Kontrola logu na Notebooku

[dominikvyt]

Dobry den prosim o kontrolu logu mam podezreni na virus ale ne Malwere To už sem dělal testy u Avastu se my vyply všechny služby a už nedou zapnout.

Log:http://totalvirus.8u.cz/log.txt
Info:http://totalvirus.8u.cz/info.txt

[Rudy]

Zdravím!
Poprosím o log ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[dominikvyt]

Zdrávi ! Tady je Log z Combofix:


ComboFix 12-03-02.01 - Maminka 02.03.2012 20:20:55.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.1790.1042 [GMT 1:00]
Spuštěný z: c:\users\Maminka\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\100
c:\windows\security\Database\tmp.edb
c:\windows\system32\oobe\audit.exe
c:\windows\system32\oobe\msoobe.exe
c:\windows\system32\oobe\oobeldr.exe
c:\windows\system32\oobe\Setup.exe
c:\windows\system32\oobe\windeploy.exe
c:\windows\system32\WinFX3.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-02 do 2012-03-02 )))))))))))))))))))))))))))))))
.
.
2012-03-02 19:40 . 2012-03-02 19:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-02 19:03 . 2012-03-02 19:03 -------- d-----w- C:\found.000
2012-03-02 17:56 . 2012-03-02 17:57 -------- d-----w- c:\program files\trend micro
2012-03-02 17:56 . 2012-03-02 18:07 -------- d-----w- C:\rsit
2012-03-02 17:42 . 2012-03-02 17:42 -------- d-----w- c:\programdata\Malwarebytes
2012-03-02 17:42 . 2012-03-02 17:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-02 17:42 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-02 09:29 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52A9655A-8894-4AF3-8DC0-27F26750F5D1}\mpengine.dll
2012-03-01 18:02 . 2012-03-01 18:02 -------- d-----w- c:\program files\ophcrack
2012-03-01 17:21 . 2007-07-16 07:20 80936 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2012-03-01 17:21 . 2007-07-16 07:20 16168 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2012-03-01 17:21 . 2008-02-14 08:17 80424 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2012-03-01 17:21 . 2008-04-23 10:22 233472 ----a-w- c:\windows\system32\BtwRSupport.dll
2012-03-01 17:20 . 2012-03-01 17:20 -------- d-----w- c:\windows\system32\es-MX
2012-03-01 17:20 . 2012-03-01 17:20 -------- d-----w- c:\windows\system32\es-AR
2012-03-01 17:20 . 2012-03-01 17:20 -------- d-----w- c:\program files\WIDCOMM
2012-02-29 17:41 . 2012-02-29 17:41 -------- d-----w- c:\program files\Natalie Brooks - Poklad ztraceného království
2012-02-29 16:53 . 2012-02-29 16:54 -------- d-----w- c:\program files\U nas v praveku
2012-02-29 15:36 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-02-29 15:20 . 2012-02-29 15:20 -------- d-----w- c:\program files\Windows Portable Devices
2012-02-29 12:54 . 2012-02-29 12:54 -------- d-----w- c:\program files\CamStudio
2012-02-29 10:21 . 2012-02-29 10:21 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2012-02-29 09:45 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-02-29 09:45 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-02-29 09:45 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-02-29 09:43 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-02-29 09:43 . 2009-09-25 02:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-02-29 09:43 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-02-29 09:43 . 2009-09-25 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-02-29 09:43 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-02-29 09:43 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-02-29 09:43 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-02-28 18:27 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-02-28 18:26 . 2011-01-20 16:37 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-02-28 18:26 . 2011-01-20 14:14 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-02-28 18:26 . 2011-01-20 14:14 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-02-28 18:26 . 2011-01-20 14:14 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-02-28 18:26 . 2011-01-20 16:06 2873344 ----a-w- c:\windows\system32\mf.dll
2012-02-28 18:26 . 2011-01-20 16:07 37376 ----a-w- c:\windows\system32\cdd.dll
2012-02-28 18:26 . 2011-01-20 14:26 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-02-28 18:26 . 2011-01-20 16:04 209920 ----a-w- c:\windows\system32\mfplat.dll
2012-02-28 18:26 . 2011-01-20 16:07 586240 ----a-w- c:\windows\system32\stobject.dll
2012-02-28 18:26 . 2011-01-20 16:07 258048 ----a-w- c:\windows\system32\winspool.drv
2012-02-28 18:26 . 2011-01-20 16:06 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-02-28 18:26 . 2011-01-20 16:04 98816 ----a-w- c:\windows\system32\mfps.dll
2012-02-28 18:24 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-02-28 18:23 . 2011-01-20 16:08 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-28 18:23 . 2011-01-20 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-28 18:23 . 2011-01-20 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-28 18:23 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll
2012-02-28 18:23 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-28 18:23 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2012-02-28 18:23 . 2011-01-20 16:08 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-28 18:23 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll
2012-02-28 18:23 . 2011-01-20 14:11 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-02-28 18:23 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-02-28 18:23 . 2011-01-20 14:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2012-02-28 18:23 . 2011-01-20 14:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2012-02-28 18:21 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-02-28 18:19 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-02-28 18:19 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-28 18:17 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-02-28 18:15 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-28 18:15 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-02-28 18:15 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-02-28 18:15 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-02-28 18:15 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-02-28 18:15 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-02-28 18:15 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-02-28 18:15 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-02-28 18:15 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-02-28 18:15 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2012-02-28 18:15 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-02-28 18:14 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2012-02-28 18:14 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2012-02-28 18:14 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2012-02-28 18:14 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2012-02-28 18:14 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-02-28 18:13 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2012-02-28 16:01 . 2012-02-29 16:29 -------- d-----w- c:\program files\TopCD
2012-02-28 13:22 . 2012-02-28 21:46 -------- d-----w- c:\program files\BitTorrent
2012-02-28 13:13 . 2012-02-28 13:13 -------- d-----w- c:\programdata\TheBflix
2012-02-28 13:12 . 2012-02-28 13:13 -------- d-----w- c:\programdata\InstallMate
2012-02-28 12:52 . 2012-02-28 12:53 -------- d-----w- c:\windows\system32\ca-ES
2012-02-28 12:52 . 2012-02-28 12:53 -------- d-----w- c:\windows\system32\eu-ES
2012-02-28 12:52 . 2012-02-28 12:53 -------- d-----w- c:\windows\system32\vi-VN
2012-02-28 11:40 . 2012-02-28 11:40 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-02-28 11:40 . 2012-02-28 11:42 -------- d-----w- c:\program files\Hamachi
2012-02-27 12:57 . 2011-09-06 21:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-27 12:57 . 2011-09-06 21:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-27 12:57 . 2011-09-06 21:38 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-02-27 12:55 . 2011-09-06 21:37 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-02-27 12:55 . 2011-09-06 21:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-27 12:55 . 2011-09-06 21:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-27 12:55 . 2011-09-06 21:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-27 12:55 . 2011-09-06 21:36 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-27 12:54 . 2011-09-06 21:10 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-02-27 12:54 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr
2012-02-27 12:54 . 2011-09-06 21:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-27 12:53 . 2012-02-27 12:53 -------- d-----w- c:\programdata\AVAST Software
2012-02-27 12:53 . 2012-02-27 12:53 -------- d-----w- c:\program files\AVAST Software
2012-02-26 09:49 . 2012-02-26 09:49 515856 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-26 06:59 . 2012-02-26 06:59 -------- d-----w- c:\windows\system32\Macromed
2012-02-26 06:59 . 2012-02-26 06:59 -------- d-----w- c:\program files\XCasino v.3
2012-02-25 19:39 . 2005-11-29 12:58 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-02-25 19:39 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-02-25 11:02 . 2012-02-25 11:02 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2012-02-25 11:02 . 2012-02-25 11:02 -------- d-----w- c:\program files\Common Files\DivX Shared
2012-02-25 10:57 . 2012-02-25 11:03 -------- d-----w- c:\program files\DivX
2012-02-25 10:57 . 2012-02-25 11:03 -------- d-----w- c:\programdata\DivX
2012-02-25 10:56 . 2012-02-25 10:56 -------- d-----w- c:\program files\BabylonToolbar
2012-02-25 10:56 . 2012-02-25 10:57 1491 ----a-w- C:\user.js
2012-02-25 10:56 . 2012-02-25 10:56 -------- d-----w- c:\programdata\Babylon
2012-02-25 10:38 . 2012-02-25 10:42 -------- d-----w- c:\program files\The KMPlayer
2012-02-24 20:34 . 2012-02-24 20:34 -------- d-----w- c:\windows\system32\EventProviders
2012-02-24 16:12 . 2012-02-24 16:12 -------- d-----w- c:\program files\RevSkills
2012-02-23 08:01 . 2012-02-23 08:01 -------- d-----w- c:\program files\Microsoft.NET
2012-02-23 01:12 . 2009-11-08 09:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-02-23 01:12 . 2009-11-08 09:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-02-23 01:12 . 2009-11-08 09:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-02-23 01:12 . 2009-11-08 09:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-02-23 01:12 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-02-22 08:55 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2012-02-21 21:43 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2012-02-21 21:42 . 2009-04-11 06:28 558080 ----a-w- c:\windows\system32\sysmain.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-21 15:35 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2012-02-21 15:35 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2012-02-20 21:38 . 2012-02-20 21:38 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2012-02-19 13:41 . 2012-02-19 13:41 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2012-02-19 11:31 . 2012-02-19 11:31 5632 ----a-w- c:\windows\system32\drivers\UMDF\cs-CZ\WpdMtpDr.dll.mui
2012-02-19 11:31 . 2012-02-19 11:31 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\wd.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 4096 ----a-w- c:\windows\system32\drivers\cs-CZ\tpm.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 4096 ----a-w- c:\windows\system32\drivers\cs-CZ\SCR111.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 4096 ----a-w- c:\windows\system32\drivers\cs-CZ\scmstcs.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 4096 ----a-w- c:\windows\system32\drivers\cs-CZ\pscr.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 4096 ----a-w- c:\windows\system32\drivers\cs-CZ\grserial.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 3584 ----a-w- c:\windows\system32\drivers\cs-CZ\umbus.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 3584 ----a-w- c:\windows\system32\drivers\cs-CZ\stcusb.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 3584 ----a-w- c:\windows\system32\drivers\cs-CZ\gpr400.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 3072 ----a-w- c:\windows\system32\drivers\cs-CZ\serscan.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 3072 ----a-w- c:\windows\system32\drivers\cs-CZ\cxbp0wdm.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 3072 ----a-w- c:\windows\system32\drivers\cs-CZ\cmbp0wdm.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 14848 ----a-w- c:\windows\system32\drivers\cs-CZ\volsnap.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 5120 ----a-w- c:\windows\system32\drivers\cs-CZ\nv4_mini.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 4608 ----a-w- c:\windows\system32\drivers\cs-CZ\pcmcia.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 4608 ----a-w- c:\windows\system32\drivers\cs-CZ\ntrigdigi.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 9728 ----a-w- c:\windows\system32\drivers\cs-CZ\afd.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 6656 ----a-w- c:\windows\system32\drivers\cs-CZ\yk60x86.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 5632 ----a-w- c:\windows\system32\drivers\cs-CZ\sermouse.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 5632 ----a-w- c:\windows\system32\drivers\cs-CZ\bcm4sbxp.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 5632 ----a-w- c:\windows\system32\drivers\cs-CZ\b57nd60x.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 5120 ----a-w- c:\windows\system32\drivers\cs-CZ\e100b325.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 4608 ----a-w- c:\windows\system32\drivers\cs-CZ\msdsm.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 4608 ----a-w- c:\windows\system32\drivers\cs-CZ\mouclass.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 4096 ----a-w- c:\windows\system32\drivers\cs-CZ\parport.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 3584 ----a-w- c:\windows\system32\drivers\cs-CZ\scsiport.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 3584 ----a-w- c:\windows\system32\drivers\cs-CZ\rndismpx.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 33280 ----a-w- c:\windows\system32\drivers\cs-CZ\e1e6032.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 3072 ----a-w- c:\windows\system32\drivers\cs-CZ\parvdm.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 3072 ----a-w- c:\windows\system32\drivers\cs-CZ\mouhid.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\amdide.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 24064 ----a-w- c:\windows\system32\drivers\cs-CZ\mpio.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 17920 ----a-w- c:\windows\system32\drivers\cs-CZ\E1G60I32.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\wdf01000.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 4096 ----a-w- c:\windows\system32\drivers\cs-CZ\modem.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 3072 ----a-w- c:\windows\system32\drivers\cs-CZ\srv.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 10752 ----a-w- c:\windows\system32\drivers\cs-CZ\fvevol.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 3584 ----a-w- c:\windows\system32\drivers\cs-CZ\RNDISMP.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 3584 ----a-w- c:\windows\system32\drivers\cs-CZ\pacer.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 3072 ----a-w- c:\windows\system32\drivers\cs-CZ\qwavedrv.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 65536 ----a-w- c:\windows\system32\drivers\cs-CZ\ntfs.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 3584 ----a-w- c:\windows\system32\drivers\cs-CZ\nfsrdr.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 7168 ----a-w- c:\windows\system32\drivers\cs-CZ\luafv.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 4096 ----a-w- c:\windows\system32\drivers\cs-CZ\ipnat.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 4096 ----a-w- c:\windows\system32\drivers\cs-CZ\dxgkrnl.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 30720 ----a-w- c:\windows\system32\drivers\cs-CZ\http.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 5120 ----a-w- c:\windows\system32\drivers\cs-CZ\fltmgr.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 3072 ----a-w- c:\windows\system32\drivers\cs-CZ\pnpmem.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 9728 ----a-w- c:\windows\system32\drivers\cs-CZ\ltmdmnt.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 9728 ----a-w- c:\windows\system32\drivers\cs-CZ\BrSerId.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 9216 ----a-w- c:\windows\system32\drivers\cs-CZ\pci.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 7168 ----a-w- c:\windows\system32\drivers\cs-CZ\IPMIDrv.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 7168 ----a-w- c:\windows\system32\drivers\cs-CZ\bthport.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 5120 ----a-w- c:\windows\system32\drivers\cs-CZ\bthpan.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 4608 ----a-w- c:\windows\system32\drivers\cs-CZ\wacompen.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 4608 ----a-w- c:\windows\system32\drivers\cs-CZ\kbdclass.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 4096 ----a-w- c:\windows\system32\drivers\cs-CZ\isapnp.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 3584 ----a-w- c:\windows\system32\drivers\cs-CZ\mssmbios.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 3584 ----a-w- c:\windows\system32\drivers\cs-CZ\hidbth.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 3072 ----a-w- c:\windows\system32\drivers\cs-CZ\VIAAGP.SYS.mui
2012-02-19 11:31 . 2012-02-19 11:31 3072 ----a-w- c:\windows\system32\drivers\cs-CZ\ULIAGPKX.SYS.mui
2012-02-19 11:31 . 2012-02-19 11:31 3072 ----a-w- c:\windows\system32\drivers\cs-CZ\UAGP35.SYS.mui
2012-02-19 11:31 . 2012-02-19 11:31 3072 ----a-w- c:\windows\system32\drivers\cs-CZ\SISAGP.SYS.mui
2012-02-19 11:31 . 2012-02-19 11:31 3072 ----a-w- c:\windows\system32\drivers\cs-CZ\NV_AGP.SYS.mui
2012-02-19 11:31 . 2012-02-19 11:31 3072 ----a-w- c:\windows\system32\drivers\cs-CZ\kbdhid.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 3072 ----a-w- c:\windows\system32\drivers\cs-CZ\GAGP30KX.SYS.mui
2012-02-19 11:31 . 2012-02-19 11:31 3072 ----a-w- c:\windows\system32\drivers\cs-CZ\Dot4usb.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 3072 ----a-w- c:\windows\system32\drivers\cs-CZ\atikmdag.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 3072 ----a-w- c:\windows\system32\drivers\cs-CZ\ati2mtag.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 3072 ----a-w- c:\windows\system32\drivers\cs-CZ\ati2mpad.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 3072 ----a-w- c:\windows\system32\drivers\cs-CZ\AMDAGP.SYS.mui
2012-02-19 11:31 . 2012-02-19 11:31 3072 ----a-w- c:\windows\system32\drivers\cs-CZ\AGP440.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\BrParwdm.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 21504 ----a-w- c:\windows\system32\drivers\cs-CZ\viac7.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 21504 ----a-w- c:\windows\system32\drivers\cs-CZ\processr.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 21504 ----a-w- c:\windows\system32\drivers\cs-CZ\intelppm.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 21504 ----a-w- c:\windows\system32\drivers\cs-CZ\crusoe.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 21504 ----a-w- c:\windows\system32\drivers\cs-CZ\amdk8.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 21504 ----a-w- c:\windows\system32\drivers\cs-CZ\amdk7.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 12288 ----a-w- c:\windows\system32\drivers\cs-CZ\ohci1394.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 10240 ----a-w- c:\windows\system32\drivers\cs-CZ\serial.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 10240 ----a-w- c:\windows\system32\drivers\cs-CZ\i8042prt.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 10240 ----a-w- c:\windows\system32\drivers\cs-CZ\battc.sys.mui
2012-02-19 11:31 . 2012-02-19 11:31 10240 ----a-w- c:\windows\system32\drivers\cs-CZ\acpi.sys.mui
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9975C56F-480B-4861-8BEB-7E3CBF52F7B5}]
2012-02-23 15:48 141824 ----a-w- c:\programdata\TheBflix\bhoclass.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 15:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2012-02-28 6062960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-13 6814240]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-13 1833504]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-06-18 3559936]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-23 727592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ c:\program files\Acer Bio Protection\PwdFilter
.
[HKLM\~\startupfolder\C:^Users^Maminka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Power Meter Plus.lnk]
path=c:\users\Maminka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Power Meter Plus.lnk
backup=c:\windows\pss\Power Meter Plus.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-01-31 14:14 17147528 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096318204-266259592-556169611-1000Core.job
- c:\users\Maminka\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-19 10:28]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096318204-266259592-556169611-1000UA.job
- c:\users\Maminka\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-19 10:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com/?l=dis&o=15383
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 62.129.50.20 85.135.32.100
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-02 20:40
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(772)
c:\program files\Acer Bio Protection\PwdFilter.dll
.
Celkový čas: 2012-03-02 20:46:11
ComboFix-quarantined-files.txt 2012-03-02 19:46
.
Před spuštěním: Volných bajtů: 85 642 702 848
Po spuštění: Volných bajtů: 85 260 677 120
.
- - End Of File - - DD3F5526377D189AB060545A5E5AB809

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\program files\Ask.com
c:\programdata\TheBflix
c:\users\Maminka\AppData\Local\Google\Update

Collect::
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096318204-266259592-556169611-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096318204-266259592-556169611-1000UA.job

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.