kontrola PC

Zpráva

RH46 · #1 Příspěvek od **RH46** » 22 dub 2014 19:03

Prosím o kontrolu logu -
(Nešel mě spustit Photoshop, zajímavé, že v nouzovém režimu ano. Chtěl jsem pomocí "Obnovení
systému" navolit poslední funkční konfiguraci, ale zjistil jsem, že funkce "Obnovení" je vypnutá.
Po vyčištění Avastem (našel 3 soubory) se zdá, že je zase všechno funkční.
Mám ale podezření, že by někde mohlo ještě něco zůstat.)
Děkuji.
log z RSIT-

Logfile of random's system information tool 1.09 (written by random/random)
Run by RH at 2014-04-22 19:42:48
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 60 GB (39%) free of 153 GB
Total RAM: 1014 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:42:59, on 22.4.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\RH.RH-9B6AEB81C62A\Plocha\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\RH.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Data aplikací\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\RH.RH-9B6AEB81C62A\Local Settings\Data aplikací\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O8 - Extra context menu item: Stáhnout FDM - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video FDM - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané FDM - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše FDM - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6969 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08 77424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealNetworks Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users.WINDOWS\Data aplikací\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2012-11-29 539888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-04-01 597816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-04-01 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll [2014-04-01 1001936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
Free Download Manager - C:\Program Files\Free Download Manager\iefdm2.dll [2013-03-11 365056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-04-01 194504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2002-04-26 102400]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe [2002-03-18 188416]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-09-16 150040]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-09-16 178712]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-09-16 150040]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-10-28 17331200]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-04-01 3854640]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2013-05-08 41056]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Akamai NetSession Interface"=C:\Documents and Settings\RH.RH-9B6AEB81C62A\Local Settings\Data aplikací\Akamai\netsession_win.exe [2014-03-06 4672920]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^AVer HID Receiver.lnk]
C:\PROGRA~1\COMMON~1\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2010-01-05 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^AVerQuick.lnk]
C:\PROGRA~1\COMMON~1\AVerMedia\AVerQuick\AVerQuick.exe [2011-05-19 675840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Corel MEDIA FOLDERS INDEXER 8.LNK]
C:\Corel\GRAPHI~1\Programs\MFINDE~1.EXE [1998-01-12 83456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TrkWks"=2
"TermService"=3
"TapiSrv"=3
"RemoteRegistry"=2
"RasMan"=3
"AVerScheduleService"=2
"AVerRemote"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-09-11 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveTrack"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe:*:Enabled:Nokia Launch Application"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Documents and Settings\RH.RH-9B6AEB81C62A\Local Settings\Data aplikací\Super Internet TV\Super Internet TV.exe"="C:\Documents and Settings\RH.RH-9B6AEB81C62A\Local Settings\Data aplikací\Super Internet TV\Super Internet TV.exe:*:Enabled:Super Internet TV"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Průvodce přenesením souborů a nastavení"
"C:\Documents and Settings\RH.RH-9B6AEB81C62A\Local Settings\Data aplikací\Akamai\netsession_win.exe"="C:\Documents and Settings\RH.RH-9B6AEB81C62A\Local Settings\Data aplikací\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Client"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=l3codecp.acm
"msacm.ac3filter"=ac3filter.acm
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"VIDC.ACDV"=ACDV.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.tscc"=tsccvid.dll
"vidc.XVID"=xvidvfw.dll
"VIDC.HFYU"=huffyuv.dll
"wave1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2014-04-22 19:42:48 ----D---- C:\rsit
2014-04-22 01:13:13 ----A---- C:\WINDOWS\ntbtlog.txt
2014-04-22 00:06:44 ----A---- C:\WINDOWS\_ISENV31.INI
2014-04-22 00:01:00 ----D---- C:\Documents and Settings\RH.RH-9B6AEB81C62A\Data aplikací\Google
2014-04-10 16:29:23 ----D---- C:\Documents and Settings\RH.RH-9B6AEB81C62A\Data aplikací\pdfforge
2014-04-10 16:29:20 ----A---- C:\WINDOWS\system32\pdfcmon.dll
2014-04-10 16:29:18 ----D---- C:\Program Files\PDFCreator
2014-04-10 16:29:18 ----A---- C:\WINDOWS\system32\MSMPIDE.DLL
2014-04-10 13:00:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2922229$
2014-04-10 00:06:39 ----D---- C:\Program Files\Common Files\PDF Architect
2014-04-09 23:28:49 ----D---- C:\Documents and Settings\RH.RH-9B6AEB81C62A\Data aplikací\PDF Architect
2014-04-09 01:06:38 ----A---- C:\pdfinfo.ini
2014-04-09 01:05:35 ----D---- C:\Program Files\Text2PDF v1.5
2014-04-01 19:50:38 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Google
2014-04-01 19:42:28 ----A---- C:\WINDOWS\avastSS.scr
2014-03-24 17:16:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2934207$
2014-03-24 17:15:54 ----N---- C:\WINDOWS\system32\xp_eos.exe

======List of files/folders modified in the last 1 month======

2014-04-22 19:42:59 ----D---- C:\WINDOWS\Prefetch
2014-04-22 19:42:59 ----D---- C:\Program Files\trend micro
2014-04-22 18:32:43 ----D---- C:\Temp
2014-04-22 17:06:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-04-22 17:06:04 ----D---- C:\WINDOWS\temp
2014-04-22 01:38:00 ----D---- C:\WINDOWS\system32\drivers
2014-04-22 01:13:13 ----D---- C:\WINDOWS
2014-04-21 22:22:38 ----D---- C:\Documents and Settings\RH.RH-9B6AEB81C62A\Data aplikací\Ancestry
2014-04-21 22:18:13 ----SHD---- C:\System Volume Information
2014-04-21 22:18:13 ----D---- C:\WINDOWS\system32\Restore
2014-04-17 00:42:20 ----D---- C:\Documents and Settings\RH.RH-9B6AEB81C62A\Data aplikací\Help
2014-04-15 22:46:05 ----D---- C:\WINDOWS\Debug
2014-04-15 22:39:16 ----D---- C:\Program Files\Zoom Player
2014-04-15 22:00:47 ----A---- C:\WINDOWS\NeroDigital.ini
2014-04-14 14:46:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-04-14 14:40:04 ----HD---- C:\WINDOWS\ShellNew
2014-04-14 14:40:04 ----D---- C:\WINDOWS\system32
2014-04-14 14:40:02 ----RD---- C:\WINDOWS\Web
2014-04-14 14:39:19 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2014-04-14 14:39:07 ----D---- C:\Documents and Settings
2014-04-14 14:39:03 ----D---- C:\imgs
2014-04-13 17:53:24 ----SD---- C:\Documents and Settings\RH.RH-9B6AEB81C62A\Data aplikací\Microsoft
2014-04-10 16:29:18 ----RD---- C:\Program Files
2014-04-10 15:52:58 ----SHD---- C:\WINDOWS\Installer
2014-04-10 15:52:57 ----D---- C:\Config.Msi
2014-04-10 15:49:21 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Microsoft
2014-04-10 13:00:32 ----HD---- C:\WINDOWS\inf
2014-04-10 13:00:00 ----D---- C:\WINDOWS\system32\MRT
2014-04-10 12:55:56 ----A---- C:\WINDOWS\system32\MRT.exe
2014-04-10 12:55:31 ----D---- C:\Program Files\Internet Explorer
2014-04-10 12:55:28 ----D---- C:\WINDOWS\system32\CatRoot2
2014-04-10 12:55:21 ----D---- C:\WINDOWS\ie8updates
2014-04-10 00:06:39 ----D---- C:\Program Files\Common Files
2014-04-09 15:14:08 ----A---- C:\WINDOWS\win.ini
2014-04-09 00:51:20 ----D---- C:\Program Files\MSECache
2014-04-02 19:17:21 ----D---- C:\Documents and Settings\RH.RH-9B6AEB81C62A\Data aplikací\vlc
2014-04-01 19:50:38 ----D---- C:\Program Files\Google
2014-04-01 19:48:46 ----SD---- C:\WINDOWS\Tasks
2014-04-01 19:42:28 ----A---- C:\WINDOWS\system32\aswBoot.exe
2014-03-30 13:18:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-24 16:31:08 ----D---- C:\WINDOWS\network diagnostic

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2014-04-01 49944]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2014-04-01 180760]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-01-26 20576]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2014-04-01 54832]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2014-04-01 776976]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2014-04-01 411552]
R1 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2014-04-01 57672]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-07-08 28672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2014-04-01 67824]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-09-11 6047904]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-10-31 4942336]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2011-01-06 10368]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-01-22 120064]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 AF9035HB;AF9035 Hybrid Device; C:\WINDOWS\System32\Drivers\AF9035HB.sys [2012-01-12 863616]
S3 AVerPola;AVerMedia USB Polaris Series Capture Service; C:\WINDOWS\system32\DRIVERS\AVerPola.sys [2010-10-07 478464]
S3 AVPolCIR;AVerMedia USB Polaris Series Custom IR Service; C:\WINDOWS\system32\DRIVERS\AVPolCIR.sys [2010-10-07 38144]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 grmnusb;Garmin USB Driver; C:\WINDOWS\system32\drivers\grmnusb.sys [2009-04-17 9344]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2012-06-11 19072]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2013-08-29 26240]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-04-01 50344]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 SNMP;SNMP; C:\WINDOWS\System32\snmp.exe [2008-04-14 32768]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-01 116648]
S2 SMTPSVC;Simple Mail Transport Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 DfSdkS;Defragmentation-Service; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-08-24 406016]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-01 116648]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2014-04-01 194032]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 SNMPTRAP;Zachytávání pro službu SNMP; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S4 AVerRemote;AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [2010-04-27 348160]
S4 AVerScheduleService;AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2011-04-01 403456]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-30 69632]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-02 153376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2008-12-31 247152]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 22 dub 2014 19:07

Zdravím!
Spusťte nejprve tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

RH46 · #3 Příspěvek od **RH46** » 22 dub 2014 20:47

Bohužel se to nezdařilo, při cleaningu zhruba v polovině program zamrzl a musel jsem ho
nuceně ukončit, žádný jiný program neběžel ani antivir.Zkusil jsem to znovu se stejným výsledkem.
Zde je log po scenování, ale ten je zřejmě k ničemu.
# AdwCleaner v3.201 - Report created 22/04/2014 at 21:09:30
# Updated 22/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : RH - RH-9B6AEB81C62A
# Running from : C:\Documents and Settings\RH.RH-9B6AEB81C62A\Plocha\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Google Chrome v34.0.1847.116

*************************

AdwCleaner[R0].txt - [702 octets] - [22/04/2014 20:41:20]
AdwCleaner[R1].txt - [820 octets] - [22/04/2014 20:52:08]
AdwCleaner[R2].txt - [682 octets] - [22/04/2014 21:09:30]
AdwCleaner[S0].txt - [457 octets] - [22/04/2014 20:44:22]
AdwCleaner[S1].txt - [457 octets] - [22/04/2014 20:58:37]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [859 octets] ##########

#4 Příspěvek od **Rudy** » 22 dub 2014 21:10

Toto je OK. Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\Documents and Settings\All Users.WINDOWS\Data aplikací\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
C:\Program Files\Google\Google Toolbar
C:\Program Files\Google\GoogleToolbarNotifier
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"=-

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Před skenem vypněte Avast a po něm restartujte PC. Dejte nový log RSIT.

RH46 · #5 Příspěvek od **RH46** » 22 dub 2014 22:06

Bohužel opět program zamrzl, nevím zdali se vůbec rozeběhl, ukončit jsem ho musel
opět nuceně, protože na nic nereagoval.

#6 Příspěvek od **Rudy** » 23 dub 2014 17:21

Dejte log combofix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

RH46 · #7 Příspěvek od **RH46** » 23 dub 2014 18:31

Provedeno, zde je log -

ComboFix 14-04-20.01 - RH 23.04.2014 19:14:51.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.387 [GMT 2:00]
Spuštěný z: c:\documents and settings\RH.RH-9B6AEB81C62A\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\RH.RH-9B6AEB81C62A\WINDOWS
c:\windows\system32\
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-23 do 2014-04-23 )))))))))))))))))))))))))))))))
.
.
2014-04-22 20:36 . 2014-04-22 20:36 -------- d-----w- C:\_OTM
2014-04-22 18:41 . 2014-04-22 19:12 -------- d-----w- C:\AdwCleaner
2014-04-22 17:42 . 2014-04-22 18:06 -------- d-----w- C:\rsit
2014-04-10 14:29 . 2014-04-10 14:29 -------- d-----w- c:\documents and settings\RH.RH-9B6AEB81C62A\Data aplikací\pdfforge
2014-04-10 14:29 . 2012-05-05 08:54 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2014-04-10 14:29 . 2013-04-09 12:13 95416 ----a-w- c:\windows\system32\pdfcmon.dll
2014-04-10 14:29 . 2012-05-05 08:54 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2014-04-10 14:29 . 2014-04-15 20:46 -------- d-----w- c:\program files\PDFCreator
2014-04-10 14:29 . 2012-05-05 08:54 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2014-04-09 22:06 . 2014-04-09 22:06 -------- d-----w- c:\program files\Common Files\PDF Architect
2014-04-09 21:28 . 2014-04-09 21:29 -------- d-----w- c:\documents and settings\RH.RH-9B6AEB81C62A\Data aplikací\PDF Architect
2014-04-08 23:05 . 2014-04-10 12:33 -------- d-----w- c:\program files\Text2PDF v1.5
2014-04-01 17:42 . 2014-04-01 17:42 43152 ----a-w- c:\windows\avastSS.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-01 17:42 . 2013-05-10 14:33 411552 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-04-01 17:42 . 2013-05-10 14:33 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-04-01 17:42 . 2013-05-10 14:33 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-04-01 17:42 . 2013-05-10 14:33 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-04-01 17:42 . 2013-05-10 14:33 271264 ----a-w- c:\windows\system32\aswBoot.exe
2014-04-01 17:42 . 2013-03-15 21:58 180760 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-01 17:42 . 2013-03-15 21:58 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-04-01 17:42 . 2013-03-15 21:58 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-03-06 17:58 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:58 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-06 17:58 . 2006-03-02 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2014-03-06 17:58 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-03-06 00:46 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2014-02-26 23:28 . 2014-03-24 15:15 13312 ------w- c:\windows\system32\xp_eos.exe
2014-02-07 06:36 . 2006-03-02 12:00 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2006-03-02 12:00 563712 ----a-w- c:\windows\system32\qedit.dll
2004-10-01 14:00 . 2010-04-08 12:48 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-01 17:42 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\RH.RH-9B6AEB81C62A\Local Settings\Data aplikací\Akamai\netsession_win.exe" [2014-03-06 4672920]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-04-26 102400]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 188416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-16 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-16 150040]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-01 3854640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^AVer HID Receiver.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\AVer HID Receiver.lnk
backup=c:\windows\pss\AVer HID Receiver.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^AVerQuick.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Corel MEDIA FOLDERS INDEXER 8.LNK]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Corel MEDIA FOLDERS INDEXER 8.LNK
backup=c:\windows\pss\Corel MEDIA FOLDERS INDEXER 8.LNKCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TrkWks"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RasMan"=3 (0x3)
"AVerScheduleService"=2 (0x2)
"AVerRemote"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nokia\\Nokia PC Suite 7\\PCSuite.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\RH.RH-9B6AEB81C62A\\Local Settings\\Data aplikací\\Super Internet TV\\Super Internet TV.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Documents and Settings\\RH.RH-9B6AEB81C62A\\Local Settings\\Data aplikací\\Akamai\\netsession_win.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1037:TCP"= 1037:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [15.3.2013 23:58 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [15.3.2013 23:58 180760]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10.5.2013 16:33 776976]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10.5.2013 16:33 411552]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [15.3.2013 23:58 67824]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10.5.2013 23:40 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10.5.2013 23:40 22856]
S3 AF9035HB;AF9035 Hybrid Device;c:\windows\system32\drivers\AF9035HB.SYS [12.1.2012 22:23 863616]
S3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\drivers\AVerPola.sys [17.12.2012 18:09 478464]
S3 AVPolCIR;AVerMedia USB Polaris Series Custom IR Service;c:\windows\system32\drivers\AVPolCIR.sys [17.12.2012 18:09 38144]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [8.1.2011 19:26 406016]
S4 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [17.12.2012 18:06 348160]
S4 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [17.12.2012 18:06 403456]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [29.11.2012 21:31 38608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-09 13:07 1077576 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-23 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-01 17:42]
.
2014-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-01 17:48]
.
2014-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-01 17:48]
.
2014-04-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-24 23:28]
.
2014-04-23 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-24 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = <local>
IE: Stáhnout FDM - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video FDM - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané FDM - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše FDM - file://c:\program files\Free Download Manager\dlall.htm
TCP: DhcpNameServer = 213.211.45.3
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-23 19:26
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\avast! sandbox
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
Celkový čas: 2014-04-23 19:28:59
ComboFix-quarantined-files.txt 2014-04-23 17:28
.
Před spuštěním: Volných bajtů: 62 494 253 056
Po spuštění: Volných bajtů: 62 460 305 408
.
- - End Of File - - 906EF348EC33C2E5AA17E3DB781BC916
413FC2A0C716421B3158746D63736515

#8 Příspěvek od **Rudy** » 23 dub 2014 19:26

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\documents and settings\RH.RH-9B6AEB81C62A\Data aplikací\pdfforge
c:\documents and settings\RH.RH-9B6AEB81C62A\Local Settings\Data aplikací\Akamai

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1037:TCP"=-
"5000:UDP"=-

Driver::
RealNetworks Downloader Resolver Service

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

RH46 · #9 Příspěvek od **RH46** » 23 dub 2014 21:50

Bohužel opět to nevyšlo, naběhla sice ikonka, že se mažou soubory, po více jak hodině se nic
nedělo, opět jsem ho musel natvrdo ukončit.

#10 Příspěvek od **Rudy** » 23 dub 2014 21:55

Zkuste to znovu, se stejným skriptem, ale v nouz. režimu.

RH46 · #11 Příspěvek od **RH46** » 23 dub 2014 22:47

Po spuštění v nouzovém režimu a přetáhnutí ikonky se scriptem se ComboFix spustil
v režimu Autoscan, ke konci skenování se z nouzového režimu PC restartoval o normálního
režimu. Log po skenování přikládám -

ComboFix 14-04-20.01 - RH 23.04.2014 23:22:28.4.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.780 [GMT 2:00]
Spuštěný z: c:\documents and settings\RH.RH-9B6AEB81C62A\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\RH.RH-9B6AEB81C62A\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_REALNETWORKS_DOWNLOADER_RESOLVER_SERVICE
-------\Service_RealNetworks Downloader Resolver Service
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-23 do 2014-04-23 )))))))))))))))))))))))))))))))
.
.
2014-04-22 20:36 . 2014-04-22 20:36 -------- d-----w- C:\_OTM
2014-04-22 18:41 . 2014-04-22 19:12 -------- d-----w- C:\AdwCleaner
2014-04-22 17:42 . 2014-04-22 18:06 -------- d-----w- C:\rsit
2014-04-10 14:29 . 2014-04-10 14:29 -------- d-----w- c:\documents and settings\RH.RH-9B6AEB81C62A\Data aplikací\pdfforge
2014-04-10 14:29 . 2012-05-05 08:54 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2014-04-10 14:29 . 2013-04-09 12:13 95416 ----a-w- c:\windows\system32\pdfcmon.dll
2014-04-10 14:29 . 2012-05-05 08:54 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2014-04-10 14:29 . 2014-04-15 20:46 -------- d-----w- c:\program files\PDFCreator
2014-04-10 14:29 . 2012-05-05 08:54 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2014-04-09 22:06 . 2014-04-09 22:06 -------- d-----w- c:\program files\Common Files\PDF Architect
2014-04-09 21:28 . 2014-04-09 21:29 -------- d-----w- c:\documents and settings\RH.RH-9B6AEB81C62A\Data aplikací\PDF Architect
2014-04-08 23:05 . 2014-04-10 12:33 -------- d-----w- c:\program files\Text2PDF v1.5
2014-04-01 17:42 . 2014-04-01 17:42 43152 ----a-w- c:\windows\avastSS.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-01 17:42 . 2013-05-10 14:33 411552 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-04-01 17:42 . 2013-05-10 14:33 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-04-01 17:42 . 2013-05-10 14:33 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-04-01 17:42 . 2013-05-10 14:33 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-04-01 17:42 . 2013-05-10 14:33 271264 ----a-w- c:\windows\system32\aswBoot.exe
2014-04-01 17:42 . 2013-03-15 21:58 180760 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-01 17:42 . 2013-03-15 21:58 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-04-01 17:42 . 2013-03-15 21:58 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-03-06 17:58 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:58 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-06 17:58 . 2006-03-02 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2014-03-06 17:58 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-03-06 00:46 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2014-02-26 23:28 . 2014-03-24 15:15 13312 ------w- c:\windows\system32\xp_eos.exe
2014-02-07 06:36 . 2006-03-02 12:00 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2006-03-02 12:00 563712 ----a-w- c:\windows\system32\qedit.dll
2004-10-01 14:00 . 2010-04-08 12:48 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-01 17:42 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-04-26 102400]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 188416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-16 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-16 150040]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-01 3854640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^AVer HID Receiver.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\AVer HID Receiver.lnk
backup=c:\windows\pss\AVer HID Receiver.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^AVerQuick.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Corel MEDIA FOLDERS INDEXER 8.LNK]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Corel MEDIA FOLDERS INDEXER 8.LNK
backup=c:\windows\pss\Corel MEDIA FOLDERS INDEXER 8.LNKCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TrkWks"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RasMan"=3 (0x3)
"AVerScheduleService"=2 (0x2)
"AVerRemote"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nokia\\Nokia PC Suite 7\\PCSuite.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\RH.RH-9B6AEB81C62A\\Local Settings\\Data aplikací\\Super Internet TV\\Super Internet TV.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Documents and Settings\\RH.RH-9B6AEB81C62A\\Local Settings\\Data aplikací\\Akamai\\netsession_win.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [15.3.2013 23:58 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [15.3.2013 23:58 180760]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10.5.2013 16:33 776976]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10.5.2013 16:33 411552]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [15.3.2013 23:58 67824]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10.5.2013 23:40 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10.5.2013 23:40 22856]
S3 AF9035HB;AF9035 Hybrid Device;c:\windows\system32\drivers\AF9035HB.SYS [12.1.2012 22:23 863616]
S3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\drivers\AVerPola.sys [17.12.2012 18:09 478464]
S3 AVPolCIR;AVerMedia USB Polaris Series Custom IR Service;c:\windows\system32\drivers\AVPolCIR.sys [17.12.2012 18:09 38144]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [8.1.2011 19:26 406016]
S4 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [17.12.2012 18:06 348160]
S4 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [17.12.2012 18:06 403456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-09 13:07 1077576 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-23 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-01 17:42]
.
2014-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-01 17:48]
.
2014-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-01 17:48]
.
2014-04-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-24 23:28]
.
2014-04-23 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-24 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = <local>
IE: Stáhnout FDM - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video FDM - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané FDM - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše FDM - file://c:\program files\Free Download Manager\dlall.htm
TCP: DhcpNameServer = 213.211.45.3
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-23 23:36
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3060)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\corel\Graphics8\programs\CMFFld80.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\System32\snmp.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2014-04-23 23:40:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-04-23 21:40
ComboFix2.txt 2014-04-23 17:29
.
Před spuštěním: Volných bajtů: 62 298 988 544
Po spuštění: Volných bajtů: 62 225 182 720
.
- - End Of File - - EDB29A207E41CE0C8FC4E0D508B08A5B
413FC2A0C716421B3158746D63736515

#12 Příspěvek od **Rudy** » 24 dub 2014 16:50

Smazáno. CF odinstalujte pomocí T-Cleaneru: http://vyosek.tym.cz/pro_usery/T-Cleaner.exe . Nastala nějaká změna?

RH46 · #13 Příspěvek od **RH46** » 24 dub 2014 18:11

Provedl jsem výmaz a vyzkoušel programy, které běžně používám.
Programy pracují, zdá se bez problému, pouze na stránce obnovení systému jsem zjistil, že
všechny body obnovení jsou vymazány.

#14 Příspěvek od **Rudy** » 24 dub 2014 18:23

Ty preventivně smazal CF. S dalšími starty systému se vytvoří nové. Podstatné je, že je vše v pořádku.

RH46 · #15 Příspěvek od **RH46** » 24 dub 2014 20:10

Pro jistotu jsem to projel ještě jednou Avastem - nenašel nic.
Děkuji moc za pomoc, přeji příjemné a úspěšné dny.
RH46

VIRY.CZ

kontrola PC

kontrola PC

Re: kontrola PC

Re: kontrola PC

Re: kontrola PC

Re: kontrola PC

Re: kontrola PC

Re: kontrola PC

Re: kontrola PC

Re: kontrola PC

Re: kontrola PC

Re: kontrola PC

Re: kontrola PC

Re: kontrola PC

Re: kontrola PC

Re: kontrola PC