Prosim o kontrolu logu

Zpráva

#16 Příspěvek od **Rudy** » 14 lis 2013 21:43

Smazáno. Znovu spusťte OTM a klikněte na >CleanUp!<. Nastala nějaká změna?

miroslaw · #17 Příspěvek od **miroslaw** » 14 lis 2013 23:14

Nenastala žiadna zmena iba po Klean upe stichol no po zrestartovani NTB ten proces zase zacal bežat CPU 51% a OTM a RSIT nekam zmizli.
Može to byt aj tým, že nedavno som instaloval XP do NTB a formatovany bol len disk C: Disk D: som neformatoval kedže pouzivam externy tak som tam nemal skoro nič. Po nainstalovani windowsu všetko bezalo ako malo po dobu kedy som otvoril disk D: od tej doby mi ani raz nenabehol Autorun aj ked vložim USB tak ho musim otvarat cez Tento počitač. Može být ze nejaky vir prelezol do celeho systemu z D:??? A ked som nasledne natiahol AVAST tak komp takmer prestal fungovať tak ho to spomalilo a ked som dal kontrolu tak tam našel Neco a opytal sa co s tým ma robit tak sem to dal do truhly a to ho spomalilo ešte vic tak som ho odinstaloval. Je tu ešte nejaka šanca ako to poriešiť? Alebo bude trebalo instalovat Windows znova a tento raz naformatujem aj disk D: A po nainstalovani tu dat antivirak ktorý mi moj slaby NTB nespomalil tak. Ja ako laik se tomu tak nerozumim a budem vdacny za každu radu.

#18 Příspěvek od **Rudy** » 15 lis 2013 19:07

Zkusten obnovu systému k datu, kdy korektně fungoval.

miroslaw · #19 Příspěvek od **miroslaw** » 15 lis 2013 21:14

Dobrý vecer prajem

Vyskušal som obnovu systemu no umožnilo mi to k 12. listopadu dalej nie XP som inštaloval minulej vykend.
Asi po 10tich minutach mi zase nabehol svchost.exe a nejde mi pustit Mozilu. Dvojklik a nenabehne. Mam dat log z RSITU?

#20 Příspěvek od **Rudy** » 15 lis 2013 22:20

Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

miroslaw · #21 Příspěvek od **miroslaw** » 15 lis 2013 23:22

Vyhodilo mi to tento log:

ComboFix 13-11-15.01 - UserXP . 11. 2013 22:55:14.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1015.146 [GMT 1:00]
Spuštěný z: c:\documents and settings\UserXP\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
c:\windows\msxml4-KB973688-enu.LOG
c:\windows\system32\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-15 do 2013-11-15 )))))))))))))))))))))))))))))))
.
.
2013-11-15 20:05 . 2013-11-15 20:05 6462 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2013-11-15 20:04 . 2013-11-15 20:04 0 ----a-w- c:\windows\AutoKMS.tmp
2013-11-15 20:02 . 2013-11-15 20:03 -------- d-----w- c:\windows\LastGood
2013-11-15 19:59 . 2013-11-15 19:59 -------- d-----w- c:\windows\system32\wbem\Repository
2013-11-15 19:58 . 2013-11-15 19:58 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-11-15 09:51 . 2013-11-15 19:55 -------- d-----w- c:\windows\$hf_mig$
2013-11-13 21:41 . 2013-11-13 21:43 -------- d-----w- C:\AdwCleaner
2013-11-13 20:14 . 2010-02-28 00:13 49024 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
2013-11-13 20:14 . 2010-03-10 22:44 1100664 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe
2013-11-13 20:14 . 2010-01-09 19:37 127232 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL
2013-11-13 17:24 . 2013-11-15 19:58 -------- d-----w- c:\program files\trend micro
2013-11-12 18:14 . 2013-11-15 20:04 77824 ------w- c:\windows\KMSEmulator.exe
2013-11-10 21:31 . 2013-11-10 21:31 -------- d-----w- C:\Output Files
2013-11-10 21:25 . 2013-11-10 21:35 -------- d-----w- c:\program files\Doc-Docx to Pdf Converter 3000
2013-11-10 21:22 . 2013-11-10 21:25 -------- d-----w- c:\documents and settings\UserXP\Data aplikací\GetRightToGo
2013-11-06 17:41 . 2013-11-06 17:41 -------- d-----w- c:\documents and settings\UserXP\Data aplikací\AVAST Software
2013-11-06 17:40 . 2013-11-06 17:40 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-11-06 17:39 . 2013-11-06 20:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2013-11-05 09:19 . 2013-11-05 09:19 -------- d-----w- C:\Temp
2013-11-04 22:15 . 2013-11-15 19:56 -------- d-----w- c:\documents and settings\UserXP\Data aplikací\dvdcss
2013-11-04 12:35 . 2013-11-04 12:35 -------- d-----w- c:\documents and settings\UserXP\Local Settings\Data aplikací\SolidWorks
2013-11-04 12:33 . 2013-11-04 12:33 -------- d-----w- c:\documents and settings\UserXP\Data aplikací\EDrawings
2013-11-04 12:07 . 2013-11-04 12:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SolidWorks Flow Simulation
2013-11-04 11:45 . 2013-11-04 12:07 -------- d-----w- c:\program files\SolidWorks Corp
2013-11-04 11:45 . 2013-11-04 11:45 -------- d-----w- c:\program files\NVIDIA Corporation
2013-11-04 11:45 . 2013-11-04 11:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SolidWorks
2013-11-04 11:36 . 2013-11-04 11:36 -------- d-----w- c:\windows\system32\XPSViewer
2013-11-04 11:36 . 2013-11-04 11:36 -------- d-----w- c:\program files\Reference Assemblies
2013-11-04 11:36 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2013-11-04 11:35 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2013-11-04 11:35 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2013-11-04 11:35 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2013-11-04 11:35 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2013-11-04 11:35 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2013-11-04 11:35 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2013-11-04 11:35 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2013-11-04 11:35 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2013-11-04 11:29 . 2013-11-04 11:29 -------- d-----w- c:\program files\MSECache
2013-11-04 11:28 . 2013-11-04 12:06 -------- d-----w- c:\program files\Common Files\SolidWorks Shared
2013-11-04 11:28 . 2013-11-04 11:53 -------- d-----w- C:\SolidWorks Data
2013-11-04 11:26 . 2013-11-04 11:29 -------- d-----w- c:\program files\Common Files\Manažer instalací SolidWorks
2013-11-04 11:25 . 2013-11-04 11:25 -------- d-----w- c:\windows\SolidWorks
2013-11-04 11:25 . 2013-11-05 19:56 -------- d-----w- c:\documents and settings\UserXP\Data aplikací\SolidWorks
2013-11-04 08:22 . 2013-11-04 08:22 -------- d-----w- c:\documents and settings\UserXP\Local Settings\Data aplikací\cache
2013-11-04 08:16 . 2013-11-04 08:21 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2013-10-28 23:12 . 2013-11-04 11:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\FLEXnet
2013-10-28 19:39 . 2013-10-28 19:39 615936 ----a-w- c:\windows\AutoKMS.exe
2013-10-28 08:57 . 2013-10-28 08:57 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2013-10-28 08:55 . 2013-11-04 08:24 -------- d-----w- c:\documents and settings\UserXP\Local Settings\Data aplikací\Autodesk
2013-10-28 08:45 . 2013-10-28 09:03 -------- d-----w- c:\program files\Autodesk
2013-10-28 08:44 . 2013-10-28 09:00 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2013-10-28 08:43 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-10-28 08:43 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-10-28 08:43 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2013-10-28 08:43 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2013-10-28 08:43 . 2013-10-28 08:43 -------- d-----w- c:\windows\Logs
2013-10-26 13:49 . 2013-11-13 20:14 -------- d-----w- c:\program files\MSBuild
2013-10-26 13:46 . 2013-11-04 11:39 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2013-10-26 13:44 . 2013-10-26 13:44 -------- d-----w- c:\documents and settings\UserXP\Local Settings\Data aplikací\Microsoft Help
2013-10-26 13:44 . 2013-11-15 19:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Microsoft Help
2013-10-25 17:07 . 2013-10-26 13:48 -------- d-----w- c:\program files\Microsoft.NET
2013-10-25 17:02 . 2013-11-04 08:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Autodesk
2013-10-25 17:02 . 2013-11-04 08:23 -------- d-----w- c:\documents and settings\UserXP\Data aplikací\Autodesk
2013-10-25 16:26 . 2013-10-25 16:26 -------- d-----w- c:\documents and settings\UserXP\Bluetooth Software
2013-10-25 16:25 . 2008-08-19 21:16 991656 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2013-10-25 16:25 . 2008-07-24 16:37 156816 ----a-w- c:\windows\system32\drivers\btwdndis.sys
2013-10-25 16:25 . 2008-05-30 10:46 534568 ----a-w- c:\windows\system32\drivers\btaudio.sys
2013-10-25 16:25 . 2008-02-04 16:57 37160 ----a-w- c:\windows\system32\drivers\btport.sys
2013-10-25 16:25 . 2013-10-25 16:25 -------- d-----w- c:\program files\WIDCOMM
2013-10-25 16:19 . 2013-11-15 21:41 -------- d-----w- c:\documents and settings\UserXP\Data aplikací\Skype
2013-10-25 16:08 . 2013-10-25 16:08 -------- d-----w- c:\windows\ServicePackFiles
2013-10-25 16:08 . 2008-04-14 06:52 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
2013-10-25 16:08 . 2008-04-14 06:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2013-10-25 12:44 . 2013-10-25 12:44 -------- d-----w- c:\program files\Dassault Systemes
2013-10-25 12:43 . 2013-10-25 13:03 -------- d-----w- c:\documents and settings\UserXP\Local Settings\Data aplikací\DassaultSystemes
2013-10-25 12:43 . 2013-10-25 12:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DassaultSystemes
2013-10-25 12:43 . 2013-10-25 12:43 -------- d-----w- c:\documents and settings\UserXP\Data aplikací\DassaultSystemes
2013-10-25 12:40 . 2008-04-14 05:44 58496 ----a-w- c:\windows\system32\drivers\redbook.sys
2013-10-25 12:40 . 2013-10-25 12:40 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-10-25 12:39 . 2013-10-25 12:42 -------- d-----w- c:\documents and settings\UserXP\Data aplikací\DAEMON Tools Lite
2013-10-25 12:39 . 2013-10-25 12:39 -------- d-----w- c:\program files\DAEMON Tools Lite
2013-10-25 12:38 . 2013-10-25 12:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2013-10-25 11:19 . 2013-11-14 18:49 -------- d-----w- c:\documents and settings\UserXP\Data aplikací\vlc
2013-10-24 20:58 . 2013-10-24 20:58 -------- d-----w- c:\program files\Common Files\Skype
2013-10-24 20:58 . 2013-10-24 20:58 -------- d-----r- c:\program files\Skype
2013-10-24 18:40 . 2013-10-24 18:40 -------- d-----w- c:\program files\Adobe Flash Player 11.5.502.110
2013-10-24 17:31 . 2013-10-24 19:16 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-24 17:24 . 2013-10-24 17:24 -------- d-----w- c:\program files\7-Zip
2013-10-24 16:30 . 2013-10-24 16:30 -------- d-----w- c:\program files\DiVapton
2013-10-24 15:55 . 2013-10-24 15:55 -------- d-----w- c:\documents and settings\UserXP\Local Settings\Data aplikací\Mozilla
2013-10-24 15:24 . 2013-10-24 15:24 -------- d-----w- c:\documents and settings\UserXP\Local Settings\Data aplikací\Opera
2013-10-24 15:24 . 2013-10-24 15:24 -------- d-----w- c:\program files\Opera
2013-10-24 15:21 . 2013-11-06 20:50 -------- d-----w- c:\program files\Common Files\Adobe
2013-10-24 15:18 . 2013-11-06 20:50 -------- d-----w- c:\documents and settings\UserXP\Local Settings\Data aplikací\Adobe
2013-10-24 15:15 . 2013-10-24 15:15 -------- d-----w- c:\program files\VideoLAN
2013-10-24 15:08 . 2013-11-05 18:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Skype
2013-10-23 21:57 . 2008-08-19 21:16 47272 ----a-w- c:\windows\system32\drivers\btwusb.sys
2013-10-23 21:57 . 2007-09-20 10:59 106557 ----a-w- c:\windows\system32\btw_ci.dll
2013-10-23 21:56 . 2009-03-02 20:03 38912 ----a-w- c:\windows\system32\drivers\l1c51x86.sys
2013-10-23 21:55 . 2008-11-19 16:21 39040 ----a-w- c:\windows\system32\drivers\uvclf.sys
2013-10-23 20:58 . 2008-04-14 06:52 32256 ----a-w- c:\windows\system32\wpabaln.exe
2013-10-23 20:57 . 2008-04-14 06:52 71680 ----a-w- c:\windows\system32\ssdpsrv.dll
2013-10-23 20:56 . 2008-04-14 06:51 84992 ----a-w- c:\windows\system32\olepro32.dll
2013-10-23 20:55 . 2008-04-14 06:52 16896 ----a-w- c:\windows\system32\more.com
2013-10-23 20:54 . 2008-04-14 06:52 60928 ----a-w- c:\windows\system32\getmac.exe
2013-10-23 20:53 . 2008-04-14 06:52 20480 ----a-w- c:\windows\system32\cacls.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 383424]
"AutoKMS"="c:\windows\AutoKMS.exe" [2013-10-28 615936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
SolidWorks Nástroj pro stahování na pozadí.lnk - c:\program files\Common Files\Manažer instalací SolidWorks\BackgroundDownloading\sldBgDwld.exe /launch_from 0 [2013-11-4 1855080]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Dassault Systemes\\B20\\intel_a\\code\\bin\\orbixd.exe"=
"c:\\Program Files\\Dassault Systemes\\B20\\intel_a\\code\\bin\\CNEXT.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\WINDOWS\\KMSEmulator.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1227:TCP"= 1227:TCP:zvkef
"50248:TCP"= 50248:TCP:Autodesk Content Service
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [25. 10. 2013 13:40 243128]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [24. 4. 2007 20:52 16688]
R2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [31. 1. 2012 10:46 19232]
R2 BBDemon;Backbone Service;c:\program files\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe [26. 9. 2009 1:44 36864]
R2 SafetyNutManager;SafetyNut Manager;c:\program files\Movies Toolbar\SafetyNut\SafetyNutManager.exe [24. 10. 2013 17:29 3422728]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [23. 10. 2013 22:56 38912]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [23. 10. 2013 22:55 39040]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5. 9. 2013 9:34 171680]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1. 1. 2002 4:37 1684736]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [6. 10. 2012 6:38 89192]
S3 Remote Solver for Flow Simulation 2012;Remote Solver for Flow Simulation 2012;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [9. 8. 2012 12:22 95368]
S4 aroexkqo;Windows Config;c:\windows\system32\svchost.exe -k netsvcs [23. 10. 2013 21:58 14336]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23. 9. 2005 7:01 2799808]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - BITS
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
aroexkqo
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\UserXP\Data aplikací\Mozilla\Firefox\Profiles\p3jf6ikb.default\
FF - ExtSQL: 2013-11-04 12:37; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-15 23:10
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aroexkqo]
"ServiceDll"="c:\windows\system32\rkvhxyn.dll"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(804)
c:\program files\Movies Toolbar\SafetyNut\safetycrt.dll
.
Celkový čas: 2013-11-15 23:14:57
ComboFix-quarantined-files.txt 2013-11-15 22:14
.
Před spuštěním: Volných bajtů: 51 156 926 464
Po spuštění: Volných bajtů: 51 115 892 736
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[Boot Loader]
timeout=2
Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - E99AD0EEDDA4288E4F9FFEFB9BE85CE0
413FC2A0C716421B3158746D63736515

#22 Příspěvek od **Rudy** » 16 lis 2013 10:39

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\AutoKMS.tmp
c:\windows\KMSEmulator.exe
c:\windows\AutoKMS.exe

Collect::
c:\windows\system32\rkvhxyn.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoKMS"=-
[-HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

Driver::
aroexkqo

Reboot::

Uložte na plchu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

miroslaw · #23 Příspěvek od **miroslaw** » 16 lis 2013 11:20

Dobrý den, uložil som to ako CFScript.txt a po chvili AutoScan vyhodi hlašku "Rich text formáty(RTF)jsou nekompatibilní!!" Pritom to uložim ako textový dokument

miroslaw · #24 Příspěvek od **miroslaw** » 16 lis 2013 11:50

Nakonec sa mi to podarilo tu je log z CombFix

ComboFix 13-11-15.01 - UserXP . 11. 2013 11:28:33.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.1015.411 [GMT 1:00]
Spuštěný z: c:\documents and settings\UserXP\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\UserXP\Plocha\CFScript.txt
.
FILE ::
"c:\windows\AutoKMS.exe"
"c:\windows\AutoKMS.tmp"
"c:\windows\KMSEmulator.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AROEXKQO
-------\Service_aroexkqo
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-16 do 2013-11-16 )))))))))))))))))))))))))))))))
.
.
2013-11-16 09:41 . 2013-09-23 07:39 852992 -c----w- c:\windows\system32\dllcache\vgx.dll
2013-11-16 09:41 . 2013-09-23 07:39 669696 -c----w- c:\windows\system32\dllcache\wininet.dll
2013-11-16 09:41 . 2013-09-23 07:39 628224 -c----w- c:\windows\system32\dllcache\urlmon.dll
2013-11-16 09:41 . 2013-09-23 07:39 532480 -c----w- c:\windows\system32\dllcache\mstime.dll
2013-11-16 09:41 . 2013-09-23 07:39 449536 -c----w- c:\windows\system32\dllcache\mshtmled.dll
2013-11-16 09:41 . 2013-09-23 07:39 37888 -c----w- c:\windows\system32\dllcache\url.dll
2013-11-16 09:41 . 2013-09-23 07:39 1510912 -c----w- c:\windows\system32\dllcache\shdocvw.dll
2013-11-16 09:41 . 2013-09-23 07:39 81920 -c----w- c:\windows\system32\dllcache\ieencode.dll
2013-11-16 09:41 . 2013-09-23 07:39 251904 -c----w- c:\windows\system32\dllcache\iepeers.dll
2013-11-16 09:41 . 2013-09-23 07:39 1025024 -c----w- c:\windows\system32\dllcache\browseui.dll
2013-11-16 09:36 . 2013-11-16 09:46 77824 ------w- c:\windows\KMSEmulator.exe
2013-11-16 09:36 . 2013-11-16 09:36 -------- d-----w- c:\documents and settings\UserXP\AppData
2013-11-16 09:36 . 2013-11-16 09:36 0 ----a-w- c:\windows\AutoKMS.tmp
2013-11-16 09:20 . 2013-11-16 09:20 -------- d-----w- c:\windows\system32\LogFiles
2013-11-15 19:59 . 2013-11-15 19:59 -------- d-----w- c:\windows\system32\wbem\Repository
2013-11-15 19:58 . 2013-11-15 19:58 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-11-15 09:51 . 2013-11-15 19:55 -------- d-----w- c:\windows\$hf_mig$
2013-11-13 21:41 . 2013-11-13 21:43 -------- d-----w- C:\AdwCleaner
2013-11-13 20:14 . 2010-02-28 00:13 49024 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
2013-11-13 20:14 . 2010-03-10 22:44 1100664 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe
2013-11-13 20:14 . 2010-01-09 19:37 127232 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL
2013-11-13 17:24 . 2013-11-15 19:58 -------- d-----w- c:\program files\trend micro
2013-11-10 21:31 . 2013-11-10 21:31 -------- d-----w- C:\Output Files
2013-11-10 21:25 . 2013-11-10 21:35 -------- d-----w- c:\program files\Doc-Docx to Pdf Converter 3000
2013-11-10 21:22 . 2013-11-10 21:25 -------- d-----w- c:\documents and settings\UserXP\Data aplikací\GetRightToGo
2013-11-06 17:41 . 2013-11-06 17:41 -------- d-----w- c:\documents and settings\UserXP\Data aplikací\AVAST Software
2013-11-06 17:40 . 2013-11-06 17:40 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-11-06 17:39 . 2013-11-06 20:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2013-11-05 09:19 . 2013-11-05 09:19 -------- d-----w- C:\Temp
2013-11-04 22:15 . 2013-11-15 19:56 -------- d-----w- c:\documents and settings\UserXP\Data aplikací\dvdcss
2013-11-04 12:35 . 2013-11-04 12:35 -------- d-----w- c:\documents and settings\UserXP\Local Settings\Data aplikací\SolidWorks
2013-11-04 12:33 . 2013-11-04 12:33 -------- d-----w- c:\documents and settings\UserXP\Data aplikací\EDrawings
2013-11-04 12:07 . 2013-11-04 12:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SolidWorks Flow Simulation
2013-11-04 11:45 . 2013-11-04 12:07 -------- d-----w- c:\program files\SolidWorks Corp
2013-11-04 11:45 . 2013-11-04 11:45 -------- d-----w- c:\program files\NVIDIA Corporation
2013-11-04 11:45 . 2013-11-04 11:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SolidWorks
2013-11-04 11:36 . 2013-11-04 11:36 -------- d-----w- c:\windows\system32\XPSViewer
2013-11-04 11:36 . 2013-11-04 11:36 -------- d-----w- c:\program files\Reference Assemblies
2013-11-04 11:36 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2013-11-04 11:35 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2013-11-04 11:35 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2013-11-04 11:35 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2013-11-04 11:35 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2013-11-04 11:35 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2013-11-04 11:35 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2013-11-04 11:35 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2013-11-04 11:35 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2013-11-04 11:29 . 2013-11-04 11:29 -------- d-----w- c:\program files\MSECache
2013-11-04 11:28 . 2013-11-04 12:06 -------- d-----w- c:\program files\Common Files\SolidWorks Shared
2013-11-04 11:28 . 2013-11-04 11:53 -------- d-----w- C:\SolidWorks Data
2013-11-04 11:26 . 2013-11-04 11:29 -------- d-----w- c:\program files\Common Files\Manažer instalací SolidWorks
2013-11-04 11:25 . 2013-11-04 11:25 -------- d-----w- c:\windows\SolidWorks
2013-11-04 11:25 . 2013-11-05 19:56 -------- d-----w- c:\documents and settings\UserXP\Data aplikací\SolidWorks
2013-11-04 08:22 . 2013-11-04 08:22 -------- d-----w- c:\documents and settings\UserXP\Local Settings\Data aplikací\cache
2013-11-04 08:16 . 2013-11-04 08:21 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2013-10-28 23:12 . 2013-11-04 11:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\FLEXnet
2013-10-28 19:39 . 2013-10-28 19:39 615936 ----a-w- c:\windows\AutoKMS.exe
2013-10-28 08:57 . 2013-10-28 08:57 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2013-10-28 08:55 . 2013-11-04 08:24 -------- d-----w- c:\documents and settings\UserXP\Local Settings\Data aplikací\Autodesk
2013-10-28 08:45 . 2013-10-28 09:03 -------- d-----w- c:\program files\Autodesk
2013-10-28 08:44 . 2013-10-28 09:00 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2013-10-28 08:43 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-10-28 08:43 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-10-28 08:43 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2013-10-28 08:43 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2013-10-28 08:43 . 2013-10-28 08:43 -------- d-----w- c:\windows\Logs
2013-10-26 13:49 . 2013-11-13 20:14 -------- d-----w- c:\program files\MSBuild
2013-10-26 13:46 . 2013-11-04 11:39 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2013-10-26 13:44 . 2013-10-26 13:44 -------- d-----w- c:\documents and settings\UserXP\Local Settings\Data aplikací\Microsoft Help
2013-10-26 13:44 . 2013-11-15 19:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Microsoft Help
2013-10-25 17:07 . 2013-10-26 13:48 -------- d-----w- c:\program files\Microsoft.NET
2013-10-25 17:02 . 2013-11-04 08:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Autodesk
2013-10-25 17:02 . 2013-11-04 08:23 -------- d-----w- c:\documents and settings\UserXP\Data aplikací\Autodesk
2013-10-25 16:26 . 2013-10-25 16:26 -------- d-----w- c:\documents and settings\UserXP\Bluetooth Software
2013-10-25 16:25 . 2008-08-19 21:16 991656 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2013-10-25 16:25 . 2008-07-24 16:37 156816 ----a-w- c:\windows\system32\drivers\btwdndis.sys
2013-10-25 16:25 . 2008-05-30 10:46 534568 ----a-w- c:\windows\system32\drivers\btaudio.sys
2013-10-25 16:25 . 2008-02-04 16:57 37160 ----a-w- c:\windows\system32\drivers\btport.sys
2013-10-25 16:25 . 2013-10-25 16:25 -------- d-----w- c:\program files\WIDCOMM
2013-10-25 16:19 . 2013-11-15 22:19 -------- d-----w- c:\documents and settings\UserXP\Data aplikací\Skype
2013-10-25 16:08 . 2013-10-25 16:08 -------- d-----w- c:\windows\ServicePackFiles
2013-10-25 16:08 . 2008-04-14 06:52 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
2013-10-25 16:08 . 2008-04-14 06:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2013-10-25 12:44 . 2013-10-25 12:44 -------- d-----w- c:\program files\Dassault Systemes
2013-10-25 12:43 . 2013-10-25 13:03 -------- d-----w- c:\documents and settings\UserXP\Local Settings\Data aplikací\DassaultSystemes
2013-10-25 12:43 . 2013-10-25 12:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DassaultSystemes
2013-10-25 12:43 . 2013-10-25 12:43 -------- d-----w- c:\documents and settings\UserXP\Data aplikací\DassaultSystemes
2013-10-25 12:40 . 2008-04-14 05:44 58496 ----a-w- c:\windows\system32\drivers\redbook.sys
2013-10-25 12:40 . 2013-10-25 12:40 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-10-25 12:39 . 2013-10-25 12:42 -------- d-----w- c:\documents and settings\UserXP\Data aplikací\DAEMON Tools Lite
2013-10-25 12:39 . 2013-10-25 12:39 -------- d-----w- c:\program files\DAEMON Tools Lite
2013-10-25 12:38 . 2013-10-25 12:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2013-10-25 11:19 . 2013-11-16 09:17 -------- d-----w- c:\documents and settings\UserXP\Data aplikací\vlc
2013-10-24 20:58 . 2013-10-24 20:58 -------- d-----w- c:\program files\Common Files\Skype
2013-10-24 20:58 . 2013-10-24 20:58 -------- d-----r- c:\program files\Skype
2013-10-24 18:40 . 2013-10-24 18:40 -------- d-----w- c:\program files\Adobe Flash Player 11.5.502.110
2013-10-24 17:31 . 2013-10-24 19:16 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-24 17:24 . 2013-10-24 17:24 -------- d-----w- c:\program files\7-Zip
2013-10-24 16:30 . 2013-10-24 16:30 -------- d-----w- c:\program files\DiVapton
2013-10-24 15:55 . 2013-10-24 15:55 -------- d-----w- c:\documents and settings\UserXP\Local Settings\Data aplikací\Mozilla
2013-10-24 15:24 . 2013-10-24 15:24 -------- d-----w- c:\documents and settings\UserXP\Local Settings\Data aplikací\Opera
2013-10-24 15:24 . 2013-10-24 15:24 -------- d-----w- c:\program files\Opera
2013-10-24 15:21 . 2013-11-06 20:50 -------- d-----w- c:\program files\Common Files\Adobe
2013-10-24 15:18 . 2013-11-06 20:50 -------- d-----w- c:\documents and settings\UserXP\Local Settings\Data aplikací\Adobe
2013-10-24 15:15 . 2013-10-24 15:15 -------- d-----w- c:\program files\VideoLAN
2013-10-24 15:08 . 2013-11-05 18:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Skype
2013-10-23 21:57 . 2008-08-19 21:16 47272 ----a-w- c:\windows\system32\drivers\btwusb.sys
2013-10-23 21:57 . 2007-09-20 10:59 106557 ----a-w- c:\windows\system32\btw_ci.dll
2013-10-23 21:56 . 2009-03-02 20:03 38912 ----a-w- c:\windows\system32\drivers\l1c51x86.sys
2013-10-23 21:55 . 2008-11-19 16:21 39040 ----a-w- c:\windows\system32\drivers\uvclf.sys
2013-10-23 20:58 . 2008-04-14 06:52 32256 ----a-w- c:\windows\system32\wpabaln.exe
2013-10-23 20:57 . 2008-04-14 06:52 71680 ----a-w- c:\windows\system32\ssdpsrv.dll
2013-10-23 20:56 . 2008-04-14 06:51 84992 ----a-w- c:\windows\system32\olepro32.dll
2013-10-23 20:55 . 2008-04-14 06:52 16896 ----a-w- c:\windows\system32\more.com
2013-10-23 20:54 . 2008-04-14 06:52 60928 ----a-w- c:\windows\system32\getmac.exe
2013-10-23 20:53 . 2008-04-14 06:52 20480 ----a-w- c:\windows\system32\cacls.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 383424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
SolidWorks Nástroj pro stahování na pozadí.lnk - c:\program files\Common Files\Manažer instalací SolidWorks\BackgroundDownloading\sldBgDwld.exe /launch_from 0 [2013-11-4 1855080]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Dassault Systemes\\B20\\intel_a\\code\\bin\\orbixd.exe"=
"c:\\Program Files\\Dassault Systemes\\B20\\intel_a\\code\\bin\\CNEXT.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\WINDOWS\\KMSEmulator.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [25. 10. 2013 13:40 243128]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [24. 4. 2007 20:52 16688]
R2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [31. 1. 2012 10:46 19232]
R2 BBDemon;Backbone Service;c:\program files\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe [26. 9. 2009 1:44 36864]
R2 SafetyNutManager;SafetyNut Manager;c:\program files\Movies Toolbar\SafetyNut\SafetyNutManager.exe [24. 10. 2013 17:29 3422728]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [23. 10. 2013 22:56 38912]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [23. 10. 2013 22:55 39040]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5. 9. 2013 9:34 171680]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1. 1. 2002 4:37 1684736]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [6. 10. 2012 6:38 89192]
S3 Remote Solver for Flow Simulation 2012;Remote Solver for Flow Simulation 2012;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [9. 8. 2012 12:22 95368]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23. 9. 2005 7:01 2799808]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\UserXP\Data aplikací\Mozilla\Firefox\Profiles\p3jf6ikb.default\
FF - ExtSQL: 2013-11-04 12:37; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-16 11:44
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3516)
c:\windows\system32\AcSignIcon.dll
c:\progra~1\MICROS~2\Office14\1051\GrooveIntlResource.dll
c:\windows\system32\msi.dll
c:\program files\Autodesk\Inventor Fusion 2013\AcSignCore16.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxext.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\Movies Toolbar\SafetyNut\safetynut.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wscntfy.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2013-11-16 11:47:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-11-16 10:47
ComboFix2.txt 2013-11-15 22:14
.
Před spuštěním: Volných bajtů: 51 032 285 184
Po spuštění: Volných bajtů: 50 896 945 152
.
- - End Of File - - 4D2BD896A06FD5BBC110A005B44556C5
413FC2A0C716421B3158746D63736515

#25 Příspěvek od **Rudy** » 16 lis 2013 11:55

Nastala nějaká změna?

miroslaw · #26 Příspěvek od **miroslaw** » 16 lis 2013 11:58

Bezi trocha rychlešie aj skor sa zapol, no proces svchost.exe stale beži na 50% CPU

#27 Příspěvek od **Rudy** » 16 lis 2013 12:52

Na zkoušku vypněte aut. aktualizace a zjistěte, zda zatížení pokleslo.

miroslaw · #28 Příspěvek od **miroslaw** » 16 lis 2013 13:00

žadna zmena nenastala stale 50%CPU

#29 Příspěvek od **Rudy** » 16 lis 2013 13:04

Zkuste spustit CF se stejným skriptem ještě jednou, ale v nouz. režimu. Všiml jsem si, že nebylo vše smazáno.

miroslaw · #30 Příspěvek od **miroslaw** » 16 lis 2013 13:05

Az teraz se to uklidnilo

VIRY.CZ

Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu