ComboFix 17-11-14.01 - Adam2 23.11.2017 19:25:08.3.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2542 [GMT 1:00]
Spuštěný z: c:\documents and settings\Adam2\Plocha\ComboFix.exe
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Adam2\Plocha\Setup.exe
c:\documents and settings\Adam2\WINDOWS
c:\windows2\system32\logs.dat
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-10-23 do 2017-11-23 )))))))))))))))))))))))))))))))
.
.
2017-11-22 00:45 . 2017-11-22 00:36 24064 ----a-w- c:\windows2\zoek-delete.exe
2017-11-22 00:43 . 2017-11-22 00:47 -------- d-----w- C:\zoek
2017-11-18 20:33 . 2012-10-12 15:34 33096 ----a-w- c:\windows2\system32\drivers\sct_skmscan.sys
2017-11-16 23:27 . 2017-11-16 23:27 -------- d--h--w- c:\windows2\system32\GroupPolicy
2017-10-31 22:12 . 2017-10-31 22:12 -------- d-----w- c:\program files\Free MP3 Sound Recorder
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-11-21 06:03 . 2017-04-04 00:01 24688 ----a-w- c:\windows2\system32\drivers\TrueSight.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-06-01 6405912]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2017-05-05 27716568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2016-02-17 2789248]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2000-01-01 41134712]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2017-03-02 5883912]
"ZAM"="c:\program files\Zemana AntiMalware\ZAM.exe" [2017-08-09 15775888]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2017-06-17 352976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows2\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCT_SKMScan]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe"=
"c:\\Program Files\\Hearthstone\\Hearthstone.exe"=
"c:\\WINDOWS2\\system32\\javaw.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\LogMeIn Hamachi\\hamachi-2-ui.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Adam2\\Dokumenty\\Downloads\\Dst\\bin\\dontstarve_steam.exe"=
.
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows2\system32\drivers\HWiNFO32.SYS [20.11.2016 19:30 23840]
R1 kl2;kl2;c:\windows2\system32\drivers\kl2.sys [9.6.2010 16:43 11352]
R1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys [12.6.2013 10:10 5280944]
R1 ZAM;ZAM Helper Driver;c:\windows2\system32\drivers\zam32.sys [6.6.2017 18:40 181496]
R1 ZAM_Guard;ZAM Guard Driver;c:\windows2\system32\drivers\zamguard32.sys [6.6.2017 18:40 181496]
R2 FoxitReaderService;Foxit Reader Service;c:\program files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [6.3.2017 2:23 1659592]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2.3.2017 13:26 2282504]
R2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows2\system32\KaraokeSer.exe [17.11.2016 15:52 88696]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [27.2.2017 11:01 405424]
R2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [25.12.2015 23:24 1880960]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5.4.2017 15:09 317400]
R2 ZAMSvc;ZAM Controller Service;c:\program files\Zemana AntiMalware\ZAM.exe [6.6.2017 18:40 15775888]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows2\system32\drivers\dtlitescsibus.sys [2.5.2015 13:14 25104]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows2\system32\drivers\klim5.sys [7.5.2010 11:06 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows2\system32\drivers\klmouflt.sys [2.11.2009 19:27 19472]
R3 MBAMProtector;MBAMProtector;c:\windows2\system32\drivers\mbam.sys [3.4.2017 20:36 21104]
R3 NLNdisMP;NLNdisMP;c:\windows2\system32\drivers\nlndis.sys [12.6.2013 10:10 5229360]
R3 usbfilter;AMD USB Filter Driver;c:\windows2\system32\drivers\usbfilter.sys [17.11.2016 15:31 43392]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows2\system32\drivers\viahduaa.sys [17.11.2016 15:52 2561968]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12.3.2016 3:10 701512]
S3 AMBFilt;AMBFilt;c:\windows2\system32\drivers\Ambfilt.sys [17.11.2016 15:52 1656960]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [31.3.2015 7:30 1023728]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows2\system32\drivers\nlndis.sys [12.6.2013 10:10 5229360]
S3 SCT_SKMScan;SCT_SKMScan;c:\windows2\system32\drivers\sct_skmscan.sys [18.11.2017 21:33 33096]
.
Obsah adresáře 'Naplánované úlohy'
.
2017-09-08 c:\windows2\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows2\system32\xp_eos.exe [2016-11-21 23:28]
.
2017-11-23 c:\windows2\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows2\system32\xp_eos.exe [2016-11-21 23:28]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext =
hxxp://www.slimwareutilities.com/slimdr ... wnload.phpTCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{056D528D-CE28-4194-9BA3-BA2E9197FF8C} - c:\documents and settings\All Users.WINDOWS2\Data aplikací\MEGAsync\ShellExtX32.dll
ShellIconOverlayIdentifiers-{05B38830-F4E9-4329-978B-1DD28605D202} - c:\documents and settings\All Users.WINDOWS2\Data aplikací\MEGAsync\ShellExtX32.dll
ShellIconOverlayIdentifiers-{0596C850-7BDD-4C9D-AFDF-873BE6890637} - c:\documents and settings\All Users.WINDOWS2\Data aplikací\MEGAsync\ShellExtX32.dll
HKLM-Run-IseUI - c:\program files\COMODO\Internet Security Essentials\vkise.exe
c:\documents and settings\Administrator.BBDRA2-3D0A5E7C\Nabídka Start\Programy\Po spuštění\_uninst_54786694.lnk - c:\documents and settings\Administrator.BBDRA2-3D0A5E7C\Local Settings\temp\_uninst_54786694.bat
AddRemove-DMGAudio EQuilibrium_is1 - c:\windows2\unins000.exe
AddRemove-MTK USB All 1.01 - c:\documents and settings\Adam2\Plocha\MTK\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2017-11-23 19:48
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
.
c:\documents and settings\Adam2\Data aplikací\gg\cache\com\mojang\authlib\1.5.24
c:\documents and settings\Adam2\Data aplikací\gg\cache\com\mojang\authlib\1.5.24\authlib-1.5.24.jar
c:\documents and settings\Adam2\Data aplikací\gg\cache\net\java\jinput\jinput-platform\2.0.5
c:\documents and settings\Adam2\Data aplikací\gg\cache\net\java\jinput\jinput-platform\2.0.5\jinput-platform-2.0.5-natives-windows.jar 155179 bytes
c:\documents and settings\Adam2\Data aplikací\gg\cache\net\java\jutils\jutils\1.0.0
c:\documents and settings\Adam2\Data aplikací\gg\cache\org\apache\httpcomponents\httpclient
c:\documents and settings\Adam2\Data aplikací\gg\cache\org\apache\httpcomponents\httpclient\4.3.3
c:\documents and settings\Adam2\Data aplikací\gg\cache\org\apache\httpcomponents\httpclient\4.3.3\httpclient-4.3.3.jar 589512 bytes
c:\documents and settings\Adam2\Data aplikací\gg\cache\org\apache\httpcomponents\httpcore
c:\documents and settings\Adam2\Data aplikací\gg\cache\org\apache\httpcomponents\httpcore\4.3.2
c:\documents and settings\Adam2\Data aplikací\gg\cache\org\apache\httpcomponents\httpcore\4.3.2\httpcore-4.3.2.jar 282269 bytes
c:\documents and settings\Adam2\Data aplikací\gg\cache\org\apache\logging\log4j\log4j-core\2.0-beta9\log4j-core-2.0-beta9.jar 681134 bytes
.
sken byl úspešně dokončen
skryté soubory: 12
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1540)
c:\windows2\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Comodo\Chromodo\chromodo_updater.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\NetLimiter 3\nlsvc.exe
c:\windows2\system32\wscntfy.exe
c:\windows2\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2017-11-23 19:57:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2017-11-23 18:56
.
Před spuštěním: Volných bajtů: 1 581 300 957 184
Po spuštění: Volných bajtů: 1 581 213 667 328
.
- - End Of File - - C3557A2745298253FA5C300F450D8E7E
413FC2A0C716421B3158746D63736515