ComboFix 18-08-08.01 - Administrator 05.05.2019 20:49:43.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1364 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
FILE ::
"c:\program files\AVG\Framework\Common\avgsvcx.exe"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AVG
c:\program files\AVG\Framework\1\avgcmlx.dll
c:\program files\AVG\Framework\1\avgcommx.dll
c:\program files\AVG\Framework\1\avgdiagex.exe
c:\program files\AVG\Framework\1\avgdumpx.exe
c:\program files\AVG\Framework\1\avgfmwelevplgx.dll
c:\program files\AVG\Framework\1\avgfmwx.dll
c:\program files\AVG\Framework\1\avglngx.dll
c:\program files\AVG\Framework\1\avglogx.dll
c:\program files\AVG\Framework\1\avgmsgdispx.dll
c:\program files\AVG\Framework\1\avgnetclix.dll
c:\program files\AVG\Framework\1\avgntdumpx.exe
c:\program files\AVG\Framework\1\avgntopensslx.fmw.1.dll
c:\program files\AVG\Framework\1\avgntsqlitex.dll
c:\program files\AVG\Framework\1\avgopensslx.fmw.1.dll
c:\program files\AVG\Framework\1\avgsvcfmwplgx.dll
c:\program files\AVG\Framework\1\avgsysx.fmw.1.dll
c:\program files\AVG\Framework\1\avguclx.dll
c:\program files\AVG\Framework\1\avguifmwplgx.dll
c:\program files\AVG\Framework\1\crash.avgdx
c:\program files\AVG\Framework\1\fmw_migrate_ui.cont
c:\program files\AVG\Framework\1\fmw_migrate_ui.cont.zfs
c:\program files\AVG\Framework\Common\avgelevx.exe
c:\program files\AVG\Framework\Common\avgfmwbasex.dll
c:\program files\AVG\Framework\Common\avgntopensslx.fmw.1.dll
c:\program files\AVG\Framework\Common\avgopensslx.fmw.1.dll
c:\program files\AVG\Framework\Common\avgsvcx.exe
c:\program files\AVG\Framework\Common\avgsysx.fmw.1.dll
c:\program files\AVG\Framework\Common\avguirnx.exe
c:\program files\AVG\Framework\Common\avguix.exe
c:\program files\AVG\Framework\Common\ui_common.cont
c:\program files\AVG\Framework\Common\ui_common.cont.zfs
c:\program files\AVG\Setup\avgbavsetupx.dll
c:\program files\AVG\Setup\avgfmwsetupx.dll
c:\program files\AVG\Setup\avgntdumpx.exe
c:\program files\AVG\Setup\avgOfferTool.exe
c:\program files\AVG\Setup\avgsetupapix.dll
c:\program files\AVG\Setup\avgsetupuix.dll
c:\program files\AVG\Setup\avgsetupx.exe
c:\program files\AVG\Setup\avgwtusetupx.dll
c:\program files\AVG\Setup\avgzensetupx.dll
c:\program files\AVG\Setup\license_cz.htm
c:\program files\AVG\Setup\license_da.htm
c:\program files\AVG\Setup\license_es.htm
c:\program files\AVG\Setup\license_fr.htm
c:\program files\AVG\Setup\license_ge.htm
c:\program files\AVG\Setup\license_hu.htm
c:\program files\AVG\Setup\license_id.htm
c:\program files\AVG\Setup\license_it.htm
c:\program files\AVG\Setup\license_jp.htm
c:\program files\AVG\Setup\license_ko.htm
c:\program files\AVG\Setup\license_ms.htm
c:\program files\AVG\Setup\license_nl.htm
c:\program files\AVG\Setup\license_no.htm
c:\program files\AVG\Setup\license_pb.htm
c:\program files\AVG\Setup\license_pl.htm
c:\program files\AVG\Setup\license_pt.htm
c:\program files\AVG\Setup\license_ru.htm
c:\program files\AVG\Setup\license_sc.htm
c:\program files\AVG\Setup\license_sk.htm
c:\program files\AVG\Setup\license_sp.htm
c:\program files\AVG\Setup\license_tr.htm
c:\program files\AVG\Setup\license_us.htm
c:\program files\AVG\Setup\license_zh.htm
c:\program files\AVG\Setup\license_zt.htm
c:\program files\AVG\Setup\sc_setup.cont
c:\program files\AVG\Setup\sc_setup.cont.zfs
c:\program files\AVG\UiDll\2623\cef.pak
c:\program files\AVG\UiDll\2623\cef.pak.zfs
c:\program files\AVG\UiDll\2623\cef_100_percent.pak
c:\program files\AVG\UiDll\2623\cef_100_percent.pak.zfs
c:\program files\AVG\UiDll\2623\cef_200_percent.pak
c:\program files\AVG\UiDll\2623\cef_200_percent.pak.zfs
c:\program files\AVG\UiDll\2623\icudtl.dat
c:\program files\AVG\UiDll\2623\icudtl.dat.zfs
c:\program files\AVG\UiDll\2623\libcef.dll
c:\program files\AVG\UiDll\2623\libcef.dll.zfs
c:\program files\AVG\UiDll\2623\natives_blob.bin
c:\program files\AVG\UiDll\2623\natives_blob.bin.zfs
c:\program files\AVG\UiDll\2623\snapshot_blob.bin
c:\program files\AVG\UiDll\2623\snapshot_blob.bin.zfs
c:\program files\Google\Update
c:\program files\Google\Update\1.3.34.7\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.34.7\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.34.7\GoogleUpdate.exe
c:\program files\Google\Update\1.3.34.7\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.34.7\GoogleUpdateComRegisterShell64.exe
c:\program files\Google\Update\1.3.34.7\GoogleUpdateCore.exe
c:\program files\Google\Update\1.3.34.7\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.34.7\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.34.7\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.34.7\GoogleUpdateWebPlugin.exe
c:\program files\Google\Update\1.3.34.7\goopdate.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_am.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_ar.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_bg.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_bn.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_ca.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_cs.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_da.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_de.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_el.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_en.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_es.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_et.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_fa.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_fi.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_fil.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_fr.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_gu.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_hi.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_hr.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_hu.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_id.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_is.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_it.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_iw.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_ja.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_kn.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_ko.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_lt.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_lv.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_ml.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_mr.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_ms.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_nl.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_no.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_pl.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_ro.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_ru.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_sk.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_sl.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_sr.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_sv.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_sw.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_ta.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_te.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_th.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_tr.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_uk.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_ur.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_vi.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.34.7\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.34.7\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.34.7\psmachine.dll
c:\program files\Google\Update\1.3.34.7\psmachine_64.dll
c:\program files\Google\Update\1.3.34.7\psuser.dll
c:\program files\Google\Update\1.3.34.7\psuser_64.dll
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.34.7\GoogleUpdateSetup.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Seznam.cz
c:\program files\Seznam.cz\distribution\install\com.microsoft.msdn.msvcr100-10.0.40219.325-win32.zip
c:\program files\Seznam.cz\distribution\install\cz.seznam.software.autoupdate-1.0.8-win32.zip
c:\program files\Seznam.cz\distribution\install\cz.seznam.software.chromelisticka-1.7.7-win32.zip
c:\program files\Seznam.cz\distribution\install\cz.seznam.software.chromelisticka-1.7.8-win32.zip
c:\program files\Seznam.cz\distribution\install\cz.seznam.software.ielisticka3-3.1.4-win32.zip
c:\program files\Seznam.cz\distribution\install\cz.seznam.software.libfoxcub-3.1.4-win32.zip
c:\program files\Seznam.cz\distribution\install\cz.seznam.software.libfoxcub64-3.1.4-win32.zip
c:\program files\Seznam.cz\distribution\install\cz.seznam.software.libfoxloader-3.1.2-win32.zip
c:\program files\Seznam.cz\distribution\install\cz.seznam.software.libszndesktop-2.0.26-win32.zip
c:\program files\Seznam.cz\distribution\install\cz.seznam.software.lightspeed-1210-12.10.12-win32.zip
c:\program files\Seznam.cz\distribution\install\cz.seznam.software.pp-1.0.2-win32.zip
c:\program files\Seznam.cz\distribution\install\cz.seznam.software.szndesktop-2.0.26-win32.zip
c:\program files\Seznam.cz\distribution\install\cz.seznam.software.szninstall-1.1.12-win32.zip
c:\program files\Seznam.cz\distribution\install\cz.seznam.software.sznsetup-1.2.5-win32.zip
c:\program files\Seznam.cz\distribution\install\packages.inf
c:\program files\Seznam.cz\distribution\install\szn-software-base-1.0.0-win32.zip
c:\program files\Seznam.cz\distribution\install\szn-software-fflisticka-3.1.4-win32.zip
c:\program files\Seznam.cz\distribution\install\szn-software-listicka-3.0.0-win32.zip
c:\program files\Seznam.cz\distribution\partner.conf
c:\program files\Seznam.cz\distribution\sources.inf
c:\program files\Seznam.cz\distribution\szninstall.exe
c:\program files\Seznam.cz\distribution\sznsetup.exe
c:\windows\iun6002.exe
c:\windows\system32\DEBUG.log
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\wmsysprx.prx
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVGSVC
-------\Service_avgsvc
-------\Legacy_gupdate
-------\Legacy_gupdatem
-------\Legacy_gupdate
-------\Legacy_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2019-04-05 do 2019-05-05 )))))))))))))))))))))))))))))))
.
.
2019-05-05 17:12 . 2019-05-05 17:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\SlimWare Utilities Inc
2019-05-05 04:24 . 2019-05-05 04:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sophos
2019-05-04 14:55 . 2019-05-04 14:55 -------- d-----w- c:\program files\Common Files\Chameleon Manager
2019-05-04 14:55 . 2019-05-04 14:55 -------- d-----w- c:\program files\Chameleon Startup Manager
2019-04-12 18:14 . 2019-04-12 18:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2019-05-05 16:53 . 2018-07-26 13:55 22728 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2019-04-09 16:36 . 2017-08-06 18:15 842296 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2019-04-09 16:36 . 2017-08-06 18:15 175160 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2017-10-09 08:33 576408 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2017-10-09 08:33 576408 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2017-10-09 08:33 576408 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-08-19 6490904]
"cz.seznam.software.autoupdate"="c:\documents and settings\Administrator\Data aplikací\Seznam.cz\szninstall.exe" [2018-03-27 1069296]
"cz.seznam.software.szndesktop"="c:\documents and settings\Administrator\Data aplikací\Seznam.cz\bin\wszndesktop.exe" [2018-03-27 109808]
"Chameleon System Monitor"="c:\program files\common files\Chameleon Manager\monitor.exe" [2017-09-09 8105088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncService"="c:\program files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe" [2009-07-08 1233195]
"VolPanel"="c:\program files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-04 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"CanonQuickMenu"="c:\program files\Canon\Quick Menu\CNQMMAIN.EXE" [2013-05-02 1282120]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2016-07-11 2591888]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2016-06-14 2397120]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2000-01-01 41134712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Avast Cleanup Premium.lnk - c:\program files\AVAST Software\Avast Cleanup\TuneupUI.exe /nogui [2017-11-18 2103208]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Administrator\\Data aplikací\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe"=
.
R2 CleanupPSvc;Avast Cleanup Premium;c:\program files\AVAST Software\Avast Cleanup\TuneupSvc.exe [18.11.2017 12:37 10227280]
R2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [13.9.2018 22:53 88696]
R2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [13.9.2018 22:52 1879488]
R3 AMBFilt;AMBFilt;c:\windows\system32\drivers\Ambfilt.sys [22.1.2017 10:20 1656960]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [22.1.2017 10:20 2558200]
S3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\drivers\aswTap.sys [27.8.2017 13:56 44256]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [19.12.2016 17:47 79360]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [9.1.2018 20:18 32448]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [19.12.2016 17:47 79360]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [26.7.2018 15:55 22728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-03-05 03:10 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2019-05-04 c:\windows\Tasks\Adobe Flash Player NPAPI Notifier.job
- c:\windows\system32\Macromed\Flash\FlashUtil32_32_0_0_171_Plugin.exe [2019-04-09 16:36]
.
2019-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-06 16:36]
.
2019-05-05 c:\windows\Tasks\Avast TUNEUP Update.job
- c:\program files\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2017-11-18 18:44]
.
2018-08-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2017-01-29 23:28]
.
2019-05-05 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2017-01-29 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page =
https://www.seznam.cz/?clid=22668mStart Page =
https://www.seznam.cz/?clid=22668mSearch Bar =
https://www.seznam.cz/?clid=22668IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
DPF: DirectAnimation Java Classes -
file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\7bjbpbw7.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
hxxps://www.seznam.cz/FF - prefs.js: keyword.URL -
hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-MBAMService
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2019-05-05 20:55
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-527237240-606747145-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d0,67,54,40,b9,d8,e6,45,b3,13,8c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d0,67,54,40,b9,d8,e6,45,b3,13,8c,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(452)
c:\program files\common files\Chameleon Manager\cham_ex32.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll
c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCP90.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast Cleanup\TuneupUI.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2019-05-05 20:58:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2019-05-05 18:58
ComboFix2.txt 2019-05-05 16:22
.
Před spuštěním: Volných bajtů: 21 447 303 168
Po spuštění: Volných bajtů: 21 225 455 616
.
- - End Of File - - 3182770434F94AA915D275BBA1934958
413FC2A0C716421B3158746D63736515
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:01:03, on 5.5.2019
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\KaraokeSer.exe
C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\program files\common files\Chameleon Manager\monitor.exe
C:\Program Files\AVAST Software\Avast Cleanup\TuneupUI.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\AVAST Software\Avast Cleanup\TuneupSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Plocha\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.seznam.cz/?clid=22668R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
https://www.seznam.cz/?clid=22668R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.seznam.cz/?clid=22668R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [CTSyncService] C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe /StartRunKey
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [nwiz] "C:\Program Files\NVIDIA Corporation\nview\nwiz.exe" /installquiet
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Documents and Settings\Administrator\Data aplikací\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Documents and Settings\Administrator\Data aplikací\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [Chameleon System Monitor] "c:\program files\common files\Chameleon Manager\monitor.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avast Cleanup Premium.lnk = C:\Program Files\AVAST Software\Avast Cleanup\TuneupUI.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote -
res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avast Cleanup Premium (CleanupPSvc) - AVAST Software - C:\Program Files\AVAST Software\Avast Cleanup\TuneupSvc.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: VIA Karaoke digital mixer Service (KaraokeService) - VIA Technologies, Inc. - C:\WINDOWS\system32\KaraokeSer.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sound Blaster X-Fi MB Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
--
End of file - 8363 bytes