Zažloutlá obraz. , nejde nic přečíst, píše to passw. protect

[Mikno]

Když jsem sledoval kdy se objevý a zanikne ošklivě žlutá, světlá obrazovka tak to zmizelo v 67% kolem registru 6002.... none .... movie mk.dll
A pak to zezloutlo kolem c:\ program files\I nebo M.

Mám pocit, že by to mohlo být z aktualizace nelegálního softwaru, může být?

Mám tu tři verze combofixu, první jsem zapomněl vypnout Windows Defender
druhou vypnutý defender u toho combofix smazal dva soubory ze system 32\root.exe a něco n7.dll
třetí vypnutý defender a pročištění systemu viz obrázky dolejš

U všech tří procesů stále zavirováná obrazovka hnusnou barvou a nejde vůbec číst ani psát, a ještě to nejspíš posílá hesla kamsi na boty.

Ten virus bude asi na firewallu. Mám třeba ten advanced system protector odinstalovat?

[Mikno]

1. První


ComboFix 13-09-26.03 - Karel 27.09.2013 18:26:16.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.1688 [GMT 2:00]
Spuštěný z: D:\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-27 do 2013-09-27 )))))))))))))))))))))))))))))))
.
.
2013-09-27 16:33 . 2013-09-27 16:33 -------- d-----w- c:\users\Karel\AppData\Local\temp
2013-09-27 16:33 . 2013-09-27 16:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-27 14:55 . 2013-09-27 14:55 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F46D8EBE-E318-4623-894D-55FE366F72DD}\offreg.dll
2013-09-27 12:08 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F46D8EBE-E318-4623-894D-55FE366F72DD}\mpengine.dll
2013-09-26 15:40 . 2013-09-26 15:40 515664 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-09-26 15:30 . 2013-09-26 15:30 -------- d-----w- c:\users\Karel\AppData\Roaming\PeerNetworking
2013-09-22 12:59 . 2013-09-22 12:59 -------- d-----w- C:\D
2013-09-12 19:59 . 2013-07-16 04:35 615936 ----a-w- c:\windows\system32\themeui.dll
2013-09-12 19:59 . 2013-08-08 01:45 2049536 ----a-w- c:\windows\system32\win32k.sys
2013-09-04 13:20 . 2013-09-04 13:20 -------- d-----w- c:\programdata\AmUStor
2013-09-04 13:20 . 2013-09-04 13:20 -------- d-----w- c:\program files\AmIcoSingLun
2013-09-04 13:17 . 2013-09-04 13:17 -------- d-----w- c:\users\Karel\AppData\Local\Akamai
2013-09-04 12:50 . 2013-09-04 12:51 125 ----a-w- c:\windows\xUninstall.bat
2013-09-02 19:05 . 2013-09-02 19:07 -------- d-----w- c:\programdata\Pinnacle VideoSpin
2013-09-02 19:05 . 2013-09-02 19:05 -------- d-----w- c:\program files\Pinnacle
2013-09-02 19:05 . 2013-09-02 19:05 -------- d-----w- c:\program files\Common Files\Yahoo!
2013-09-02 19:03 . 2013-09-02 19:03 -------- d-----w- c:\programdata\Pinnacle
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-27 14:28 . 2008-04-08 09:49 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-09-23 19:24 . 2012-11-24 10:12 201872 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-09-23 19:11 . 2012-11-24 10:12 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-09-23 19:11 . 2012-11-24 10:12 214520 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-09-23 19:11 . 2012-11-24 10:12 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-09-21 12:57 . 2012-11-18 08:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-21 12:57 . 2012-11-18 08:56 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-16 16:48 . 2013-06-03 15:39 138904 ----a-w- c:\users\Karel\AppData\Roaming\PnkBstrK.sys
2013-09-04 12:41 . 2008-04-08 09:02 319456 ----a-w- c:\windows\DIFxAPI.dll
2013-08-30 07:48 . 2013-03-26 15:59 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2012-11-18 08:54 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2012-11-18 08:54 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2013-03-26 15:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2012-11-18 08:54 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-08-30 07:48 . 2012-11-18 08:54 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2012-11-18 08:54 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2012-11-18 08:54 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2012-11-18 08:52 41664 ----a-w- c:\windows\avastSS.scr
2013-08-30 07:47 . 2012-11-18 08:52 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-07 02:22 . 2012-11-18 08:52 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-06 17:55 . 2012-11-24 10:12 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-08-02 04:09 . 2013-08-28 15:18 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-17 19:41 . 2013-08-15 18:08 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-16 06:32 . 2013-06-11 19:31 53248 ----a-w- c:\windows\system32\CSVer.dll
2013-07-10 09:47 . 2013-08-15 18:08 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 12:10 . 2013-08-15 18:08 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-07-09 06:20 . 2008-04-08 09:02 3289304 ----a-w- c:\windows\system32\RtkAPO.dll
2013-07-08 04:55 . 2013-08-15 18:08 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-08 04:55 . 2013-08-15 18:08 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-08 04:20 . 2013-08-15 18:08 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-07-08 04:16 . 2013-08-15 18:08 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-08 04:16 . 2013-08-15 18:08 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-08 04:16 . 2013-08-15 18:08 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-07-05 04:53 . 2013-08-15 18:09 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"Facebook Update"="c:\users\Karel\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-03-17 138096]
"Akamai NetSession Interface"="c:\users\Karel\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2013-07-09 12000984]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 178712]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-10-24 33304]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-05-04 1466368]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-04-08 33136]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2009-07-31 233472]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TMMonitor.lnk - c:\program files\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2013-4-21 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamePark klient 2.lnk
backup=c:\windows\pss\GamePark klient 2.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2008-04-08 09:58 37232 ----a-w- c:\windows\ASScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChkMail]
2007-07-14 00:25 741376 ----a-w- c:\program files\ChkMail\ChkMail\ChkMail.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-10 22:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3186385019-1968349040-1816560291-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-21 12:59 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-18 12:57]
.
2013-08-27 c:\windows\Tasks\ASO-AutoCheckUpdate7Days.job
- c:\program files\Advanced System Optimizer 3\CheckUpdate.exe [2013-06-11 15:23]
.
2013-09-18 c:\windows\Tasks\ASO-OneClickCare.job
- c:\program files\Advanced System Optimizer 3\ASO3.exe [2013-06-11 15:23]
.
2013-09-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3186385019-1968349040-1816560291-1000Core.job
- c:\users\Karel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-17 18:54]
.
2013-09-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3186385019-1968349040-1816560291-1000UA.job
- c:\users\Karel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-17 18:54]
.
2013-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-26 16:33]
.
2013-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-26 16:33]
.
2013-09-23 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2013-06-11 09:52]
.
2013-09-11 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2013-06-11 09:52]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = <local>
IE: &Save the YouTube video as MP3
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-27 18:33
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\ADSM_PData_0150
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(5868)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
Celkový čas: 2013-09-27 18:35:48
ComboFix-quarantined-files.txt 2013-09-27 16:35
.
Před spuštěním: Volných bajtů: 39 928 033 280
Po spuštění: Volných bajtů: 39 850 598 400
.
- - End Of File - - 0278BE2385CF24F25BC647EFC11C3B76
64B1E91C5C6C2157642651010728F90F

[Mikno]

2. druhý




ComboFix 13-09-26.03 - Karel 27.09.2013 18:40:06.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.1863 [GMT 2:00]
Spuštěný z: D:\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msvcr71.dll
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-27 do 2013-09-27 )))))))))))))))))))))))))))))))
.
.
2013-09-27 16:49 . 2013-09-27 16:49 -------- d-----w- c:\users\Karel\AppData\Local\temp
2013-09-27 16:49 . 2013-09-27 16:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-27 12:08 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F46D8EBE-E318-4623-894D-55FE366F72DD}\mpengine.dll
2013-09-26 15:40 . 2013-09-26 15:40 515664 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-09-26 15:30 . 2013-09-26 15:30 -------- d-----w- c:\users\Karel\AppData\Roaming\PeerNetworking
2013-09-22 12:59 . 2013-09-22 12:59 -------- d-----w- C:\D
2013-09-12 19:59 . 2013-07-16 04:35 615936 ----a-w- c:\windows\system32\themeui.dll
2013-09-12 19:59 . 2013-08-08 01:45 2049536 ----a-w- c:\windows\system32\win32k.sys
2013-09-04 13:20 . 2013-09-04 13:20 -------- d-----w- c:\programdata\AmUStor
2013-09-04 13:20 . 2013-09-04 13:20 -------- d-----w- c:\program files\AmIcoSingLun
2013-09-04 13:17 . 2013-09-04 13:17 -------- d-----w- c:\users\Karel\AppData\Local\Akamai
2013-09-04 12:50 . 2013-09-04 12:51 125 ----a-w- c:\windows\xUninstall.bat
2013-09-02 19:05 . 2013-09-02 19:07 -------- d-----w- c:\programdata\Pinnacle VideoSpin
2013-09-02 19:05 . 2013-09-02 19:05 -------- d-----w- c:\program files\Pinnacle
2013-09-02 19:05 . 2013-09-02 19:05 -------- d-----w- c:\program files\Common Files\Yahoo!
2013-09-02 19:03 . 2013-09-02 19:03 -------- d-----w- c:\programdata\Pinnacle
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-27 14:28 . 2008-04-08 09:49 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-09-23 19:24 . 2012-11-24 10:12 201872 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-09-23 19:11 . 2012-11-24 10:12 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-09-23 19:11 . 2012-11-24 10:12 214520 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-09-23 19:11 . 2012-11-24 10:12 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-09-21 12:57 . 2012-11-18 08:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-21 12:57 . 2012-11-18 08:56 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-16 16:48 . 2013-06-03 15:39 138904 ----a-w- c:\users\Karel\AppData\Roaming\PnkBstrK.sys
2013-09-04 12:41 . 2008-04-08 09:02 319456 ----a-w- c:\windows\DIFxAPI.dll
2013-08-30 07:48 . 2013-03-26 15:59 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2012-11-18 08:54 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2012-11-18 08:54 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2013-03-26 15:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2012-11-18 08:54 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-08-30 07:48 . 2012-11-18 08:54 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2012-11-18 08:54 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2012-11-18 08:54 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2012-11-18 08:52 41664 ----a-w- c:\windows\avastSS.scr
2013-08-30 07:47 . 2012-11-18 08:52 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-07 02:22 . 2012-11-18 08:52 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-06 17:55 . 2012-11-24 10:12 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-08-02 04:09 . 2013-08-28 15:18 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-17 19:41 . 2013-08-15 18:08 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-16 06:32 . 2013-06-11 19:31 53248 ----a-w- c:\windows\system32\CSVer.dll
2013-07-10 09:47 . 2013-08-15 18:08 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 12:10 . 2013-08-15 18:08 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-07-09 06:20 . 2008-04-08 09:02 3289304 ----a-w- c:\windows\system32\RtkAPO.dll
2013-07-08 04:55 . 2013-08-15 18:08 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-08 04:55 . 2013-08-15 18:08 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-08 04:20 . 2013-08-15 18:08 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-07-08 04:16 . 2013-08-15 18:08 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-08 04:16 . 2013-08-15 18:08 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-08 04:16 . 2013-08-15 18:08 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-07-05 04:53 . 2013-08-15 18:09 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"Facebook Update"="c:\users\Karel\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-03-17 138096]
"Akamai NetSession Interface"="c:\users\Karel\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2013-07-09 12000984]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 178712]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-10-24 33304]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-05-04 1466368]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-04-08 33136]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2009-07-31 233472]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TMMonitor.lnk - c:\program files\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2013-4-21 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamePark klient 2.lnk
backup=c:\windows\pss\GamePark klient 2.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2008-04-08 09:58 37232 ----a-w- c:\windows\ASScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChkMail]
2007-07-14 00:25 741376 ----a-w- c:\program files\ChkMail\ChkMail\ChkMail.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-10 22:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3186385019-1968349040-1816560291-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-21 12:59 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-18 12:57]
.
2013-09-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3186385019-1968349040-1816560291-1000Core.job
- c:\users\Karel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-17 18:54]
.
2013-09-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3186385019-1968349040-1816560291-1000UA.job
- c:\users\Karel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-17 18:54]
.
2013-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-26 16:33]
.
2013-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-26 16:33]
.
2013-09-23 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2013-06-11 09:52]
.
2013-09-11 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2013-06-11 09:52]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = <local>
IE: &Save the YouTube video as MP3
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-27 18:49
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Celkový čas: 2013-09-27 18:56:03
ComboFix-quarantined-files.txt 2013-09-27 16:55
.
Před spuštěním: Volných bajtů: 39 773 249 536
Po spuštění: Volných bajtů: 40 832 307 200
.
- - End Of File - - 6C7C9F1E3A6E5345313580551560C366
64B1E91C5C6C2157642651010728F90F

[Mikno]

3. třetí


ComboFix 13-09-26.03 - Karel 27.09.2013 19:18:07.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.1702 [GMT 2:00]
Spuštěný z: D:\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-27 do 2013-09-27 )))))))))))))))))))))))))))))))
.
.
2013-09-27 17:26 . 2013-09-27 17:26 -------- d-----w- c:\users\Karel\AppData\Local\temp
2013-09-27 17:26 . 2013-09-27 17:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-27 12:08 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F46D8EBE-E318-4623-894D-55FE366F72DD}\mpengine.dll
2013-09-26 15:40 . 2013-09-26 15:40 515664 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-09-26 15:30 . 2013-09-26 15:30 -------- d-----w- c:\users\Karel\AppData\Roaming\PeerNetworking
2013-09-22 12:59 . 2013-09-22 12:59 -------- d-----w- C:\D
2013-09-12 19:59 . 2013-07-16 04:35 615936 ----a-w- c:\windows\system32\themeui.dll
2013-09-12 19:59 . 2013-08-08 01:45 2049536 ----a-w- c:\windows\system32\win32k.sys
2013-09-04 13:20 . 2013-09-04 13:20 -------- d-----w- c:\programdata\AmUStor
2013-09-04 13:20 . 2013-09-04 13:20 -------- d-----w- c:\program files\AmIcoSingLun
2013-09-04 13:17 . 2013-09-04 13:17 -------- d-----w- c:\users\Karel\AppData\Local\Akamai
2013-09-04 12:50 . 2013-09-04 12:51 125 ----a-w- c:\windows\xUninstall.bat
2013-09-02 19:05 . 2013-09-02 19:07 -------- d-----w- c:\programdata\Pinnacle VideoSpin
2013-09-02 19:05 . 2013-09-02 19:05 -------- d-----w- c:\program files\Pinnacle
2013-09-02 19:05 . 2013-09-02 19:05 -------- d-----w- c:\program files\Common Files\Yahoo!
2013-09-02 19:03 . 2013-09-02 19:03 -------- d-----w- c:\programdata\Pinnacle
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-27 14:28 . 2008-04-08 09:49 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-09-23 19:24 . 2012-11-24 10:12 201872 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-09-23 19:11 . 2012-11-24 10:12 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-09-23 19:11 . 2012-11-24 10:12 214520 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-09-23 19:11 . 2012-11-24 10:12 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-09-21 12:57 . 2012-11-18 08:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-21 12:57 . 2012-11-18 08:56 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-16 16:48 . 2013-06-03 15:39 138904 ----a-w- c:\users\Karel\AppData\Roaming\PnkBstrK.sys
2013-09-04 12:41 . 2008-04-08 09:02 319456 ----a-w- c:\windows\DIFxAPI.dll
2013-08-30 07:48 . 2013-03-26 15:59 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2012-11-18 08:54 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2012-11-18 08:54 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2013-03-26 15:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2012-11-18 08:54 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-08-30 07:48 . 2012-11-18 08:54 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2012-11-18 08:54 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2012-11-18 08:54 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2012-11-18 08:52 41664 ----a-w- c:\windows\avastSS.scr
2013-08-30 07:47 . 2012-11-18 08:52 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-07 02:22 . 2012-11-18 08:52 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-06 17:55 . 2012-11-24 10:12 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-08-02 04:09 . 2013-08-28 15:18 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-17 19:41 . 2013-08-15 18:08 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-16 06:32 . 2013-06-11 19:31 53248 ----a-w- c:\windows\system32\CSVer.dll
2013-07-10 09:47 . 2013-08-15 18:08 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 12:10 . 2013-08-15 18:08 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-07-09 06:20 . 2008-04-08 09:02 3289304 ----a-w- c:\windows\system32\RtkAPO.dll
2013-07-08 04:55 . 2013-08-15 18:08 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-08 04:55 . 2013-08-15 18:08 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-08 04:20 . 2013-08-15 18:08 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-07-08 04:16 . 2013-08-15 18:08 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-08 04:16 . 2013-08-15 18:08 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-08 04:16 . 2013-08-15 18:08 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-07-05 04:53 . 2013-08-15 18:09 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"Facebook Update"="c:\users\Karel\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-03-17 138096]
"Akamai NetSession Interface"="c:\users\Karel\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2013-07-09 12000984]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 178712]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-10-24 33304]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-05-04 1466368]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-04-08 33136]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2009-07-31 233472]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TMMonitor.lnk - c:\program files\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2013-4-21 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamePark klient 2.lnk
backup=c:\windows\pss\GamePark klient 2.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2008-04-08 09:58 37232 ----a-w- c:\windows\ASScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChkMail]
2007-07-14 00:25 741376 ----a-w- c:\program files\ChkMail\ChkMail\ChkMail.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-10 22:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3186385019-1968349040-1816560291-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-21 12:59 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-18 12:57]
.
2013-09-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3186385019-1968349040-1816560291-1000Core.job
- c:\users\Karel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-17 18:54]
.
2013-09-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3186385019-1968349040-1816560291-1000UA.job
- c:\users\Karel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-17 18:54]
.
2013-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-26 16:33]
.
2013-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-26 16:33]
.
2013-09-23 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2013-06-11 09:52]
.
2013-09-11 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2013-06-11 09:52]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = <local>
IE: &Save the YouTube video as MP3
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-27 19:26
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
[0] 0x20017E00
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(5108)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
Celkový čas: 2013-09-27 19:34:01
ComboFix-quarantined-files.txt 2013-09-27 17:33
.
Před spuštěním: Volných bajtů: 41 864 867 840
Po spuštění: Volných bajtů: 41 404 010 496
.
- - End Of File - - 290A59F28330CDFEFE90465875709DA9
64B1E91C5C6C2157642651010728F90F

[Mikno]

...

[Mikno]

...

[Mikno]

...

[Mikno]

...

[Mikno]

Prosím pomozte, moc budu vděčný, nechci formátovat Já vím, že je víkend, prosím

[JaRon]

1. vycisti PC s CCleanerom - cast registre - odstran vsetko co najde
2. prescanuj PC s MBAM - kompletna kontrola

[Mikno]

Tak MBAM, mě našel viri a odstranil, ale musel jsem ještě použít SpyHunter k odstranění veškeré havěti, použil jsem aktualizaci z roku 2011 říjen.

Problém byl vyřešen děkuji moc moc moc