Výpadky internetu

Zpráva

TheMarwin · #1 Příspěvek od **TheMarwin** » 26 úno 2013 21:43

Zdravím, mám problém s výpadkami internetu zakaždým, keď spustím program Skype poprípade uTorrent a takisto sa mi poslednú dobu zdá netbook až príliš spomalený, tak vás chcem poprosiť o kontrolu. Vopred ďakujem za radu...

LOG z RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Marwin at 2013-02-26 21:40:00
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 30 GB (21%) free of 141 GB
Total RAM: 1013 MB (35% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3958095517-1180395095-3134616843-1006Core.job
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3958095517-1180395095-3134616843-1006UA.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3958095517-1180395095-3134616843-1006Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3958095517-1180395095-3134616843-1006UA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-869365757-1726409691-3697291689-1006Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-869365757-1726409691-3697291689-1006UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-10-19 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v sieti Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-10-19 155384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-11-16 141336]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-11-16 173592]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-11-16 141336]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-06-04 186904]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-03-12 19521056]
"AzMixerSel"=C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe [2009-12-11 59936]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-14 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-02-05 1692968]
"SNUVCDSM"=C:\WINDOWS\snuvcdsm.exe [2009-12-14 30080]
"snp2uvc"=C:\WINDOWS\system32\csnp2uvc.dll [2009-12-14 202112]
"PLFSetL"=C:\WINDOWS\PLFSetL.exe [2009-12-14 99712]
"LManager"=C:\Program Files\Launch Manager\LManager.exe [2010-04-08 908368]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2013-02-12 385248]
"MessengerPlusForSkypeService"=C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2013-01-23 125952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]
"Facebook Update"=C:\Documents and Settings\Marwin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-01-28 138096]
"Google Update"=C:\Documents and Settings\Marwin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-10-15 116648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-11-11 205312]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSecurityTab"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\PANDORA.TV\PanService\PandoraService.exe"="C:\Program Files\PANDORA.TV\PanService\PandoraService.exe:*:Enabled:PandoraService"
"C:\Program Files\Acer\Acer VCM\VC.exe"="C:\Program Files\Acer\Acer VCM\VC.exe:*:Enabled:Acer Video Quality Enhancement"
"C:\Documents and Settings\Marwin\Local Settings\Application Data\AntikVirtualSTB\AntikVirtualSTB.exe"="C:\Documents and Settings\Marwin\Local Settings\Application Data\AntikVirtualSTB\AntikVirtualSTB.exe:*:Enabled:AntikVirtualSTB"
"C:\Documents and Settings\Marwin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Marwin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player 2.0.4"
"E:\PVR\setup\hpznui01.exe"="E:\PVR\setup\hpznui01.exe:*:Enabled:hpznui01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Documents and Settings\Marwin\Application Data\uTorrent\uTorrent.exe"="C:\Documents and Settings\Marwin\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\PVR\setup\hpznui01.exe"="E:\PVR\setup\hpznui01.exe:*:Enabled:hpznui01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{acc2f4b4-1a18-11e2-a2ae-78e400d4ee07}]
shell\AutoRun\command - D:\LaunchU3.exe -a

======List of files/folders created in the last 1 months======

2013-02-26 21:40:00 ----D---- C:\rsit
2013-02-26 21:36:57 ----D---- C:\Program Files\trend micro
2013-02-26 15:13:39 ----D---- C:\Documents and Settings\All Users\Application Data\Messenger Plus! for Skype
2013-02-26 15:13:17 ----D---- C:\Program Files\Yuna Software
2013-02-25 23:45:53 ----A---- C:\WINDOWS\system32\MSSTDFMT.DLL
2013-02-25 23:21:47 ----D---- C:\Documents and Settings\All Users\Application Data\KEY
2013-02-11 17:06:07 ----D---- C:\Documents and Settings\Marwin\Application Data\uTorrent
2013-02-07 16:58:05 ----D---- C:\Documents and Settings\Marwin\Application Data\SuperHideIP
2013-02-07 16:58:05 ----D---- C:\Documents and Settings\All Users\Application Data\SuperHideIP
2013-02-07 16:57:48 ----D---- C:\Documents and Settings\Marwin\Application Data\RealHideIP
2013-02-07 16:57:48 ----D---- C:\Documents and Settings\All Users\Application Data\RealHideIP
2013-02-07 16:55:51 ----D---- C:\Documents and Settings\Marwin\Application Data\HideIPEasy
2013-02-07 16:51:54 ----D---- C:\Program Files\HideIPEasy
2013-02-07 16:49:09 ----D---- C:\Documents and Settings\Marwin\Application Data\FreeHideIP
2013-02-07 16:49:09 ----D---- C:\Documents and Settings\All Users\Application Data\FreeHideIP
2013-02-06 02:26:54 ----D---- C:\Program Files\Mozilla Firefox
2013-02-06 02:00:56 ----D---- C:\Program Files\VS Revo Group
2013-02-05 10:32:30 ----D---- C:\Documents and Settings\Marwin\Application Data\HP
2013-02-05 10:27:09 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2013-02-05 10:26:52 ----D---- C:\Program Files\Common Files\HP
2013-02-05 10:26:50 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2013-02-05 10:26:31 ----D---- C:\WINDOWS\hpoj4500g510n-z
2013-02-05 10:25:27 ----HD---- C:\Config.Msi
2013-02-05 10:25:02 ----D---- C:\Program Files\HP
2013-02-03 10:54:19 ----D---- C:\Documents and Settings\Marwin\Application Data\B1Toolbar
2013-02-02 17:26:34 ----D---- C:\Documents and Settings\Marwin\Application Data\Rainmeter
2013-02-02 17:25:55 ----D---- C:\Documents and Settings\All Users\Application Data\Package Cache
2013-02-02 16:50:56 ----HD---- C:\Documents and Settings\All Users\Application Data\Common Files
2013-02-02 16:50:53 ----D---- C:\Documents and Settings\Marwin\Application Data\Stardock

======List of files/folders modified in the last 1 months======

2013-02-26 21:39:01 ----A---- C:\WINDOWS\wincmd.ini
2013-02-26 21:36:57 ----RD---- C:\Program Files
2013-02-26 21:24:55 ----D---- C:\WINDOWS\system32\drivers
2013-02-26 21:13:37 ----D---- C:\WINDOWS\Temp
2013-02-26 19:37:54 ----D---- C:\Documents and Settings\Marwin\Application Data\Skype
2013-02-26 18:03:48 ----SD---- C:\Documents and Settings\Marwin\Application Data\Microsoft
2013-02-26 18:03:47 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-02-26 16:37:22 ----D---- C:\WINDOWS\Microsoft.NET
2013-02-26 16:37:21 ----RSD---- C:\WINDOWS\assembly
2013-02-26 15:16:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-02-26 08:17:59 ----SHD---- C:\WINDOWS\Installer
2013-02-26 08:17:55 ----D---- C:\Documents and Settings\Marwin\Application Data\Mozilla
2013-02-26 07:56:25 ----D---- C:\WINDOWS
2013-02-26 00:34:10 ----D---- C:\Documents and Settings\Marwin\Application Data\vlc
2013-02-26 00:06:16 ----AD---- C:\WINDOWS\system32
2013-02-26 00:06:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-02-25 23:59:22 ----D---- C:\WINDOWS\WinSxS
2013-02-25 23:51:19 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2013-02-25 23:32:52 ----D---- C:\WINDOWS\Prefetch
2013-02-25 23:01:15 ----D---- C:\Program Files\The KMPlayer
2013-02-23 13:43:42 ----D---- C:\WINDOWS\system32\CatRoot2
2013-02-16 10:24:39 ----D---- C:\Program Files\Google
2013-02-15 13:06:53 ----D---- C:\Documents and Settings\Marwin\Application Data\U3
2013-02-06 08:31:21 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-02-05 10:30:27 ----D---- C:\WINDOWS\twain_32
2013-02-05 10:29:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-02-05 10:27:49 ----D---- C:\WINDOWS\system32\CatRoot
2013-02-05 10:26:52 ----D---- C:\Program Files\Common Files
2013-02-05 10:25:57 ----DC---- C:\WINDOWS\system32\DRVSTORE
2013-02-05 10:18:43 ----D---- C:\WINDOWS\system32\FxsTmp
2013-02-02 17:54:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-02-02 16:56:13 ----HD---- C:\Program Files\InstallShield Installation Information
2013-01-31 23:03:14 ----D---- C:\Documents and Settings\Marwin\Application Data\DAEMON Tools Lite
2013-01-31 19:18:07 ----D---- C:\WINDOWS\system32\wbem
2013-01-31 19:13:59 ----D---- C:\WINDOWS\SHELLNEW
2013-01-31 19:12:47 ----HD---- C:\WINDOWS\inf
2013-01-29 18:55:05 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2013-01-29 18:54:59 ----RD---- C:\Program Files\Skype
2013-01-28 20:24:55 ----SD---- C:\WINDOWS\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-12-11 134336]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2012-11-13 36552]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2012-10-22 242240]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2012-08-27 28520]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2012-12-11 83944]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2010-01-05 1602856]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-11-11 1751424]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-03-12 5867040]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1c51x86.sys [2010-03-04 60456]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2009-12-14 1766784]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2010-02-05 242992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 EUCR;EUCR; C:\WINDOWS\system32\DRIVERS\EUCR6SK.SYS [2010-03-02 108752]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 atapi;Standard IDE/ESDI Hard Disk Controller; C:\WINDOWS\system32\DRIVERS\atapi.sys [2008-04-14 96512]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2008-04-14 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2013-02-12 110816]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2013-02-12 86752]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files\Launch Manager\dsiwmis.exe [2010-04-08 312400]
R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-06-04 354840]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2012-10-19 161768]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MsgPlusService;Messenger Plus! Service; C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2013-01-23 125952]
R2 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
R2 Updater Service;Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-27 135664]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-01-08 161536]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-09 250808]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-27 135664]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-09 136120]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-02-06 115608]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 26 úno 2013 22:14

Zdravím!
Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

TheMarwin · #3 Příspěvek od **TheMarwin** » 26 úno 2013 22:55

ComboFix 13-02-26.01 - Marwin 26.02.2013 22:42:21.1.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1013.518 [GMT 1:00]
Running from: c:\documents and settings\Marwin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\FullRemove.exe
c:\windows\IsUn0405.exe
c:\windows\system32\MUI\041b\tourstart.exe
c:\windows\system32\spool\prtprocs\w32x86\ActPrint.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-01-26 to 2013-02-26 )))))))))))))))))))))))))))))))
.
.
2013-02-26 20:40 . 2013-02-26 20:40 -------- d-----w- C:\rsit
2013-02-26 20:36 . 2013-02-26 20:40 -------- d-----w- c:\program files\trend micro
2013-02-26 14:13 . 2013-02-26 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus! for Skype
2013-02-26 14:13 . 2013-02-26 14:13 -------- d-----w- c:\program files\Yuna Software
2013-02-25 22:45 . 2004-02-22 22:00 119808 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2013-02-25 22:21 . 2013-02-25 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\KEY
2013-02-11 16:06 . 2013-02-26 20:58 -------- d-----w- c:\documents and settings\Marwin\Application Data\uTorrent
2013-02-07 15:58 . 2013-02-07 16:05 -------- d-----w- c:\documents and settings\Marwin\Application Data\SuperHideIP
2013-02-07 15:58 . 2013-02-07 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SuperHideIP
2013-02-07 15:57 . 2013-02-08 08:28 -------- d-----w- c:\documents and settings\Marwin\Application Data\RealHideIP
2013-02-07 15:57 . 2013-02-08 08:28 -------- d-----w- c:\documents and settings\All Users\Application Data\RealHideIP
2013-02-07 15:55 . 2013-02-07 15:55 -------- d-----w- c:\documents and settings\Marwin\Application Data\HideIPEasy
2013-02-07 15:51 . 2013-02-07 15:52 -------- d-----w- c:\program files\HideIPEasy
2013-02-07 15:49 . 2013-02-07 16:01 -------- d-----w- c:\documents and settings\Marwin\Application Data\FreeHideIP
2013-02-07 15:49 . 2013-02-07 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeHideIP
2013-02-06 01:00 . 2013-02-06 01:00 -------- d-----w- c:\program files\VS Revo Group
2013-02-05 09:32 . 2013-02-05 09:32 -------- d-----w- c:\documents and settings\Marwin\Application Data\HP
2013-02-05 09:29 . 2001-08-17 12:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2013-02-05 09:29 . 2001-08-17 12:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2013-02-05 09:27 . 2013-02-05 09:27 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2013-02-05 09:26 . 2013-02-05 09:26 -------- d-----w- c:\program files\Common Files\HP
2013-02-05 09:26 . 2013-02-05 09:26 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2013-02-05 09:26 . 2013-02-05 09:26 -------- d-----w- c:\windows\hpoj4500g510n-z
2013-02-05 09:25 . 2013-02-05 09:25 -------- d-----w- c:\program files\HP
2013-02-03 09:54 . 2013-02-03 09:54 -------- d-----w- c:\documents and settings\Marwin\Local Settings\Application Data\B1E
2013-02-03 09:54 . 2013-02-03 09:54 -------- d-----w- c:\documents and settings\Marwin\Application Data\B1Toolbar
2013-02-02 16:26 . 2013-02-26 20:30 -------- d-----w- c:\documents and settings\Marwin\Application Data\Rainmeter
2013-02-02 16:25 . 2013-02-02 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Package Cache
2013-02-02 15:51 . 2013-02-02 15:51 -------- d-----w- c:\documents and settings\Marwin\Local Settings\Application Data\Stardock
2013-02-02 15:50 . 2013-02-02 15:50 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2013-02-02 15:50 . 2013-02-02 15:51 -------- d-----w- c:\documents and settings\Marwin\Application Data\Stardock
2013-01-28 19:24 . 2013-01-28 19:25 -------- d-----w- c:\documents and settings\Marwin\Local Settings\Application Data\Facebook
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 15:49 . 2012-10-19 12:34 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-11 13:24 . 2012-10-16 08:38 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-11 13:24 . 2012-10-16 08:38 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-02-06 01:27 . 2013-02-06 01:26 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Facebook Update"="c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2013-01-28 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-16 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-16 141336]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"SNUVCDSM"="c:\windows\snuvcdsm.exe" [2009-12-14 30080]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2009-12-14 202112]
"PLFSetL"="c:\windows\PLFSetL.exe" [2009-12-14 99712]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-04-08 908368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-02-12 385248]
"MessengerPlusForSkypeService"="c:\program files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [2013-01-23 125952]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer VCM\\VC.exe"=
"c:\\Documents and Settings\\Marwin\\Local Settings\\Application Data\\AntikVirtualSTB\\AntikVirtualSTB.exe"=
"c:\\Documents and Settings\\Marwin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Documents and Settings\\Marwin\\Application Data\\uTorrent\\uTorrent.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [16.10.2012 9:38 36552]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [22.10.2012 7:33 242240]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [16.10.2012 9:38 86752]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [21.5.2010 19:11 312400]
R2 MsgPlusService;Messenger Plus! Service;c:\program files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [26.2.2013 15:13 125952]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [21.5.2010 11:30 260640]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [21.5.2010 11:08 243232]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [22.4.2010 5:16 60456]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19.10.2012 13:34 682344]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [8.1.2013 12:55 161536]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21.5.2010 10:50 1691480]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [21.5.2010 10:52 108752]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19.10.2012 13:34 21104]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MSGPLUSSERVICE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-26 20:47 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.12\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 01:13]
.
2013-02-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3958095517-1180395095-3134616843-1006Core.job
- c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-01-28 19:24]
.
2013-02-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3958095517-1180395095-3134616843-1006UA.job
- c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-01-28 19:24]
.
2013-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 17:15]
.
2013-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 17:15]
.
2013-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3958095517-1180395095-3134616843-1006Core.job
- c:\documents and settings\Marwin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-12-08 20:37]
.
2013-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3958095517-1180395095-3134616843-1006UA.job
- c:\documents and settings\Marwin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-12-08 20:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Connection Wizard,ShellNext = hxxp://login.yahoo.com/config/reset_cookies_token?.token=UDjBaGuS6JRjNCS8CS0RHumX4QJcrshXxRCYCdAHx7TpIJ4sEjiydlC58_QaJw5lk2bQfH9Qxjm6Xx7IdeFwqFuq7lpsn9raUGjKKCzrHOgGVydlBp2c_sIH9ci2tUedYl.t8DRx_QYV4UTLj.5bWDUVzAQWfj04wzkaXb7kIgD5KG7ooFRIwyb_3EVwsgGnX6W7dzK4TD.Z0t5rjE.3ngzauHetDADZXdu.a3CAvKf2cNg6XmltneZfgYHamMqd.lGJi_aY3aDIP48sNd8cciIctNxAHFhtU6o49tQUG3uaXxzQr_ivqFKQwVsnTsDeL7MtARK3H7H4gF1gWs8PNDzPxfPLKZ7SX6t82mrl5FSNsVimjcNFhcA0nRYNUfwK8sSS.1yizwxBnmueHrRFt8VttaYpTC2_O7ZRPKRQ27fvK1aHUKqfMz.OQHekTcQfxlDLjfkLTWyguwW4UCBop4ZlrZ3g1HiIilSmAf9uo3fcSPyiUJ7YX8R1OaO5cftZRC9x4YYFdvWI21AHKKafiT7Ri1.0Al.0LEsOHXugNkM2EfOqAOoNnmT_17OiBPE5JpgwTCB_r2PbHr4Kips7TuHVRHjfngj1eiT2p9xPj18v.qYSrOcqB93.Svxf6KdNqmY-&.done=http%3A%2F%2Fprofiles%2Eyahoo%2Ecom%2Fedit%2F
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Marwin\Application Data\Mozilla\Firefox\Profiles\zwx6znin.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-02-06 01:08; {CCE2B3E0-5E83-4eff-B221-214DE205AD7F}; c:\documents and settings\Marwin\Application Data\Mozilla\Firefox\Profiles\zwx6znin.default\extensions\{CCE2B3E0-5E83-4eff-B221-214DE205AD7F}.xpi
FF - ExtSQL: 2013-02-06 02:08; fbchathistory@firechm.com; c:\documents and settings\Marwin\Application Data\Mozilla\Firefox\Profiles\zwx6znin.default\extensions\fbchathistory@firechm.com.xpi
FF - ExtSQL: 2013-02-07 16:50; support@free-hideip.com; c:\documents and settings\Marwin\Application Data\Mozilla\Firefox\Profiles\zwx6znin.default\extensions\support@free-hideip.com.xpi
FF - ExtSQL: 2013-02-07 16:57; support@easy-hideip.com; c:\documents and settings\Marwin\Application Data\Mozilla\Firefox\Profiles\zwx6znin.default\extensions\support@easy-hideip.com.xpi
FF - ExtSQL: 2013-02-07 16:58; support@real-hide-ip.com; c:\documents and settings\Marwin\Application Data\Mozilla\Firefox\Profiles\zwx6znin.default\extensions\support@real-hide-ip.com.xpi
FF - ExtSQL: 2013-02-07 16:58; support@super-hide-ip.com; c:\documents and settings\Marwin\Application Data\Mozilla\Firefox\Profiles\zwx6znin.default\extensions\support@super-hide-ip.com.xpi
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-26 22:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\igfxdev.dll
.
Completion time: 2013-02-26 22:52:20
ComboFix-quarantined-files.txt 2013-02-26 21:52
.
Pre-Run: 31 672 598 528 bytes free
Post-Run: 32 267 247 616 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 0DE05208167C039F23E4D3ABF090B5FE

#4 Příspěvek od **Rudy** » 26 úno 2013 23:13

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3958095517-1180395095-3134616843-1006Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3958095517-1180395095-3134616843-1006UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3958095517-1180395095-3134616843-1006Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3958095517-1180395095-3134616843-1006UA.job

Folder::
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=-

Firefox::
FF - ProfilePath - c:\documents and settings\Marwin\Application Data\Mozilla\Firefox\Profiles\zwx6znin.default\
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-02-06 01:08; {CCE2B3E0-5E83-4eff-B221-214DE205AD7F}; c:\documents and settings\Marwin\Application Data\Mozilla\Firefox\Profiles\zwx6znin.default\extensions\{CCE2B3E0-5E83-4eff-B221-214DE205AD7F}.xpi
FF - ExtSQL: 2013-02-06 02:08; fbchathistory@firechm.com; c:\documents and settings\Marwin\Application Data\Mozilla\Firefox\Profiles\zwx6znin.default\extensions\fbchathistory@firechm.com.xpi
FF - ExtSQL: 2013-02-07 16:50; support@free-hideip.com; c:\documents and settings\Marwin\Application Data\Mozilla\Firefox\Profiles\zwx6znin.default\extensions\support@free-hideip.com.xpi
FF - ExtSQL: 2013-02-07 16:57; support@easy-hideip.com; c:\documents and settings\Marwin\Application Data\Mozilla\Firefox\Profiles\zwx6znin.default\extensions\support@easy-hideip.com.xpi
FF - ExtSQL: 2013-02-07 16:58; support@real-hide-ip.com; c:\documents and settings\Marwin\Application Data\Mozilla\Firefox\Profiles\zwx6znin.default\extensions\support@real-hide-ip.com.xpi
FF - ExtSQL: 2013-02-07 16:58; support@super-hide-ip.com; c:\documents and settings\Marwin\Application Data\Mozilla\Firefox\Profiles\zwx6znin.default\extensions\support@super-hide-ip.com.xpi

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

TheMarwin · #5 Příspěvek od **TheMarwin** » 27 úno 2013 03:57

ComboFix 13-02-26.01 - Marwin 26.02.2013 23:27:37.2.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1013.413 [GMT 1:00]
Running from: c:\documents and settings\Marwin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Marwin\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3958095517-1180395095-3134616843-1006Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3958095517-1180395095-3134616843-1006UA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3958095517-1180395095-3134616843-1006Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3958095517-1180395095-3134616843-1006UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\FacebookUpdate.exe
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdate.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_ar.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_bg.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_bn.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_ca.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_cs.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_da.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_de.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_el.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_en-GB.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_en.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_es-419.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_es.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_et.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_fa.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_fi.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_fil.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_fr.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_gu.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_hi.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_hr.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_hu.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_id.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_is.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_it.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_iw.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_ja.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_kn.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_ko.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_lt.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_lv.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_ml.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_mr.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_ms.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_nl.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_no.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_or.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_pl.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_pt-BR.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_pt-PT.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_ro.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_ru.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_sk.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_sl.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_sr.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_sv.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_ta.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_te.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_th.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_tr.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_uk.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_ur.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_vi.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_zh-CN.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdateres_zh-TW.dll
c:\documents and settings\Marwin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-01-27 to 2013-02-27 )))))))))))))))))))))))))))))))
.
.
2013-02-26 20:40 . 2013-02-26 20:40 -------- d-----w- C:\rsit
2013-02-26 20:36 . 2013-02-26 20:40 -------- d-----w- c:\program files\trend micro
2013-02-26 14:13 . 2013-02-26 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus! for Skype
2013-02-26 14:13 . 2013-02-26 14:13 -------- d-----w- c:\program files\Yuna Software
2013-02-25 22:45 . 2004-02-22 22:00 119808 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2013-02-25 22:21 . 2013-02-25 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\KEY
2013-02-11 16:06 . 2013-02-26 20:58 -------- d-----w- c:\documents and settings\Marwin\Application Data\uTorrent
2013-02-07 15:58 . 2013-02-07 16:05 -------- d-----w- c:\documents and settings\Marwin\Application Data\SuperHideIP
2013-02-07 15:58 . 2013-02-07 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SuperHideIP
2013-02-07 15:57 . 2013-02-08 08:28 -------- d-----w- c:\documents and settings\Marwin\Application Data\RealHideIP
2013-02-07 15:57 . 2013-02-08 08:28 -------- d-----w- c:\documents and settings\All Users\Application Data\RealHideIP
2013-02-07 15:55 . 2013-02-07 15:55 -------- d-----w- c:\documents and settings\Marwin\Application Data\HideIPEasy
2013-02-07 15:51 . 2013-02-07 15:52 -------- d-----w- c:\program files\HideIPEasy
2013-02-07 15:49 . 2013-02-07 16:01 -------- d-----w- c:\documents and settings\Marwin\Application Data\FreeHideIP
2013-02-07 15:49 . 2013-02-07 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeHideIP
2013-02-06 01:00 . 2013-02-06 01:00 -------- d-----w- c:\program files\VS Revo Group
2013-02-05 09:32 . 2013-02-05 09:32 -------- d-----w- c:\documents and settings\Marwin\Application Data\HP
2013-02-05 09:29 . 2001-08-17 12:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2013-02-05 09:29 . 2001-08-17 12:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2013-02-05 09:27 . 2013-02-05 09:27 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2013-02-05 09:26 . 2013-02-05 09:26 -------- d-----w- c:\program files\Common Files\HP
2013-02-05 09:26 . 2013-02-05 09:26 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2013-02-05 09:26 . 2013-02-05 09:26 -------- d-----w- c:\windows\hpoj4500g510n-z
2013-02-05 09:25 . 2013-02-05 09:25 -------- d-----w- c:\program files\HP
2013-02-03 09:54 . 2013-02-03 09:54 -------- d-----w- c:\documents and settings\Marwin\Local Settings\Application Data\B1E
2013-02-03 09:54 . 2013-02-03 09:54 -------- d-----w- c:\documents and settings\Marwin\Application Data\B1Toolbar
2013-02-02 16:26 . 2013-02-26 20:30 -------- d-----w- c:\documents and settings\Marwin\Application Data\Rainmeter
2013-02-02 16:25 . 2013-02-02 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Package Cache
2013-02-02 15:51 . 2013-02-02 15:51 -------- d-----w- c:\documents and settings\Marwin\Local Settings\Application Data\Stardock
2013-02-02 15:50 . 2013-02-02 15:50 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2013-02-02 15:50 . 2013-02-02 15:51 -------- d-----w- c:\documents and settings\Marwin\Application Data\Stardock
2013-01-28 19:24 . 2013-01-28 19:25 -------- d-----w- c:\documents and settings\Marwin\Local Settings\Application Data\Facebook
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 15:49 . 2012-10-19 12:34 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-11 13:24 . 2012-10-16 08:38 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-11 13:24 . 2012-10-16 08:38 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-02-06 01:27 . 2013-02-06 01:26 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-16 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-16 141336]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"SNUVCDSM"="c:\windows\snuvcdsm.exe" [2009-12-14 30080]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2009-12-14 202112]
"PLFSetL"="c:\windows\PLFSetL.exe" [2009-12-14 99712]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-04-08 908368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-02-12 385248]
"MessengerPlusForSkypeService"="c:\program files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [2013-01-23 125952]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer VCM\\VC.exe"=
"c:\\Documents and Settings\\Marwin\\Local Settings\\Application Data\\AntikVirtualSTB\\AntikVirtualSTB.exe"=
"c:\\Documents and Settings\\Marwin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Documents and Settings\\Marwin\\Application Data\\uTorrent\\uTorrent.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [16.10.2012 9:38 36552]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [22.10.2012 7:33 242240]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [16.10.2012 9:38 86752]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [21.5.2010 19:11 312400]
R2 MsgPlusService;Messenger Plus! Service;c:\program files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [26.2.2013 15:13 125952]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [21.5.2010 11:30 260640]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [21.5.2010 11:08 243232]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [22.4.2010 5:16 60456]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19.10.2012 13:34 21104]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19.10.2012 13:34 682344]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [8.1.2013 12:55 161536]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21.5.2010 10:50 1691480]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [21.5.2010 10:52 108752]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-26 20:47 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.12\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 01:13]
.
2013-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 17:15]
.
2013-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 17:15]
.
2013-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3958095517-1180395095-3134616843-1006Core.job
- c:\documents and settings\Marwin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-12-08 20:37]
.
2013-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3958095517-1180395095-3134616843-1006UA.job
- c:\documents and settings\Marwin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-12-08 20:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Connection Wizard,ShellNext = hxxp://login.yahoo.com/config/reset_cookies_token?.token=UDjBaGuS6JRjNCS8CS0RHumX4QJcrshXxRCYCdAHx7TpIJ4sEjiydlC58_QaJw5lk2bQfH9Qxjm6Xx7IdeFwqFuq7lpsn9raUGjKKCzrHOgGVydlBp2c_sIH9ci2tUedYl.t8DRx_QYV4UTLj.5bWDUVzAQWfj04wzkaXb7kIgD5KG7ooFRIwyb_3EVwsgGnX6W7dzK4TD.Z0t5rjE.3ngzauHetDADZXdu.a3CAvKf2cNg6XmltneZfgYHamMqd.lGJi_aY3aDIP48sNd8cciIctNxAHFhtU6o49tQUG3uaXxzQr_ivqFKQwVsnTsDeL7MtARK3H7H4gF1gWs8PNDzPxfPLKZ7SX6t82mrl5FSNsVimjcNFhcA0nRYNUfwK8sSS.1yizwxBnmueHrRFt8VttaYpTC2_O7ZRPKRQ27fvK1aHUKqfMz.OQHekTcQfxlDLjfkLTWyguwW4UCBop4ZlrZ3g1HiIilSmAf9uo3fcSPyiUJ7YX8R1OaO5cftZRC9x4YYFdvWI21AHKKafiT7Ri1.0Al.0LEsOHXugNkM2EfOqAOoNnmT_17OiBPE5JpgwTCB_r2PbHr4Kips7TuHVRHjfngj1eiT2p9xPj18v.qYSrOcqB93.Svxf6KdNqmY-&.done=http%3A%2F%2Fprofiles%2Eyahoo%2Ecom%2Fedit%2F
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Marwin\Application Data\Mozilla\Firefox\Profiles\zwx6znin.default\
FF - prefs.js: browser.startup.homepage - http://www.google.sk
FF - ExtSQL: 2013-02-06 01:08; {CCE2B3E0-5E83-4eff-B221-214DE205AD7F}; c:\documents and settings\Marwin\Application Data\Mozilla\Firefox\Profiles\zwx6znin.default\extensions\{CCE2B3E0-5E83-4eff-B221-214DE205AD7F}.xpi
FF - ExtSQL: 2013-02-06 02:08; fbchathistory@firechm.com; c:\documents and settings\Marwin\Application Data\Mozilla\Firefox\Profiles\zwx6znin.default\extensions\fbchathistory@firechm.com.xpi
FF - ExtSQL: 2013-02-07 16:50; support@free-hideip.com; c:\documents and settings\Marwin\Application Data\Mozilla\Firefox\Profiles\zwx6znin.default\extensions\support@free-hideip.com.xpi
FF - ExtSQL: 2013-02-07 16:57; support@easy-hideip.com; c:\documents and settings\Marwin\Application Data\Mozilla\Firefox\Profiles\zwx6znin.default\extensions\support@easy-hideip.com.xpi
FF - ExtSQL: 2013-02-07 16:58; support@real-hide-ip.com; c:\documents and settings\Marwin\Application Data\Mozilla\Firefox\Profiles\zwx6znin.default\extensions\support@real-hide-ip.com.xpi
FF - ExtSQL: 2013-02-07 16:58; support@super-hide-ip.com; c:\documents and settings\Marwin\Application Data\Mozilla\Firefox\Profiles\zwx6znin.default\extensions\support@super-hide-ip.com.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-27 03:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Launch Manager\LMworker.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2013-02-27 03:52:23 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-27 02:52
ComboFix2.txt 2013-02-26 21:52
.
Pre-Run: 32 174 891 008 bytes free
Post-Run: 16 adresárov, 32 458 113 024 voľných bajtov
.
- - End Of File - - 0DDAD439258D0AF729083B0130261589

#6 Příspěvek od **Rudy** » 27 úno 2013 09:07

OK. Nastala nějaká změna?

TheMarwin · #7 Příspěvek od **TheMarwin** » 27 úno 2013 10:49

Tak zdá sa mi, že teraz pracuje o niečo rýchlejšie a čo sa týka výpadkov internetu aspoň zatiaľ čo som mohol vidieť, tak mi pri Skype už všetko ide normálne. Jedine pri uTorrent mám absolútny výpadok...

#8 Příspěvek od **Rudy** » 27 úno 2013 12:17

S torrentovými klienty vám radit nebudeme, neboť jsou potenciální hrozbou. Klienta, ani jeho součásti jsem nemazal, možná CF něco uedl do defaultu a bude třeba nové nastavení.

TheMarwin · #9 Příspěvek od **TheMarwin** » 27 úno 2013 12:29

Dobre teda

Ďakujem veľmi pekne... ten skype mi už ide s netom výborne a takisto sa všetko o niečo zrýchlilo. Ten RSIT a ComboFix môžem teda odstrániť?

#10 Příspěvek od **Rudy** » 27 úno 2013 12:32

RSIT smažte a na odstranění CF použijte T-Cleaner: http://vyosek.ic.cz/pro_usery/T-Cleaner.exe . Nemáte zač!

TheMarwin · #11 Příspěvek od **TheMarwin** » 27 úno 2013 15:53

Hotovo

#12 Příspěvek od **Rudy** » 27 úno 2013 17:16

Pokud je všechno v pořádku, je to vše.

VIRY.CZ

Výpadky internetu

Výpadky internetu

Re: Výpadky internetu

Re: Výpadky internetu

Re: Výpadky internetu

Re: Výpadky internetu

Re: Výpadky internetu

Re: Výpadky internetu

Re: Výpadky internetu

Re: Výpadky internetu

Re: Výpadky internetu

Re: Výpadky internetu

Re: Výpadky internetu