RelevantKnowledge

[Milan12300]

Zdravím
Včera jsem instaloval nový program. A dneska spustím počítač a všiml jsem si, že se u hodin objevila nová ikonka s názvem "RelevantKnowledge". V instalaci (každou instalaci si podrobně čtu kvůli tomu, aby jsem neinstaloval různé toolbary...) se o žádném "RelevantKnowledge" vůbec nepsalo! Co to je za sajrajt ? Mám to odinstalovat ? Díky.

[Rudy]

RelevantKnowledge je skutečně sajrajt. Nejprve poprosím o log RSIT: http://forum.viry.cz/viewtopic.php?f=13&t=105895 .

[Milan12300]

Logfile of random's system information tool 1.09 (written by random/random)
Run by X at 2012-04-16 18:54:14
Microsoft Windows 7 Professional
System drive C: has 56 GB (37%) free of 153 GB
Total RAM: 2048 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:54:23, on 16.4.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Chameleon Manager\monitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\taskeng.exe
c:\program files\seznam.cz\postak.exe
c:\program files\windows sidebar\sidebar.exe
C:\Users\X\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\X\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\X\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\The KMPlayer\KMPlayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Users\X\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\X\Downloads\RSIT.exe
C:\Program Files\trend micro\X.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25432;
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O18 - Protocol: toolbarchrome - (no CLSID) - (no file)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

--
End of file - 1851 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-03-07 4241512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2011-12-13 11487848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=2
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=247
"NoInstrumentation"=1
"NoDrives"=0
"NoDriveAutoRun"=67108859

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"VIDC.MKVC"=KMVIDC32.DLL
"VIDC.FFDS"=ff_vfw.dll
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"vidc.tscc"=tsccvid.dll
"msacm.l3codec"=l3codecp.acm
"vidc.MPG4"=MPG4C32.dll
"vidc.MP42"=MPG4C32.dll
"vidc.MP43"=MPG4C32.dll
"VIDC.FPS1"=frapsvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.scr - open - "%1" /S "%3"

======List of files/folders created in the last 1 month======

2012-04-16 18:54:15 ----D---- C:\Program Files\trend micro
2012-04-16 18:54:14 ----D---- C:\rsit
2012-04-15 18:22:16 ----RD---- C:\Sandbox
2012-04-15 18:00:14 ----A---- C:\Windows\Sandboxie.ini
2012-04-15 14:39:32 ----D---- C:\Program Files\COMODO
2012-04-15 14:17:41 ----D---- C:\Users\X\AppData\Roaming\NeoSoftTools
2012-04-15 14:17:41 ----D---- C:\ProgramData\NeoSoftTools
2012-04-15 14:13:30 ----D---- C:\Program Files\Common Files\Chameleon Manager
2012-04-15 14:12:48 ----D---- C:\Program Files\Chameleon Startup Manager 3
2012-04-15 13:39:19 ----D---- C:\Program Files\RelevantKnowledge
2012-04-06 10:47:14 ----D---- C:\Users\X\AppData\Roaming\TP
2012-04-04 22:15:16 ----D---- C:\Program Files\Microsoft Silverlight
2012-04-02 17:04:18 ----D---- C:\Users\X\AppData\Roaming\f-secure
2012-04-01 11:27:44 ----A---- C:\Windows\system32\4467D9F.tmp
2012-04-01 11:27:43 ----A---- C:\Windows\system32\38d787E.tmp
2012-04-01 11:27:29 ----A---- C:\Windows\system32\36b4222.sys
2012-03-31 11:50:33 ----D---- C:\Program Files\DVD Shrink
2012-03-30 19:28:46 ----D---- C:\Program Files\Defraggler
2012-03-29 21:53:21 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2012-03-28 21:37:34 ----D---- C:\Users\X\AppData\Roaming\Ashampoo
2012-03-28 20:31:50 ----D---- C:\Program Files\Common Files\Java
2012-03-28 20:31:26 ----A---- C:\Windows\system32\javaws.exe
2012-03-28 20:31:26 ----A---- C:\Windows\system32\javaw.exe
2012-03-28 20:31:26 ----A---- C:\Windows\system32\java.exe
2012-03-28 18:22:22 ----D---- C:\ProgramData\Sun
2012-03-25 20:50:44 ----D---- C:\Users\X\AppData\Roaming\Malwarebytes
2012-03-25 12:04:34 ----A---- C:\ProgramData\mazuki.dll
2012-03-25 11:58:56 ----D---- C:\Program Files\Ashampoo
2012-03-19 22:39:53 ----D---- C:\Users\X\AppData\Roaming\Canneverbe Limited
2012-03-19 20:34:47 ----D---- C:\Users\X\AppData\Roaming\QuickScan
2012-03-19 19:11:52 ----A---- C:\Windows\system32\drivers\netio.sys
2012-03-17 23:06:28 ----A---- C:\Windows\system32\drivers\ElRawDsk.sys
2012-03-17 23:04:10 ----A---- C:\Windows\system32\mfc45.dll

======List of files/folders modified in the last 1 month======

2012-04-16 18:54:23 ----D---- C:\Windows\Prefetch
2012-04-16 18:54:15 ----RD---- C:\Program Files
2012-04-16 17:31:58 ----D---- C:\Windows\temp
2012-04-16 17:21:12 ----D---- C:\Windows\System32
2012-04-16 17:21:12 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-04-16 17:18:57 ----D---- C:\Windows\system32\Tasks
2012-04-16 17:16:13 ----SHD---- C:\Windows\Installer
2012-04-15 19:15:05 ----D---- C:\Windows\system32\config
2012-04-15 18:24:50 ----AD---- C:\Windows
2012-04-15 15:29:47 ----D---- C:\ProgramData
2012-04-15 15:29:46 ----D---- C:\Windows\system32\drivers
2012-04-15 15:27:41 ----D---- C:\Windows\system32\catroot2
2012-04-15 15:27:39 ----SHD---- C:\System Volume Information
2012-04-15 14:50:23 ----D---- C:\Windows\system32\catroot
2012-04-15 14:43:42 ----D---- C:\Windows\inf
2012-04-15 14:43:39 ----D---- C:\Windows\system32\DriverStore
2012-04-15 14:13:30 ----D---- C:\Program Files\Common Files
2012-04-12 21:56:01 ----AD---- C:\ProgramData\Temp
2012-04-12 20:43:20 ----D---- C:\Windows\Tasks
2012-04-12 20:21:17 ----SD---- C:\Users\X\AppData\Roaming\Microsoft
2012-04-12 20:21:16 ----D---- C:\Config.Msi
2012-04-10 22:16:19 ----D---- C:\WinFast WorkArea
2012-04-01 11:29:02 ----D---- C:\Windows\Minidump
2012-03-31 11:50:39 ----D---- C:\ProgramData\DVD Shrink
2012-03-29 18:34:26 ----D---- C:\Program Files\Seznam.cz
2012-03-28 21:03:35 ----D---- C:\Program Files\The KMPlayer
2012-03-28 20:54:22 ----D---- C:\Program Files\FileHippo.com
2012-03-28 20:37:41 ----D---- C:\Program Files\CCleaner
2012-03-28 20:31:15 ----A---- C:\Windows\system32\deployJava1.dll
2012-03-28 20:31:11 ----D---- C:\Program Files\Java
2012-03-28 15:30:41 ----D---- C:\Program Files\WinRAR
2012-03-25 19:31:30 ----DC---- C:\Windows\system32\DRVSTORE
2012-03-25 19:31:21 ----D---- C:\Windows\Help
2012-03-19 21:24:22 ----D---- C:\Windows\winsxs
2012-03-19 19:12:11 ----SD---- C:\ProgramData\Microsoft
2012-03-19 19:11:26 ----D---- C:\Windows\Logs
2012-03-17 22:26:10 ----D---- C:\Windows\system32\wbem
2012-03-17 22:25:19 ----D---- C:\Windows\system32\wfp
2012-03-17 22:25:17 ----D---- C:\Windows\AppCompat
2012-03-17 22:25:17 ----D---- C:\Users\X\AppData\Roaming\My Battle for Middle-earth Files
2012-03-17 22:25:11 ----SHD---- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-03-17 22:25:07 ----D---- C:\Windows\registration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2010-04-08 215656]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-02-11 473656]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2012-03-07 44376]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-03-07 612184]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-03-07 337880]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-03-07 53848]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 ElRawDisk;ElRawDisk; \??\C:\Windows\system32\drivers\ElRawDsk.sys [2011-08-11 20392]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-03-07 20696]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2011-12-13 3921448]
R3 NVNET;NVIDIA nForce Ethernet Driver; C:\Windows\system32\DRIVERS\nvmf6232.sys [2010-03-04 296936]
R3 ULCDRHlp;ULCDRHlp; C:\Windows\System32\Drivers\ULCDRHlp.sys [2004-12-23 27392]
R3 WFLR6654;WinFast DTV1800 H (XC3028); C:\Windows\system32\drivers\wfeaglxt.sys [2009-10-21 433920]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2010-04-27 22856]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2010-04-27 66632]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 36b4222;36b4222; \??\C:\Windows\system32\36b4222.sys [2012-04-01 54624]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 DrvAgent32;DrvAgent32; \??\C:\Windows\system32\Drivers\DrvAgent32.sys [2011-12-10 23456]
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2007-09-07 27672]
S3 hcdriver;EHCI Compliance Test Tool Device Driver; C:\Windows\system32\DRIVERS\hcdriver.sys [2012-01-27 50688]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2011-08-17 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2011-08-17 23168]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-14 347264]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-04-04 47360]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2011-08-17 8192]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2011-08-17 8192]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2010-04-27 15048]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-03-07 44768]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-26 136176]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-26 136176]
S4 NetMsmqActivator;@%SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 128848]
S4 NetPipeActivator;@%SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 128848]
S4 NetTcpActivator;@%SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 128848]
S4 nlsX86cc;NLS Service; C:\Windows\system32\NLSSRV32.EXE [2011-03-21 68928]
S4 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-10-15 1136448]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

[Rudy]

Je toho tam více, vč. rootkitu. Poprosím ještě o log ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[Milan12300]

ComboFix 12-04-16.02 - X 16.04.2012 20:13:24.3.1 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.2048.1308 [GMT 2:00]
Spuštěný z: c:\users\X\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\rlls.dll
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\rlvknlg.exe
c:\programdata\mazuki.dll
c:\users\X\AppData\Roaming\vso_ts_preview.xml
c:\windows\system32\38d787E.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RKHIT
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-16 do 2012-04-16 )))))))))))))))))))))))))))))))
.
.
2012-04-16 18:20 . 2012-04-16 18:23 -------- d-----w- c:\users\X\AppData\Local\temp
2012-04-16 18:20 . 2012-04-16 18:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-16 18:20 . 2012-04-16 18:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-16 16:54 . 2012-04-16 16:54 -------- d-----w- c:\program files\trend micro
2012-04-16 16:54 . 2012-04-16 16:54 -------- d-----w- C:\rsit
2012-04-15 16:22 . 2012-04-15 16:22 -------- d-----r- C:\Sandbox
2012-04-15 12:39 . 2012-04-15 12:40 -------- d-----w- c:\program files\COMODO
2012-04-15 12:17 . 2012-04-15 12:17 -------- d-----w- c:\users\X\AppData\Roaming\NeoSoftTools
2012-04-15 12:17 . 2012-04-15 12:17 -------- d-----w- c:\programdata\NeoSoftTools
2012-04-15 12:13 . 2012-04-15 12:13 -------- d-----w- c:\program files\Common Files\Chameleon Manager
2012-04-15 12:12 . 2012-04-15 12:13 -------- d-----w- c:\program files\Chameleon Startup Manager 3
2012-04-06 08:47 . 2012-04-06 08:47 -------- d-----w- c:\users\X\AppData\Roaming\TP
2012-04-04 20:15 . 2012-04-04 20:15 -------- d-----w- c:\program files\Microsoft Silverlight
2012-04-02 15:04 . 2012-04-02 15:04 -------- d-----w- c:\users\X\AppData\Roaming\f-secure
2012-04-01 09:27 . 2009-07-14 01:20 710720 ----a-w- c:\windows\system32\4467D9F.tmp
2012-04-01 09:27 . 2012-04-01 09:27 54624 ----a-w- c:\windows\system32\36b4222.sys
2012-03-31 09:50 . 2012-03-31 09:50 -------- d-----w- c:\program files\DVD Shrink
2012-03-30 17:28 . 2012-03-30 17:28 -------- d-----w- c:\program files\Defraggler
2012-03-29 19:53 . 2012-03-29 19:54 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-28 19:37 . 2012-04-05 21:35 -------- d-----w- c:\users\X\AppData\Roaming\Ashampoo
2012-03-28 19:34 . 2012-04-05 21:35 -------- d-----w- c:\users\X\AppData\Local\ashampoo
2012-03-28 18:31 . 2012-03-28 18:31 -------- d-----w- c:\program files\Common Files\Java
2012-03-25 18:50 . 2012-03-25 18:50 -------- d-----w- c:\users\X\AppData\Roaming\Malwarebytes
2012-03-25 17:13 . 2012-03-20 01:53 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6AFA046A-045A-484A-AC54-712FC0C766A9}\mpengine.dll
2012-03-25 10:52 . 2012-03-25 10:52 -------- d-----w- c:\users\X\AppData\Local\Mozilla
2012-03-25 09:58 . 2012-04-05 21:33 -------- d-----w- c:\program files\Ashampoo
2012-03-19 20:39 . 2012-03-19 20:39 -------- d-----w- c:\users\X\AppData\Roaming\Canneverbe Limited
2012-03-19 18:34 . 2012-03-19 18:34 -------- d-----w- c:\users\X\AppData\Roaming\QuickScan
2012-03-19 17:11 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2012-03-18 14:07 . 2012-03-18 14:07 22 --sha-w- c:\users\X\AppData\Roaming\Sys2662.Config.Repository.bin
2012-03-18 11:10 . 2012-04-13 17:45 -------- d-----w- c:\users\X\AppData\Local\CrashDumps
2012-03-17 21:06 . 2011-08-11 07:57 20392 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys
2012-03-17 21:04 . 2012-03-17 21:04 74703 ----a-w- c:\windows\system32\mfc45.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-29 19:54 . 2011-11-13 13:09 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-28 18:31 . 2011-10-28 20:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-15 17:46 . 2010-02-03 11:25 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-03-15 17:46 . 2010-02-03 11:25 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-03-07 00:15 . 2012-02-25 20:56 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2012-02-25 20:56 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2012-02-25 20:57 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2012-02-25 20:57 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2012-02-25 20:57 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-07 00:01 . 2012-02-25 20:57 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2012-02-25 20:56 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-07 00:01 . 2012-02-25 20:57 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-24 09:36 . 2011-12-04 19:21 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-02-23 07:18 . 2010-02-03 11:15 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-11 21:26 . 2010-02-06 20:22 473656 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-02-11 21:18 . 2012-02-11 21:18 830794 ----a-w- c:\windows\system32\spořič MEDIA TRADE.scr
2012-02-10 17:15 . 2012-02-10 17:15 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2012-02-08 16:23 . 2011-05-29 15:05 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-02-03 12:47 . 2012-02-03 12:47 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-01-27 13:44 . 2012-02-09 21:49 50688 ----a-w- c:\windows\system32\drivers\hcdriver.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
2011-12-13 15:58 11487848 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAP 10 Alpha"="c:\program files\DAP10\DAP.EXE" /STARTUP
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
R3 36b4222;36b4222;c:\windows\system32\36b4222.sys [2012-04-01 54624]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2011-12-09 23456]
R3 hcdriver;EHCI Compliance Test Tool Device Driver;c:\windows\system32\DRIVERS\hcdriver.sys [2012-01-27 50688]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-04-04 47360]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600]
R4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-26 136176]
R4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-26 136176]
R4 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-03-21 68928]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2011-08-11 20392]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
S3 WFLR6654;WinFast DTV1800 H (XC3028);c:\windows\system32\drivers\wfeaglxt.sys [2009-10-21 433920]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = http=127.0.0.1:25432;
TCP: DhcpNameServer = 10.0.0.138
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,a4,01,d1,8a,e6,e7,4d,92,90,0b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,a4,01,d1,8a,e6,e7,4d,92,90,0b,\
.
[HKEY_USERS\S-1-5-21-3887554259-2600576739-1838076180-1000\Software\Microsoft\Internet Explorer\MenuExt-\O(uë_fŹ3*N}Ź]
@="c:\\Users\\X\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-3887554259-2600576739-1838076180-1000\Software\Microsoft\Internet Explorer\MenuExt-\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@="c:\\Users\\X\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(196)
c:\program files\Common Files\Chameleon Manager\cham_ex32.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Chameleon Manager\monitor.exe
c:\windows\system32\conhost.exe
c:\program files\seznam.cz\postak.exe
c:\program files\windows sidebar\sidebar.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2012-04-16 20:27:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-16 18:27
.
Před spuštěním: Volných bajtů: 58 359 037 952
Po spuštění: Volných bajtů: 57 991 983 104
.
- - End Of File - - 871D9F4DDF6DE38A263CCF167D454949

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
c:\windows\system32\4467D9F.tmp
c:\windows\system32\36b4222.sys

Driver::
36b4222

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_USERS\S-1-5-21-3887554259-2600576739-1838076180-1000\Software\Microsoft\Internet Explorer\MenuExt-\O(uë_fŹ3*N}Ź]
[HKEY_USERS\S-1-5-21-3887554259-2600576739-1838076180-1000\Software\Microsoft\Internet Explorer\MenuExt-\O(uë_fŹ3*N}ŹhQčţ”Ąc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[Milan12300]

Udělal jsem to, jak píšete. Na konci mi CF napsal, abych se ujistil, že jsem připojen k internetu. Poté odeslal nějaký soubor k analýze a nic se neukázalo.

ComboFix 12-04-16.02 - X 16.04.2012 21:04:49.4.1 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.2048.1331 [GMT 2:00]
Spuštěný z: c:\users\X\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\X\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
file zipped: c:\windows\system32\36b4222.sys
file zipped: c:\windows\system32\4467D9F.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\36b4222.sys
c:\windows\system32\4467D9F.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_36b4222
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-16 do 2012-04-16 )))))))))))))))))))))))))))))))
.
.
2012-04-16 19:11 . 2012-04-16 19:13 -------- d-----w- c:\users\X\AppData\Local\temp
2012-04-16 19:11 . 2012-04-16 19:11 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-16 19:11 . 2012-04-16 19:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-16 16:54 . 2012-04-16 16:54 -------- d-----w- c:\program files\trend micro
2012-04-16 16:54 . 2012-04-16 16:54 -------- d-----w- C:\rsit
2012-04-15 16:22 . 2012-04-15 16:22 -------- d-----r- C:\Sandbox
2012-04-15 12:39 . 2012-04-15 12:40 -------- d-----w- c:\program files\COMODO
2012-04-15 12:17 . 2012-04-15 12:17 -------- d-----w- c:\users\X\AppData\Roaming\NeoSoftTools
2012-04-15 12:17 . 2012-04-15 12:17 -------- d-----w- c:\programdata\NeoSoftTools
2012-04-15 12:13 . 2012-04-15 12:13 -------- d-----w- c:\program files\Common Files\Chameleon Manager
2012-04-15 12:12 . 2012-04-15 12:13 -------- d-----w- c:\program files\Chameleon Startup Manager 3
2012-04-06 08:47 . 2012-04-06 08:47 -------- d-----w- c:\users\X\AppData\Roaming\TP
2012-04-04 20:15 . 2012-04-04 20:15 -------- d-----w- c:\program files\Microsoft Silverlight
2012-04-02 15:04 . 2012-04-02 15:04 -------- d-----w- c:\users\X\AppData\Roaming\f-secure
2012-03-31 09:50 . 2012-03-31 09:50 -------- d-----w- c:\program files\DVD Shrink
2012-03-30 17:28 . 2012-03-30 17:28 -------- d-----w- c:\program files\Defraggler
2012-03-29 19:53 . 2012-03-29 19:54 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-28 19:37 . 2012-04-05 21:35 -------- d-----w- c:\users\X\AppData\Roaming\Ashampoo
2012-03-28 19:34 . 2012-04-05 21:35 -------- d-----w- c:\users\X\AppData\Local\ashampoo
2012-03-28 18:31 . 2012-03-28 18:31 -------- d-----w- c:\program files\Common Files\Java
2012-03-25 18:50 . 2012-03-25 18:50 -------- d-----w- c:\users\X\AppData\Roaming\Malwarebytes
2012-03-25 17:13 . 2012-03-20 01:53 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6AFA046A-045A-484A-AC54-712FC0C766A9}\mpengine.dll
2012-03-25 10:52 . 2012-03-25 10:52 -------- d-----w- c:\users\X\AppData\Local\Mozilla
2012-03-25 09:58 . 2012-04-05 21:33 -------- d-----w- c:\program files\Ashampoo
2012-03-19 20:39 . 2012-03-19 20:39 -------- d-----w- c:\users\X\AppData\Roaming\Canneverbe Limited
2012-03-19 18:34 . 2012-03-19 18:34 -------- d-----w- c:\users\X\AppData\Roaming\QuickScan
2012-03-19 17:11 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2012-03-18 14:07 . 2012-03-18 14:07 22 --sha-w- c:\users\X\AppData\Roaming\Sys2662.Config.Repository.bin
2012-03-18 11:10 . 2012-04-13 17:45 -------- d-----w- c:\users\X\AppData\Local\CrashDumps
2012-03-17 21:06 . 2011-08-11 07:57 20392 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys
2012-03-17 21:04 . 2012-03-17 21:04 74703 ----a-w- c:\windows\system32\mfc45.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-29 19:54 . 2011-11-13 13:09 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-28 18:31 . 2011-10-28 20:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-15 17:46 . 2010-02-03 11:25 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-03-15 17:46 . 2010-02-03 11:25 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-03-07 00:15 . 2012-02-25 20:56 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2012-02-25 20:56 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2012-02-25 20:57 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2012-02-25 20:57 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2012-02-25 20:57 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-07 00:01 . 2012-02-25 20:57 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2012-02-25 20:56 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-07 00:01 . 2012-02-25 20:57 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-24 09:36 . 2011-12-04 19:21 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-02-23 07:18 . 2010-02-03 11:15 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-11 21:26 . 2010-02-06 20:22 473656 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-02-11 21:18 . 2012-02-11 21:18 830794 ----a-w- c:\windows\system32\spořič MEDIA TRADE.scr
2012-02-10 17:15 . 2012-02-10 17:15 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2012-02-08 16:23 . 2011-05-29 15:05 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-02-03 12:47 . 2012-02-03 12:47 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-01-27 13:44 . 2012-02-09 21:49 50688 ----a-w- c:\windows\system32\drivers\hcdriver.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-16_18.22.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:55 . 2012-04-16 19:15 57584 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-03 10:58 . 2012-04-16 19:15 29874 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3887554259-2600576739-1838076180-1000_UserData.bin
+ 2010-02-03 10:52 . 2012-04-16 19:13 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-03 10:52 . 2012-04-16 18:22 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:41 . 2012-04-16 18:22 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2012-04-16 19:13 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-03 12:05 . 2012-04-16 19:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-03 12:05 . 2012-04-16 15:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-03 12:05 . 2012-04-16 19:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-03 12:05 . 2012-04-16 15:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-16 15:16 . 2012-04-16 18:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-16 15:16 . 2012-04-16 19:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-16 15:16 . 2012-04-16 19:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-16 15:16 . 2012-04-16 18:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-02-03 10:52 . 2012-04-16 18:22 425984 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-03 10:52 . 2012-04-16 19:13 425984 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 02:05 . 2012-04-16 18:27 2046258 c:\windows\System32\perfh009.dat
+ 2009-07-14 08:44 . 2012-04-16 18:27 4431618 c:\windows\System32\perfh005.dat
+ 2009-07-14 02:05 . 2012-04-16 18:27 1370306 c:\windows\System32\perfc009.dat
+ 2009-07-14 08:44 . 2012-04-16 18:27 1437284 c:\windows\System32\perfc005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
2011-12-13 15:58 11487848 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAP 10 Alpha"="c:\program files\DAP10\DAP.EXE" /STARTUP
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
R3 CFcatchme;CFcatchme;c:\users\X\AppData\Local\Temp\CFcatchme.sys [x]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2011-12-09 23456]
R3 hcdriver;EHCI Compliance Test Tool Device Driver;c:\windows\system32\DRIVERS\hcdriver.sys [2012-01-27 50688]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-04-04 47360]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600]
R4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-26 136176]
R4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-26 136176]
R4 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-03-21 68928]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2011-08-11 20392]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
S3 WFLR6654;WinFast DTV1800 H (XC3028);c:\windows\system32\drivers\wfeaglxt.sys [2009-10-21 433920]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = http=127.0.0.1:25432;
TCP: DhcpNameServer = 10.0.0.138
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3887554259-2600576739-1838076180-1000\Software\Microsoft\Internet Explorer\MenuExt-\O(uë_fŹ3*N}Ź]
@="c:\\Users\\X\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-3887554259-2600576739-1838076180-1000\Software\Microsoft\Internet Explorer\MenuExt-\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@="c:\\Users\\X\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(196)
c:\program files\Common Files\Chameleon Manager\cham_ex32.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Chameleon Manager\monitor.exe
c:\windows\system32\conhost.exe
c:\program files\seznam.cz\postak.exe
c:\program files\windows sidebar\sidebar.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2012-04-16 21:18:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-16 19:18
ComboFix2.txt 2012-04-16 18:27
.
Před spuštěním: Volných bajtů: 58 039 853 056
Po spuštění: Volných bajtů: 57 986 269 184
.
- - End Of File - - FF09B960FFC4BF48793B7896647891DA
Nahr nˇ probŘhlo ŁspŘçnŘ

[Rudy]

Log již vypadá čistý. Kromě RK byly v systému ještě 2 rootkity a nějaký ten trojan.

[Milan12300]

To je neuvěřitelné, co všechno se dá vyčíst z logu... Mimochodem moc děkuji.

[Rudy]

Jde to. Jen je třeba vědět, co vyhodit. Nemáte zač!