Zavirované starší PC, virus vypíná přístup na internet

[Rudy]

Dejte nový log ComboFix.

[stenly25]

Se stejným scriptem jako posledně nebo bez ?

[Rudy]

Bez skriptu, normálně spusťte.

[stenly25]

Šmejd je tam "Ad-Aware Browsing Protection"

ComboFix 12-11-16.02 - Petr 16.11.2012 23:39:34.7.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1022.487 [GMT 1:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-16 do 2012-11-16 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 21:24 . 2006-03-13 20:01 21052 ----atw- c:\windows\system32\SIntfNT.dll
2012-11-14 21:24 . 2006-03-13 20:01 15144 ----atw- c:\windows\system32\SIntf32.dll
2012-11-14 21:24 . 2006-03-13 20:01 12067 ----atw- c:\windows\system32\SIntf16.dll
2012-10-31 17:10 . 2003-11-07 12:28 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-10-31 17:10 . 2003-11-07 12:28 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2012-10-22 19:57 . 2004-08-18 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-11 19:38 . 2012-04-09 06:40 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-11 19:38 . 2011-05-16 06:14 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-02 18:04 . 2004-08-18 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-08-28 15:18 . 2004-08-18 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2004-08-18 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-18 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2004-08-18 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27 . 2004-08-17 15:45 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-21 11:01 . 2009-09-17 19:41 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 11:01 . 2009-09-17 19:41 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-21 09:13 . 2011-03-03 20:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2010-09-13 19:58 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2010-09-13 19:58 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2010-09-13 19:58 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2010-09-13 19:58 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2010-09-13 19:58 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2010-09-13 19:58 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2010-09-13 19:58 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2010-09-13 19:57 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2010-09-13 19:57 227648 ----a-w- c:\windows\system32\aswBoot.exe
2004-10-01 14:00 . 2006-02-26 17:11 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2012-10-29 20:45 . 2012-10-29 20:45 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Startup Cleaner"="c:\program files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe" [2006-10-08 122880]
"ScreenManager Pro for LCD"="c:\program files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe" [2004-10-20 8925184]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-08 14565376]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"gcasServ"="c:\program files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 473928]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-10-08 203072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Data aplikací\Ad-Aware Browsing Protection\adawarebp.exe" [2012-08-08 540056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 136704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
VideoBrowser Camera Monitor.lnk - e:\pixela\CameraMonitor.exe [2012-5-13 425336]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Nástroje SMART Board.lnk]
backup=c:\windows\pss\Nástroje SMART Board.lnkCommon Startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\OziExplorer\\OziExp.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Codemasters\\Worms 4 Totalni narez\\Worms 4 Mayhem.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Honza\\steam\\steamapps\\popo0123456789\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3.3.2011 21:13 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13.9.2010 20:58 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.9.2010 20:58 21256]
R3 PAC207;e-Messenger 112;c:\windows\system32\drivers\PFC027.SYS [9.2.2009 16:12 616064]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate1c98d5c200745e8;Google Update Service (gupdate1c98d5c200745e8);c:\program files\Google\Update\GoogleUpdate.exe [12.2.2009 22:51 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 12:28 160944]
S3 AVerE506;AVerE506 service;c:\windows\system32\DRIVERS\AVerE506.sys --> c:\windows\system32\DRIVERS\AVerE506.sys [?]
S3 Desura Install Service;Desura Install Service;c:\program files\Common Files\Desura\desura_service.exe [23.7.2012 15:23 131912]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [7.2.2010 19:04 36608]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [19.10.2010 16:17 12400]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [31.8.2010 16:24 38224]
S3 PxDMSService;Network Utility;"c:\program files\PIXELA\Network Utility\PxDMSService.exe" --> c:\program files\PIXELA\Network Utility\PxDMSService.exe [?]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [19.10.2010 16:17 27632]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [12.11.2010 22:37 152064]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [7.2.2010 19:04 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [7.2.2010 19:04 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [7.2.2010 19:04 121856]
S3 w600bus;Sony Ericsson W600 driver (WDM);c:\windows\system32\drivers\w600bus.sys [15.8.2005 14:04 60928]
S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;c:\windows\system32\drivers\w600mdfl.sys [15.8.2005 14:04 8336]
S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;c:\windows\system32\drivers\w600mdm.sys [15.8.2005 14:04 96672]
S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers;c:\windows\system32\drivers\w600mgmt.sys [15.8.2005 14:04 88080]
S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\w600obex.sys [15.8.2005 14:04 85952]
S4 Pcouffin;Low level access layer for CD devices;c:\windows\system32\Drivers\Pcouffin.sys --> c:\windows\system32\Drivers\Pcouffin.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 19:38]
.
2012-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:57]
.
2012-11-16 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-08-14 09:12]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel
IE: Od&eslat do aplikace OneNote
TCP: DhcpNameServer = 192.168.2.254
TCP: Interfaces\{0446CF07-24EC-44FA-8C33-09384CB705B8}: NameServer = 62.240.178.250,10.0.0.1
FF - ProfilePath - c:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\nnum2yml.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: !HIDDEN! 2009-09-02 00:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-16 23:57
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(504)
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\msi.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~4\Office14\1029\GrooveIntlResource.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2012-11-17 00:02:59
ComboFix-quarantined-files.txt 2012-11-16 23:02
ComboFix2.txt 2012-11-10 16:08
ComboFix3.txt 2012-11-09 22:43
ComboFix4.txt 2012-11-09 21:46
.
Před spuštěním: Volných bajtů: 47 854 026 752
Po spuštění: Volných bajtů: 48 016 404 480
.
- - End Of File - - 259B58935A68723D4FF4075C1F340D2B

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\documents and settings\All Users\Data aplikací\Ad-Aware Browsing Protection

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Browsing Protection"=-

Driver::
Lavasoft Kernexplorer

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[stenly25]

Tady je log:
ComboFix 12-11-16.02 - Petr 17.11.2012 13:11:31.8.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1022.485 [GMT 1:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Petr\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_LAVASOFT_KERNEXPLORER
-------\Service_Lavasoft Kernexplorer
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-17 do 2012-11-17 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 21:24 . 2006-03-13 20:01 21052 ----atw- c:\windows\system32\SIntfNT.dll
2012-11-14 21:24 . 2006-03-13 20:01 15144 ----atw- c:\windows\system32\SIntf32.dll
2012-11-14 21:24 . 2006-03-13 20:01 12067 ----atw- c:\windows\system32\SIntf16.dll
2012-10-31 17:10 . 2003-11-07 12:28 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-10-31 17:10 . 2003-11-07 12:28 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2012-10-22 19:57 . 2004-08-18 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-11 19:38 . 2012-04-09 06:40 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-11 19:38 . 2011-05-16 06:14 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-02 18:04 . 2004-08-18 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-08-28 15:18 . 2004-08-18 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2004-08-18 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-18 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2004-08-18 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27 . 2004-08-17 15:45 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-21 11:01 . 2009-09-17 19:41 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 11:01 . 2009-09-17 19:41 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-21 09:13 . 2011-03-03 20:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2010-09-13 19:58 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2010-09-13 19:58 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2010-09-13 19:58 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2010-09-13 19:58 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2010-09-13 19:58 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2010-09-13 19:58 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2010-09-13 19:58 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2010-09-13 19:57 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2010-09-13 19:57 227648 ----a-w- c:\windows\system32\aswBoot.exe
2004-10-01 14:00 . 2006-02-26 17:11 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2012-10-29 20:45 . 2012-10-29 20:45 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Startup Cleaner"="c:\program files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe" [2006-10-08 122880]
"ScreenManager Pro for LCD"="c:\program files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe" [2004-10-20 8925184]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-08 14565376]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"gcasServ"="c:\program files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 473928]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-10-08 203072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 136704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
VideoBrowser Camera Monitor.lnk - e:\pixela\CameraMonitor.exe [2012-5-13 425336]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Nástroje SMART Board.lnk]
backup=c:\windows\pss\Nástroje SMART Board.lnkCommon Startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\OziExplorer\\OziExp.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Codemasters\\Worms 4 Totalni narez\\Worms 4 Mayhem.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Honza\\steam\\steamapps\\popo0123456789\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3.3.2011 21:13 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13.9.2010 20:58 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.9.2010 20:58 21256]
R3 PAC207;e-Messenger 112;c:\windows\system32\drivers\PFC027.SYS [9.2.2009 16:12 616064]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate1c98d5c200745e8;Google Update Service (gupdate1c98d5c200745e8);c:\program files\Google\Update\GoogleUpdate.exe [12.2.2009 22:51 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 12:28 160944]
S3 AVerE506;AVerE506 service;c:\windows\system32\DRIVERS\AVerE506.sys --> c:\windows\system32\DRIVERS\AVerE506.sys [?]
S3 Desura Install Service;Desura Install Service;c:\program files\Common Files\Desura\desura_service.exe [23.7.2012 15:23 131912]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [7.2.2010 19:04 36608]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [19.10.2010 16:17 12400]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [31.8.2010 16:24 38224]
S3 PxDMSService;Network Utility;"c:\program files\PIXELA\Network Utility\PxDMSService.exe" --> c:\program files\PIXELA\Network Utility\PxDMSService.exe [?]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [19.10.2010 16:17 27632]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [12.11.2010 22:37 152064]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [7.2.2010 19:04 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [7.2.2010 19:04 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [7.2.2010 19:04 121856]
S3 w600bus;Sony Ericsson W600 driver (WDM);c:\windows\system32\drivers\w600bus.sys [15.8.2005 14:04 60928]
S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;c:\windows\system32\drivers\w600mdfl.sys [15.8.2005 14:04 8336]
S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;c:\windows\system32\drivers\w600mdm.sys [15.8.2005 14:04 96672]
S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers;c:\windows\system32\drivers\w600mgmt.sys [15.8.2005 14:04 88080]
S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\w600obex.sys [15.8.2005 14:04 85952]
S4 Pcouffin;Low level access layer for CD devices;c:\windows\system32\Drivers\Pcouffin.sys --> c:\windows\system32\Drivers\Pcouffin.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 19:38]
.
2012-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:57]
.
2012-11-17 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-08-14 09:12]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel
IE: Od&eslat do aplikace OneNote
TCP: DhcpNameServer = 192.168.2.254
TCP: Interfaces\{0446CF07-24EC-44FA-8C33-09384CB705B8}: NameServer = 62.240.178.250,10.0.0.1
FF - ProfilePath - c:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\nnum2yml.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: !HIDDEN! 2009-09-02 00:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-17 13:32
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(4068)
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\msi.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~4\Office14\1029\GrooveIntlResource.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\program files\Microsoft AntiSpyware\gcasDtServ.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Celkový čas: 2012-11-17 13:37:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-17 12:37
ComboFix2.txt 2012-11-16 23:03
ComboFix3.txt 2012-11-10 16:08
ComboFix4.txt 2012-11-09 22:43
ComboFix5.txt 2012-11-17 12:09
.
Před spuštěním: Volných bajtů: 47 866 208 256
Po spuštění: Volných bajtů: 47 495 929 856
.
- - End Of File - - 9606338C61BCFBD89A8F0D4A713E46AC

[Rudy]

Log vypadá OK. Nastala nějaká změna?

[stenly25]

Zdá se, že ano.
Adaware již není v procesech, internet ok, budu sledovat a dám vědět za 2-3 dny.
Dám vědět

Díky moc
Petr

[Rudy]

Nemáte zač!

[stenly25]

Tak zatím OK, můžete zablokovat.
Ještě jednou díky
Petr

[Rudy]

Rádo se stalo!