ComboFix 13-02-24.01 - uzivatel 25.02.2013 17:50:18.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2046.1220 [GMT 1:00] Spuštěný z: c:\users\uzivatel\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Ostatní výmazy ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\desktop.ini c:\program files\lol c:\program files\lol\League of Legends\0x0408.ini c:\program files\lol\League of Legends\0x0409.ini c:\program files\lol\League of Legends\0x0415.ini c:\program files\lol\League of Legends\0x0418.ini c:\program files\lol\League of Legends\data1.cab c:\program files\lol\League of Legends\data1.hdr c:\program files\lol\League of Legends\data2.cab c:\program files\lol\League of Legends\ISSetup.dll c:\program files\lol\League of Legends\layout.bin c:\program files\lol\League of Legends\setup.exe c:\program files\lol\League of Legends\setup.ini c:\program files\lol\League of Legends\setup.inx c:\program files\lol\League of Legends\setup.isn C:\Thumbs.db c:\windows\Downloaded Program Files\IDropPTB.dll . . ((((((((((((((((((((((((( Soubory vytvořené od 2013-01-25 do 2013-02-25 ))))))))))))))))))))))))))))))) . . 2013-02-24 19:11 . 2013-02-24 19:11 -------- d-----w- c:\users\uzivatel\AppData\Roaming\Malwarebytes 2013-02-24 19:11 . 2013-02-24 19:11 -------- d-----w- c:\programdata\Malwarebytes 2013-02-24 19:11 . 2013-02-24 19:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-02-24 19:11 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-02-24 16:45 . 2013-02-24 16:46 -------- d-----w- c:\program files\trend micro 2013-02-24 16:45 . 2013-02-24 16:46 -------- d-----w- C:\rsit 2013-02-23 15:03 . 2013-02-23 15:03 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{073230B3-74A4-459D-BF88-8E7496209E74}\offreg.dll 2013-02-22 07:29 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{073230B3-74A4-459D-BF88-8E7496209E74}\mpengine.dll 2013-02-17 11:28 . 2013-01-03 11:42 6161832 ----a-w- c:\windows\system32\nvopencl.dll 2013-02-17 11:28 . 2013-01-03 11:42 19914680 ----a-w- c:\windows\system32\nvoglv32.dll 2013-02-17 11:28 . 2013-01-03 11:42 10919864 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2013-02-17 11:27 . 2013-01-03 11:42 7753688 ----a-w- c:\windows\system32\nvcuda.dll 2013-02-17 11:27 . 2013-01-03 11:42 2575800 ----a-w- c:\windows\system32\nvcuvid.dll 2013-02-17 11:27 . 2013-01-03 11:42 1867704 ----a-w- c:\windows\system32\nvcuvenc.dll 2013-02-17 11:27 . 2013-01-03 11:42 17560504 ----a-w- c:\windows\system32\nvcompiler.dll 2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Mozilla Firefox\Plugins\nppdf32.dll 2013-02-15 21:07 . 2013-02-15 21:10 -------- d-----w- c:\program files\FlatOut2 2013-02-14 06:50 . 2013-01-04 01:38 2048512 ----a-w- c:\windows\system32\win32k.sys 2013-02-14 06:50 . 2012-11-08 03:48 1314816 ----a-w- c:\windows\system32\quartz.dll 2013-02-14 06:50 . 2013-01-04 11:28 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-14 06:50 . 2013-01-05 05:26 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-02-14 06:50 . 2013-01-05 05:26 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-13 19:06 . 2013-02-25 15:14 -------- d-----w- c:\program files\YTD Toolbar 2013-02-02 16:59 . 2013-02-02 16:59 -------- d-----w- c:\program files\Microsoft 2013-02-02 16:59 . 2013-02-02 16:59 -------- d--h--w- c:\windows\msdownld.tmp . . . (((((((((((((((((((((((((((((((((((((((( Find3M výpis )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-23 21:05 . 2012-04-06 06:35 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-23 21:05 . 2012-02-17 22:28 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-17 00:28 . 2012-02-17 12:02 232336 ------w- c:\windows\system32\MpSigStub.exe 2013-01-11 15:35 . 2013-01-11 15:35 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-01-11 15:35 . 2013-01-11 15:37 859072 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-01-11 15:35 . 2012-03-17 08:38 779704 ----a-w- c:\windows\system32\deployJava1.dll 2013-01-03 11:42 . 2012-10-10 20:14 888760 ----a-w- c:\windows\system32\nvdispgenco32.dll 2013-01-03 11:42 . 2012-10-10 20:14 2443472 ----a-w- c:\windows\system32\nvapi.dll 2013-01-03 11:42 . 2012-10-10 20:14 15411296 ----a-w- c:\windows\system32\nvd3dum.dll 2013-01-03 11:42 . 2012-03-17 09:01 1010104 ----a-w- c:\windows\system32\nvdispco32.dll 2013-01-03 08:38 . 2007-02-10 02:48 3969976 ----a-w- c:\windows\system32\nvcpl.dll 2013-01-03 08:38 . 2007-02-10 02:48 2858424 ----a-w- c:\windows\system32\nvsvc.dll 2013-01-03 08:37 . 2012-03-17 09:03 634808 ----a-w- c:\windows\system32\nvvsvc.exe 2013-01-03 08:37 . 2012-03-17 09:03 62904 ----a-w- c:\windows\system32\nvshext.dll 2013-01-03 08:37 . 2007-02-10 02:48 108984 ----a-w- c:\windows\system32\nvmctray.dll 2012-12-16 13:12 . 2012-12-21 16:15 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 10:50 . 2012-12-21 16:15 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-07-06 19:24 . 2012-07-06 19:24 189 ----a-w- c:\program files\0SQ7B5G2.bat 2012-01-29 16:10 . 2012-02-21 14:57 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((((((((( Spouštěcí body v registru ))))))))))))))))))))))))))))))))))))))))))))) . . *Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-07 17425072] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-06-29 880496] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2005-12-18 61440] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . --- Ostatní služby/ovladače v paměti --- . *Deregistered* - MBAMSwissArmy . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Obsah adresáře 'Naplánované úlohy' . 2013-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3314771282-3977894261-815355269-1000Core.job - c:\users\uzivatel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17 17:20] . 2013-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3314771282-3977894261-815355269-1000UA.job - c:\users\uzivatel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17 17:20] . . ------- Doplňkový sken ------- . uStart Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com mStart Page = hxxp://www.google.com uSearchAssistant = hxxp://www.google.com IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe TCP: DhcpNameServer = 192.168.1.1 192.168.45.1 FF - ProfilePath - c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\ovv1ht79.default\ FF - prefs.js: browser.search.defaulturl - FF - ExtSQL: 2013-01-11 16:48; toolbar@ask.com; c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\ovv1ht79.default\extensions\toolbar@ask.com . . ------- Asociace souborů ------- . .scr=AutoCADScriptFile . - - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - - . SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-AGEIA PhysX v2.5.1 - c:\program files\AGEIA Technologies\uninstall.exe AddRemove-BattlEye - c:\program files\Bohemia Interactive\ArmA 2\BattlEye\UnInstallBE.exe AddRemove-Flashpoint - c:\program files\Codemasters\UnInstall.exe AddRemove-QipGuard - c:\users\uzivatel\AppData\Roaming\QipGuard\QipGuard.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-02-25 18:03 Windows 6.0.6002 Service Pack 2 NTFS . skenování skrytých procesů ... . skenování skrytých položek 'Po spuštění' ... . skenování skrytých souborů ... . sken byl úspešně dokončen skryté soubory: 0 . ************************************************************************** . --------------------- ZAMKNUTÉ KLÍČE V REGISTRU --------------------- . [HKEY_USERS\S-1-5-21-3314771282-3977894261-815355269-1000\Software\SecuROM\License information*] "datasecu"=hex:7c,51,54,50,c7,d6,19,9d,4e,f9,fc,23,21,64,dd,e0,f5,30,8d,48,22, 9d,e1,e9,0c,81,bc,7b,30,2c,a9,0d,cb,09,de,b9,27,b1,44,53,ea,a2,3c,bc,4f,7d,\ "rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb . Celkový čas: 2013-02-25 18:06:48 ComboFix-quarantined-files.txt 2013-02-25 17:06 . Před spuštěním: Volných bajtů: 43 749 924 864 Po spuštění: Volných bajtů: 43 455 856 640 . - - End Of File - - 605EAEDB346711F1C60100FF8C65F685