Možný rootkit

[Martinus]

Dobrý den,

prosím o kontrolu logu, Avast mi dnes zničehonic zahlásil podezření na rootkit Win32: Evo-gen (Susp) v souboru EIO.sys
Děkuji

Logfile of random's system information tool 1.06 (written by random/random)
Run by Martin at 2013-04-02 17:12:05
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 39 GB (26%) free of 153 GB
Total RAM: 1023 MB (33% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\avast! Emergency Update.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-03-07 1224568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-03-22 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-03-07 1224568]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]
"snpstd"=C:\WINDOWS\vsnpstd.exe [2004-06-10 286720]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-03-07 4767304]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2012-05-15 15504192]
"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2012-05-15 1634112]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.7\ICQ.exe"="C:\Program Files\ICQ7.7\ICQ.exe:*:Enabled:ICQ7.7"
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Program Files\Origin Games\Battlefield 1942\BF1942.exe"="C:\Program Files\Origin Games\Battlefield 1942\BF1942.exe:*:Enabled:Battlefield 1942™"
"C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe"="C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe:*:Enabled:Samsung AllShare Service"
"C:\Program Files\Samsung\AllShare\AllShare.exe"="C:\Program Files\Samsung\AllShare\AllShare.exe:*:Enabled:Samsung AllShare Player"
"C:\Program Files\Samsung\AllShare\AllShareAgent.exe"="C:\Program Files\Samsung\AllShare\AllShareAgent.exe:*:Enabled:Samsung AllShare Agent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\ooVoo\ooVoo.exe"="C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.7\ICQ.exe"="C:\Program Files\ICQ7.7\ICQ.exe:*:Enabled:ICQ7.7"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a07ae552-b2f3-11e1-a402-0013d47b63d0}]
shell\AutoRun\command - F:\autorun.exe


======List of files/folders created in the last 1 months======

2013-04-02 17:12:05 ----D---- C:\rsit
2013-03-30 12:31:30 ----D---- C:\Program Files\FBReader
2013-03-30 12:26:10 ----D---- C:\Documents and Settings\Martin\Data aplikací\PDM
2013-03-24 20:09:16 ----D---- C:\Documents and Settings\Martin\Data aplikací\WinRAR
2013-03-24 20:08:29 ----D---- C:\Program Files\WinRAR
2013-03-22 17:36:55 ----D---- C:\Program Files\Common Files\Java
2013-03-22 17:36:44 ----A---- C:\WINDOWS\system32\javaws.exe
2013-03-22 17:36:37 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-03-22 17:36:37 ----A---- C:\WINDOWS\system32\javaw.exe
2013-03-22 17:36:37 ----A---- C:\WINDOWS\system32\java.exe
2013-03-22 17:25:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2807986$
2013-03-16 14:38:39 ----D---- C:\Documents and Settings\Martin\Data aplikací\ooVoo Details
2013-03-16 14:34:47 ----D---- C:\Program Files\ooVoo
2013-03-14 09:53:26 ----D---- C:\WINDOWS\pss
2013-03-14 09:47:09 ----A---- C:\WINDOWS\imsins.BAK
2013-03-12 10:05:15 ----D---- C:\Program Files\Mozilla Thunderbird
2013-03-08 18:50:07 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 months======

2013-04-02 17:12:07 ----D---- C:\Program Files\trend micro
2013-04-02 17:11:55 ----A---- C:\WINDOWS\wincmd.ini
2013-04-02 17:11:50 ----D---- C:\Download
2013-04-02 17:07:37 ----D---- C:\WINDOWS\Temp
2013-04-02 17:03:27 ----D---- C:\WINDOWS\system32
2013-04-02 17:03:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-04-01 21:39:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-04-01 21:26:57 ----D---- C:\Documents and Settings\Martin\Data aplikací\vlc
2013-04-01 12:46:25 ----D---- C:\Documents and Settings\Martin\Data aplikací\Skype
2013-04-01 09:37:29 ----D---- C:\Foto
2013-04-01 09:37:21 ----D---- C:\Temp
2013-03-31 21:23:10 ----D---- C:\Záloha
2013-03-31 21:20:40 ----D---- C:\WINDOWS\Prefetch
2013-03-31 09:19:22 ----RD---- C:\Program Files
2013-03-30 12:29:29 ----SHD---- C:\WINDOWS\Installer
2013-03-25 23:33:57 ----D---- C:\Documents and Settings\Martin\Data aplikací\dvdcss
2013-03-23 18:37:33 ----A---- C:\WINDOWS\NeroDigital.ini
2013-03-22 18:35:47 ----D---- C:\WINDOWS
2013-03-22 18:33:27 ----D---- C:\WINDOWS\system32\CatRoot2
2013-03-22 18:27:33 ----D---- C:\CD
2013-03-22 17:46:15 ----D---- C:\Program Files\Java
2013-03-22 17:36:55 ----D---- C:\Program Files\Common Files
2013-03-22 17:36:13 ----A---- C:\WINDOWS\system32\npDeployJava1.dll
2013-03-22 17:36:13 ----A---- C:\WINDOWS\system32\deployJava1.dll
2013-03-22 17:26:15 ----HD---- C:\WINDOWS\inf
2013-03-22 17:26:02 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-03-22 17:26:02 ----D---- C:\WINDOWS\system32\drivers
2013-03-22 17:24:19 ----HD---- C:\WINDOWS\$hf_mig$
2013-03-18 21:24:04 ----D---- C:\WINDOWS\Debug
2013-03-17 10:05:24 ----D---- C:\Program Files\Common Files\Adobe AIR
2013-03-15 11:47:40 ----D---- C:\Documents and Settings\Martin\Data aplikací\DAEMON Tools Lite
2013-03-15 11:40:12 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-03-15 10:51:49 ----SD---- C:\WINDOWS\Tasks
2013-03-14 09:55:14 ----D---- C:\Program Files\Microsoft Silverlight
2013-03-14 09:48:54 ----A---- C:\WINDOWS\system32\MRT.exe
2013-03-14 09:46:41 ----D---- C:\Program Files\Internet Explorer
2013-03-14 09:46:22 ----D---- C:\WINDOWS\ie8updates
2013-03-13 11:40:51 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-03-11 23:54:19 ----D---- C:\Documents and Settings\Martin\Data aplikací\ICQ
2013-03-11 13:46:23 ----D---- C:\Documents and Settings\Martin\Data aplikací\Winamp
2013-03-10 19:53:01 ----D---- C:\Program Files\CCleaner
2013-03-07 01:32:42 ----A---- C:\WINDOWS\system32\aswBoot.exe
2013-03-04 21:39:17 ----SD---- C:\WINDOWS\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2004-07-20 20096]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2013-03-07 49760]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2013-03-07 765736]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2013-03-07 368176]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2013-03-07 62376]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2012-11-08 242240]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2013-03-07 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2012-05-15 14014656]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 snpstd;VideoCAM Trek; C:\WINDOWS\system32\DRIVERS\snpstd.sys [2005-06-20 390912]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-08-19 189568]
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-14 31744]
S3 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2013-03-07 164736]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2011-12-10 223128]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-04-07 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-04-07 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-04-07 21456]
S3 HTCAND32;HTC Device Driver; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
S3 htcnprot;HTC NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\htcnprot.sys [2010-06-22 21248]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2008-02-22 87936]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2008-02-22 14976]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2008-02-22 114304]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2013-02-12 12928]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-01-19 503144]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2004-07-20 90112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-03-07 45248]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2009-09-08 96334]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-04-19 75304]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2012-05-15 164160]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
S2 SamsungAllShareV2.0;Samsung AllShare PC; C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-03-02 25504]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-15 253656]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-03-08 115608]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-04-07 65795]
S3 SimpleSlideShowServer;SimpleSlideShowServer; C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe [2012-03-02 27584]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Zdravím!
Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[Martinus]

Zde log z ComboFixu. Děkuji za ochotu

ComboFix 13-04-02.01 - Martin 02.04.2013 18:44:08.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.531 [GMT 2:00]
Spuštěný z: c:\download\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Martin\Dokumenty\DPE.DUS
c:\documents and settings\Martin\WINDOWS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-03-02 do 2013-04-02 )))))))))))))))))))))))))))))))
.
.
2013-04-02 15:12 . 2013-04-02 15:12 -------- d-----w- C:\rsit
2013-03-30 10:31 . 2013-03-30 10:36 -------- d-----w- c:\documents and settings\Martin\.FBReader
2013-03-30 10:31 . 2013-03-30 10:31 -------- d-----w- c:\program files\FBReader
2013-03-30 10:26 . 2013-03-30 10:26 -------- d-----w- c:\documents and settings\Martin\Data aplikací\PDM
2013-03-22 15:36 . 2013-03-22 15:36 -------- d-----w- c:\program files\Common Files\Java
2013-03-22 15:36 . 2013-03-22 15:36 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-21 13:28 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-03-21 13:28 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-16 12:38 . 2013-03-16 12:38 -------- d-----w- c:\documents and settings\Martin\Data aplikací\ooVoo Details
2013-03-16 12:34 . 2013-03-16 12:34 -------- d-----w- c:\program files\ooVoo
2013-03-12 08:05 . 2013-03-12 21:58 -------- d-----w- c:\program files\Mozilla Thunderbird
2013-03-08 16:30 . 2013-03-06 23:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-08 16:30 . 2013-03-06 23:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-08 16:30 . 2013-03-06 23:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-22 15:36 . 2011-11-26 13:12 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-22 15:36 . 2012-06-18 08:06 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-22 15:36 . 2011-11-26 13:12 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-15 09:40 . 2012-04-06 15:39 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-15 09:40 . 2011-11-26 11:55 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-06 23:33 . 2012-01-28 10:08 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2012-01-28 10:08 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2012-01-28 10:08 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-06 23:33 . 2012-01-28 10:08 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2012-01-28 10:08 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:32 . 2012-01-28 10:08 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2012-01-28 10:08 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-02-16 09:54 . 2012-12-01 12:42 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2013-02-16 09:54 . 2012-12-01 12:41 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2013-02-12 00:32 . 2011-11-26 11:39 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-18 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:15 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:15 . 2004-08-18 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-02-05 20:15 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2004-08-18 12:00 385024 ------w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2004-08-18 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 07:26 . 2004-08-17 15:45 2071936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-07 07:26 . 2004-08-18 12:00 2195200 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 10:10 . 2004-08-18 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-08 16:50 . 2013-03-08 16:50 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ7.7\\ICQ.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Origin Games\\Battlefield 1942\\BF1942.exe"=
"c:\\Program Files\\Samsung\\AllShare\\AllShareDMS\\AllShareDMS.exe"=
"c:\\Program Files\\Samsung\\AllShare\\AllShare.exe"=
"c:\\Program Files\\Samsung\\AllShare\\AllShareAgent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [8.3.2013 18:30 49248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.12.2011 20:23 642560]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28.1.2012 12:08 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28.1.2012 12:08 368176]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [8.11.2012 9:10 242240]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.1.2012 12:08 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [8.3.2013 18:30 66336]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [12.8.2011 18:13 87040]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2.3.2012 18:00 25504]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [8.3.2013 18:30 164736]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [26.12.2011 23:35 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22.6.2010 19:01 21248]
S3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [2.3.2012 18:00 27584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 11:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 09:40]
.
2013-04-02 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-09 23:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 188.75.128.188 10.0.150.150
FF - ProfilePath - c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\0s3paofs.default\
FF - prefs.js: browser.startup.homepage - http://www.google.cz/ig?hl=cs&source=mpes
FF - ExtSQL: 2013-02-25 10:09; adblocker@avast.com; c:\program files\Mozilla Firefox\extensions\adblocker@avast.com.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-02 18:53
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Celkový čas: 2013-04-02 18:55:40
ComboFix-quarantined-files.txt 2013-04-02 16:55
.
Před spuštěním: Volných bajtů: 41 119 227 904
Po spuštění: Volných bajtů: 41 600 327 680
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 997070E50C465E3B89FFCCB505D40ED1

[Rudy]

Ještě dočistíme. přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"=-
"443:UDP"=-
"37674:TCP"=-
"37674:UDP"=-

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[Martinus]

Provedl jsem a zde je log:

ComboFix 13-04-02.01 - Martin 02.04.2013 19:39:59.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.480 [GMT 2:00]
Spuštěný z: c:\download\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Martin\Plocha\CFScript.txt.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-03-02 do 2013-04-02 )))))))))))))))))))))))))))))))
.
.
2013-04-02 15:12 . 2013-04-02 15:12 -------- d-----w- C:\rsit
2013-03-30 10:31 . 2013-03-30 10:36 -------- d-----w- c:\documents and settings\Martin\.FBReader
2013-03-30 10:31 . 2013-03-30 10:31 -------- d-----w- c:\program files\FBReader
2013-03-30 10:26 . 2013-03-30 10:26 -------- d-----w- c:\documents and settings\Martin\Data aplikací\PDM
2013-03-22 15:36 . 2013-03-22 15:36 -------- d-----w- c:\program files\Common Files\Java
2013-03-22 15:36 . 2013-03-22 15:36 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-21 13:28 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-03-21 13:28 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-16 12:38 . 2013-03-16 12:38 -------- d-----w- c:\documents and settings\Martin\Data aplikací\ooVoo Details
2013-03-16 12:34 . 2013-03-16 12:34 -------- d-----w- c:\program files\ooVoo
2013-03-12 08:05 . 2013-03-12 21:58 -------- d-----w- c:\program files\Mozilla Thunderbird
2013-03-08 16:30 . 2013-03-06 23:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-08 16:30 . 2013-03-06 23:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-08 16:30 . 2013-03-06 23:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-22 15:36 . 2011-11-26 13:12 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-22 15:36 . 2012-06-18 08:06 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-22 15:36 . 2011-11-26 13:12 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-15 09:40 . 2012-04-06 15:39 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-15 09:40 . 2011-11-26 11:55 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-06 23:33 . 2012-01-28 10:08 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2012-01-28 10:08 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2012-01-28 10:08 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-06 23:33 . 2012-01-28 10:08 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2012-01-28 10:08 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:32 . 2012-01-28 10:08 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2012-01-28 10:08 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-02-16 09:54 . 2012-12-01 12:42 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2013-02-16 09:54 . 2012-12-01 12:41 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2013-02-12 00:32 . 2011-11-26 11:39 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-18 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:15 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:15 . 2004-08-18 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-02-05 20:15 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2004-08-18 12:00 385024 ------w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2004-08-18 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 07:26 . 2004-08-17 15:45 2071936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-07 07:26 . 2004-08-18 12:00 2195200 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 10:10 . 2004-08-18 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-08 16:50 . 2013-03-08 16:50 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ7.7\\ICQ.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Origin Games\\Battlefield 1942\\BF1942.exe"=
"c:\\Program Files\\Samsung\\AllShare\\AllShareDMS\\AllShareDMS.exe"=
"c:\\Program Files\\Samsung\\AllShare\\AllShare.exe"=
"c:\\Program Files\\Samsung\\AllShare\\AllShareAgent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [8.3.2013 18:30 49248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.12.2011 20:23 642560]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28.1.2012 12:08 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28.1.2012 12:08 368176]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [8.11.2012 9:10 242240]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.1.2012 12:08 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [8.3.2013 18:30 66336]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [12.8.2011 18:13 87040]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2.3.2012 18:00 25504]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [8.3.2013 18:30 164736]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [26.12.2011 23:35 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22.6.2010 19:01 21248]
S3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [2.3.2012 18:00 27584]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 11:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 09:40]
.
2013-04-02 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-09 23:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 188.75.128.188 10.0.150.150
FF - ProfilePath - c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\0s3paofs.default\
FF - prefs.js: browser.startup.homepage - http://www.google.cz/ig?hl=cs&source=mpes
FF - ExtSQL: 2013-02-25 10:09; adblocker@avast.com; c:\program files\Mozilla Firefox\extensions\adblocker@avast.com.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-02 19:50
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2356)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\ATKKBService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
.
**************************************************************************
.
Celkový čas: 2013-04-02 19:54:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-04-02 17:54
ComboFix2.txt 2013-04-02 16:55
.
Před spuštěním: Volných bajtů: 41 609 072 640
Po spuštění: Volných bajtů: 41 598 545 920
.
- - End Of File - - E015E1935AED14CB2373C125D5AD0E89

[Rudy]

Log již vypadá OK. Ještě zkuste tento sken:

Stáhněte Malwarebytes Anti-Rootkit http://www.malwarebytes.org/products/mbar/

Uložte nejlépe na Plochu a rozbalte
Spusťte kliknutím na mbar
Nyní postupně klikněte na Next a Update
Po dokončení update (aktualizace) databáze klikněte opět na Next
Nechte zaškrtnute všechny tři možnosti a kliněte na Scan čímž spustíte prohledavani PC
Po dokončeni skenu (cca 5 minutek) zkontrolujte, zda-li je u všech nalezů (samozrejme pokud budou) zatržítko
Tež zkontrolujte, jestli je zatržitko u Create Restore point
Nyní klikněte na CleanUp čímž nalezenou infekci odstraníme
PC bude restartován
Složka mbar by měla obsahovat log (a zřejmě se i sám otevře) mbar-log-rok-měsíc-den (hodina-minuta-sekunda).txt, ten mi sem dejte.

[Martinus]

Scan proveden, nic nenalezeno Ještě jednou tedy děkuji a zase někdy

Malwarebytes Anti-Rootkit BETA 1.01.0.1022
http://www.malwarebytes.org

Database version: v2013.04.02.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Martin :: MARTIN-E58A78BB [administrator]

2.4.2013 21:16:52
mbar-log-2013-04-02 (21-16-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 25442
Time elapsed: 8 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[Rudy]

Co bylo třeba smazat, ja smazané a rootkit nemáte. Nemáte zač!