:04 67072 ----a-w- c:\windows\system32\packager.dll
2014-11-18 04:32 . 2014-09-09 06:24 2048 ----a-w- c:\windows\system32\tzres.dll
2014-11-18 04:24 . 2014-11-18 04:24 -------- d-----w- c:\windows\Migration
2014-11-18 04:17 . 2014-08-23 01:03 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-11-18 04:03 . 2014-08-12 02:25 729600 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-18 03:59 . 2014-11-18 03:59 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2014-11-18 03:58 . 2014-11-18 03:58 519680 ----a-w- c:\windows\system32\d3d11.dll
2014-11-18 03:58 . 2014-11-18 03:58 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2014-11-18 03:58 . 2014-11-18 03:58 252928 ----a-w- c:\windows\system32\dxdiag.exe
2014-11-18 03:58 . 2014-11-18 03:58 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2014-11-18 03:58 . 2014-11-18 03:58 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-18 03:58 . 2014-11-18 03:58 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2014-11-18 03:58 . 2014-11-18 03:58 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-11-18 03:46 . 2014-10-03 01:18 274432 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-18 03:46 . 2014-10-03 01:17 396800 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-18 03:46 . 2014-10-03 01:17 316928 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-18 03:46 . 2014-10-03 01:17 170496 ----a-w- c:\windows\system32\EncDump.dll
2014-11-18 03:29 . 2014-10-18 01:08 564224 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-18 03:21 . 2014-09-04 23:27 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys
2014-11-18 03:19 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2014-11-18 03:19 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-11-18 03:19 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-11-18 03:19 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2014-11-18 03:19 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-11-18 03:19 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-11-18 03:19 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-11-18 03:19 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-11-18 03:19 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-11-18 03:19 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-11-18 03:03 . 2014-10-12 23:34 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-11-17 19:18 . 2014-04-26 16:01 502784 ----a-w- c:\windows\system32\usp10.dll
2014-11-17 19:18 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll
2014-11-17 19:18 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2014-11-17 19:18 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2014-11-17 19:18 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2014-11-17 19:18 . 2014-06-02 10:31 2263552 ----a-w- c:\windows\system32\msi.dll
2014-11-17 19:18 . 2014-06-02 10:30 1993728 ----a-w- c:\windows\system32\authui.dll
2014-11-17 19:18 . 2014-06-02 10:30 33280 ----a-w- c:\windows\system32\appinfo.dll
2014-11-17 19:18 . 2014-06-02 08:56 82432 ----a-w- c:\windows\system32\consent.exe
2014-11-17 19:18 . 2014-06-02 10:31 332800 ----a-w- c:\windows\system32\msihnd.dll
2014-11-17 19:17 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2014-11-17 19:17 . 2014-06-02 10:31 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2014-11-17 19:17 . 2014-06-02 10:30 937472 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-11-17 19:17 . 2014-06-02 10:30 983552 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2014-11-17 19:17 . 2014-06-02 10:30 965120 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2014-11-17 19:17 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe
2014-11-17 19:17 . 2013-07-20 10:44 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-11-17 19:16 . 2014-04-05 02:42 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-11-17 19:16 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2014-11-17 19:16 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
2014-11-17 19:16 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2014-11-17 19:16 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2014-11-17 19:16 . 2013-10-30 02:12 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2014-11-17 19:16 . 2013-10-30 01:43 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-11-17 19:16 . 2013-10-30 00:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-11-17 19:15 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2014-11-17 19:15 . 2014-06-07 02:08 1305088 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-11-17 19:15 . 2014-06-07 02:08 149504 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-11-17 19:15 . 2014-06-07 02:08 114688 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2014-11-17 19:15 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2014-11-17 19:15 . 2014-06-14 00:44 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-11-17 19:15 . 2014-06-14 00:33 37376 ----a-w- c:\windows\system32\cdd.dll
2014-11-17 19:15 . 2014-06-06 08:59 506880 ----a-w- c:\windows\system32\qedit.dll
2014-11-17 19:13 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2014-11-17 19:13 . 2013-03-03 19:07 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-11-17 19:13 . 2014-05-30 06:53 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2014-11-17 19:13 . 2013-06-29 02:07 197632 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-11-17 19:13 . 2013-06-29 02:07 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-11-17 19:13 . 2013-06-29 02:07 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-11-17 19:13 . 2013-06-29 02:06 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-11-17 19:13 . 2011-05-05 13:54 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-11-17 19:13 . 2011-05-05 13:54 23552 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-11-17 19:12 . 2014-03-10 01:22 1401344 ----a-w- c:\windows\system32\msxml6.dll
2014-11-17 19:11 . 2012-11-08 03:48 1314816 ----a-w- c:\windows\system32\quartz.dll
2014-11-17 19:11 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2014-11-17 19:11 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll
2014-11-17 19:11 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll
2014-11-17 19:10 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2014-11-17 19:10 . 2013-10-11 02:08 131072 ----a-w- c:\windows\system32\wshom.ocx
2014-11-17 19:10 . 2013-10-11 00:35 155648 ----a-w- c:\windows\system32\wscript.exe
2014-11-17 19:10 . 2013-10-11 02:08 36864 ----a-w- c:\windows\system32\wshcon.dll
2014-11-17 19:10 . 2013-10-11 02:08 172032 ----a-w- c:\windows\system32\scrrun.dll
2014-11-17 19:10 . 2013-10-11 00:35 135168 ----a-w- c:\windows\system32\cscript.exe
2014-11-17 19:10 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe
2014-11-17 19:10 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll
2014-11-17 19:09 . 2013-10-03 12:45 993792 ----a-w- c:\windows\system32\crypt32.dll
2014-11-17 19:09 . 2013-06-26 23:01 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2014-11-17 19:09 . 2013-10-11 02:08 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2014-11-17 19:09 . 2013-10-11 02:07 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2014-11-17 19:09 . 2013-10-22 07:19 158208 ----a-w- c:\windows\system32\imagehlp.dll
2014-11-17 19:09 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2014-11-17 19:09 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-22 10:01 . 2014-02-22 09:25 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-21 19:15 . 2014-02-22 09:25 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-11-18 03:58 . 2014-11-18 03:58 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2014-11-16 15:48 . 2014-02-17 20:51 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-16 15:48 . 2014-02-17 20:51 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-16 14:01 . 2014-02-22 09:25 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-11-16 14:01 . 2014-02-22 09:25 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-16 14:01 . 2014-02-22 09:25 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-16 14:01 . 2014-02-22 09:25 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-16 14:01 . 2014-04-21 19:27 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-16 14:01 . 2014-02-22 09:25 55240 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2014-11-16 13:59 . 2014-02-22 09:25 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1416650508554
2014-11-04 14:30 . 2013-12-18 18:51 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-25 07:59 . 2014-11-18 05:09 53760 ----a-w- c:\windows\apppatch\iebrshim.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-21 19:27 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Pawel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Pawel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Pawel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-18 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-18 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-08 3890208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ ??
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 02:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-09-13 19:51 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2014-10-30 14:45 4826904 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-10-23 17:31 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 21:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-02-10 16:46 20922016 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 16:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-19 18:09 1087304 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-17 15:48]
.
2014-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-11-02 22:06]
.
2014-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-11-02 22:06]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-11-22 11:13
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2014-11-22 11:17:00
ComboFix-quarantined-files.txt 2014-11-22 11:16
.
Pre-Run: 6,802,276,352 bytes free
Post-Run: 6,602,866,688 bytes free
.
- - End Of File - - CC5DC8BE4E036DE2C7DF477F8FA1C524
5C616939100B85E558DA92B899A0FC36
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2008.1105 [GMT 0:00]
Running from: c:\users\Pawel\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Pawel\AppData\Local\Temp\TeamViewer\Version9\TeamViewer.exe
c:\users\Pawel\AppData\Local\Temp\TeamViewer\Version9\TeamViewer_Resource_cs.dll
c:\users\Pawel\AppData\Local\Temp\TeamViewer\Version9\TeamViewer_StaticRes.dll
.
.
((((((((((((((((((((((((( Files Created from 2014-10-22 to 2014-11-22 )))))))))))))))))))))))))))))))
.
.
2014-11-22 11:13 . 2014-11-22 11:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-21 22:15 . 2014-11-21 22:15 4 ----a-w- c:\users\Pawel\AppData\Roaming\appdataFr2.bin
2014-11-21 19:16 . 2014-11-02 04:17 8941456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7AC28C4-1FA2-48E4-A1FE-3028A2186096}\mpengine.dll
2014-11-19 03:21 . 2014-10-24 01:03 499200 ----a-w- c:\windows\system32\kerberos.dll
2014-11-18 18:46 . 2013-08-27 01:52 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2014-11-18 18:46 . 2013-08-27 01:50 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2014-11-18 18:46 . 2013-08-27 02:47 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-11-18 18:46 . 2013-08-27 02:47 189952 ----a-w- c:\windows\system32\d3d10core.dll
2014-11-18 18:46 . 2013-08-27 02:47 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2014-11-18 18:46 . 2013-08-27 02:47 1029120 ----a-w- c:\windows\system32\d3d10.dll
2014-11-18 18:46 . 2013-08-27 01:32 683008 ----a-w- c:\windows\system32\d2d1.dll
2014-11-18 18:46 . 2013-08-27 01:28 1069056 ----a-w- c:\windows\system32\DWrite.dll
2014-11-18 18:46 . 2013-08-27 01:28 798208 ----a-w- c:\windows\system32\FntCache.dll
2014-11-18 18:46 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2014-11-18 05:30 . 2014-11-18 05:30 -------- d-----w- c:\program files\Windows Portable Devices
2014-11-18 05:09 . 2014-10-25 06:21 304128 ----a-w- c:\program files\Internet Explorer\ieuser.exe
2014-11-18 04:59 . 2014-06-26 22:17 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-11-18 04:59 . 2014-06-26 22:17 8856 ----a-w- c:\windows\system32\icardres.dll
2014-11-18 04:59 . 2014-06-26 22:17 619664 ----a-w- c:\windows\system32\icardagt.exe
2014-11-18 04:59 . 2014-06-06 04:28 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-11-18 04:56 . 2014-06-15 22:18 1131664 ----a-w- c:\windows\system32\dfshim.dll
2014-11-18 04:56 . 2014-06-13 18:22 81560 ----a-w- c:\windows\system32\mscories.dll
2014-11-18 04:56 . 2014-06-13 18:22 156824 ----a-w- c:\windows\system32\mscorier.dll
2014-11-18 04:53 . 2014-10-10 01:00 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-18 04:53 . 2014-10-09 23:22 619520 ----a-w- c:\windows\system32\adtschema.dll
2014-11-18 04:52 . 2014-10-10 01:01 449536 ----a-w- c:\windows\system32\termsrv.dll
2014-11-18 04:52 . 2014-10-10 01:00 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-18 04:51 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2014-11-18 04:51 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2014-11-18 04:51 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2014-11-18 04:45 . 2014-08-27 00:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-18 04:45 . 2014-08-27 00:55 1249280 ----a-w- c:\windows\system32\msxml3.dll
2014-11-18 04:37 . 2014-09-19 00:50 278528 ----a-w- c:\windows\system32\schannel.dll
2014-11-18 04:35 . 2014-10-24 01:04 67072 ----a-w- c:\windows\system32\packager.dll
2014-11-18 04:32 . 2014-09-09 06:24 2048 ----a-w- c:\windows\system32\tzres.dll
2014-11-18 04:24 . 2014-11-18 04:24 -------- d-----w- c:\windows\Migration
2014-11-18 04:17 . 2014-08-23 01:03 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-11-18 04:03 . 2014-08-12 02:25 729600 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-18 03:59 . 2014-11-18 03:59 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2014-11-18 03:58 . 2014-11-18 03:58 519680 ----a-w- c:\windows\system32\d3d11.dll
2014-11-18 03:58 . 2014-11-18 03:58 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2014-11-18 03:58 . 2014-11-18 03:58 252928 ----a-w- c:\windows\system32\dxdiag.exe
2014-11-18 03:58 . 2014-11-18 03:58 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2014-11-18 03:58 . 2014-11-18 03:58 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-18 03:58 . 2014-11-18 03:58 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2014-11-18 03:58 . 2014-11-18 03:58 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-11-18 03:46 . 2014-10-03 01:18 274432 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-18 03:46 . 2014-10-03 01:17 396800 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-18 03:46 . 2014-10-03 01:17 316928 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-18 03:46 . 2014-10-03 01:17 170496 ----a-w- c:\windows\system32\EncDump.dll
2014-11-18 03:29 . 2014-10-18 01:08 564224 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-18 03:21 . 2014-09-04 23:27 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys
2014-11-18 03:19 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2014-11-18 03:19 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-11-18 03:19 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-11-18 03:19 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2014-11-18 03:19 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-11-18 03:19 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-11-18 03:19 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-11-18 03:19 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-11-18 03:19 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-11-18 03:19 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-11-18 03:03 . 2014-10-12 23:34 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-11-17 19:18 . 2014-04-26 16:01 502784 ----a-w- c:\windows\system32\usp10.dll
2014-11-17 19:18 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll
2014-11-17 19:18 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2014-11-17 19:18 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2014-11-17 19:18 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2014-11-17 19:18 . 2014-06-02 10:31 2263552 ----a-w- c:\windows\system32\msi.dll
2014-11-17 19:18 . 2014-06-02 10:30 1993728 ----a-w- c:\windows\system32\authui.dll
2014-11-17 19:18 . 2014-06-02 10:30 33280 ----a-w- c:\windows\system32\appinfo.dll
2014-11-17 19:18 . 2014-06-02 08:56 82432 ----a-w- c:\windows\system32\consent.exe
2014-11-17 19:18 . 2014-06-02 10:31 332800 ----a-w- c:\windows\system32\msihnd.dll
2014-11-17 19:17 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2014-11-17 19:17 . 2014-06-02 10:31 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2014-11-17 19:17 . 2014-06-02 10:30 937472 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-11-17 19:17 . 2014-06-02 10:30 983552 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2014-11-17 19:17 . 2014-06-02 10:30 965120 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2014-11-17 19:17 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe
2014-11-17 19:17 . 2013-07-20 10:44 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-11-17 19:16 . 2014-04-05 02:42 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-11-17 19:16 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2014-11-17 19:16 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
2014-11-17 19:16 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2014-11-17 19:16 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2014-11-17 19:16 . 2013-10-30 02:12 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2014-11-17 19:16 . 2013-10-30 01:43 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-11-17 19:16 . 2013-10-30 00:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-11-17 19:15 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2014-11-17 19:15 . 2014-06-07 02:08 1305088 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-11-17 19:15 . 2014-06-07 02:08 149504 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-11-17 19:15 . 2014-06-07 02:08 114688 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2014-11-17 19:15 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2014-11-17 19:15 . 2014-06-14 00:44 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-11-17 19:15 . 2014-06-14 00:33 37376 ----a-w- c:\windows\system32\cdd.dll
2014-11-17 19:15 . 2014-06-06 08:59 506880 ----a-w- c:\windows\system32\qedit.dll
2014-11-17 19:13 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2014-11-17 19:13 . 2013-03-03 19:07 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-11-17 19:13 . 2014-05-30 06:53 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2014-11-17 19:13 . 2013-06-29 02:07 197632 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-11-17 19:13 . 2013-06-29 02:07 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-11-17 19:13 . 2013-06-29 02:07 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-11-17 19:13 . 2013-06-29 02:06 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-11-17 19:13 . 2011-05-05 13:54 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-11-17 19:13 . 2011-05-05 13:54 23552 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-11-17 19:12 . 2014-03-10 01:22 1401344 ----a-w- c:\windows\system32\msxml6.dll
2014-11-17 19:11 . 2012-11-08 03:48 1314816 ----a-w- c:\windows\system32\quartz.dll
2014-11-17 19:11 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2014-11-17 19:11 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll
2014-11-17 19:11 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll
2014-11-17 19:10 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2014-11-17 19:10 . 2013-10-11 02:08 131072 ----a-w- c:\windows\system32\wshom.ocx
2014-11-17 19:10 . 2013-10-11 00:35 155648 ----a-w- c:\windows\system32\wscript.exe
2014-11-17 19:10 . 2013-10-11 02:08 36864 ----a-w- c:\windows\system32\wshcon.dll
2014-11-17 19:10 . 2013-10-11 02:08 172032 ----a-w- c:\windows\system32\scrrun.dll
2014-11-17 19:10 . 2013-10-11 00:35 135168 ----a-w- c:\windows\system32\cscript.exe
2014-11-17 19:10 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe
2014-11-17 19:10 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll
2014-11-17 19:09 . 2013-10-03 12:45 993792 ----a-w- c:\windows\system32\crypt32.dll
2014-11-17 19:09 . 2013-06-26 23:01 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2014-11-17 19:09 . 2013-10-11 02:08 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2014-11-17 19:09 . 2013-10-11 02:07 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2014-11-17 19:09 . 2013-10-22 07:19 158208 ----a-w- c:\windows\system32\imagehlp.dll
2014-11-17 19:09 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2014-11-17 19:09 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-22 10:01 . 2014-02-22 09:25 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-21 19:15 . 2014-02-22 09:25 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-11-18 03:58 . 2014-11-18 03:58 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2014-11-16 15:48 . 2014-02-17 20:51 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-16 15:48 . 2014-02-17 20:51 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-16 14:01 . 2014-02-22 09:25 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-11-16 14:01 . 2014-02-22 09:25 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-16 14:01 . 2014-02-22 09:25 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-16 14:01 . 2014-02-22 09:25 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-16 14:01 . 2014-04-21 19:27 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-16 14:01 . 2014-02-22 09:25 55240 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2014-11-16 13:59 . 2014-02-22 09:25 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1416650508554
2014-11-04 14:30 . 2013-12-18 18:51 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-25 07:59 . 2014-11-18 05:09 53760 ----a-w- c:\windows\apppatch\iebrshim.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-21 19:27 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Pawel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Pawel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Pawel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-18 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-18 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-08 3890208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ ??
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 02:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-09-13 19:51 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2014-10-30 14:45 4826904 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-10-23 17:31 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 21:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-02-10 16:46 20922016 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 16:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-19 18:09 1087304 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-17 15:48]
.
2014-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-11-02 22:06]
.
2014-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-11-02 22:06]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-11-22 11:13
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2014-11-22 11:17:00
ComboFix-quarantined-files.txt 2014-11-22 11:16
.
Pre-Run: 6,802,276,352 bytes free
Post-Run: 6,602,866,688 bytes free
.
- - End Of File - - CC5DC8BE4E036DE2C7DF477F8FA1C524
5C616939100B85E558DA92B899A0FC36
Vypnete trvale Windows Defender.
Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace