Re: Prosím o kontrolu logu, NTB se chová divně
Napsal: 05 říj 2014 15:03
V nouzovém režimu se to povedlo.
Mimochodem tyto kroky jsou na základě "znečištění" Windows a nebo z důvodu virové infekce? (Pokud se jedná o druhý případ, pak mě zaráží, že antivir nic nenašel.)
ComboFix 14-10-04.01 - oXide 05.10.2014 15:37:15.3.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3062.2442 [GMT 2:00]
Spuštěný z: c:\users\oXide\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\oXide\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\03691068.sys"
"c:\windows\system32\drivers\0733297F.sys"
"c:\windows\system32\drivers\0AFC3F82.sys"
"c:\windows\system32\drivers\0CB77408.sys"
"c:\windows\system32\drivers\0F0B3510.sys"
"c:\windows\system32\drivers\18243C2D.sys"
"c:\windows\system32\drivers\1926530B.sys"
"c:\windows\system32\drivers\1D71325F.sys"
"c:\windows\system32\drivers\244C7753.sys"
"c:\windows\system32\drivers\2AE74B7D.sys"
"c:\windows\system32\drivers\2CB84145.sys"
"c:\windows\system32\drivers\2E4535C5.sys"
"c:\windows\system32\drivers\2EAE531C.sys"
"c:\windows\system32\drivers\30815E21.sys"
"c:\windows\system32\drivers\38A8202B.sys"
"c:\windows\system32\drivers\48230029.sys"
"c:\windows\system32\drivers\54FA42BD.sys"
"c:\windows\system32\drivers\56A823D7.sys"
"c:\windows\system32\drivers\58933F80.sys"
"c:\windows\system32\drivers\5A5142B4.sys"
"c:\windows\system32\drivers\5FA72658.sys"
"c:\windows\system32\drivers\61B47BDF.sys"
"c:\windows\system32\drivers\6B9A01EB.sys"
"c:\windows\system32\drivers\7B3E5AFD.sys"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-09-05 do 2014-10-05 )))))))))))))))))))))))))))))))
.
.
2014-10-05 13:46 . 2014-10-05 13:52 -------- d-----w- c:\users\oXide\AppData\Local\temp
2014-10-05 13:46 . 2014-10-05 13:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-05 08:04 . 2014-10-05 13:20 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-05 08:02 . 2014-05-12 05:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-05 08:02 . 2014-05-12 05:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-05 08:02 . 2014-05-12 05:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-05 08:02 . 2014-10-05 08:07 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-10-04 15:36 . 2014-10-04 15:36 512 ----a-w- C:\PhysicalMBR.bin
2014-10-04 14:21 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-10-04 14:16 . 2014-10-04 14:21 -------- d-----w- C:\AdwCleaner
2014-10-04 12:53 . 2014-10-04 12:53 -------- d-----w- c:\program files\trend micro
2014-10-04 08:56 . 2014-10-04 08:56 -------- d-----w- C:\rsit
2014-10-04 06:51 . 2014-10-04 06:51 110296 ----a-w- c:\windows\system32\drivers\30815E21.sys
2014-10-04 06:51 . 2014-10-04 06:51 110296 ----a-w- c:\windows\system32\drivers\61B47BDF.sys
2014-10-03 19:38 . 2014-10-03 19:38 -------- d-----w- C:\SUPERDelete
2014-10-03 11:01 . 2014-10-03 11:01 110296 ----a-w- c:\windows\system32\drivers\18243C2D.sys
2014-10-03 06:40 . 2014-10-03 06:40 110296 ----a-w- c:\windows\system32\drivers\5FA72658.sys
2014-10-03 06:40 . 2014-10-03 06:40 110296 ----a-w- c:\windows\system32\drivers\54FA42BD.sys
2014-10-03 06:35 . 2014-09-09 01:24 8806800 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3FCB8B2A-C67F-4137-A734-7E691BF485AE}\mpengine.dll
2014-09-30 16:46 . 2014-09-30 16:46 110296 ----a-w- c:\windows\system32\drivers\56A823D7.sys
2014-09-30 08:35 . 2014-09-30 08:35 110296 ----a-w- c:\windows\system32\drivers\1D71325F.sys
2014-09-29 18:01 . 2014-09-29 18:01 110296 ----a-w- c:\windows\system32\drivers\0AFC3F82.sys
2014-09-28 09:27 . 2014-09-28 09:27 110296 ----a-w- c:\windows\system32\drivers\38A8202B.sys
2014-09-25 14:23 . 2014-09-25 14:23 110296 ----a-w- c:\windows\system32\drivers\2EAE531C.sys
2014-09-24 18:36 . 2014-09-09 06:24 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-24 16:50 . 2014-09-24 16:50 110296 ----a-w- c:\windows\system32\drivers\2CB84145.sys
2014-09-24 16:06 . 2014-09-24 16:06 110296 ----a-w- c:\windows\system32\drivers\1926530B.sys
2014-09-24 15:00 . 2014-09-24 15:00 110296 ----a-w- c:\windows\system32\drivers\7B3E5AFD.sys
2014-09-14 12:56 . 2014-09-14 12:56 -------- d-----w- c:\users\oXide\AppData\Local\Chromium
2014-09-14 11:45 . 2014-09-14 11:45 110296 ----a-w- c:\windows\system32\drivers\2E4535C5.sys
2014-09-14 10:26 . 2014-09-14 10:26 -------- d-----w- c:\users\oXide\AppData\Local\Macromedia
2014-09-14 10:25 . 2014-09-14 10:25 -------- d-----w- c:\users\oXide\AppData\Local\Mozilla
2014-09-14 10:24 . 2014-09-30 09:27 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-09-14 09:59 . 2014-09-14 09:59 -------- d-----w- c:\users\oXide\AppData\Local\Razer_Inc
2014-09-13 16:18 . 2014-09-13 16:18 -------- d-----w- c:\program files\Outlast
2014-09-12 14:04 . 2014-09-12 14:04 110296 ----a-w- c:\windows\system32\drivers\03691068.sys
2014-09-10 14:07 . 2014-09-10 14:07 110296 ----a-w- c:\windows\system32\drivers\0733297F.sys
2014-09-07 16:01 . 2014-10-05 13:51 -------- d-----w- c:\users\oXide\AppData\Local\HTC MediaHub
2014-09-07 16:01 . 2014-09-07 16:01 -------- d-----w- c:\programdata\HTC
2014-09-07 16:00 . 2014-09-07 16:00 -------- d-----w- c:\program files\Common Files\Nero
2014-09-07 15:56 . 2009-06-10 13:49 24576 ----a-w- c:\windows\system32\drivers\ANDROIDUSB.sys
2014-09-07 15:56 . 2014-09-07 15:56 -------- d-----w- c:\program files\Spirent Communications
2014-09-07 15:48 . 2014-09-07 15:51 -------- d-----w- c:\users\oXide\.android
2014-09-07 06:45 . 2014-09-07 06:45 110296 ----a-w- c:\windows\system32\drivers\6B9A01EB.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-05 13:51 . 2011-11-06 13:54 45056 ----a-w- c:\windows\system32\acovcnt.exe
2014-10-03 06:39 . 2014-07-02 16:21 110296 ----a-w- c:\windows\system32\drivers\48230029.sys
2014-09-24 15:54 . 2013-02-26 18:16 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-24 15:54 . 2011-11-06 12:20 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-15 07:06 . 2011-11-06 08:40 231568 ------w- c:\windows\system32\MpSigStub.exe
2014-09-01 15:05 . 2014-09-01 15:05 110296 ----a-w- c:\windows\system32\drivers\244C7753.sys
2014-08-31 05:32 . 2014-08-31 05:32 110296 ----a-w- c:\windows\system32\drivers\58933F80.sys
2014-08-24 04:05 . 2014-08-24 04:05 110296 ----a-w- c:\windows\system32\drivers\0CB77408.sys
2014-08-23 01:03 . 2014-08-29 01:04 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-08-22 23:26 . 2014-08-29 01:04 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-08-20 10:16 . 2014-08-20 10:16 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-08-20 05:57 . 2014-08-20 05:57 110296 ----a-w- c:\windows\system32\drivers\2AE74B7D.sys
2014-08-20 05:57 . 2014-08-20 05:57 110296 ----a-w- c:\windows\system32\drivers\5A5142B4.sys
2014-08-15 05:45 . 2014-08-15 05:45 110296 ----a-w- c:\windows\system32\drivers\0F0B3510.sys
2014-08-13 16:52 . 2014-08-13 16:53 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-16 15:54 . 2013-01-27 17:08 281152 ----a-w- c:\windows\system32\PnkBstrB.xtr
2014-07-16 14:14 . 2011-11-17 12:46 281152 ----a-w- c:\windows\system32\PnkBstrB.ex0
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-22 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-22 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 4702208]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"Skytel"="Skytel.exe" [2007-10-11 1826816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\PROGRAMY\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^oXide^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\oXide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTMTrayAgent]
2011-07-19 19:33 32955440 ----a-w- c:\program files\Motorola\Bluetooth\btmshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-22 02:34 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-22 02:34 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2014-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-26 15:54]
.
2014-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2442781902-818226900-1603411712-1000Core.job
- c:\users\oXide\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-06 06:35]
.
2014-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2442781902-818226900-1603411712-1000UA.job
- c:\users\oXide\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-06 06:35]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyServer = 128.199.144.215:80
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
TCP: Interfaces\{930DE09B-9641-4354-AAAD-018A0B57971C}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FF - ProfilePath - c:\users\oXide\AppData\Roaming\Mozilla\Firefox\Profiles\wqnzsupp.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-10-05 15:52
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2442781902-818226900-1603411712-1000\(;ť™—l*]
@Allowed: (Read) (RestrictedCode)
"Running"=dword:00000001
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3732)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
c:\program files\PROGRAMY\Stardock\Fences\FencesMenu.dll
c:\program files\programy\stardock\fences\DesktopDock.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Motorola\Bluetooth\devmgrsrv.exe
c:\program files\Motorola\Bluetooth\audiosrv.exe
c:\program files\HTC\HTC Sync Manager\HSMServiceEntry.exe
c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe
c:\program files\Razer\Razer Cortex\RzKLService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Motorola\Bluetooth\LEsrv.exe
c:\program files\Motorola\Bluetooth\obexsrv.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\program files\HTC\HTC Sync Manager\HTC Sync\adb.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\fsquirt.exe
.
**************************************************************************
.
Celkový čas: 2014-10-05 15:55:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-10-05 13:55
ComboFix2.txt 2014-10-04 18:25
.
Před spuštěním: Volných bajtů: 47 729 414 144
Po spuštění: Volných bajtů: 44 466 360 320
.
- - End Of File - - D278909A65B8F1EC2FBD7FEB5B51064A
64B1E91C5C6C2157642651010728F90F
Mimochodem tyto kroky jsou na základě "znečištění" Windows a nebo z důvodu virové infekce? (Pokud se jedná o druhý případ, pak mě zaráží, že antivir nic nenašel.)
ComboFix 14-10-04.01 - oXide 05.10.2014 15:37:15.3.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3062.2442 [GMT 2:00]
Spuštěný z: c:\users\oXide\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\oXide\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\03691068.sys"
"c:\windows\system32\drivers\0733297F.sys"
"c:\windows\system32\drivers\0AFC3F82.sys"
"c:\windows\system32\drivers\0CB77408.sys"
"c:\windows\system32\drivers\0F0B3510.sys"
"c:\windows\system32\drivers\18243C2D.sys"
"c:\windows\system32\drivers\1926530B.sys"
"c:\windows\system32\drivers\1D71325F.sys"
"c:\windows\system32\drivers\244C7753.sys"
"c:\windows\system32\drivers\2AE74B7D.sys"
"c:\windows\system32\drivers\2CB84145.sys"
"c:\windows\system32\drivers\2E4535C5.sys"
"c:\windows\system32\drivers\2EAE531C.sys"
"c:\windows\system32\drivers\30815E21.sys"
"c:\windows\system32\drivers\38A8202B.sys"
"c:\windows\system32\drivers\48230029.sys"
"c:\windows\system32\drivers\54FA42BD.sys"
"c:\windows\system32\drivers\56A823D7.sys"
"c:\windows\system32\drivers\58933F80.sys"
"c:\windows\system32\drivers\5A5142B4.sys"
"c:\windows\system32\drivers\5FA72658.sys"
"c:\windows\system32\drivers\61B47BDF.sys"
"c:\windows\system32\drivers\6B9A01EB.sys"
"c:\windows\system32\drivers\7B3E5AFD.sys"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-09-05 do 2014-10-05 )))))))))))))))))))))))))))))))
.
.
2014-10-05 13:46 . 2014-10-05 13:52 -------- d-----w- c:\users\oXide\AppData\Local\temp
2014-10-05 13:46 . 2014-10-05 13:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-05 08:04 . 2014-10-05 13:20 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-05 08:02 . 2014-05-12 05:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-05 08:02 . 2014-05-12 05:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-05 08:02 . 2014-05-12 05:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-05 08:02 . 2014-10-05 08:07 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-10-04 15:36 . 2014-10-04 15:36 512 ----a-w- C:\PhysicalMBR.bin
2014-10-04 14:21 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-10-04 14:16 . 2014-10-04 14:21 -------- d-----w- C:\AdwCleaner
2014-10-04 12:53 . 2014-10-04 12:53 -------- d-----w- c:\program files\trend micro
2014-10-04 08:56 . 2014-10-04 08:56 -------- d-----w- C:\rsit
2014-10-04 06:51 . 2014-10-04 06:51 110296 ----a-w- c:\windows\system32\drivers\30815E21.sys
2014-10-04 06:51 . 2014-10-04 06:51 110296 ----a-w- c:\windows\system32\drivers\61B47BDF.sys
2014-10-03 19:38 . 2014-10-03 19:38 -------- d-----w- C:\SUPERDelete
2014-10-03 11:01 . 2014-10-03 11:01 110296 ----a-w- c:\windows\system32\drivers\18243C2D.sys
2014-10-03 06:40 . 2014-10-03 06:40 110296 ----a-w- c:\windows\system32\drivers\5FA72658.sys
2014-10-03 06:40 . 2014-10-03 06:40 110296 ----a-w- c:\windows\system32\drivers\54FA42BD.sys
2014-10-03 06:35 . 2014-09-09 01:24 8806800 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3FCB8B2A-C67F-4137-A734-7E691BF485AE}\mpengine.dll
2014-09-30 16:46 . 2014-09-30 16:46 110296 ----a-w- c:\windows\system32\drivers\56A823D7.sys
2014-09-30 08:35 . 2014-09-30 08:35 110296 ----a-w- c:\windows\system32\drivers\1D71325F.sys
2014-09-29 18:01 . 2014-09-29 18:01 110296 ----a-w- c:\windows\system32\drivers\0AFC3F82.sys
2014-09-28 09:27 . 2014-09-28 09:27 110296 ----a-w- c:\windows\system32\drivers\38A8202B.sys
2014-09-25 14:23 . 2014-09-25 14:23 110296 ----a-w- c:\windows\system32\drivers\2EAE531C.sys
2014-09-24 18:36 . 2014-09-09 06:24 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-24 16:50 . 2014-09-24 16:50 110296 ----a-w- c:\windows\system32\drivers\2CB84145.sys
2014-09-24 16:06 . 2014-09-24 16:06 110296 ----a-w- c:\windows\system32\drivers\1926530B.sys
2014-09-24 15:00 . 2014-09-24 15:00 110296 ----a-w- c:\windows\system32\drivers\7B3E5AFD.sys
2014-09-14 12:56 . 2014-09-14 12:56 -------- d-----w- c:\users\oXide\AppData\Local\Chromium
2014-09-14 11:45 . 2014-09-14 11:45 110296 ----a-w- c:\windows\system32\drivers\2E4535C5.sys
2014-09-14 10:26 . 2014-09-14 10:26 -------- d-----w- c:\users\oXide\AppData\Local\Macromedia
2014-09-14 10:25 . 2014-09-14 10:25 -------- d-----w- c:\users\oXide\AppData\Local\Mozilla
2014-09-14 10:24 . 2014-09-30 09:27 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-09-14 09:59 . 2014-09-14 09:59 -------- d-----w- c:\users\oXide\AppData\Local\Razer_Inc
2014-09-13 16:18 . 2014-09-13 16:18 -------- d-----w- c:\program files\Outlast
2014-09-12 14:04 . 2014-09-12 14:04 110296 ----a-w- c:\windows\system32\drivers\03691068.sys
2014-09-10 14:07 . 2014-09-10 14:07 110296 ----a-w- c:\windows\system32\drivers\0733297F.sys
2014-09-07 16:01 . 2014-10-05 13:51 -------- d-----w- c:\users\oXide\AppData\Local\HTC MediaHub
2014-09-07 16:01 . 2014-09-07 16:01 -------- d-----w- c:\programdata\HTC
2014-09-07 16:00 . 2014-09-07 16:00 -------- d-----w- c:\program files\Common Files\Nero
2014-09-07 15:56 . 2009-06-10 13:49 24576 ----a-w- c:\windows\system32\drivers\ANDROIDUSB.sys
2014-09-07 15:56 . 2014-09-07 15:56 -------- d-----w- c:\program files\Spirent Communications
2014-09-07 15:48 . 2014-09-07 15:51 -------- d-----w- c:\users\oXide\.android
2014-09-07 06:45 . 2014-09-07 06:45 110296 ----a-w- c:\windows\system32\drivers\6B9A01EB.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-05 13:51 . 2011-11-06 13:54 45056 ----a-w- c:\windows\system32\acovcnt.exe
2014-10-03 06:39 . 2014-07-02 16:21 110296 ----a-w- c:\windows\system32\drivers\48230029.sys
2014-09-24 15:54 . 2013-02-26 18:16 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-24 15:54 . 2011-11-06 12:20 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-15 07:06 . 2011-11-06 08:40 231568 ------w- c:\windows\system32\MpSigStub.exe
2014-09-01 15:05 . 2014-09-01 15:05 110296 ----a-w- c:\windows\system32\drivers\244C7753.sys
2014-08-31 05:32 . 2014-08-31 05:32 110296 ----a-w- c:\windows\system32\drivers\58933F80.sys
2014-08-24 04:05 . 2014-08-24 04:05 110296 ----a-w- c:\windows\system32\drivers\0CB77408.sys
2014-08-23 01:03 . 2014-08-29 01:04 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-08-22 23:26 . 2014-08-29 01:04 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-08-20 10:16 . 2014-08-20 10:16 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-08-20 05:57 . 2014-08-20 05:57 110296 ----a-w- c:\windows\system32\drivers\2AE74B7D.sys
2014-08-20 05:57 . 2014-08-20 05:57 110296 ----a-w- c:\windows\system32\drivers\5A5142B4.sys
2014-08-15 05:45 . 2014-08-15 05:45 110296 ----a-w- c:\windows\system32\drivers\0F0B3510.sys
2014-08-13 16:52 . 2014-08-13 16:53 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-16 15:54 . 2013-01-27 17:08 281152 ----a-w- c:\windows\system32\PnkBstrB.xtr
2014-07-16 14:14 . 2011-11-17 12:46 281152 ----a-w- c:\windows\system32\PnkBstrB.ex0
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-22 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-22 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 4702208]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"Skytel"="Skytel.exe" [2007-10-11 1826816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\PROGRAMY\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^oXide^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\oXide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTMTrayAgent]
2011-07-19 19:33 32955440 ----a-w- c:\program files\Motorola\Bluetooth\btmshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-22 02:34 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-22 02:34 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2014-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-26 15:54]
.
2014-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2442781902-818226900-1603411712-1000Core.job
- c:\users\oXide\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-06 06:35]
.
2014-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2442781902-818226900-1603411712-1000UA.job
- c:\users\oXide\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-06 06:35]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyServer = 128.199.144.215:80
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
TCP: Interfaces\{930DE09B-9641-4354-AAAD-018A0B57971C}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FF - ProfilePath - c:\users\oXide\AppData\Roaming\Mozilla\Firefox\Profiles\wqnzsupp.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-10-05 15:52
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2442781902-818226900-1603411712-1000\(;ť™—l*]
@Allowed: (Read) (RestrictedCode)
"Running"=dword:00000001
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3732)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
c:\program files\PROGRAMY\Stardock\Fences\FencesMenu.dll
c:\program files\programy\stardock\fences\DesktopDock.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Motorola\Bluetooth\devmgrsrv.exe
c:\program files\Motorola\Bluetooth\audiosrv.exe
c:\program files\HTC\HTC Sync Manager\HSMServiceEntry.exe
c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe
c:\program files\Razer\Razer Cortex\RzKLService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Motorola\Bluetooth\LEsrv.exe
c:\program files\Motorola\Bluetooth\obexsrv.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\program files\HTC\HTC Sync Manager\HTC Sync\adb.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\fsquirt.exe
.
**************************************************************************
.
Celkový čas: 2014-10-05 15:55:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-10-05 13:55
ComboFix2.txt 2014-10-04 18:25
.
Před spuštěním: Volných bajtů: 47 729 414 144
Po spuštění: Volných bajtů: 44 466 360 320
.
- - End Of File - - D278909A65B8F1EC2FBD7FEB5B51064A
64B1E91C5C6C2157642651010728F90F
Odinstalovaval jste to MBAM? Vsechno to tam zustalo 
Napiste mi velikost adresare plochy (C:\Users\oXide\Desktop)
Vypnete antivir, at nebrani programu v praci.
