Re: Kolísání vytížení procesoru
Napsal: 20 led 2014 20:51
ComboFix 14-01-16.03 - Renka 20.01.2014 20:37:15.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1263 [GMT 1:00]
Spuštěný z: c:\documents and settings\Renka\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\dllcache\wmpvis.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-12-20 do 2014-01-20 )))))))))))))))))))))))))))))))
.
.
2014-01-20 18:29 . 2014-01-20 18:29 -------- d-----w- c:\windows\LastGood
2014-01-20 17:38 . 2014-01-20 17:38 -------- d-----w- c:\documents and settings\Renka\Data aplikací\Media Player Classic
2014-01-20 14:49 . 2013-12-18 19:46 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-01-20 14:49 . 2013-12-18 20:10 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-19 23:23 . 2014-01-19 23:23 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-19 23:23 . 2014-01-19 23:23 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-19 22:09 . 2014-01-20 17:10 -------- d-----w- c:\program files\trend micro
2014-01-19 21:47 . 2013-03-04 08:01 -------- d-----w- C:\fp_10.3.183.68_archive
2014-01-19 19:47 . 2014-01-19 19:49 -------- d-----w- C:\AdwCleaner
2014-01-19 15:23 . 2014-01-19 15:23 -------- d-----w- c:\documents and settings\Renka\Data aplikací\AVAST Software
2014-01-19 15:21 . 2014-01-19 15:21 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-19 15:21 . 2014-01-19 15:21 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-01-19 15:21 . 2014-01-19 15:21 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-01-19 15:21 . 2014-01-19 15:21 410528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-19 15:21 . 2014-01-19 15:21 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-19 15:21 . 2014-01-19 15:21 43152 ----a-w- c:\windows\avastSS.scr
2014-01-18 17:52 . 2014-01-18 17:52 -------- d-----w- c:\windows\system32\wbem\Repository
2014-01-18 11:29 . 2014-01-18 11:29 -------- d-----w- c:\documents and settings\Renka\Data aplikací\MPC-HC
2014-01-17 11:36 . 2014-01-17 11:36 -------- d-----w- c:\documents and settings\Renka\Local Settings\Data aplikací\NVIDIA
2014-01-17 11:32 . 2014-01-17 11:32 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA Corporation
2014-01-17 11:32 . 2014-01-18 17:49 1134316 ----a-w- c:\windows\system32\nvdrsdb1.bin
2014-01-17 11:32 . 2014-01-18 17:49 1 ----a-w- c:\windows\system32\nvdrssel.bin
2014-01-17 11:32 . 2014-01-17 11:32 1134316 ----a-w- c:\windows\system32\nvdrsdb0.bin
2014-01-16 09:29 . 2014-01-20 17:38 -------- d-----w- c:\documents and settings\Renka\Data aplikací\vlc
2014-01-16 09:29 . 2014-01-16 09:29 -------- d-----w- c:\program files\VideoLAN
2014-01-15 13:15 . 2014-01-15 13:16 -------- d-----w- c:\program files\IPTool
2014-01-08 11:29 . 2014-01-08 11:29 -------- d-----w- c:\documents and settings\Renka\Data aplikací\dvdcss
2013-12-27 19:18 . 2013-12-27 19:18 -------- d-----w- c:\documents and settings\Renka\Local Settings\Data aplikací\Deployment
2013-12-26 23:07 . 2013-12-26 23:07 -------- d-----w- c:\documents and settings\Renka\Data aplikací\Arduino
2013-12-26 09:05 . 2013-12-26 09:05 -------- d-----w- c:\program files\Arduino
2013-12-26 00:58 . 2013-12-26 00:58 -------- d-----w- c:\documents and settings\Renka\Local Settings\Data aplikací\GMap.NET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-19 15:21 . 2013-03-13 19:54 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-19 15:21 . 2013-03-13 19:54 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-19 15:21 . 2013-03-13 19:54 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-19 15:21 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-11-14 20584608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-19 16858112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-02 847872]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"nwiz"="nwiz.exe" [2007-12-04 1626112]
"NvMediaCenter"="NvMCTray.dll" [2007-12-04 81920]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-19 3764024]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2012-12-1 159744]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2012-12-1 663552]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-12-04 17:41 8523776 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-12-04 17:41 81920 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-12-04 17:41 1626112 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile Communication Centre]
2012-08-22 13:12 1368768 ----a-w- c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool10\\ENEasyApp.exe"=
"c:\\Program Files\\PhoenixRC\\phoenixRC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ControlCenter\\controlcenter.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\ControlCenter\\iptool.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\IPTool\\IPTool.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [13.3.2013 20:54 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [13.3.2013 20:54 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [19.1.2014 16:21 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19.1.2014 16:21 410528]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [22.8.2012 15:59 123320]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [13.3.2013 20:54 67824]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [1.12.2012 15:57 352256]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [1.12.2012 15:57 405504]
R2 DraftSight API Service;DraftSight API Service;c:\program files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [21.11.2012 12:25 82944]
R2 iZHost;iZHost;c:\program files\FPSensor\bin\iZHost.exe [26.11.2013 20:15 250368]
R3 AVerAF15DMBTH;AVerMedia A850 USB;c:\windows\system32\drivers\AVerAF15DMBTH.sys [1.12.2012 15:58 487168]
S2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\drivers\Ca1528av.sys [10.2.2013 10:52 516480]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5.9.2013 9:34 171680]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [3.3.2013 8:49 93440]
S3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\drivers\Bulk1528.sys [10.2.2013 10:52 11648]
S3 dpK00701;U.are.U® Fingerprint Reader Upper Driver;c:\windows\system32\drivers\dpK00701.sys [26.11.2013 20:15 46592]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 21:22 34064]
S3 sevoldwn;sevoldwn; [x]
S3 silabenm;Junsi USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [27.6.2013 21:20 47176]
S3 silabser;Junsi USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [27.6.2013 21:20 58496]
S3 usbdpfp;U.are.U® Fingerprint Reader Class Driver;c:\windows\system32\drivers\usbdpfp.sys [26.11.2013 20:15 47104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-16 12:07 1211672 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2014-01-20 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-19 15:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {0AB562B9-0A66-4CA6-97D9-9E81246304C2} - hxxp://192.168.226.201/SuperClient2.exe
DPF: {53049A9A-1122-4673-B8D4-12F545AE3285} - hxxp://85.70.161.64:88/AVC_AX_764.cab
DPF: {70EDCF63-CA7E-4812-8528-DA1EA2FD53B6} - hxxp://www.matej.cz/webkam/VitaminCtrl_3_0_0_10.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-SLABCOMM&10C4&EA60 - c:\program files\Junsi\driver\usb\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-LogView V2 2 - c:\program files\LogView V2\Installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-20 20:44
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Celkový čas: 2014-01-20 20:46:05
ComboFix-quarantined-files.txt 2014-01-20 19:46
.
Před spuštěním: Volných bajtů: 122 096 316 416
Po spuštění: Volných bajtů: 122 109 259 776
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
.
- - End Of File - - 2044372707C4D00C98785F958EF95BF7
413FC2A0C716421B3158746D63736515
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1263 [GMT 1:00]
Spuštěný z: c:\documents and settings\Renka\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\dllcache\wmpvis.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-12-20 do 2014-01-20 )))))))))))))))))))))))))))))))
.
.
2014-01-20 18:29 . 2014-01-20 18:29 -------- d-----w- c:\windows\LastGood
2014-01-20 17:38 . 2014-01-20 17:38 -------- d-----w- c:\documents and settings\Renka\Data aplikací\Media Player Classic
2014-01-20 14:49 . 2013-12-18 19:46 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-01-20 14:49 . 2013-12-18 20:10 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-19 23:23 . 2014-01-19 23:23 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-19 23:23 . 2014-01-19 23:23 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-19 22:09 . 2014-01-20 17:10 -------- d-----w- c:\program files\trend micro
2014-01-19 21:47 . 2013-03-04 08:01 -------- d-----w- C:\fp_10.3.183.68_archive
2014-01-19 19:47 . 2014-01-19 19:49 -------- d-----w- C:\AdwCleaner
2014-01-19 15:23 . 2014-01-19 15:23 -------- d-----w- c:\documents and settings\Renka\Data aplikací\AVAST Software
2014-01-19 15:21 . 2014-01-19 15:21 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-19 15:21 . 2014-01-19 15:21 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-01-19 15:21 . 2014-01-19 15:21 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-01-19 15:21 . 2014-01-19 15:21 410528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-19 15:21 . 2014-01-19 15:21 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-19 15:21 . 2014-01-19 15:21 43152 ----a-w- c:\windows\avastSS.scr
2014-01-18 17:52 . 2014-01-18 17:52 -------- d-----w- c:\windows\system32\wbem\Repository
2014-01-18 11:29 . 2014-01-18 11:29 -------- d-----w- c:\documents and settings\Renka\Data aplikací\MPC-HC
2014-01-17 11:36 . 2014-01-17 11:36 -------- d-----w- c:\documents and settings\Renka\Local Settings\Data aplikací\NVIDIA
2014-01-17 11:32 . 2014-01-17 11:32 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA Corporation
2014-01-17 11:32 . 2014-01-18 17:49 1134316 ----a-w- c:\windows\system32\nvdrsdb1.bin
2014-01-17 11:32 . 2014-01-18 17:49 1 ----a-w- c:\windows\system32\nvdrssel.bin
2014-01-17 11:32 . 2014-01-17 11:32 1134316 ----a-w- c:\windows\system32\nvdrsdb0.bin
2014-01-16 09:29 . 2014-01-20 17:38 -------- d-----w- c:\documents and settings\Renka\Data aplikací\vlc
2014-01-16 09:29 . 2014-01-16 09:29 -------- d-----w- c:\program files\VideoLAN
2014-01-15 13:15 . 2014-01-15 13:16 -------- d-----w- c:\program files\IPTool
2014-01-08 11:29 . 2014-01-08 11:29 -------- d-----w- c:\documents and settings\Renka\Data aplikací\dvdcss
2013-12-27 19:18 . 2013-12-27 19:18 -------- d-----w- c:\documents and settings\Renka\Local Settings\Data aplikací\Deployment
2013-12-26 23:07 . 2013-12-26 23:07 -------- d-----w- c:\documents and settings\Renka\Data aplikací\Arduino
2013-12-26 09:05 . 2013-12-26 09:05 -------- d-----w- c:\program files\Arduino
2013-12-26 00:58 . 2013-12-26 00:58 -------- d-----w- c:\documents and settings\Renka\Local Settings\Data aplikací\GMap.NET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-19 15:21 . 2013-03-13 19:54 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-19 15:21 . 2013-03-13 19:54 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-19 15:21 . 2013-03-13 19:54 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-19 15:21 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-11-14 20584608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-19 16858112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-02 847872]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"nwiz"="nwiz.exe" [2007-12-04 1626112]
"NvMediaCenter"="NvMCTray.dll" [2007-12-04 81920]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-19 3764024]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2012-12-1 159744]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2012-12-1 663552]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-12-04 17:41 8523776 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-12-04 17:41 81920 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-12-04 17:41 1626112 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile Communication Centre]
2012-08-22 13:12 1368768 ----a-w- c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool10\\ENEasyApp.exe"=
"c:\\Program Files\\PhoenixRC\\phoenixRC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ControlCenter\\controlcenter.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\ControlCenter\\iptool.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\IPTool\\IPTool.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [13.3.2013 20:54 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [13.3.2013 20:54 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [19.1.2014 16:21 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19.1.2014 16:21 410528]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [22.8.2012 15:59 123320]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [13.3.2013 20:54 67824]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [1.12.2012 15:57 352256]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [1.12.2012 15:57 405504]
R2 DraftSight API Service;DraftSight API Service;c:\program files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [21.11.2012 12:25 82944]
R2 iZHost;iZHost;c:\program files\FPSensor\bin\iZHost.exe [26.11.2013 20:15 250368]
R3 AVerAF15DMBTH;AVerMedia A850 USB;c:\windows\system32\drivers\AVerAF15DMBTH.sys [1.12.2012 15:58 487168]
S2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\drivers\Ca1528av.sys [10.2.2013 10:52 516480]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5.9.2013 9:34 171680]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [3.3.2013 8:49 93440]
S3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\drivers\Bulk1528.sys [10.2.2013 10:52 11648]
S3 dpK00701;U.are.U® Fingerprint Reader Upper Driver;c:\windows\system32\drivers\dpK00701.sys [26.11.2013 20:15 46592]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 21:22 34064]
S3 sevoldwn;sevoldwn; [x]
S3 silabenm;Junsi USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [27.6.2013 21:20 47176]
S3 silabser;Junsi USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [27.6.2013 21:20 58496]
S3 usbdpfp;U.are.U® Fingerprint Reader Class Driver;c:\windows\system32\drivers\usbdpfp.sys [26.11.2013 20:15 47104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-16 12:07 1211672 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2014-01-20 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-19 15:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {0AB562B9-0A66-4CA6-97D9-9E81246304C2} - hxxp://192.168.226.201/SuperClient2.exe
DPF: {53049A9A-1122-4673-B8D4-12F545AE3285} - hxxp://85.70.161.64:88/AVC_AX_764.cab
DPF: {70EDCF63-CA7E-4812-8528-DA1EA2FD53B6} - hxxp://www.matej.cz/webkam/VitaminCtrl_3_0_0_10.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-SLABCOMM&10C4&EA60 - c:\program files\Junsi\driver\usb\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-LogView V2 2 - c:\program files\LogView V2\Installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-20 20:44
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Celkový čas: 2014-01-20 20:46:05
ComboFix-quarantined-files.txt 2014-01-20 19:46
.
Před spuštěním: Volných bajtů: 122 096 316 416
Po spuštění: Volných bajtů: 122 109 259 776
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
.
- - End Of File - - 2044372707C4D00C98785F958EF95BF7
413FC2A0C716421B3158746D63736515
.