ComboFix 16-10-23.01 - CHRISTOS 27.10.2016 11:39:18.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1406.856 [GMT 2:00]
Spuštěný z: c:\documents and settings\CHRISTOS\Plocha\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {7591db91-41f0-48a3-b128-1a293fd8233d}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\CHRISTOS\WINDOWS
c:\documents and settings\CHRISTOS\WINDOWS\Thumbs.db
c:\program files\Common Files\Thumbs.db
c:\program files\Setup.exe
c:\windows\IsUn0405.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\regedit.com
c:\windows\ST6UNST.000
c:\windows\system32\DEBUG.log
c:\windows\system32\taskmgr.com
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-09-27 do 2016-10-27 )))))))))))))))))))))))))))))))
.
.
2016-10-27 08:37 . 2016-10-27 07:54 24064 ----a-w- c:\windows\zoek-delete.exe
2016-10-27 07:54 . 2016-10-27 08:26 -------- d-----w- C:\zoek_backup
2016-10-26 18:50 . 2016-10-26 21:01 -------- d-----w- c:\program files\Mozilla Maintenance Service
2016-10-25 14:45 . 2016-10-25 14:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Zemana
2016-10-25 14:45 . 2016-10-25 14:45 181496 ----a-w- c:\windows\system32\drivers\zam32.sys
2016-10-25 14:45 . 2016-10-25 14:45 181496 ----a-w- c:\windows\system32\drivers\zamguard32.sys
2016-10-25 14:45 . 2016-10-25 14:45 -------- d-----w- c:\program files\Zemana AntiMalware
2016-10-25 14:44 . 2016-10-25 14:44 -------- d-----w- c:\documents and settings\CHRISTOS\Local Settings\Data aplikací\Zemana
2016-10-24 13:16 . 2016-10-24 13:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sophos
2016-10-24 13:13 . 2016-10-24 13:13 -------- d-----w- c:\program files\Sophos
2016-10-23 18:55 . 2016-10-26 07:04 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-10-23 18:54 . 2016-10-25 22:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RogueKiller
2016-10-17 15:36 . 2016-10-17 15:36 -------- d-----w- c:\program files\Common Files\Skype
2016-10-08 08:13 . 2016-10-27 09:33 -------- d--h--r- c:\documents and settings\CHRISTOS\Recent
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-10-15 05:07 . 2012-04-04 06:29 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-10-15 05:07 . 2011-05-15 08:48 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-10-13 19:36 . 2013-03-18 12:46 224752 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-09-22 19:36 . 2008-04-05 05:13 433768 ----a-w- c:\windows\system32\drivers\aswsp.sys
2016-09-13 18:33 . 2011-03-14 13:52 735488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-09-06 07:29 . 2006-12-15 10:18 66688 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2016-09-06 07:29 . 2015-07-25 08:34 184592 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2016-09-06 07:29 . 2014-05-05 07:39 34008 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-09-06 07:29 . 2013-03-18 12:46 60424 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-09-06 07:29 . 2013-03-18 12:46 92256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-09-06 07:29 . 2006-12-15 10:18 64272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2016-09-06 07:28 . 2016-09-06 07:30 319760 ----a-w- c:\windows\system32\aswBoot.exe
2016-09-06 07:28 . 2016-09-06 07:28 53208 ----a-w- c:\windows\avastSS.scr
2016-09-06 07:28 . 2016-03-23 22:20 35096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-02-15 20:48 . 2014-02-15 20:48 25777288 ----a-w- c:\program files\wmp11-windowsxp-x86-CS-CZ.exe
2014-02-15 20:37 . 2014-02-15 20:37 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe
2013-07-13 06:29 . 2013-07-13 06:29 86521112 -c--a-w- c:\program files\msert.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-09-06 07:28 832488 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPSMain"="TPSMain.exe" [2005-08-11 266240]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-10-13 9083840]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\
Thumbs.db [2009-12-24 7168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-04-07 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^$McRebootA5E6DEAA56$.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\$McRebootA5E6DEAA56$.lnk
backup=c:\windows\pss\$McRebootA5E6DEAA56$.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\20131121]
2013-11-23 08:01 180184 ----a-w- c:\program files\AVAST Software\Avast\Setup\emupdate\09a50f51-517f-48d7-8a6a-4d62cf1d0e57.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2006-03-18 06:22 89541 -c--a-w- c:\windows\agrsmmsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 07:43 69632 -c--a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-03-23 20:40 196608 -c--a-w- c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2006-03-17 13:37 344064 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2016-09-28 17:23 6889176 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY]
2006-03-16 11:27 634880 -c--a-w- c:\program files\TOSHIBA\E-KEY\CeEKey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDWMon]
2006-05-31 10:29 262144 -c--a-w- c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2016-06-21 10:44 1010144 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-03-25 19:27 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-03-13 07:34 81920 -c--a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
2004-05-01 11:45 28672 -c--a-w- c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 11:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero MediaHome 4]
2010-10-29 14:59 5178664 ----a-w- c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
2005-12-22 08:12 1077328 -c--a-w- c:\program files\TOSHIBA\Touch and Launch\PadExe.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-04-18 04:34 16143872 -c--a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
2012-09-13 13:24 1009288 -c--a-w- c:\program files\Seznam.cz\distribution\szninstall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2016-10-17 17:54 27011712 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2005-05-12 12:22 118784 -c--a-w- c:\program files\TOSHIBA\Nástroj TOSHIBA Zooming Utility\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2014-01-18 16:09 1171968 ----a-w- c:\documents and settings\CHRISTOS\Data aplikací\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
2004-05-01 11:45 65536 -c--a-w- c:\program files\TOSHIBA\Windows Utilities\SVPWUTIL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
2005-04-12 08:31 65536 ----a-w- c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF]
2006-04-04 12:57 53248 -c--a-w- c:\program files\TOSHIBA\TouchPad\TPTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
2006-02-02 11:11 73728 -c--a-w- c:\program files\TOSHIBA\Tvs\TvsTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipConnect]
2015-08-03 10:55 32417376 ----a-w- c:\program files\VoipConnect.com\VoipConnect\voipconnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2009-02-04 18:06 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZAM]
2016-10-04 10:27 13823216 ----a-w- c:\program files\Zemana AntiMalware\ZAM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zooming]
2005-06-06 07:58 24576 -c--a-w- c:\windows\system32\ZoomingHook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"hpqddsvc"=2 (0x2)
"seclogon"=2 (0x2)
"BthServ"=2 (0x2)
"TapiSrv"=3 (0x3)
"usnjsvc"=3 (0x3)
"Sony Ericsson PCCompanion"=3 (0x3)
"SkypeUpdate"=2 (0x2)
"ServiceLayer"=3 (0x3)
"ose"=3 (0x3)
"MozillaMaintenance"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"STI Simulator"=2 (0x2)
"NeroMediaHomeService.4"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
"btwdins"=2 (0x2)
"MBAMScheduler"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"WsAppService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"TODDSrv"=2 (0x2)
"ss_conn_service"=2 (0x2)
"SeaPort"=2 (0x2)
"MBAMService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"CFSvcs"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"ACS"=2 (0x2)
"!SASCORE"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" -osboot
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\ONENOTE.EXE"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe"=
"c:\\Program Files\\Nero\\Nero MediaHome 4\\NeroMediaHome.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Documents and Settings\\CHRISTOS\\Data aplikací\\Spotify\\spotify.exe"=
"c:\\Program Files\\DivX\\DivX Media Server\\DivXMediaServer.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\VoipConnect.com\\VoipConnect\\VoipConnect.exe"=
"c:\\Documents and Settings\\CHRISTOS\\Local Settings\\Temp\\jivexviewer\\jre\\bin\\JiveX[dv] light"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [18.3.2013 14:46 60424]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswvmm.sys [18.3.2013 14:46 224752]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [24.3.2016 0:20 35096]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [14.3.2011 15:52 735488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [5.4.2008 7:13 433768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [23.6.2009 11:01 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23.6.2009 11:01 67664]
R1 ZAM;ZAM Helper Driver;c:\windows\system32\drivers\zam32.sys [25.10.2016 16:45 181496]
R1 ZAM_Guard;ZAM Guard Driver;c:\windows\system32\drivers\zamguard32.sys [25.10.2016 16:45 181496]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [18.3.2013 14:46 92256]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27.1.2010 4:09 50704]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [18.4.2006 15:12 98816]
R2 ZAMSvc;ZAM Controller Service;c:\program files\Zemana AntiMalware\ZAM.exe [25.10.2016 16:45 13823216]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [25.11.2012 2:50 28256]
R3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [25.7.2015 10:34 184592]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [25.11.2012 2:50 28256]
S3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [5.5.2014 9:39 34008]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [25.1.2016 10:11 99296]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19.7.2014 8:55 22344]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [11.6.2013 10:03 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [11.6.2013 10:03 8576]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\pfc027.sys [24.2.2005 13:29 162176]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [27.11.2011 16:14 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [27.11.2011 16:14 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [27.11.2011 16:14 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [27.11.2011 16:15 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [27.11.2011 16:14 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [27.11.2011 16:15 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [27.11.2011 16:15 109864]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23.6.2009 11:01 12872]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [25.1.2016 10:11 191200]
S4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [25.12.2010 10:49 142648]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19.6.2016 9:51 655944]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [20.9.2016 12:54 324224]
S4 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [25.1.2016 10:11 754784]
S4 WsAppService;Wondershare Application Framework Service;c:\program files\Wondershare\WAF\2.2.0.5\WsAppService.exe --> c:\program files\Wondershare\WAF\2.2.0.5\WsAppService.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-11 23:12 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-10-22 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\system32\Macromed\Flash\FlashUtil32_23_0_0_185_pepper.exe [2016-10-15 05:07]
.
2016-10-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 05:07]
.
2016-10-27 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-06 07:28]
.
2016-10-27 c:\windows\Tasks\DivXUpdate.job
- c:\program files\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe [2016-06-03 18:00]
.
2016-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-21 06:40]
.
2016-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-21 06:40]
.
2016-10-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-08 23:28]
.
2016-10-27 c:\windows\Tasks\SafeZone scheduled Autoupdate 1458984736.job
- c:\program files\AVAST Software\SZBrowser\launcher.exe [2016-03-26 08:42]
.
2016-10-27 c:\windows\Tasks\User_Feed_Synchronization-{87D1AAE8-6D0B-487B-8825-48D8E6AF58CB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page =
hxxp://www.seznam.cz/uInternet Connection Wizard,ShellNext = iexplore
IE: Send To &Bluetooth - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.2.1 213.46.172.37 213.46.172.36
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} -
hxxp://www.hellascams.gr/activex_2130/A ... ontrol.cabFF - ProfilePath - c:\documents and settings\CHRISTOS\Data aplikací\Mozilla\Firefox\Profiles\rwi2u472.default-1405289423156\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage -
hxxps://www.seznam.cz/?clid=22668FF - prefs.js: keyword.URL -
hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Nástroj pro diagnostiku počítače - c:\windows\IsUn0405.exe
AddRemove-Power Saver - c:\windows\IsUn0405.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-27_ssconn - c:\program files\Samsung\USB Drivers\27_ssconn\Uninstall.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\documents and settings\All Users\Data aplikací\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2016-10-27 11:55
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4172042773-96402592-4256802850-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_22_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_22_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(960)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2016-10-27 12:01:19
ComboFix-quarantined-files.txt 2016-10-27 10:01
.
Před spuštěním: Volných bajtů: 173 120 253 952
Po spuštění: Volných bajtů: 173 084 581 888
.
- - End Of File - - 8B6C4EBBFFC69B65594829E982AD7E65
671B81004FDD1588FA9ED1331C9CECA9