Re: Prosím o kontrolu logu
Napsal: 20 črc 2014 15:53
Smazáno. Znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC. Nastala nějaká změna?
Stránka 2 z 6
Re: Prosím o kontrolu logu
Napsal: 21 črc 2014 00:11
Provedl jsem, ale ke zlešení nedošlo. Mezitím jsem spustil ten Avast a něco to nachytalo, ale teď nevím co s tím.
Re: Prosím o kontrolu logu
Napsal: 21 črc 2014 17:13
Vše, co Avast nalezl buď smažte, nebo přesuňte do karantény. Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware.
Re: Prosím o kontrolu logu
Napsal: 22 črc 2014 01:49
Nechal jsem to projet tím Combofixem a výpis logu přikládám. jediné, co se zlepšilo je to, že systém po zapnutí PC naběhne rychleji, ale na 100% vytížení to skáče dost často a největší problém je s tím přehráváním videí. Když kouknu do správce úloh tak tam nic nekorektního co by vytěžovalo procesor nevidím, prostě jen třeba obyčejný Firefox nebo něco, co se právě používá. Po provedení skenu a restartu si vyžádal sken taky Avast a na rozdíl od předchozího našel jen pouhé dva šmejdy, ale to co zůstalo z předchozího skenu v truhle Combofix nevymazal a figuruje to tam pořád.
ComboFix 14-07-21.01 - owner 21.07.2014 21:06:57.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1022.571 [GMT 2:00]
Spuštěný z: c:\documents and settings\owner\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *Enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000019_.tmp.dll
c:\windows\system32\_000020_.tmp.dll
c:\windows\system32\_000021_.tmp.dll
c:\windows\system32\_000022_.tmp.dll
c:\windows\system32\AutoRun.inf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-06-21 do 2014-07-21 )))))))))))))))))))))))))))))))
.
.
2014-07-20 10:06 . 2012-10-30 21:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2014-07-20 10:06 . 2012-10-30 21:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-07-20 10:06 . 2012-10-30 21:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-07-20 10:06 . 2012-10-30 21:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-07-20 10:06 . 2012-10-30 21:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-07-20 10:06 . 2012-10-30 21:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2014-07-20 10:06 . 2012-10-30 21:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2014-07-20 10:06 . 2012-10-30 21:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2014-07-20 10:04 . 2012-10-30 21:51 41224 ----a-w- c:\windows\avastSS.scr
2014-07-20 10:04 . 2012-10-30 21:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2014-07-20 10:03 . 2014-07-20 10:03 -------- d-----w- c:\program files\AVAST Software
2014-07-20 09:08 . 2014-07-20 10:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2014-07-20 08:40 . 2014-07-20 08:40 -------- d-----w- c:\documents and settings\owner\Data aplikací\dlg
2014-07-20 08:36 . 2014-07-20 08:42 -------- d-----w- c:\documents and settings\owner\Data aplikací\VOPackage
2014-07-20 08:34 . 2014-07-20 08:34 -------- d-----w- c:\documents and settings\owner\Local Settings\Data aplikací\SearchProtect
2014-07-19 17:58 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-19 17:52 . 2014-07-19 18:02 -------- d-----w- C:\AdwCleaner
2014-07-16 13:59 . 2014-07-16 13:59 -------- d-----w- c:\documents and settings\NetworkService\Nabídka Start
2014-07-15 22:15 . 2014-07-15 22:15 -------- d-----w- c:\documents and settings\LocalService\Plocha
2014-07-15 22:01 . 2014-07-19 10:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
2014-07-15 18:54 . 2014-07-15 18:54 -------- d-----w- c:\program files\Enigma Software Group
2014-07-15 18:54 . 2014-07-15 18:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2014-07-10 16:37 . 2014-07-15 16:44 -------- d-----w- c:\documents and settings\owner\Doctor Web
2014-07-10 16:10 . 2014-07-10 16:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Doctor Web
2014-07-09 08:36 . 2014-07-09 08:36 19178160 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 08:36 . 2012-04-22 09:15 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-09 08:36 . 2011-07-21 15:57 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-24 20:42 . 2012-12-26 16:31 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-06-23 15:37 . 2010-12-22 12:18 10528768 ----a-w- c:\windows\system32\RTLCPL.EXE
2014-06-23 15:37 . 2010-12-22 12:18 577536 ----a-w- c:\windows\SOUNDMAN.EXE
2014-06-23 15:36 . 2010-12-22 12:18 147456 ----a-w- c:\windows\system32\RTLCPAPI.dll
2014-06-23 15:36 . 2010-12-22 12:18 18804736 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2014-06-23 15:36 . 2010-12-22 12:18 4122368 ----a-w- c:\windows\system32\drivers\ALCXWDM.SYS
2014-06-23 15:35 . 2010-12-22 12:18 217088 ----a-w- c:\windows\Alcrmv.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-05-30 19:24 752960 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 21:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cz.seznam.software.autoupdate"="c:\documents and settings\owner\Data aplikací\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\documents and settings\owner\Data aplikací\Seznam.cz\bin\wszndesktop.exe" [2013-04-12 92664]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-07-09 1022352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"SoundMan"="SOUNDMAN.EXE" [2014-06-23 577536]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 18:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CommonToolkitTray]
2013-04-29 09:29 1497120 ----a-w- c:\program files\Fighters\Tray\FightersTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2002-10-08 10:03 155648 ----a-r- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 01:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2013-11-20 15:59 85600 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\SbPFSvc.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\owner\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [17.4.2014 17:40 15808]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [20.7.2014 12:06 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.7.2014 12:06 361032]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [26.12.2012 18:31 42784]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2.2.2013 22:28 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 5:54 66600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.7.2014 12:06 21256]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 8:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 8:24 1365288]
R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [29.5.2013 17:10 1281568]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [17.3.2011 9:42 47360]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2.2.2013 22:28 65576]
S2 CltMngSvc;Search Protect Service;c:\progra~1\SearchProtect\Main\bin\CltMngSvc.exe --> c:\progra~1\SearchProtect\Main\bin\CltMngSvc.exe [?]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [10.12.2013 18:33 2152736]
S2 servervo;VO Service component;c:\documents and settings\owner\Data aplikací\VOPackage\VOsrv.exe [20.7.2014 10:42 71680]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28.2.2013 18:45 161384]
S3 Common Toolkit 2;Common Toolkit 2;c:\program files\Common Files\Common Toolkit Suite\Tools\CommonToolkit2.exe [17.5.2013 2:01 264192]
S3 jopjouok;jopjouok;jopjouok.sys --> jopjouok.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-19 03:12 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 08:36]
.
2014-05-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2014-07-20 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-20 21:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3322197&octid ... FC3D&SSPV=
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s
IE: Search the Web
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 79.127.176.42 212.71.128.9
FF - ProfilePath - c:\documents and settings\owner\Data aplikací\Mozilla\Firefox\Profiles\537j4qmv.default-1394150062656\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-IMFservice
MSConfigStartUp-vProt - c:\program files\avg secure search\vprot.exe
AddRemove-Driver Booster_is1 - c:\program files\IObit\Driver Booster\unins000.exe
AddRemove-eBay Icon - c:\documents and settings\owner\Data aplikací\Desktopicon\uninst.exe
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
AddRemove-SearchProtect - c:\progra~1\SearchProtect\Main\bin\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-21 21:34
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1088)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2014-07-21 21:42:10
ComboFix-quarantined-files.txt 2014-07-21 19:42
.
Před spuštěním: 8 753 123 328
Po spuštění: 8 693 129 216
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0CCEE703BFB64F5906C3D7DEDD9A7735
413FC2A0C716421B3158746D63736515
ComboFix 14-07-21.01 - owner 21.07.2014 21:06:57.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1022.571 [GMT 2:00]
Spuštěný z: c:\documents and settings\owner\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *Enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000019_.tmp.dll
c:\windows\system32\_000020_.tmp.dll
c:\windows\system32\_000021_.tmp.dll
c:\windows\system32\_000022_.tmp.dll
c:\windows\system32\AutoRun.inf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-06-21 do 2014-07-21 )))))))))))))))))))))))))))))))
.
.
2014-07-20 10:06 . 2012-10-30 21:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2014-07-20 10:06 . 2012-10-30 21:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-07-20 10:06 . 2012-10-30 21:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-07-20 10:06 . 2012-10-30 21:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-07-20 10:06 . 2012-10-30 21:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-07-20 10:06 . 2012-10-30 21:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2014-07-20 10:06 . 2012-10-30 21:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2014-07-20 10:06 . 2012-10-30 21:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2014-07-20 10:04 . 2012-10-30 21:51 41224 ----a-w- c:\windows\avastSS.scr
2014-07-20 10:04 . 2012-10-30 21:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2014-07-20 10:03 . 2014-07-20 10:03 -------- d-----w- c:\program files\AVAST Software
2014-07-20 09:08 . 2014-07-20 10:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2014-07-20 08:40 . 2014-07-20 08:40 -------- d-----w- c:\documents and settings\owner\Data aplikací\dlg
2014-07-20 08:36 . 2014-07-20 08:42 -------- d-----w- c:\documents and settings\owner\Data aplikací\VOPackage
2014-07-20 08:34 . 2014-07-20 08:34 -------- d-----w- c:\documents and settings\owner\Local Settings\Data aplikací\SearchProtect
2014-07-19 17:58 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-19 17:52 . 2014-07-19 18:02 -------- d-----w- C:\AdwCleaner
2014-07-16 13:59 . 2014-07-16 13:59 -------- d-----w- c:\documents and settings\NetworkService\Nabídka Start
2014-07-15 22:15 . 2014-07-15 22:15 -------- d-----w- c:\documents and settings\LocalService\Plocha
2014-07-15 22:01 . 2014-07-19 10:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
2014-07-15 18:54 . 2014-07-15 18:54 -------- d-----w- c:\program files\Enigma Software Group
2014-07-15 18:54 . 2014-07-15 18:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2014-07-10 16:37 . 2014-07-15 16:44 -------- d-----w- c:\documents and settings\owner\Doctor Web
2014-07-10 16:10 . 2014-07-10 16:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Doctor Web
2014-07-09 08:36 . 2014-07-09 08:36 19178160 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 08:36 . 2012-04-22 09:15 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-09 08:36 . 2011-07-21 15:57 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-24 20:42 . 2012-12-26 16:31 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-06-23 15:37 . 2010-12-22 12:18 10528768 ----a-w- c:\windows\system32\RTLCPL.EXE
2014-06-23 15:37 . 2010-12-22 12:18 577536 ----a-w- c:\windows\SOUNDMAN.EXE
2014-06-23 15:36 . 2010-12-22 12:18 147456 ----a-w- c:\windows\system32\RTLCPAPI.dll
2014-06-23 15:36 . 2010-12-22 12:18 18804736 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2014-06-23 15:36 . 2010-12-22 12:18 4122368 ----a-w- c:\windows\system32\drivers\ALCXWDM.SYS
2014-06-23 15:35 . 2010-12-22 12:18 217088 ----a-w- c:\windows\Alcrmv.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-05-30 19:24 752960 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 21:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cz.seznam.software.autoupdate"="c:\documents and settings\owner\Data aplikací\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\documents and settings\owner\Data aplikací\Seznam.cz\bin\wszndesktop.exe" [2013-04-12 92664]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-07-09 1022352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"SoundMan"="SOUNDMAN.EXE" [2014-06-23 577536]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 18:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CommonToolkitTray]
2013-04-29 09:29 1497120 ----a-w- c:\program files\Fighters\Tray\FightersTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2002-10-08 10:03 155648 ----a-r- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 01:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2013-11-20 15:59 85600 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\SbPFSvc.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\owner\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [17.4.2014 17:40 15808]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [20.7.2014 12:06 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.7.2014 12:06 361032]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [26.12.2012 18:31 42784]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2.2.2013 22:28 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 5:54 66600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.7.2014 12:06 21256]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 8:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 8:24 1365288]
R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [29.5.2013 17:10 1281568]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [17.3.2011 9:42 47360]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2.2.2013 22:28 65576]
S2 CltMngSvc;Search Protect Service;c:\progra~1\SearchProtect\Main\bin\CltMngSvc.exe --> c:\progra~1\SearchProtect\Main\bin\CltMngSvc.exe [?]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [10.12.2013 18:33 2152736]
S2 servervo;VO Service component;c:\documents and settings\owner\Data aplikací\VOPackage\VOsrv.exe [20.7.2014 10:42 71680]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28.2.2013 18:45 161384]
S3 Common Toolkit 2;Common Toolkit 2;c:\program files\Common Files\Common Toolkit Suite\Tools\CommonToolkit2.exe [17.5.2013 2:01 264192]
S3 jopjouok;jopjouok;jopjouok.sys --> jopjouok.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-19 03:12 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 08:36]
.
2014-05-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2014-07-20 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-20 21:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3322197&octid ... FC3D&SSPV=
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s
IE: Search the Web
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 79.127.176.42 212.71.128.9
FF - ProfilePath - c:\documents and settings\owner\Data aplikací\Mozilla\Firefox\Profiles\537j4qmv.default-1394150062656\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-IMFservice
MSConfigStartUp-vProt - c:\program files\avg secure search\vprot.exe
AddRemove-Driver Booster_is1 - c:\program files\IObit\Driver Booster\unins000.exe
AddRemove-eBay Icon - c:\documents and settings\owner\Data aplikací\Desktopicon\uninst.exe
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
AddRemove-SearchProtect - c:\progra~1\SearchProtect\Main\bin\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-21 21:34
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1088)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2014-07-21 21:42:10
ComboFix-quarantined-files.txt 2014-07-21 19:42
.
Před spuštěním: 8 753 123 328
Po spuštění: 8 693 129 216
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0CCEE703BFB64F5906C3D7DEDD9A7735
413FC2A0C716421B3158746D63736515
Re: Prosím o kontrolu logu
Napsal: 22 črc 2014 16:17
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu Combofix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
Driver::
jopjouok
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
Reboot::
Re: Prosím o kontrolu logu
Napsal: 22 črc 2014 20:43
Nastal bohužel problém. Zapomněl jsem včas vypnout štíty a než jsem na to přišel začalo docházet k nějakým kolizím a i když jsem štíty asi od poloviny procesu vypnul, Combofix se zastavil kousek před koncem a už delší dobu nereaguje vůbec. Mám ho vypnout přes správce úloh?
Re: Prosím o kontrolu logu
Napsal: 22 črc 2014 21:04
Můžete. Kdyby nešel, lze ho spustit v nouz. režimu.
Re: Prosím o kontrolu logu
Napsal: 22 črc 2014 21:26
Nakonec zkolaboval systém, takže se to restartovalo, ale už bez Combofixu. Mám spustit to samé znovu?
Re: Prosím o kontrolu logu
Napsal: 22 črc 2014 21:43
Zkuste spustit v nouz. režimu.
Re: Prosím o kontrolu logu
Napsal: 23 črc 2014 17:31
V tom nouzáku to bylo jiný kafe. Přikládám výpis logu.
ComboFix 14-07-21.01 - Administrator 23.07.2014 17:55:26.2.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1022.790 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *Enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\owner\WINDOWS
c:\windows\system32\Cache
c:\windows\system32\Cache\01e2a71360f92328.fb
c:\windows\system32\Cache\14985a65270ef38e.fb
c:\windows\system32\Cache\214f3f380249cd85.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\399e41ea19086c21.fb
c:\windows\system32\Cache\431c4b03179bf213.fb
c:\windows\system32\Cache\4a7d8b400ddda821.fb
c:\windows\system32\Cache\4f08709ebd332771.fb
c:\windows\system32\Cache\5690167c73f7d6a4.fb
c:\windows\system32\Cache\56f699274b62ce2b.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\9c4795fe580d9aab.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b451a05ac9bec100.fb
c:\windows\system32\Cache\b95ee06acd1fa343.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\c94a1e1902ca2632.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\df2a267fd4ebf26d.fb
c:\windows\system32\Cache\efdf5c1c01bebf50.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-06-23 do 2014-07-23 )))))))))))))))))))))))))))))))
.
.
2014-07-23 15:37 . 2014-07-23 15:37 -------- d-----w- c:\documents and settings\Administrator
2014-07-20 10:06 . 2012-10-30 21:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2014-07-20 10:06 . 2012-10-30 21:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-07-20 10:06 . 2012-10-30 21:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-07-20 10:06 . 2012-10-30 21:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-07-20 10:06 . 2012-10-30 21:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-07-20 10:06 . 2012-10-30 21:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2014-07-20 10:06 . 2012-10-30 21:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2014-07-20 10:06 . 2012-10-30 21:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2014-07-20 10:04 . 2012-10-30 21:51 41224 ----a-w- c:\windows\avastSS.scr
2014-07-20 10:04 . 2012-10-30 21:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2014-07-20 10:03 . 2014-07-20 10:03 -------- d-----w- c:\program files\AVAST Software
2014-07-20 09:08 . 2014-07-20 10:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2014-07-20 08:40 . 2014-07-20 08:40 -------- d-----w- c:\documents and settings\owner\Data aplikací\dlg
2014-07-20 08:36 . 2014-07-23 15:31 -------- d-----w- c:\documents and settings\owner\Data aplikací\VOPackage
2014-07-20 08:34 . 2014-07-20 08:34 -------- d-----w- c:\documents and settings\owner\Local Settings\Data aplikací\SearchProtect
2014-07-19 17:58 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-19 17:52 . 2014-07-19 18:02 -------- d-----w- C:\AdwCleaner
2014-07-16 13:59 . 2014-07-16 13:59 -------- d-----w- c:\documents and settings\NetworkService\Nabídka Start
2014-07-15 22:15 . 2014-07-15 22:15 -------- d-----w- c:\documents and settings\LocalService\Plocha
2014-07-15 22:01 . 2014-07-19 10:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
2014-07-15 18:54 . 2014-07-15 18:54 -------- d-----w- c:\program files\Enigma Software Group
2014-07-15 18:54 . 2014-07-15 18:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2014-07-10 16:37 . 2014-07-15 16:44 -------- d-----w- c:\documents and settings\owner\Doctor Web
2014-07-10 16:10 . 2014-07-10 16:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Doctor Web
2014-07-09 08:36 . 2014-07-09 08:36 19178160 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 08:36 . 2012-04-22 09:15 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-09 08:36 . 2011-07-21 15:57 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-24 20:42 . 2012-12-26 16:31 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-06-23 15:37 . 2010-12-22 12:18 10528768 ----a-w- c:\windows\system32\RTLCPL.EXE
2014-06-23 15:37 . 2010-12-22 12:18 577536 ----a-w- c:\windows\SOUNDMAN.EXE
2014-06-23 15:36 . 2010-12-22 12:18 147456 ----a-w- c:\windows\system32\RTLCPAPI.dll
2014-06-23 15:36 . 2010-12-22 12:18 18804736 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2014-06-23 15:36 . 2010-12-22 12:18 4122368 ----a-w- c:\windows\system32\drivers\ALCXWDM.SYS
2014-06-23 15:35 . 2010-12-22 12:18 217088 ----a-w- c:\windows\Alcrmv.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-05-30 19:24 752960 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 21:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"SoundMan"="SOUNDMAN.EXE" [2014-06-23 577536]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 18:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CommonToolkitTray]
2013-04-29 09:29 1497120 ----a-w- c:\program files\Fighters\Tray\FightersTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2002-10-08 10:03 155648 ----a-r- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 01:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2013-11-20 15:59 85600 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\SbPFSvc.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\owner\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [17.4.2014 17:40 15808]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [26.12.2012 18:31 42784]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2.2.2013 22:28 270888]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [20.7.2014 12:06 738504]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.7.2014 12:06 361032]
S1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 5:54 66600]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.7.2014 12:06 21256]
S2 CltMngSvc;Search Protect Service;c:\progra~1\SearchProtect\Main\bin\CltMngSvc.exe --> c:\progra~1\SearchProtect\Main\bin\CltMngSvc.exe [?]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [10.12.2013 18:33 2152736]
S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 8:24 95528]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28.2.2013 18:45 161384]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 8:24 1365288]
S2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [29.5.2013 17:10 1281568]
S3 Common Toolkit 2;Common Toolkit 2;c:\program files\Common Files\Common Toolkit Suite\Tools\CommonToolkit2.exe [17.5.2013 2:01 264192]
S3 jopjouok;jopjouok;jopjouok.sys --> jopjouok.sys [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [17.3.2011 9:42 47360]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2.2.2013 22:28 65576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-19 03:12 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 08:36]
.
2014-05-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2014-07-23 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-20 21:50]
.
.
------- Doplňkový sken -------
.
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 79.127.176.42 212.71.128.9
FF - ProfilePath -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-23 18:16
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(316)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2014-07-23 18:21:05
ComboFix-quarantined-files.txt 2014-07-23 16:20
ComboFix2.txt 2014-07-21 19:42
.
Před spuštěním: 9 292 963 840
Po spuštění: 9 286 230 016
.
- - End Of File - - B5791E4A99754355ED8C54E7802F6885
413FC2A0C716421B3158746D63736515
ComboFix 14-07-21.01 - Administrator 23.07.2014 17:55:26.2.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1022.790 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *Enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\owner\WINDOWS
c:\windows\system32\Cache
c:\windows\system32\Cache\01e2a71360f92328.fb
c:\windows\system32\Cache\14985a65270ef38e.fb
c:\windows\system32\Cache\214f3f380249cd85.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\399e41ea19086c21.fb
c:\windows\system32\Cache\431c4b03179bf213.fb
c:\windows\system32\Cache\4a7d8b400ddda821.fb
c:\windows\system32\Cache\4f08709ebd332771.fb
c:\windows\system32\Cache\5690167c73f7d6a4.fb
c:\windows\system32\Cache\56f699274b62ce2b.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\9c4795fe580d9aab.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b451a05ac9bec100.fb
c:\windows\system32\Cache\b95ee06acd1fa343.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\c94a1e1902ca2632.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\df2a267fd4ebf26d.fb
c:\windows\system32\Cache\efdf5c1c01bebf50.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-06-23 do 2014-07-23 )))))))))))))))))))))))))))))))
.
.
2014-07-23 15:37 . 2014-07-23 15:37 -------- d-----w- c:\documents and settings\Administrator
2014-07-20 10:06 . 2012-10-30 21:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2014-07-20 10:06 . 2012-10-30 21:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-07-20 10:06 . 2012-10-30 21:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-07-20 10:06 . 2012-10-30 21:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-07-20 10:06 . 2012-10-30 21:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-07-20 10:06 . 2012-10-30 21:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2014-07-20 10:06 . 2012-10-30 21:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2014-07-20 10:06 . 2012-10-30 21:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2014-07-20 10:04 . 2012-10-30 21:51 41224 ----a-w- c:\windows\avastSS.scr
2014-07-20 10:04 . 2012-10-30 21:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2014-07-20 10:03 . 2014-07-20 10:03 -------- d-----w- c:\program files\AVAST Software
2014-07-20 09:08 . 2014-07-20 10:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2014-07-20 08:40 . 2014-07-20 08:40 -------- d-----w- c:\documents and settings\owner\Data aplikací\dlg
2014-07-20 08:36 . 2014-07-23 15:31 -------- d-----w- c:\documents and settings\owner\Data aplikací\VOPackage
2014-07-20 08:34 . 2014-07-20 08:34 -------- d-----w- c:\documents and settings\owner\Local Settings\Data aplikací\SearchProtect
2014-07-19 17:58 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-19 17:52 . 2014-07-19 18:02 -------- d-----w- C:\AdwCleaner
2014-07-16 13:59 . 2014-07-16 13:59 -------- d-----w- c:\documents and settings\NetworkService\Nabídka Start
2014-07-15 22:15 . 2014-07-15 22:15 -------- d-----w- c:\documents and settings\LocalService\Plocha
2014-07-15 22:01 . 2014-07-19 10:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
2014-07-15 18:54 . 2014-07-15 18:54 -------- d-----w- c:\program files\Enigma Software Group
2014-07-15 18:54 . 2014-07-15 18:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2014-07-10 16:37 . 2014-07-15 16:44 -------- d-----w- c:\documents and settings\owner\Doctor Web
2014-07-10 16:10 . 2014-07-10 16:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Doctor Web
2014-07-09 08:36 . 2014-07-09 08:36 19178160 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 08:36 . 2012-04-22 09:15 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-09 08:36 . 2011-07-21 15:57 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-24 20:42 . 2012-12-26 16:31 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-06-23 15:37 . 2010-12-22 12:18 10528768 ----a-w- c:\windows\system32\RTLCPL.EXE
2014-06-23 15:37 . 2010-12-22 12:18 577536 ----a-w- c:\windows\SOUNDMAN.EXE
2014-06-23 15:36 . 2010-12-22 12:18 147456 ----a-w- c:\windows\system32\RTLCPAPI.dll
2014-06-23 15:36 . 2010-12-22 12:18 18804736 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2014-06-23 15:36 . 2010-12-22 12:18 4122368 ----a-w- c:\windows\system32\drivers\ALCXWDM.SYS
2014-06-23 15:35 . 2010-12-22 12:18 217088 ----a-w- c:\windows\Alcrmv.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-05-30 19:24 752960 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 21:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"SoundMan"="SOUNDMAN.EXE" [2014-06-23 577536]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 18:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CommonToolkitTray]
2013-04-29 09:29 1497120 ----a-w- c:\program files\Fighters\Tray\FightersTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2002-10-08 10:03 155648 ----a-r- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 01:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2013-11-20 15:59 85600 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\SbPFSvc.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\owner\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [17.4.2014 17:40 15808]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [26.12.2012 18:31 42784]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2.2.2013 22:28 270888]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [20.7.2014 12:06 738504]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.7.2014 12:06 361032]
S1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 5:54 66600]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.7.2014 12:06 21256]
S2 CltMngSvc;Search Protect Service;c:\progra~1\SearchProtect\Main\bin\CltMngSvc.exe --> c:\progra~1\SearchProtect\Main\bin\CltMngSvc.exe [?]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [10.12.2013 18:33 2152736]
S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 8:24 95528]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28.2.2013 18:45 161384]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 8:24 1365288]
S2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [29.5.2013 17:10 1281568]
S3 Common Toolkit 2;Common Toolkit 2;c:\program files\Common Files\Common Toolkit Suite\Tools\CommonToolkit2.exe [17.5.2013 2:01 264192]
S3 jopjouok;jopjouok;jopjouok.sys --> jopjouok.sys [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [17.3.2011 9:42 47360]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2.2.2013 22:28 65576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-19 03:12 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 08:36]
.
2014-05-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2014-07-23 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-20 21:50]
.
.
------- Doplňkový sken -------
.
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 79.127.176.42 212.71.128.9
FF - ProfilePath -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-23 18:16
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(316)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2014-07-23 18:21:05
ComboFix-quarantined-files.txt 2014-07-23 16:20
ComboFix2.txt 2014-07-21 19:42
.
Před spuštěním: 9 292 963 840
Po spuštění: 9 286 230 016
.
- - End Of File - - B5791E4A99754355ED8C54E7802F6885
413FC2A0C716421B3158746D63736515
Re: Prosím o kontrolu logu
Napsal: 23 črc 2014 18:24
Ještě jednou spusťte CF tímto skriptem:
Postup je stejný, jako předešle.KillAll::
Driver::
jopjouok
Reboot::
Re: Prosím o kontrolu logu
Napsal: 24 črc 2014 19:42
Dnes byl opět trochu problém. Otevřel jsem CF scriptem v nouzovém režimu v módu Admin. Vše proběhlo bez problémů, ale na závěr CF nahlásil, že se automaticky restartuje což se taky stalo jenže se restartoval už do normálního režimu, kde se pak přes hodinu vůbec nic nedělo mimo blikajícího kurzoru v okně, proto jsem CF zrušil a spustil ručně opět sken v nouzáku na Adminovi, kde už pak proběhl normálně. Výpis přikládám, jestli došlo ke změně jsem zatím neověřoval.
ComboFix 14-07-21.01 - Administrator 24.07.2014 20:05:22.4.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1022.813 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *Enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_jopjouok
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-06-24 do 2014-07-24 )))))))))))))))))))))))))))))))
.
.
2014-07-23 15:37 . 2014-07-23 15:37 -------- d-----w- c:\documents and settings\Administrator
2014-07-20 10:06 . 2012-10-30 21:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2014-07-20 10:06 . 2012-10-30 21:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-07-20 10:06 . 2012-10-30 21:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-07-20 10:06 . 2012-10-30 21:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-07-20 10:06 . 2012-10-30 21:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-07-20 10:06 . 2012-10-30 21:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2014-07-20 10:06 . 2012-10-30 21:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2014-07-20 10:06 . 2012-10-30 21:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2014-07-20 10:04 . 2012-10-30 21:51 41224 ----a-w- c:\windows\avastSS.scr
2014-07-20 10:04 . 2012-10-30 21:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2014-07-20 10:03 . 2014-07-20 10:03 -------- d-----w- c:\program files\AVAST Software
2014-07-20 09:08 . 2014-07-20 10:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2014-07-20 08:34 . 2014-07-20 08:34 -------- d-----w- c:\documents and settings\owner\Local Settings\Data aplikací\SearchProtect
2014-07-19 17:58 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-19 17:52 . 2014-07-19 18:02 -------- d-----w- C:\AdwCleaner
2014-07-16 13:59 . 2014-07-16 13:59 -------- d-----w- c:\documents and settings\NetworkService\Nabídka Start
2014-07-15 22:15 . 2014-07-15 22:15 -------- d-----w- c:\documents and settings\LocalService\Plocha
2014-07-15 22:01 . 2014-07-19 10:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
2014-07-15 18:54 . 2014-07-15 18:54 -------- d-----w- c:\program files\Enigma Software Group
2014-07-15 18:54 . 2014-07-15 18:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2014-07-10 16:37 . 2014-07-15 16:44 -------- d-----w- c:\documents and settings\owner\Doctor Web
2014-07-10 16:10 . 2014-07-10 16:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Doctor Web
2014-07-09 08:36 . 2014-07-09 08:36 19178160 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 08:36 . 2012-04-22 09:15 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-09 08:36 . 2011-07-21 15:57 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-24 20:42 . 2012-12-26 16:31 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-06-23 15:37 . 2010-12-22 12:18 10528768 ----a-w- c:\windows\system32\RTLCPL.EXE
2014-06-23 15:37 . 2010-12-22 12:18 577536 ----a-w- c:\windows\SOUNDMAN.EXE
2014-06-23 15:36 . 2010-12-22 12:18 147456 ----a-w- c:\windows\system32\RTLCPAPI.dll
2014-06-23 15:36 . 2010-12-22 12:18 18804736 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2014-06-23 15:36 . 2010-12-22 12:18 4122368 ----a-w- c:\windows\system32\drivers\ALCXWDM.SYS
2014-06-23 15:35 . 2010-12-22 12:18 217088 ----a-w- c:\windows\Alcrmv.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-05-30 19:24 752960 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 21:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"SoundMan"="SOUNDMAN.EXE" [2014-06-23 577536]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 18:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CommonToolkitTray]
2013-04-29 09:29 1497120 ----a-w- c:\program files\Fighters\Tray\FightersTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2002-10-08 10:03 155648 ----a-r- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 01:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2013-11-20 15:59 85600 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\SbPFSvc.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\owner\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [17.4.2014 17:40 15808]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [26.12.2012 18:31 42784]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2.2.2013 22:28 270888]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [20.7.2014 12:06 738504]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.7.2014 12:06 361032]
S1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 5:54 66600]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.7.2014 12:06 21256]
S2 CltMngSvc;Search Protect Service;c:\progra~1\SearchProtect\Main\bin\CltMngSvc.exe --> c:\progra~1\SearchProtect\Main\bin\CltMngSvc.exe [?]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [10.12.2013 18:33 2152736]
S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 8:24 95528]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28.2.2013 18:45 161384]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 8:24 1365288]
S2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [29.5.2013 17:10 1281568]
S3 Common Toolkit 2;Common Toolkit 2;c:\program files\Common Files\Common Toolkit Suite\Tools\CommonToolkit2.exe [17.5.2013 2:01 264192]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [17.3.2011 9:42 47360]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2.2.2013 22:28 65576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-19 03:12 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 08:36]
.
2014-05-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2014-07-24 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-20 21:50]
.
.
------- Doplňkový sken -------
.
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 79.127.176.42 212.71.128.9
FF - ProfilePath -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-24 20:25
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(308)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1552)
c:\program files\Google\Drive\googledrivesync32.dll
.
Celkový čas: 2014-07-24 20:29:36
ComboFix-quarantined-files.txt 2014-07-24 18:29
ComboFix2.txt 2014-07-23 16:21
ComboFix3.txt 2014-07-21 19:42
.
Před spuštěním: 8 989 306 880
Po spuštění: 8 967 630 848
.
- - End Of File - - AD8F942245D49D58C53017D7DF90083E
413FC2A0C716421B3158746D63736515
ComboFix 14-07-21.01 - Administrator 24.07.2014 20:05:22.4.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1022.813 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *Enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_jopjouok
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-06-24 do 2014-07-24 )))))))))))))))))))))))))))))))
.
.
2014-07-23 15:37 . 2014-07-23 15:37 -------- d-----w- c:\documents and settings\Administrator
2014-07-20 10:06 . 2012-10-30 21:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2014-07-20 10:06 . 2012-10-30 21:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-07-20 10:06 . 2012-10-30 21:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-07-20 10:06 . 2012-10-30 21:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-07-20 10:06 . 2012-10-30 21:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-07-20 10:06 . 2012-10-30 21:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2014-07-20 10:06 . 2012-10-30 21:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2014-07-20 10:06 . 2012-10-30 21:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2014-07-20 10:04 . 2012-10-30 21:51 41224 ----a-w- c:\windows\avastSS.scr
2014-07-20 10:04 . 2012-10-30 21:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2014-07-20 10:03 . 2014-07-20 10:03 -------- d-----w- c:\program files\AVAST Software
2014-07-20 09:08 . 2014-07-20 10:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2014-07-20 08:34 . 2014-07-20 08:34 -------- d-----w- c:\documents and settings\owner\Local Settings\Data aplikací\SearchProtect
2014-07-19 17:58 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-19 17:52 . 2014-07-19 18:02 -------- d-----w- C:\AdwCleaner
2014-07-16 13:59 . 2014-07-16 13:59 -------- d-----w- c:\documents and settings\NetworkService\Nabídka Start
2014-07-15 22:15 . 2014-07-15 22:15 -------- d-----w- c:\documents and settings\LocalService\Plocha
2014-07-15 22:01 . 2014-07-19 10:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
2014-07-15 18:54 . 2014-07-15 18:54 -------- d-----w- c:\program files\Enigma Software Group
2014-07-15 18:54 . 2014-07-15 18:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2014-07-10 16:37 . 2014-07-15 16:44 -------- d-----w- c:\documents and settings\owner\Doctor Web
2014-07-10 16:10 . 2014-07-10 16:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Doctor Web
2014-07-09 08:36 . 2014-07-09 08:36 19178160 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 08:36 . 2012-04-22 09:15 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-09 08:36 . 2011-07-21 15:57 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-24 20:42 . 2012-12-26 16:31 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-06-23 15:37 . 2010-12-22 12:18 10528768 ----a-w- c:\windows\system32\RTLCPL.EXE
2014-06-23 15:37 . 2010-12-22 12:18 577536 ----a-w- c:\windows\SOUNDMAN.EXE
2014-06-23 15:36 . 2010-12-22 12:18 147456 ----a-w- c:\windows\system32\RTLCPAPI.dll
2014-06-23 15:36 . 2010-12-22 12:18 18804736 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2014-06-23 15:36 . 2010-12-22 12:18 4122368 ----a-w- c:\windows\system32\drivers\ALCXWDM.SYS
2014-06-23 15:35 . 2010-12-22 12:18 217088 ----a-w- c:\windows\Alcrmv.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-05-30 19:24 752960 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 21:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-06-27 12:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"SoundMan"="SOUNDMAN.EXE" [2014-06-23 577536]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 18:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CommonToolkitTray]
2013-04-29 09:29 1497120 ----a-w- c:\program files\Fighters\Tray\FightersTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2002-10-08 10:03 155648 ----a-r- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 01:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2013-11-20 15:59 85600 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\SbPFSvc.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\owner\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [17.4.2014 17:40 15808]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [26.12.2012 18:31 42784]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2.2.2013 22:28 270888]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [20.7.2014 12:06 738504]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.7.2014 12:06 361032]
S1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 5:54 66600]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.7.2014 12:06 21256]
S2 CltMngSvc;Search Protect Service;c:\progra~1\SearchProtect\Main\bin\CltMngSvc.exe --> c:\progra~1\SearchProtect\Main\bin\CltMngSvc.exe [?]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [10.12.2013 18:33 2152736]
S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 8:24 95528]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28.2.2013 18:45 161384]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 8:24 1365288]
S2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [29.5.2013 17:10 1281568]
S3 Common Toolkit 2;Common Toolkit 2;c:\program files\Common Files\Common Toolkit Suite\Tools\CommonToolkit2.exe [17.5.2013 2:01 264192]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [17.3.2011 9:42 47360]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2.2.2013 22:28 65576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-19 03:12 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 08:36]
.
2014-05-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2014-07-24 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-20 21:50]
.
.
------- Doplňkový sken -------
.
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 79.127.176.42 212.71.128.9
FF - ProfilePath -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-24 20:25
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(308)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1552)
c:\program files\Google\Drive\googledrivesync32.dll
.
Celkový čas: 2014-07-24 20:29:36
ComboFix-quarantined-files.txt 2014-07-24 18:29
ComboFix2.txt 2014-07-23 16:21
ComboFix3.txt 2014-07-21 19:42
.
Před spuštěním: 8 989 306 880
Po spuštění: 8 967 630 848
.
- - End Of File - - AD8F942245D49D58C53017D7DF90083E
413FC2A0C716421B3158746D63736515
Re: Prosím o kontrolu logu
Napsal: 24 črc 2014 20:15
Smazáno, log je již OK. CF odinstalujte pomocí T-Cleneru: http://vyosek.tym.cz/pro_usery/T-Cleaner.exe .
Re: Prosím o kontrolu logu
Napsal: 25 črc 2014 20:14
Díky za Vaši bezmeznou trpělivost se mnou po celou dobu. Jsem rád, že se to vyčistilo i když problém to zcela nevyřešilo. Možná je na vinně Firefox nebo Java.
Re: Prosím o kontrolu logu
Napsal: 25 črc 2014 20:28
Mimochodem, který proces systém nejvíce zatěžuje?