ComboFix 13-06-18.02 - Doma 19.06.2013 11:10:10.1.1 - x86 Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1410 [GMT 2:00] Spuštěný z: c:\documents and settings\Doma\Plocha\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Ostatní výmazy ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\msmqinst.log c:\windows\system32\SET130.tmp c:\windows\system32\SETDC.tmp c:\windows\system32\SETE0.tmp c:\windows\system32\SETE8.tmp . . ((((((((((((((((((((((((( Soubory vytvořené od 2013-05-19 do 2013-06-19 ))))))))))))))))))))))))))))))) . . 2013-06-19 08:26 . 2013-06-19 09:03 -------- d-----w- c:\program files\Zrychleni Pocitace 2013-06-19 08:25 . 2013-06-19 08:25 -------- d-----w- c:\program files\Microsoft Silverlight 2013-06-15 10:53 . 2013-06-15 10:53 -------- d-----w- c:\program files\DLLSuite 2013-06-15 09:33 . 2013-06-15 10:17 -------- d-----w- c:\documents and settings\Doma\Data aplikací\GlarySoft 2013-06-15 08:00 . 2013-06-15 08:00 -------- d-----w- c:\program files\HP Photo Creations 2013-06-15 08:00 . 2013-06-15 08:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HP Photo Creations 2013-06-15 08:00 . 2013-06-15 08:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Visan 2013-06-15 08:00 . 2013-06-15 08:22 -------- d-----w- c:\documents and settings\Doma\Data aplikací\HpUpdate 2013-06-12 18:44 . 2013-06-12 18:44 -------- d-----w- c:\documents and settings\Doma\Data aplikací\DivX . . . (((((((((((((((((((((((((((((((((((((((( Find3M výpis )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-12 11:29 . 2012-08-16 14:54 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-12 11:29 . 2011-06-01 13:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-09 08:59 . 2013-04-19 13:47 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-05-09 08:59 . 2013-04-19 13:47 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-05-09 08:59 . 2013-04-19 13:47 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-05-09 08:59 . 2013-04-19 13:47 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-05-09 08:59 . 2013-04-19 13:47 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-05-09 08:59 . 2013-04-27 05:15 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2013-05-09 08:59 . 2013-04-19 13:47 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2013-05-09 08:59 . 2013-04-19 13:47 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-05-09 08:59 . 2013-04-19 13:47 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-05-09 08:58 . 2013-04-19 13:46 41664 ----a-w- c:\windows\avastSS.scr 2013-05-09 08:58 . 2013-04-19 13:47 229648 ----a-w- c:\windows\system32\aswBoot.exe 2013-05-07 22:27 . 2007-08-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll 2013-05-07 22:27 . 2007-08-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-05-07 22:27 . 2007-08-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2013-05-07 21:53 . 2007-08-02 12:00 385024 ----a-w- c:\windows\system32\html.iec 2013-05-03 05:39 . 2007-08-02 12:00 2195712 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-03 05:39 . 2004-08-17 15:45 2072320 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-04-12 14:01 . 2007-08-02 12:00 1876352 ----a-w- c:\windows\system32\win32k.sys 2013-04-04 03:35 . 2013-04-27 05:34 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\system32\GPhotos.scr 2013-04-02 10:33 . 2011-02-17 17:16 237088 ------w- c:\windows\system32\MpSigStub.exe . . (((((((((((((((((((((((((((((((((( Spouštěcí body v registru ))))))))))))))))))))))))))))))))))))))))))))) . . *Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PCSpeedUp"="c:\program files\Zrychleni Pocitace\PCSUNotifier.exe" [2013-05-23 259888] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-01-10 23:25 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 15:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "odserv"=3 (0x3) "Microsoft Office Groove Audit Service"=3 (0x3) "gusvc"=3 (0x3) "gupdate"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Java\\jre7\\bin\\java.exe"= . R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [27.4.2013 7:15 21576] R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [19.4.2013 15:47 49376] R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [19.4.2013 15:47 174664] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [19.4.2013 15:47 765736] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19.4.2013 15:47 368944] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [12.2.2013 21:11 242240] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.4.2013 15:47 29816] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [19.4.2013 15:47 66336] R2 PCSUService;PC Speed Up Service;c:\program files\Zrychleni Pocitace\PCSUService.exe [19.6.2013 10:26 388912] R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.355.0\SeaPort.EXE [25.1.2012 15:23 240408] S1 MpKsl804fa324;MpKsl804fa324;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9E665A4C-E872-43EE-8402-CF12CA71D9C6}\MpKsl804fa324.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9E665A4C-E872-43EE-8402-CF12CA71D9C6}\MpKsl804fa324.sys [?] S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.355.0\BBSvc.EXE [25.1.2012 15:23 192792] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 13:28 160944] . --- Ostatní služby/ovladače v paměti --- . *NewlyCreated* - HTTPFILTER . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-06-06 05:54 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe . Obsah adresáře 'Naplánované úlohy' . 2013-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 11:29] . 2013-06-19 c:\windows\Tasks\At1.job - c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02 03:57] . 2013-06-18 c:\windows\Tasks\At2.job - c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02 03:57] . 2013-06-19 c:\windows\Tasks\At3.job - c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02 03:57] . 2013-06-18 c:\windows\Tasks\At4.job - c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02 03:57] . 2013-06-19 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-04-19 08:58] . 2013-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd5f46b28f9f5e.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-02 21:51] . 2013-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cd5f46b2fd4b8a.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-02 21:51] . 2013-06-19 c:\windows\Tasks\PC SpeedUp Service Deactivator.job - c:\program files\Zrychleni Pocitace\PCSUSD.exe [2013-06-19 13:04] . . ------- Doplňkový sken ------- . uStart Page = hxxp://www.seznam.cz/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\qr0vutzy.default-1363337491312\ FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/ FF - ExtSQL: 2013-04-19 15:47; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-06-19 11:17 Windows 5.1.2600 Service Pack 3 NTFS . skenování skrytých procesů ... . skenování skrytých položek 'Po spuštění' ... . skenování skrytých souborů ... . sken byl úspešně dokončen skryté soubory: 0 . ************************************************************************** . --------------------- ZAMKNUTÉ KLÍČE V REGISTRU --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Celkový čas: 2013-06-19 11:19:54 ComboFix-quarantined-files.txt 2013-06-19 09:19 . Před spuštěním: Volných bajtů: 16 173 707 264 Po spuštění: Volných bajtů: 17 178 050 560 . WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - AC5E063A5F1464985C7A9766B34D3A2B 413FC2A0C716421B3158746D63736515