ComboFix 13-06-18.02 - Doma 19.06.2013  11:10:10.1.1 - x86
Systém Microsoft Windows XP Professional  5.1.2600.3.1250.420.1029.18.2047.1410 [GMT 2:00]
Spuštěný z: c:\documents and settings\Doma\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Ostatní výmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
c:\windows\system32\SET130.tmp
c:\windows\system32\SETDC.tmp
c:\windows\system32\SETE0.tmp
c:\windows\system32\SETE8.tmp
.
.
(((((((((((((((((((((((((   Soubory vytvořené od 2013-05-19 do 2013-06-19  )))))))))))))))))))))))))))))))
.
.
2013-06-19 08:26 . 2013-06-19 09:03	--------	d-----w-	c:\program files\Zrychleni Pocitace
2013-06-19 08:25 . 2013-06-19 08:25	--------	d-----w-	c:\program files\Microsoft Silverlight
2013-06-15 10:53 . 2013-06-15 10:53	--------	d-----w-	c:\program files\DLLSuite
2013-06-15 09:33 . 2013-06-15 10:17	--------	d-----w-	c:\documents and settings\Doma\Data aplikací\GlarySoft
2013-06-15 08:00 . 2013-06-15 08:00	--------	d-----w-	c:\program files\HP Photo Creations
2013-06-15 08:00 . 2013-06-15 08:00	--------	d-----w-	c:\documents and settings\All Users\Data aplikací\HP Photo Creations
2013-06-15 08:00 . 2013-06-15 08:00	--------	d-----w-	c:\documents and settings\All Users\Data aplikací\Visan
2013-06-15 08:00 . 2013-06-15 08:22	--------	d-----w-	c:\documents and settings\Doma\Data aplikací\HpUpdate
2013-06-12 18:44 . 2013-06-12 18:44	--------	d-----w-	c:\documents and settings\Doma\Data aplikací\DivX
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M výpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 11:29 . 2012-08-16 14:54	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-06-12 11:29 . 2011-06-01 13:13	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-09 08:59 . 2013-04-19 13:47	368944	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2013-04-19 13:47	765736	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2013-04-19 13:47	56080	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2013-04-19 13:47	49376	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-04-19 13:47	174664	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2013-04-27 05:15	21576	----a-w-	c:\windows\system32\drivers\aswKbd.sys
2013-05-09 08:59 . 2013-04-19 13:47	49760	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2013-05-09 08:59 . 2013-04-19 13:47	66336	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:59 . 2013-04-19 13:47	29816	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2013-04-19 13:46	41664	----a-w-	c:\windows\avastSS.scr
2013-05-09 08:58 . 2013-04-19 13:47	229648	----a-w-	c:\windows\system32\aswBoot.exe
2013-05-07 22:27 . 2007-08-02 12:00	920064	----a-w-	c:\windows\system32\wininet.dll
2013-05-07 22:27 . 2007-08-02 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2013-05-07 22:27 . 2007-08-02 12:00	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2007-08-02 12:00	385024	----a-w-	c:\windows\system32\html.iec
2013-05-03 05:39 . 2007-08-02 12:00	2195712	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-05-03 05:39 . 2004-08-17 15:45	2072320	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-04-12 14:01 . 2007-08-02 12:00	1876352	----a-w-	c:\windows\system32\win32k.sys
2013-04-04 03:35 . 2013-04-27 05:34	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-04-02 14:09 . 2013-04-02 14:09	4550656	----a-w-	c:\windows\system32\GPhotos.scr
2013-04-02 10:33 . 2011-02-17 17:16	237088	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((   Spouštěcí body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58	121968	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 14:10	576976	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 14:10	576976	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 14:10	576976	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 14:10	576976	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSpeedUp"="c:\program files\Zrychleni Pocitace\PCSUNotifier.exe" [2013-05-23 259888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06	958576	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25	1230704	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36	30040	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40	155648	----a-w-	c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
.
R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [27.4.2013 7:15 21576]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [19.4.2013 15:47 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [19.4.2013 15:47 174664]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [19.4.2013 15:47 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19.4.2013 15:47 368944]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [12.2.2013 21:11 242240]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.4.2013 15:47 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [19.4.2013 15:47 66336]
R2 PCSUService;PC Speed Up Service;c:\program files\Zrychleni Pocitace\PCSUService.exe [19.6.2013 10:26 388912]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.355.0\SeaPort.EXE [25.1.2012 15:23 240408]
S1 MpKsl804fa324;MpKsl804fa324;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9E665A4C-E872-43EE-8402-CF12CA71D9C6}\MpKsl804fa324.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9E665A4C-E872-43EE-8402-CF12CA71D9C6}\MpKsl804fa324.sys [?]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.355.0\BBSvc.EXE [25.1.2012 15:23 192792]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 13:28 160944]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - HTTPFILTER
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-06 05:54	1165776	----a-w-	c:\program files\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 11:29]
.
2013-06-19 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02 03:57]
.
2013-06-18 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02 03:57]
.
2013-06-19 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02 03:57]
.
2013-06-18 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02 03:57]
.
2013-06-19 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-04-19 08:58]
.
2013-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd5f46b28f9f5e.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-02 21:51]
.
2013-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cd5f46b2fd4b8a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-02 21:51]
.
2013-06-19 c:\windows\Tasks\PC SpeedUp Service Deactivator.job
- c:\program files\Zrychleni Pocitace\PCSUSD.exe [2013-06-19 13:04]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\qr0vutzy.default-1363337491312\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: 2013-04-19 15:47; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-19 11:17
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...  
.
skenování skrytých položek 'Po spuštění' ... 
.
skenování skrytých souborů ...  
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2013-06-19  11:19:54
ComboFix-quarantined-files.txt  2013-06-19 09:19
.
Před spuštěním: Volných bajtů: 16 173 707 264
Po spuštění: Volných bajtů: 17 178 050 560
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - AC5E063A5F1464985C7A9766B34D3A2B
413FC2A0C716421B3158746D63736515