Re: problem so skype
Napsal: 03 kvě 2013 18:42
zdravim, tu je vysledok z combofixu, este sa chcem prosim Vas spitat, ked vypinam PC kliknem na start a cakam aj 2 minuty kym nabehne ponuka na restart alebo vypnutie, zvolim restart a cakam dalsie 2-3 minuty kym pc vypne, nedalo by sa prosim nejak skontrolovat disk ci netreba nejaku opravu alebo defragmentaciu ta sa nikdy nerobila a pc ma 5 rokov. to pomale vypinanie je mozne ze robi nejaka vada disku? dakujem za odpoved.
ComboFix 13-05-01.03 - pocitac 03.05.2013 19:03:25.11.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.959.456 [GMT 2:00]
Spuštěný z: c:\documents and settings\pocitac\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-03 do 2013-05-03 )))))))))))))))))))))))))))))))
.
.
2013-05-02 10:52 . 2013-05-02 11:00 -------- d-----w- c:\program files\Google
2013-05-02 10:49 . 2013-05-02 11:25 -------- d---a-w- c:\documents and settings\All Users.WINDOWS1\Data aplikací\TEMP
2013-05-01 11:12 . 2013-05-01 11:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS1\Data aplikací\Malwarebytes
2013-04-30 22:40 . 2013-04-30 22:40 -------- d-----w- c:\program files\Common Files\Skype
2013-04-30 22:01 . 2013-05-03 17:02 -------- d-----w- c:\documents and settings\pocitac\Data aplikací\Skype
2013-04-30 22:01 . 2013-04-30 22:40 -------- d-----r- c:\program files\Skype
2013-04-30 22:00 . 2013-04-30 22:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS1\Data aplikací\Skype
2013-04-30 19:12 . 2013-04-30 19:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS1\Data aplikací\Martau
2013-04-30 19:12 . 2013-04-30 19:12 -------- d-----w- c:\program files\Total Uninstall 6
2013-04-29 15:17 . 2013-03-06 22:33 49760 ----a-w- c:\windows1\system32\drivers\aswRdr.sys
2013-04-29 15:17 . 2013-03-06 22:33 368176 ----a-w- c:\windows1\system32\drivers\aswSP.sys
2013-04-29 15:17 . 2013-03-06 22:33 29816 ----a-w- c:\windows1\system32\drivers\aswFsBlk.sys
2013-04-29 15:17 . 2013-03-06 22:33 765736 ----a-w- c:\windows1\system32\drivers\aswSnx.sys
2013-04-29 15:17 . 2013-03-06 22:33 62376 ----a-w- c:\windows1\system32\drivers\aswTdi.sys
2013-04-29 15:17 . 2013-03-06 22:32 228600 ----a-w- c:\windows1\system32\aswBoot.exe
2013-04-29 15:15 . 2013-03-06 22:32 41664 ----a-w- c:\windows1\avastSS.scr
2013-04-29 14:42 . 2013-04-29 14:42 -------- d-----w- c:\windows1\system32\wbem\Repository
2013-04-23 22:17 . 2013-04-23 22:54 -------- d-----w- c:\documents and settings\pocitac\Local Settings\Data aplikací\Deployment
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 20:34 . 2009-03-23 14:49 22528 ----a-w- c:\windows1\system32\drivers\nhcDriver.sys
2013-03-06 23:33 . 2013-03-17 09:27 49248 ----a-w- c:\windows1\system32\drivers\aswRvrt.sys
2013-03-06 23:33 . 2013-03-17 09:27 164736 ----a-w- c:\windows1\system32\drivers\aswVmm.sys
2013-03-06 23:33 . 2013-03-17 09:27 66336 ----a-w- c:\windows1\system32\drivers\aswMonFlt.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-08-01 124480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-08-23 1626112]
"NvMediaCenter"="c:\windows1\system32\NvMcTray.dll" [2007-08-23 81920]
"NvCplDaemon"="c:\windows1\system32\NvCpl.dll" [2007-08-23 8478720]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-26 61952]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2011-01-03 198160]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows1\system32\sti_ci.dll" [2008-04-14 136704]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS1^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS1\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows1\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS1^Nabídka Start^Programy^Po spuštění^IP-TV Player Agent.lnk]
path=c:\documents and settings\All Users.WINDOWS1\Nabídka Start\Programy\Po spuštění\IP-TV Player Agent.lnk
backup=c:\windows1\pss\IP-TV Player Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS1^Nabídka Start^Programy^Po spuštění^Ralink Wireless Utility.lnk]
path=c:\documents and settings\All Users.WINDOWS1\Nabídka Start\Programy\Po spuštění\Ralink Wireless Utility.lnk
backup=c:\windows1\pss\Ralink Wireless Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^pocitac^Nabídka Start^Programy^Po spuštění^Ubisoft register.lnk]
path=c:\documents and settings\pocitac\Nabídka Start\Programy\Po spuštění\Ubisoft register.lnk
backup=c:\windows1\pss\Ubisoft register.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 06:00 33648 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-03-25 19:27 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-12-13 17:10 1688872 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MX Skype Recorder]
2009-06-18 21:13 561064 ----a-w- c:\documents and settings\pocitac\Local Settings\Data aplikací\MXSkypeRecorder\MXSkypeRecorder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-12-03 12:21 2213160 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\openvpn-gui]
2009-12-10 13:43 99328 ----a-w- c:\program files\OpenVPN\bin\openvpn-gui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-01-03 13:28 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SlingAgentService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\system32\\sopocx.ocx"=
"%windir%\\system32\\tvu49.ocx"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Documents and Settings\\pocitac\\Plocha\\PLOCHA\\RapidWareX.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Documents and Settings\\pocitac\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Sling Media\\SlingPlayer\\SlingPlayer.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Documents and Settings\\pocitac\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Documents and Settings\\pocitac\\temp\\TeamViewer3\\TeamViewer.exe"=
"c:\\WINDOWS1\\system32\\msiexec.exe"=
"c:\\Documents and Settings\\pocitac\\Local Settings\\Data aplikací\\AntikVirtualSTB\\AntikVirtualSTB.exe"=
"c:\\Program Files\\WinPcap\\rpcapd.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows1\system32\drivers\aswRvrt.sys [17.3.2013 11:27 49248]
R0 ExeLock;ExeLock;c:\windows1\system32\drivers\ExeLock.sys [24.4.2010 1:36 35456]
R0 sptd;sptd;c:\windows1\system32\drivers\sptd.sys [15.8.2011 15:24 691696]
R1 aswSnx;aswSnx;c:\windows1\system32\drivers\aswSnx.sys [29.4.2013 17:17 765736]
R1 aswSP;aswSP;c:\windows1\system32\drivers\aswSP.sys [29.4.2013 17:17 368176]
R2 aswFsBlk;aswFsBlk;c:\windows1\system32\drivers\aswFsBlk.sys [29.4.2013 17:17 29816]
R2 aswMonFlt;aswMonFlt;c:\windows1\system32\drivers\aswMonFlt.sys [17.3.2013 11:27 66336]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows1\system32\drivers\tap0801.sys [15.2.2007 19:48 26624]
S0 xmasscsi;xmasscsi;c:\windows1\system32\Drivers\xmasscsi.sys --> c:\windows1\system32\Drivers\xmasscsi.sys [?]
S2 NPVR Recording Service;NPVR Recording Service;"c:\program files\NPVR\NRecord.exe" --> c:\program files\NPVR\NRecord.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28.2.2013 18:45 161384]
S2 StudioPro;StudioPro webcam;c:\windows1\system32\drivers\StudioPro.sys [8.7.2010 1:04 120320]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows1\system32\drivers\ASPI32.SYS [24.4.2009 15:42 16512]
S3 aswVmm;aswVmm;c:\windows1\system32\drivers\aswVmm.sys [17.3.2013 11:27 164736]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\pocitac\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\pocitac\LOCALS~1\Temp\CFcatchme.sys [?]
S3 EuMusDesignVirtualAudioCableWdm;StudioPro audio (WDM);c:\windows1\system32\drivers\vrtaucbl.sys [8.7.2010 1:04 38784]
S3 gogoTunnelDevice;gogo6 Multi-Virtual Tunnel Adapter;c:\windows1\system32\drivers\gogotun.sys [22.3.2010 18:29 21064]
S3 IT9135BDA;IT9135 BDA Devices;c:\windows1\system32\Drivers\IT9135BDA.sys --> c:\windows1\system32\Drivers\IT9135BDA.sys [?]
S3 KCIRDA;%KCIRDA.ServiceDesc%;c:\windows1\system32\DRIVERS\KCIrNet.sys --> c:\windows1\system32\DRIVERS\KCIrNet.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows1\system32\drivers\npf.sys [20.10.2009 20:19 50704]
S3 pcouffin;VSO Software pcouffin;c:\windows1\system32\drivers\pcouffin.sys [23.3.2009 16:24 47360]
S3 tapavpn;Steganos Anonym VPN Adapter;c:\windows1\system32\drivers\tapavpn.sys [19.10.2007 10:50 24320]
S4 NvUpdSrv;NVIDIA Update Server;c:\documents and settings\pocitac\Local Settings\Data aplikací\NVIDIA Corporation\Update\nvupd32.exe /svc --> c:\documents and settings\pocitac\Local Settings\Data aplikací\NVIDIA Corporation\Update\nvupd32.exe [?]
S4 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [25.9.2009 13:16 93960]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-02 11:00 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-05-03 c:\windows1\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-04-29 22:32]
.
2013-05-03 c:\windows1\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-02 11:00]
.
2013-05-03 c:\windows1\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-02 11:00]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.sk/
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout pomocí NetXferu - c:\program files\Xi\NetXfer\NXAddLink.html
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Stáhnout vše pomocí Net&Xferu - c:\program files\Xi\NetXfer\NXAddList.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 217.75.71.141 217.75.71.142
FF - ProfilePath - c:\documents and settings\pocitac\Data aplikací\Mozilla\Firefox\Profiles\as9ii7al.default\
FF - prefs.js: browser.search.selectedEngine - ÄŚSFD
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - ExtSQL: !HIDDEN! 2009-08-26 13:32; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-03 19:18
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\sccfg.sys 222 bytes
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1482476501-1177238915-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{11B5C8DC-3FEA-1682-D4F0355518481497}\{414E0745-768E-27E6-1A22BEEA50FFC306}\{0F77990A-A8C5-E83C-A2DEB9098A2A23DE}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,d6,cc,56,
f3,44,6f,47,ae,a6,1b,ea,9e,74,fa,4e,21,5c,35,90,55,3a,22,13,75,89,89,29,dd,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(17292)
c:\windows1\system32\msi.dll
c:\windows1\system32\webcheck.dll
c:\windows1\system32\IEFRAME.dll
c:\windows1\system32\WPDShServiceObj.dll
c:\windows1\system32\PortableDeviceTypes.dll
c:\windows1\system32\PortableDeviceApi.dll
.
Celkový čas: 2013-05-03 19:25:11
ComboFix-quarantined-files.txt 2013-05-03 17:24
.
Před spuštěním: 5 555 466 240
Po spuštění: 5 650 661 376
.
- - End Of File - - 0A4F581A21AFA0421E1D9B34D22DA6BA
ComboFix 13-05-01.03 - pocitac 03.05.2013 19:03:25.11.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.959.456 [GMT 2:00]
Spuštěný z: c:\documents and settings\pocitac\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-03 do 2013-05-03 )))))))))))))))))))))))))))))))
.
.
2013-05-02 10:52 . 2013-05-02 11:00 -------- d-----w- c:\program files\Google
2013-05-02 10:49 . 2013-05-02 11:25 -------- d---a-w- c:\documents and settings\All Users.WINDOWS1\Data aplikací\TEMP
2013-05-01 11:12 . 2013-05-01 11:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS1\Data aplikací\Malwarebytes
2013-04-30 22:40 . 2013-04-30 22:40 -------- d-----w- c:\program files\Common Files\Skype
2013-04-30 22:01 . 2013-05-03 17:02 -------- d-----w- c:\documents and settings\pocitac\Data aplikací\Skype
2013-04-30 22:01 . 2013-04-30 22:40 -------- d-----r- c:\program files\Skype
2013-04-30 22:00 . 2013-04-30 22:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS1\Data aplikací\Skype
2013-04-30 19:12 . 2013-04-30 19:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS1\Data aplikací\Martau
2013-04-30 19:12 . 2013-04-30 19:12 -------- d-----w- c:\program files\Total Uninstall 6
2013-04-29 15:17 . 2013-03-06 22:33 49760 ----a-w- c:\windows1\system32\drivers\aswRdr.sys
2013-04-29 15:17 . 2013-03-06 22:33 368176 ----a-w- c:\windows1\system32\drivers\aswSP.sys
2013-04-29 15:17 . 2013-03-06 22:33 29816 ----a-w- c:\windows1\system32\drivers\aswFsBlk.sys
2013-04-29 15:17 . 2013-03-06 22:33 765736 ----a-w- c:\windows1\system32\drivers\aswSnx.sys
2013-04-29 15:17 . 2013-03-06 22:33 62376 ----a-w- c:\windows1\system32\drivers\aswTdi.sys
2013-04-29 15:17 . 2013-03-06 22:32 228600 ----a-w- c:\windows1\system32\aswBoot.exe
2013-04-29 15:15 . 2013-03-06 22:32 41664 ----a-w- c:\windows1\avastSS.scr
2013-04-29 14:42 . 2013-04-29 14:42 -------- d-----w- c:\windows1\system32\wbem\Repository
2013-04-23 22:17 . 2013-04-23 22:54 -------- d-----w- c:\documents and settings\pocitac\Local Settings\Data aplikací\Deployment
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 20:34 . 2009-03-23 14:49 22528 ----a-w- c:\windows1\system32\drivers\nhcDriver.sys
2013-03-06 23:33 . 2013-03-17 09:27 49248 ----a-w- c:\windows1\system32\drivers\aswRvrt.sys
2013-03-06 23:33 . 2013-03-17 09:27 164736 ----a-w- c:\windows1\system32\drivers\aswVmm.sys
2013-03-06 23:33 . 2013-03-17 09:27 66336 ----a-w- c:\windows1\system32\drivers\aswMonFlt.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-08-01 124480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-08-23 1626112]
"NvMediaCenter"="c:\windows1\system32\NvMcTray.dll" [2007-08-23 81920]
"NvCplDaemon"="c:\windows1\system32\NvCpl.dll" [2007-08-23 8478720]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-26 61952]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2011-01-03 198160]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows1\system32\sti_ci.dll" [2008-04-14 136704]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS1^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS1\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows1\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS1^Nabídka Start^Programy^Po spuštění^IP-TV Player Agent.lnk]
path=c:\documents and settings\All Users.WINDOWS1\Nabídka Start\Programy\Po spuštění\IP-TV Player Agent.lnk
backup=c:\windows1\pss\IP-TV Player Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS1^Nabídka Start^Programy^Po spuštění^Ralink Wireless Utility.lnk]
path=c:\documents and settings\All Users.WINDOWS1\Nabídka Start\Programy\Po spuštění\Ralink Wireless Utility.lnk
backup=c:\windows1\pss\Ralink Wireless Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^pocitac^Nabídka Start^Programy^Po spuštění^Ubisoft register.lnk]
path=c:\documents and settings\pocitac\Nabídka Start\Programy\Po spuštění\Ubisoft register.lnk
backup=c:\windows1\pss\Ubisoft register.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 06:00 33648 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-03-25 19:27 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-12-13 17:10 1688872 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MX Skype Recorder]
2009-06-18 21:13 561064 ----a-w- c:\documents and settings\pocitac\Local Settings\Data aplikací\MXSkypeRecorder\MXSkypeRecorder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-12-03 12:21 2213160 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\openvpn-gui]
2009-12-10 13:43 99328 ----a-w- c:\program files\OpenVPN\bin\openvpn-gui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-01-03 13:28 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SlingAgentService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\system32\\sopocx.ocx"=
"%windir%\\system32\\tvu49.ocx"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Documents and Settings\\pocitac\\Plocha\\PLOCHA\\RapidWareX.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Documents and Settings\\pocitac\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Sling Media\\SlingPlayer\\SlingPlayer.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Documents and Settings\\pocitac\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Documents and Settings\\pocitac\\temp\\TeamViewer3\\TeamViewer.exe"=
"c:\\WINDOWS1\\system32\\msiexec.exe"=
"c:\\Documents and Settings\\pocitac\\Local Settings\\Data aplikací\\AntikVirtualSTB\\AntikVirtualSTB.exe"=
"c:\\Program Files\\WinPcap\\rpcapd.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows1\system32\drivers\aswRvrt.sys [17.3.2013 11:27 49248]
R0 ExeLock;ExeLock;c:\windows1\system32\drivers\ExeLock.sys [24.4.2010 1:36 35456]
R0 sptd;sptd;c:\windows1\system32\drivers\sptd.sys [15.8.2011 15:24 691696]
R1 aswSnx;aswSnx;c:\windows1\system32\drivers\aswSnx.sys [29.4.2013 17:17 765736]
R1 aswSP;aswSP;c:\windows1\system32\drivers\aswSP.sys [29.4.2013 17:17 368176]
R2 aswFsBlk;aswFsBlk;c:\windows1\system32\drivers\aswFsBlk.sys [29.4.2013 17:17 29816]
R2 aswMonFlt;aswMonFlt;c:\windows1\system32\drivers\aswMonFlt.sys [17.3.2013 11:27 66336]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows1\system32\drivers\tap0801.sys [15.2.2007 19:48 26624]
S0 xmasscsi;xmasscsi;c:\windows1\system32\Drivers\xmasscsi.sys --> c:\windows1\system32\Drivers\xmasscsi.sys [?]
S2 NPVR Recording Service;NPVR Recording Service;"c:\program files\NPVR\NRecord.exe" --> c:\program files\NPVR\NRecord.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28.2.2013 18:45 161384]
S2 StudioPro;StudioPro webcam;c:\windows1\system32\drivers\StudioPro.sys [8.7.2010 1:04 120320]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows1\system32\drivers\ASPI32.SYS [24.4.2009 15:42 16512]
S3 aswVmm;aswVmm;c:\windows1\system32\drivers\aswVmm.sys [17.3.2013 11:27 164736]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\pocitac\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\pocitac\LOCALS~1\Temp\CFcatchme.sys [?]
S3 EuMusDesignVirtualAudioCableWdm;StudioPro audio (WDM);c:\windows1\system32\drivers\vrtaucbl.sys [8.7.2010 1:04 38784]
S3 gogoTunnelDevice;gogo6 Multi-Virtual Tunnel Adapter;c:\windows1\system32\drivers\gogotun.sys [22.3.2010 18:29 21064]
S3 IT9135BDA;IT9135 BDA Devices;c:\windows1\system32\Drivers\IT9135BDA.sys --> c:\windows1\system32\Drivers\IT9135BDA.sys [?]
S3 KCIRDA;%KCIRDA.ServiceDesc%;c:\windows1\system32\DRIVERS\KCIrNet.sys --> c:\windows1\system32\DRIVERS\KCIrNet.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows1\system32\drivers\npf.sys [20.10.2009 20:19 50704]
S3 pcouffin;VSO Software pcouffin;c:\windows1\system32\drivers\pcouffin.sys [23.3.2009 16:24 47360]
S3 tapavpn;Steganos Anonym VPN Adapter;c:\windows1\system32\drivers\tapavpn.sys [19.10.2007 10:50 24320]
S4 NvUpdSrv;NVIDIA Update Server;c:\documents and settings\pocitac\Local Settings\Data aplikací\NVIDIA Corporation\Update\nvupd32.exe /svc --> c:\documents and settings\pocitac\Local Settings\Data aplikací\NVIDIA Corporation\Update\nvupd32.exe [?]
S4 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [25.9.2009 13:16 93960]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-02 11:00 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-05-03 c:\windows1\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-04-29 22:32]
.
2013-05-03 c:\windows1\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-02 11:00]
.
2013-05-03 c:\windows1\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-02 11:00]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.sk/
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout pomocí NetXferu - c:\program files\Xi\NetXfer\NXAddLink.html
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Stáhnout vše pomocí Net&Xferu - c:\program files\Xi\NetXfer\NXAddList.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 217.75.71.141 217.75.71.142
FF - ProfilePath - c:\documents and settings\pocitac\Data aplikací\Mozilla\Firefox\Profiles\as9ii7al.default\
FF - prefs.js: browser.search.selectedEngine - ÄŚSFD
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - ExtSQL: !HIDDEN! 2009-08-26 13:32; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-03 19:18
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\sccfg.sys 222 bytes
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1482476501-1177238915-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{11B5C8DC-3FEA-1682-D4F0355518481497}\{414E0745-768E-27E6-1A22BEEA50FFC306}\{0F77990A-A8C5-E83C-A2DEB9098A2A23DE}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,d6,cc,56,
f3,44,6f,47,ae,a6,1b,ea,9e,74,fa,4e,21,5c,35,90,55,3a,22,13,75,89,89,29,dd,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(17292)
c:\windows1\system32\msi.dll
c:\windows1\system32\webcheck.dll
c:\windows1\system32\IEFRAME.dll
c:\windows1\system32\WPDShServiceObj.dll
c:\windows1\system32\PortableDeviceTypes.dll
c:\windows1\system32\PortableDeviceApi.dll
.
Celkový čas: 2013-05-03 19:25:11
ComboFix-quarantined-files.txt 2013-05-03 17:24
.
Před spuštěním: 5 555 466 240
Po spuštění: 5 650 661 376
.
- - End Of File - - 0A4F581A21AFA0421E1D9B34D22DA6BA
Stahnete crystal disk info 
Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
