Prosím o pomoc : policejní vir

Zpráva

Fugass · #1 Příspěvek od **Fugass** » 06 čer 2013 20:54

Dobrý večer
Prosím o pomoc s policejním virem. Podařilo se mi spustit windows v nouzovém režimu. Přikládám rsit

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2013-06-06 21:46:43
WIN_XP Service Pack 3
System drive C: has 192 GB (80%) free of 238 GB
Total RAM: 2039 MB (87% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-03-22 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-04-15 4529272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-03-22 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
ASUS Security Protect Manager - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll [2006-11-21 70928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetPacks Browser Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2013-03-18 1310480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetPacks Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2013-03-18 1310480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-11-14 16270848]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"ACU"=C:\Program Files\Atheros\ACU.exe [2007-10-16 405593]
"CognizanceTS"=C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll [2013-01-13 17920]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-06-01 823296]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-06-01 974848]
"HControl"=C:\WINDOWS\ATK0100\HControl.exe [2006-08-10 110592]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"AVG_UI"=C:\Program Files\AVG\AVG2013\avgui.exe [2013-03-13 4394032]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"IFXSPMGT"=C:\WINDOWS\system32\ifxspmgt.exe [2007-07-24 677144]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2010-01-13 134656]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2010-01-13 166912]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2010-01-13 135680]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2012-09-13 1009288]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2012-10-04 115032]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2011-03-07 89456]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2013-01-27 337432]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-06-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
msconfig.lnk - C:\WINDOWS\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="APSHook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2010-01-13 205824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll [2013-01-13 74240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ASWLNPkg

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSharedDocuments"=1
"NoInstrumentation"=1
"NoWindowsUpdate"=1
"NoResolveTrack"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\AVG\AVG2013\avgmfapx.exe"="C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Documents and Settings\Millan\Data aplikací\uTorrent\uTorrent.exe"="C:\Documents and Settings\Millan\Data aplikací\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe"="C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\AVG\AVG2013\avgnsx.exe"="C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG2013\avgdiagex.exe"="C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostika 2013"
"C:\Program Files\AVG\AVG2013\avgemcx.exe"="C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Obecná kontrola pošty"
"C:\WINDOWS\system32\dmwu.exe"="C:\WINDOWS\system32\dmwu.exe:*:Enabled:dmwu"
"C:\WINDOWS\system32\ARFC\wrtc.exe"="C:\WINDOWS\system32\ARFC\wrtc.exe:*:Enabled:wrtc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll

======List of files/folders created in the last 1 month======

2013-06-06 21:47:13 ----D---- C:\Program Files\trend micro
2013-06-06 21:46:43 ----D---- C:\rsit
2013-06-06 21:42:37 ----A---- C:\WINDOWS\system32\drivers\TrueSight.sys
2013-06-06 21:07:03 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2013-06-06 21:07:03 ----D---- C:\Documents and Settings\Administrator\Data aplikací\TuneUp Software
2013-06-06 21:07:03 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Intel
2013-06-06 21:07:03 ----ASH---- C:\Documents and Settings\Administrator\Data aplikací\desktop.ini

======List of files/folders modified in the last 1 month======

2013-06-06 21:47:13 ----RD---- C:\Program Files
2013-06-06 21:45:57 ----A---- C:\WINDOWS\ntbtlog.txt
2013-06-06 21:42:37 ----D---- C:\WINDOWS\system32\drivers
2013-06-06 21:42:36 ----D---- C:\WINDOWS\system32\CatRoot2
2013-06-06 21:37:02 ----A---- C:\Documents and Settings\All Users\Data aplikací\as98213.txt
2013-06-06 21:07:02 ----D---- C:\Documents and Settings
2013-06-06 21:02:22 ----D---- C:\WINDOWS\Temp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHX;AVGIDSHX; C:\WINDOWS\system32\DRIVERS\avgidshx.sys [2013-02-08 60216]
R0 Avglogx;AVG Logging Driver; C:\WINDOWS\system32\DRIVERS\avglogx.sys [2013-02-08 245048]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2013-02-08 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2013-02-08 39224]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R1 PersonalSecureDrive;PersonalSecureDrive; C:\WINDOWS\System32\drivers\psd.sys [2007-07-24 38816]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-07-24 41216]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-18 5632]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2011-01-15 30208]
S1 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys [2013-02-27 208184]
S1 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys [2013-03-01 22328]
S1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2013-02-08 170808]
S1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2013-02-14 182072]
S1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2010-12-17 31088]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S1 ItSDisk;ItSDisk; C:\WINDOWS\System32\Drivers\ItSDisk.sys [2006-05-17 23232]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2013-01-27 113608]
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.4.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2013-01-13 21393]
S2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2013-04-14 271360]
S2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2013-04-14 18048]
S2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-05-29 12416]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-11-01 36864]
S3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2007-06-16 146824]
S3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2012-01-12 30944]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2012-01-12 30944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2010-01-13 1730272]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-15 4225920]
S3 kbfiltr;Keyboard Filter; C:\WINDOWS\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NETw4x32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-06-21 2208512]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
S3 sffdisk;Ovladač třídy úložiště SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-14 11904]
S3 sffp_sd;Ovladač protokolu úložiště SFF pro paměť sběrnici SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-14 11008]
S3 SinoTPM;Driver For SINOSUN Trusted Platform Module; C:\WINDOWS\system32\DRIVERS\SinoTpm.sys [2006-06-12 34048]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys []
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam; C:\WINDOWS\System32\Drivers\StkCMini.sys [2007-06-06 1260672]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 TrueSight;TrueSight; \??\C:\WINDOWS\system32\drivers\TrueSight.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-07-03 57344]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 ASBroker;Logon Session Broker; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 ASChannel;Local Communication Channel; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 avgfws;AVG Firewall; C:\Program Files\AVG\AVG2013\avgfws.exe [2013-02-19 1418184]
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [2013-02-28 4937264]
S2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [2013-02-19 282624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-06-01 647168]
S2 IBUpdaterService;IBUpdaterService; C:\WINDOWS\system32\dmwu.exe [2013-02-27 1013552]
S2 IFXSpMgtSrv;Security Platform Management Service; C:\WINDOWS\system32\ifxspmgt.exe [2007-07-24 677144]
S2 IFXTCS;Trusted Platform Core Service; C:\WINDOWS\system32\IFXTCS.exe [2007-07-24 886040]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-03-22 170912]
S2 PersonalSecureDriveService;Personal Secure Drive Service; C:\WINDOWS\system32\IfxPsdSv.exe [2007-07-24 140568]
S2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-06-01 327680]
S2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-06-01 987136]
S2 Skype C2C Service;Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-04-15 3289208]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-02-28 161384]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service; C:\WINDOWS\System32\StkCSrv.exe [2007-04-19 24576]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 06 čer 2013 20:56

Zdravim

Na zdravem PC stahnete Farbar Recovery Scan Tool http://www.bleepingcomputer.com/downloa ... scan-tool/

Ulozte na nejaky flash disk, primo na jeho koren

Na poskozenem PC nabootujte Nouzovy rezim s prikazovym radkem MS-DOS

Nyni si zjisteme pismeno flash disku

Zadejte prikaz notepad a odenterujte
Otebre se poznamkovy blok (notepad)
Dejte Soubor --> Otevrit --> najdete tento pocitac a otevrete USB klic je FRST ulozeny
Podivejte se, jake pismeno ma USB klic (F:\, G:\ apod)
Zavrete notepad krizkem

Ted si ziskame log

Pokud mate stazeny FRST pro 64 bit OS, tak se jmenuje FRST64.exe a je nutne jej tak zadat
Zadejte prikaz "pismeno disku":\FRST.exe a odenterujte (napr. F:\FRST.exe)
Spusti se FRST
Spuste prohledavani kliknutim na Scan
Po chvili se vytvori na flash disku log FRST.exe
Ten mi sem vlozte pres zdravy PC

Fugass · #3 Příspěvek od **Fugass** » 06 čer 2013 21:08

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-06-2013 01
Ran by Administrator (administrator) on 06-06-2013 22:06:58
Running from E:\
Microsoft Windows XP Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [SkyTel] SkyTel.EXE [x]
HKLM\...\Run: [Alcmtr] ALCMTR.EXE [x]
HKLM\...\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui [405593 2007-10-16] (Atheros Communications, Inc.)
HKLM\...\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule [17920 2013-01-13] (Cognizance Corporation)
HKLM\...\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [823296 2007-06-01] (Intel Corporation)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless [974848 2007-06-01] (Intel Corporation)
HKLM\...\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe [110592 2006-08-10] ()
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [4394032 2013-03-13] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [IFXSPMGT] C:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon [677144 2007-07-24] (Infineon Technologies AG)
HKLM\...\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate [x]
HKLM\...\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM\...\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup [337432 2013-01-27] (Power Software Ltd)
HKLM\...\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [x]
HKLM\...\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup [221184 2004-06-16] (InstallShield Software Corporation)
HKLM\...\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [81920 2004-06-16] (InstallShield Software Corporation)
Winlogon\Notify\OneCard: C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll [X]
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKU\as6s\...\Run: [Seznam.chromeUpdatePref] C:\Documents and Settings\as6s\Data aplikací\Seznam.cz\bin\chromeUpdatePref.exe 12454 [ 2013-02-13] ()
HKU\as6s\...\Run: [cz.seznam.software.szndesktop] "C:\Documents and Settings\as6s\Data aplikací\Seznam.cz\bin\wszndesktop.exe" -q [ 2013-01-22] ()
HKU\as6s\...\Run: [cz.seznam.software.autoupdate] "C:\Documents and Settings\as6s\Data aplikací\Seznam.cz\szninstall.exe" -c [ 2012-09-13] ()
Lsa: [Notification Packages] scecli ASWLNPkg
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000. ... 1CBFC7399D}
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
HKLM SearchScopes: DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?sr ... 1CBFC7399D}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={ ... rer:source?}
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?sr ... 1CBFC7399D}
HKCU SearchScopes: DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
BHO: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
PDF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab
PDF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/s ... wflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

========================== Services (Whitelisted) =================

S2 ASBroker; C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll [74240 2013-01-13] (Cognizance Corporation)
S2 ASChannel; C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll [131584 2013-01-13] (Cognizance Corporation)
S2 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1418184 2013-02-19] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4937264 2013-02-28] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [282624 2013-02-19] (AVG Technologies CZ, s.r.o.)
S2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1013552 2013-02-27] ()
S2 IFXSpMgtSrv; C:\WINDOWS\system32\ifxspmgt.exe [677144 2007-07-24] (Infineon Technologies AG)
S2 IFXTCS; C:\WINDOWS\system32\IFXTCS.exe [886040 2007-07-24] (Infineon Technologies AG)
S2 PersonalSecureDriveService; C:\WINDOWS\system32\IfxPsdSv.exe [140568 2007-07-24] (Infineon Technologies AG)
S2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [987136 2007-06-01] (Intel Corporation )
S2 Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-04-15] (Skype Technologies S.A.)
S2 StkSSrv; C:\Windows\System32\StkCSrv.exe [24576 2007-04-19] (Syntek America Inc.)
S2 winmgmt; C:\DOCUME~1\ALLUSE~1\DATAAP~1\84niwi.dat [167936 2013-05-02] (Microsoft Corporation)
S2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21393 2013-01-13] (Cisco Systems, Inc.)
S3 AtcL001; C:\Windows\System32\DRIVERS\l151x86.sys [36864 2007-11-01] (Atheros Communications, Inc.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [271360 2013-04-14] ()
S3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146824 2007-06-16] (AuthenTec, Inc.)
S3 Avgfwdx; C:\Windows\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S3 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-02-27] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-02-08] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [170808 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [245048 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-02-08] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-02-14] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)
R3 IFXTPM; C:\Windows\System32\DRIVERS\IFXTPM.SYS [41216 2007-07-24] (Infineon Technologies AG)
S1 ItSDisk; C:\Windows\System32\Drivers\ItSDisk.sys [23232 2006-05-17] (Cognizance Corporation)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [5632 2007-01-24] ( )
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [18048 2013-04-14] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [5632 2005-02-18] ()
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 NETw4x32; C:\Windows\System32\DRIVERS\NETw4x32.sys [2208512 2007-06-21] (Intel Corporation)
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [38816 2007-07-24] (Infineon Technologies AG)
S2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [12416 2007-05-29] (Intel Corporation)
S1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [113608 2013-01-27] (Power Software Ltd)
S3 SinoTPM; C:\Windows\System32\DRIVERS\SinoTpm.sys [34048 2006-06-12] (SINOSUN Technology Co., Ltd.)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)
S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1260672 2007-06-06] (Syntek)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)
S3 WSIMD; C:\Windows\System32\DRIVERS\wsimd.sys [57344 2007-07-03] (Atheros Communications, Inc.)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S4 IntelIde; No ImagePath
S1 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S3 smserial; system32\DRIVERS\smserial.sys [x]
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-06 22:06 - 2013-06-06 22:06 - 00000000 ____D C:\FRST
2013-06-06 21:47 - 2013-06-06 21:47 - 00000000 ____D C:\Program Files\trend micro
2013-06-06 21:46 - 2013-06-06 21:47 - 00000000 ____D C:\rsit
2013-06-06 21:07 - 2013-06-06 22:05 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-06-06 21:07 - 2013-06-06 22:03 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-06-06 21:07 - 2013-06-06 21:48 - 00000000 ____D C:\Documents and Settings\Administrator\Plocha
2013-06-06 21:07 - 2013-06-06 21:07 - 00000000 __SHD C:\Documents and Settings\Administrator\PrivacIE
2013-06-06 21:07 - 2013-06-06 21:07 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-06-06 21:07 - 2013-06-06 21:07 - 00000000 ____D C:\Documents and Settings\Administrator\Oblíbené položky
2013-06-06 21:07 - 2013-04-05 19:11 - 00000000 __RHD C:\Documents and Settings\Administrator\Data aplikací
2013-06-06 21:07 - 2013-01-13 04:02 - 00000000 ___RD C:\Documents and Settings\Administrator\Nabídka Start
2013-06-06 21:07 - 2013-01-13 04:02 - 00000000 ___HD C:\Documents and Settings\Administrator\Okolní tiskárny
2013-06-06 21:07 - 2013-01-13 04:02 - 00000000 ___HD C:\Documents and Settings\Administrator\Okolní síť
2013-06-06 21:07 - 2013-01-13 04:02 - 00000000 ____D C:\Documents and Settings\Administrator\Dokumenty
2013-06-06 21:07 - 2013-01-13 03:13 - 00000000 ___HD C:\Documents and Settings\Administrator\Local Settings\Data aplikací
2013-06-06 21:07 - 2013-01-13 03:09 - 00000000 ___HD C:\Documents and Settings\Administrator\Šablony

==================== One Month Modified Files and Folders ========

2013-06-06 22:06 - 2013-06-06 22:06 - 00000000 ____D C:\FRST
2013-06-06 22:05 - 2013-06-06 21:07 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-06-06 22:05 - 2001-10-25 13:00 - 00002206 ____A C:\Windows\System32\wpa.dbl
2013-06-06 22:04 - 2013-01-13 03:14 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-06 22:03 - 2013-06-06 21:07 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-06-06 22:03 - 2013-01-13 03:12 - 01982452 ____A C:\Windows\WindowsUpdate.log
2013-06-06 21:48 - 2013-06-06 21:07 - 00000000 ____D C:\Documents and Settings\Administrator\Plocha
2013-06-06 21:47 - 2013-06-06 21:47 - 00000000 ____D C:\Program Files\trend micro
2013-06-06 21:47 - 2013-06-06 21:46 - 00000000 ____D C:\rsit
2013-06-06 21:37 - 2013-01-13 04:02 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2013-06-06 21:07 - 2013-06-06 21:07 - 00000000 __SHD C:\Documents and Settings\Administrator\PrivacIE
2013-06-06 21:07 - 2013-06-06 21:07 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-06-06 21:07 - 2013-06-06 21:07 - 00000000 ____D C:\Documents and Settings\Administrator\Oblíbené položky
2013-06-06 21:02 - 2013-01-13 04:06 - 00000159 ____A C:\Windows\wiadebug.log
2013-06-06 21:02 - 2013-01-13 04:06 - 00000048 ____A C:\Windows\wiaservc.log
2013-06-06 21:02 - 2013-01-13 03:14 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-06 21:02 - 2013-01-13 03:14 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2008-04-14 08:52] - [2008-04-14 08:52] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1

C:\Windows\System32\winlogon.exe
[2008-04-14 08:52] - [2008-04-14 08:52] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea

C:\Windows\System32\svchost.exe
[2008-04-14 08:52] - [2008-04-14 08:52] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93

C:\Windows\System32\services.exe
[2008-04-14 08:52] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7

C:\Windows\System32\User32.dll
[2008-04-14 08:52] - [2008-04-14 08:52] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53

C:\Windows\System32\userinit.exe
[2008-04-14 08:52] - [2008-04-14 08:52] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239

C:\Windows\System32\Drivers\volsnap.sys
[2008-04-14 07:42] - [2008-04-14 07:42] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1

==================== End Of Log ============================

#4 Příspěvek od **vyosek** » 06 čer 2013 21:17

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S4 IntelIde; No ImagePath
S1 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S3 smserial; system32\DRIVERS\smserial.sys [x]
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath
U1 WS2IFSL; 
S2 winmgmt; C:\DOCUME~1\ALLUSE~1\DATAAP~1\84niwi.dat [167936 2013-05-02] (Microsoft Corporation)
C:\DOCUME~1\ALLUSE~1\DATAAP~1\84niwi.dat
BHO: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10011&barid={5ABFF931-A073-11E2-9BB4-001CBFC7399D}
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
HKLM SearchScopes: DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={5ABFF931-A073-11E2-9BB4-001CBFC7399D}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={5ABFF931-A073-11E2-9BB4-001CBFC7399D}
HKLM\...\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
CMD: rmdir "C:\Program Files\SweetIM" /s /q
CMD: del "C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\msconfig.lnk"

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny log na flashku k FRST

Spustte znovu FRST.exe na tom poskozenem PC

Kliknete na Fix
Probehne oprava a na flash disku se vytvori log Fixlog.txt

Pokuste se nastartovat do bezneho rezimu

Fugass · #5 Příspěvek od **Fugass** » 06 čer 2013 21:24

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 05-06-2013 01
Ran by Millan at 2013-06-06 22:23:47 Run:1
Running from E:\
Boot Mode: Safe Mode (minimal)

==============================================

Abiosdsk => Service deleted successfully.
abp480n5 => Service deleted successfully.
adpu160m => Service deleted successfully.
Aha154x => Service deleted successfully.
aic78u2 => Service deleted successfully.
aic78xx => Service deleted successfully.
AliIde => Service deleted successfully.
amsint => Service deleted successfully.
asc => Service deleted successfully.
asc3350p => Service deleted successfully.
asc3550 => Service deleted successfully.
Atdisk => Service deleted successfully.
cd20xrnt => Service deleted successfully.
Changer => Service deleted successfully.
CmdIde => Service deleted successfully.
Cpqarray => Service deleted successfully.
dac2w2k => Service deleted successfully.
dac960nt => Service deleted successfully.
dpti2o => Service deleted successfully.
hpn => Service deleted successfully.
i2omgmt => Service deleted successfully.
i2omp => Service deleted successfully.
ini910u => Service deleted successfully.
IntelIde => Service deleted successfully.
lbrtfdc => Service deleted successfully.
mraid35x => Service deleted successfully.
PCIDump => Service deleted successfully.
PDCOMP => Service deleted successfully.
PDFRAME => Service deleted successfully.
PDRELI => Service deleted successfully.
PDRFRAME => Service deleted successfully.
perc2 => Service deleted successfully.
perc2hib => Service deleted successfully.
ql1080 => Service deleted successfully.
Ql10wnt => Service deleted successfully.
ql12160 => Service deleted successfully.
ql1240 => Service deleted successfully.
ql1280 => Service deleted successfully.
Simbad => Service deleted successfully.
smserial => Service deleted successfully.
Sparrow => Service deleted successfully.
symc810 => Service deleted successfully.
symc8xx => Service deleted successfully.
sym_hi => Service deleted successfully.
sym_u3 => Service deleted successfully.
TosIde => Service deleted successfully.
ultra => Service deleted successfully.
ViaIde => Service deleted successfully.
WDICA => Service deleted successfully.
U1 WS2IFSL; => Service not found.
winmgmt => Service restored successfully.
C:\DOCUME~1\ALLUSE~1\DATAAP~1\84niwi.dat => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} => Value deleted successfully.
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
Default URLSearchHook was restored successfully .
HKLM\Software\\Microsoft\Internet Explorer\Main\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKCR\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM => Value deleted successfully.

========= rmdir "C:\Program Files\SweetIM" /s /q =========

========= End of CMD: =========

========= del "C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\msconfig.lnk" =========

========= End of CMD: =========

==== End of Fixlog ====

#6 Příspěvek od **vyosek** » 06 čer 2013 21:27

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Fugass · #7 Příspěvek od **Fugass** » 06 čer 2013 21:33

Rkill 2.5.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/06/2013 10:32:27 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

* Reparse Point/Junctions Found (Most likely legitimate)!

* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
* C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

* Služba WMI (winmgmt) is not Running.
Startup Type set to: Automatic

* Centrum zabezpečení (wscsvc) is not Running.
Startup Type set to: Automatic

* winmgmt => C:\DOCUME~1\ALLUSE~1\DATAAP~1\84niwi.dat [Incorrect ServiceDLL]

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\sfcfiles.dll [NoSig]

* C:\WINDOWS\System32\UxTheme.dll [NoSig]

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost
127.0.0.1 mpa.one.microsoft.com

Program finished at: 06/06/2013 10:33:09 PM
Execution time: 0 hours(s), 0 minute(s), and 41 seconds(s)

#8 Příspěvek od **vyosek** » 06 čer 2013 21:35

Pokracujte ComboFixem...

jen se zeptam, licenci na windows asi zakoupenou nemate ze

Fugass · #9 Příspěvek od **Fugass** » 06 čer 2013 21:37

#10 Příspěvek od **vyosek** » 06 čer 2013 21:38

Dle pravidel fora se nelegalnimi systemy nezabyvame, dneska to jiz dokoncime, ale priste bude pomoc odmitnuta...

Pockam si na log z COmboFixu

Fugass · #11 Příspěvek od **Fugass** » 06 čer 2013 21:50

Děkuji
Notebook jsem koupil s XP, ale kartička s licencí byla na spodku NTB zasunutá v takovým pouzdýrku a jak to tak bývá ztratila se.

#12 Příspěvek od **vyosek** » 06 čer 2013 21:53

Takoveto veci je treba chranit a treba aspon vyfotit a nekam ulozit...

Pockame co ukaze ComboFix a pak budeme cistit dale

Fugass · #13 Příspěvek od **Fugass** » 06 čer 2013 21:59

ComboFix 13-06-06.04 - Millan 06.06.2013 22:45:41.1.2 - x86
Spuštěný z: c:\documents and settings\Millan\Plocha\ComboFix.exe
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Data aplikací\rundll32.exe
c:\windows\system32\SET60F.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-05-06 do 2013-06-06 )))))))))))))))))))))))))))))))
.
.
2013-06-06 20:06 . 2013-06-06 20:06 -------- d-----w- C:\FRST
2013-06-06 19:47 . 2013-06-06 19:47 -------- d-----w- c:\program files\trend micro
2013-06-06 19:46 . 2013-06-06 19:47 -------- d-----w- C:\rsit
2013-06-06 19:07 . 2013-06-06 20:03 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 16:27 . 2013-05-02 16:27 3061 ----a-w- c:\documents and settings\All Users\Data aplikací\iwin48.js
2013-04-14 08:33 . 2013-04-14 08:33 271360 ----a-w- c:\windows\system32\drivers\atksgt.sys
2013-04-14 08:33 . 2013-04-14 08:33 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2013-04-13 15:30 . 2013-04-03 11:31 664 ----a-w- c:\documents and settings\as6s\Local Settings\Data aplikací\d3d9caps.tmp
2013-04-04 16:13 . 2013-04-04 16:13 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2013-03-30 11:12 . 2013-01-13 15:08 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-30 11:12 . 2013-01-13 15:08 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-22 14:44 . 2013-03-22 14:44 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-22 14:44 . 2013-03-22 14:45 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-22 14:44 . 2013-03-22 14:45 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-22 14:44 . 2013-03-22 14:45 143872 ----a-w- c:\windows\system32\javacpl.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2004-11-28 13:36 . AB3D62010AF342203FFA60C2D94DBC68 . 8704 . . [1] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Secure Disks]
@="{666C7836-A9B6-4AB4-94ED-DC238C81E925}"
[HKEY_CLASSES_ROOT\CLSID\{666C7836-A9B6-4AB4-94ED-DC238C81E925}]
2013-01-13 14:46 391168 ----a-r- c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cz.seznam.software.autoupdate"="c:\documents and settings\Millan\Data aplikací\Seznam.cz\szninstall.exe" [2013-03-21 1061960]
"cz.seznam.software.szndesktop"="c:\documents and settings\Millan\Data aplikací\Seznam.cz\bin\wszndesktop.exe" [2013-04-12 92664]
"uTorrent"="c:\documents and settings\Millan\Data aplikací\uTorrent\uTorrent.exe" [2013-04-04 1043536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"ACU"="c:\program files\Atheros\ACU.exe" [2007-10-16 405593]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2013-01-13 17920]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 974848]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-10 110592]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-03-13 4394032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-07-24 677144]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-13 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-13 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-13 135680]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2012-09-13 1009288]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2013-01-27 337432]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Millan\Nabídka Start\Programy\Po spuštění\
msconfig.lnk - c:\windows\system32\rundll32.exe [2008-4-14 33280]
Registration .LNK - c:\program files\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe [2013-4-19 6955008]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2013-01-13 14:46 74240 ----a-r- c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Millan\\Data aplikací\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
"c:\\WINDOWS\\system32\\dmwu.exe"=
"c:\\WINDOWS\\system32\\ARFC\\wrtc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
"57892:TCP"= 57892:TCP:Pando Media Booster
"57892:UDP"= 57892:UDP:Pando Media Booster
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [8.2.2013 5:37 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [8.2.2013 5:37 245048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [8.2.2013 5:37 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [27.2.2013 0:40 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [1.3.2013 11:32 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [8.2.2013 5:37 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [14.2.2013 4:52 182072]
R1 ItSDisk;ItSDisk;c:\windows\system32\drivers\itsdisk.sys [17.5.2006 2:14 23232]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [24.7.2007 8:59 38816]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [14.4.2008 8:52 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [14.4.2008 8:52 14336]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [19.2.2013 5:02 282624]
R2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe [8.4.2013 19:40 1013552]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [15.4.2013 15:27 3289208]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [19.4.2007 7:42 24576]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [1.11.2007 9:56 36864]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12.1.2012 20:52 30944]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23.1.2007 20:13 41216]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [6.6.2007 11:40 1260672]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2013\avgfws.exe [19.2.2013 5:02 1418184]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [28.2.2013 0:42 4937264]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28.2.2013 18:45 161384]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12.1.2012 20:52 30944]
S3 SinoTPM;Driver For SINOSUN Trusted Platform Module;c:\windows\system32\drivers\SinoTpm.sys [13.1.2013 12:40 34048]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={5ABFF931-A073-11E2-9BB4-001CBFC7399D}
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={5ABFF931-A073-11E2-9BB4-001CBFC7399D}
uInternet Connection Wizard,ShellNext = hxxp://redirect.avira.com/?operationtype=install&lngprod=en&oslanguage=cz&oscountry=cs&firstinstallation=20130113&productid=57&rndsnr=41ef3d055001631d75fb08d81bde2ef641c454bc&licensenumber=0000149996-ADJIE-0000001&licenseexpiration=20130630000000&md5_hash=97622EA3E79CCC37C86C4476999E6089&osversion=5.1.2600&prodversion=13.0.0.2890&avtoolbar=0&evaluation=0
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-06 22:52
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1935655697-1993962763-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:55,3f,35,b2,7c,f1,52,21,fe,62,66,97,ee,ae,ba,26,73,ad,a5,9f,c7,78,8c,
65,5c,91,e9,05,2b,ea,3f,c0,99,ac,ff,9a,0e,c0,28,3a,82,7a,f3,65,32,c3,49,cc,\
"??"=hex:a9,70,c7,ae,61,81,25,21,a1,34,f0,4d,b3,7c,e5,4f
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(2028)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\TrayIcon.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\brand.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItDAC.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItReports.DLL
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\BioAuth.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASBioAT.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItVCClient.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AuthWiz.dll
.
- - - - - - - > 'explorer.exe'(2668)
c:\documents and settings\Millan\Data aplikací\Seznam.cz\bin\15265libfoxloader.dll
c:\windows\system32\APSHook.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\IFXTCS.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\jmdp\stij.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\ATK0100\ATKOSD.exe
c:\program files\Infineon\Security Platform Software\PSDrt.exe
c:\program files\Infineon\Security Platform Software\SpTna.exe
c:\documents and settings\Millan\Data aplikací\Seznam.cz\bin\szndesktop.exe
.
**************************************************************************
.
Celkový čas: 2013-06-06 22:58:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-06-06 20:58
.
Před spuštěním: Volných bajtů: 200 486 875 136
Po spuštění: Volných bajtů: 200 861 442 048
.
- - End Of File - - 1856A09E33ED89927836A71134AFB3F1
413FC2A0C716421B3158746D63736515

#14 Příspěvek od **vyosek** » 06 čer 2013 22:01

Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/

Ulozte nejlepe na Plochu a rozbalte
Spustte kliknutim na mbanr
Nyni postupne kliknete na Next a Update
Po dokonceni update (aktualizace) databaze kliknete opet na Next
Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
PC bude restartovan
Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte

Fugass · #15 Příspěvek od **Fugass** » 06 čer 2013 22:42

Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.06.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Millan :: MILAN [administrator]

6.6.2013 23:28:25
mbar-log-2013-06-06 (23-28-25).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 251658
Time elapsed: 8 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Documents and Settings\Millan\Plocha\Terraria v1.1.2\TDU.exe (Packer.ModifiedUPX) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

VIRY.CZ

Prosím o pomoc : policejní vir

Prosím o pomoc : policejní vir

Re: Prosím o pomoc : policejní vir

Re: Prosím o pomoc : policejní vir

Re: Prosím o pomoc : policejní vir

Re: Prosím o pomoc : policejní vir

Re: Prosím o pomoc : policejní vir

Re: Prosím o pomoc : policejní vir

Re: Prosím o pomoc : policejní vir

Re: Prosím o pomoc : policejní vir

Re: Prosím o pomoc : policejní vir

Re: Prosím o pomoc : policejní vir

Re: Prosím o pomoc : policejní vir

Re: Prosím o pomoc : policejní vir

Re: Prosím o pomoc : policejní vir

Re: Prosím o pomoc : policejní vir