Re: Zasekava sa PC
Napsal: 08 bře 2015 09:00
V registroch sa hodnota wivc, alebo wivc.exe nenachadza 
nebolo co zmazat
nebolo co zmazatStránka 2 z 2
Re: Zasekava sa PC
Napsal: 08 bře 2015 11:13
On už tam v podstatě není, jen tam něco nefunkčního zbylo. Zkuste ne něj vyrazit tímto scannerem: http://www.411-spyware.com/file-viwc-exe
Re: Zasekava sa PC
Napsal: 08 bře 2015 12:04
Naslo 6 hrozieb, program Spyhunter 4, nedokazem to zmazat lebo nemam platenu verziu programu. Nejaku alternativu si prosim.
Re: Zasekava sa PC
Napsal: 08 bře 2015 12:51
Spyhunter není zrovna nástroj, který preferujeme, vidí problémy tam, kde nejsou. Proto také žádá o zaplacení před smazáním. Právě na tom ta firma vydělává. 
Dejte log ComboFix:
Dejte log ComboFix:Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware.
Re: Zasekava sa PC
Napsal: 08 bře 2015 13:00
vkuse mi mrzne google chrome, hlasku zobrazuje neustale 
pocitac v klude 6 tabov spustenych a myska seka - kurzor CPU vytazene na 50-100%, pred rokom som menil pastu, teplota CPU je dobra, cize v tomto byt problem nemoze
ComboFix 15-03-01.01 - Administrator 08.03.2015 13:02:13.1.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2814.1165 [GMT 1:00]
Running from: D:\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2015-02-08 to 2015-03-08 )))))))))))))))))))))))))))))))
.
.
2015-03-08 11:46 . 2015-03-08 11:47 -------- d-----w- c:\program files\Advanced Fix 2014
2015-03-08 11:28 . 2015-03-08 11:45 -------- d-----w- c:\program files\Advanced Fix
2015-03-07 16:53 . 2015-03-07 16:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2015-03-06 18:55 . 2015-03-06 18:56 -------- d-----w- C:\rsit
2015-03-06 14:37 . 2014-12-04 03:48 76872 ----a-w- c:\windows\system32\RtNicProp32.dll
2015-03-06 14:37 . 2014-12-04 03:48 102416 ----a-w- c:\windows\system32\RTNUninst32.dll
2015-03-06 14:14 . 2015-03-06 14:14 -------- d-----w- c:\program files\Easeware
2015-03-06 14:03 . 2015-03-06 14:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\ViberPC
2015-03-05 12:36 . 2015-03-08 11:47 -------- d-----w- c:\program files\trend micro
2015-03-01 12:37 . 2015-03-01 12:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subtitle Edit
2015-03-01 12:37 . 2015-03-01 12:37 -------- d-----w- c:\program files\Subtitle Edit
2015-02-26 17:56 . 2015-02-26 17:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Avg_Update_0215av
2015-02-23 17:50 . 2015-02-23 17:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AVG
2015-02-23 17:50 . 2015-02-23 17:50 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AVG
2015-02-22 15:36 . 2015-02-22 15:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG
2015-02-22 15:33 . 2015-02-22 15:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Avg
2015-02-22 15:33 . 2015-02-22 15:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG
2015-02-22 15:22 . 2015-02-22 15:22 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\TechGenie
2015-02-22 15:21 . 2015-02-22 15:27 -------- d-----w- c:\program files\TechGenie
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-22 15:19 . 2014-06-19 17:11 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-22 15:19 . 2014-06-19 17:11 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-01-15 11:56 . 2015-01-15 11:56 23840 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
2014-12-08 20:25 . 2014-07-24 13:04 192792 ----a-w- c:\windows\system32\drivers\avgidsdriverlx.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-02-13 . 7E2814A54208F306B284780A3D834BBE . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 10:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-01-23 31090272]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2014-07-10 3858000]
"uTorrent"="c:\documents and settings\Administrator\Application Data\uTorrent\uTorrent.exe" [2015-01-22 1377872]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WGA Remover"="c:\program files\WGA Remover\wgaremover.exe" [2013-04-03 920576]
"vilaunch"="c:\windows\system32\vilaunch.exe" [2011-03-30 184142]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2014-07-10 3858000]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2015-01-06 3674576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2015\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\bin\\steamwebhelper.exe"=
"c:\\Program Files\\LibreOffice 4\\program\\soffice.bin"=
"c:\\Program Files\\AVG\\AVG2015\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgemcx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [18.6.2014 21:16 154904]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [18.7.2014 15:55 230680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [18.6.2014 21:03 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [18.6.2014 21:03 121624]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [24.7.2014 14:04 192792]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [18.6.2014 21:03 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [20.8.2014 21:49 192792]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2.7.2014 10:01 200984]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [1.6.2014 13:54 243128]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [15.1.2015 12:56 23840]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [10.7.2014 15:51 121440]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [13.7.2014 16:32 204064]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [13.7.2014 16:32 104736]
R2 ANPD;ANPD Service;c:\windows\system32\ANPD.SYS [25.5.2014 3:00 29411]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2015\avgwdsvc.exe [6.1.2015 21:49 309232]
R2 D-Link GO-USB-N150_PBC_WPS;D-Link GO-USB-N150_PBC_WPS Service;c:\program files\D-Link\GO-USB-N150\ALPBCSVC.exe [18.10.2014 15:35 61440]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [16.12.2014 11:58 244448]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [7.8.2003 15:42 6528]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [16.5.2014 14:24 116512]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [16.5.2014 14:24 126752]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [6.1.2015 21:58 3440080]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2.1.2015 19:45 315488]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [24.5.2014 21:08 1691480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-04 16:23 1059656 ----a-w- c:\program files\Google\Chrome\Application\41.0.2272.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-19 15:19]
.
2015-03-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2015-02-27 c:\windows\Tasks\AVG_SYS_TASK_0215av_RUN.job
- c:\documents and settings\All Users.WINDOWS\Application Data\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe [2015-02-26 14:16]
.
2015-01-15 c:\windows\Tasks\AVG_SYS_TASK_1014av_RUN.job
- c:\documents and settings\All Users.WINDOWS\Application Data\Avg_Update_1014av\AVG-Secure-Search-Update_1014av.exe [2015-01-15 13:50]
.
2015-03-07 c:\windows\Tasks\Driver Booster Scan.job
- c:\program files\IObit\Driver Booster\Scheduler.exe [2014-06-19 15:30]
.
2015-03-07 c:\windows\Tasks\Driver Booster Update.job
- c:\program files\IObit\Driver Booster\AutoUpdate.exe [2014-06-19 14:00]
.
2015-03-06 c:\windows\Tasks\DriverEasy Scheduled Scan.job
- c:\program files\Easeware\DriverEasy\DriverEasy.exe [2015-03-06 06:13]
.
2015-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-05-24 17:56]
.
2015-01-15 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-05-24 01:59]
.
2015-01-15 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-05-24 01:59]
.
.
------- Supplementary Scan -------
.
IE: Stiahnuť s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stiahnuť s IDM všetky prepojenia - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8B83C8EC-910D-4E05-ABBC-517181816B20}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vc35kbc2.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-03-08 13:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ee,a9,8b,ca,43,f6,76,dd,83,18,72,ea,ee,f6,14,37,4c,55,f8,01,c8,
ac,f2,c2,32,97,9c,54,a6,e6,27,aa,ee,0e,54,4f,a1,5f,d7,80,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9dc61f3f-61f2-4e67-9d6a-589e6893a94a}]
@Denied: (Full) (Everyone)
"Model"=dword:00000019
"Therad"=dword:00000009
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2096)
c:\windows\system32\WININET.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2015-03-08 13:05:38
ComboFix-quarantined-files.txt 2015-03-08 12:05
.
Pre-Run: 182 969 135 104 bytes free
Post-Run: 182 963 232 768 bytes free
.
- - End Of File - - A334F3B816CAF65FCB9EE5164AAF89DB
8F558EB6672622401DA993E1E865C861
pocitac v klude 6 tabov spustenych a myska seka - kurzor CPU vytazene na 50-100%, pred rokom som menil pastu, teplota CPU je dobra, cize v tomto byt problem nemoze ComboFix 15-03-01.01 - Administrator 08.03.2015 13:02:13.1.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2814.1165 [GMT 1:00]
Running from: D:\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2015-02-08 to 2015-03-08 )))))))))))))))))))))))))))))))
.
.
2015-03-08 11:46 . 2015-03-08 11:47 -------- d-----w- c:\program files\Advanced Fix 2014
2015-03-08 11:28 . 2015-03-08 11:45 -------- d-----w- c:\program files\Advanced Fix
2015-03-07 16:53 . 2015-03-07 16:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2015-03-06 18:55 . 2015-03-06 18:56 -------- d-----w- C:\rsit
2015-03-06 14:37 . 2014-12-04 03:48 76872 ----a-w- c:\windows\system32\RtNicProp32.dll
2015-03-06 14:37 . 2014-12-04 03:48 102416 ----a-w- c:\windows\system32\RTNUninst32.dll
2015-03-06 14:14 . 2015-03-06 14:14 -------- d-----w- c:\program files\Easeware
2015-03-06 14:03 . 2015-03-06 14:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\ViberPC
2015-03-05 12:36 . 2015-03-08 11:47 -------- d-----w- c:\program files\trend micro
2015-03-01 12:37 . 2015-03-01 12:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subtitle Edit
2015-03-01 12:37 . 2015-03-01 12:37 -------- d-----w- c:\program files\Subtitle Edit
2015-02-26 17:56 . 2015-02-26 17:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Avg_Update_0215av
2015-02-23 17:50 . 2015-02-23 17:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AVG
2015-02-23 17:50 . 2015-02-23 17:50 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AVG
2015-02-22 15:36 . 2015-02-22 15:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG
2015-02-22 15:33 . 2015-02-22 15:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Avg
2015-02-22 15:33 . 2015-02-22 15:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG
2015-02-22 15:22 . 2015-02-22 15:22 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\TechGenie
2015-02-22 15:21 . 2015-02-22 15:27 -------- d-----w- c:\program files\TechGenie
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-22 15:19 . 2014-06-19 17:11 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-22 15:19 . 2014-06-19 17:11 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-01-15 11:56 . 2015-01-15 11:56 23840 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
2014-12-08 20:25 . 2014-07-24 13:04 192792 ----a-w- c:\windows\system32\drivers\avgidsdriverlx.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-02-13 . 7E2814A54208F306B284780A3D834BBE . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 10:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-01-23 31090272]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2014-07-10 3858000]
"uTorrent"="c:\documents and settings\Administrator\Application Data\uTorrent\uTorrent.exe" [2015-01-22 1377872]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WGA Remover"="c:\program files\WGA Remover\wgaremover.exe" [2013-04-03 920576]
"vilaunch"="c:\windows\system32\vilaunch.exe" [2011-03-30 184142]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2014-07-10 3858000]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2015-01-06 3674576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2015\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\bin\\steamwebhelper.exe"=
"c:\\Program Files\\LibreOffice 4\\program\\soffice.bin"=
"c:\\Program Files\\AVG\\AVG2015\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgemcx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [18.6.2014 21:16 154904]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [18.7.2014 15:55 230680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [18.6.2014 21:03 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [18.6.2014 21:03 121624]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [24.7.2014 14:04 192792]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [18.6.2014 21:03 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [20.8.2014 21:49 192792]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2.7.2014 10:01 200984]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [1.6.2014 13:54 243128]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [15.1.2015 12:56 23840]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [10.7.2014 15:51 121440]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [13.7.2014 16:32 204064]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [13.7.2014 16:32 104736]
R2 ANPD;ANPD Service;c:\windows\system32\ANPD.SYS [25.5.2014 3:00 29411]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2015\avgwdsvc.exe [6.1.2015 21:49 309232]
R2 D-Link GO-USB-N150_PBC_WPS;D-Link GO-USB-N150_PBC_WPS Service;c:\program files\D-Link\GO-USB-N150\ALPBCSVC.exe [18.10.2014 15:35 61440]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [16.12.2014 11:58 244448]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [7.8.2003 15:42 6528]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [16.5.2014 14:24 116512]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [16.5.2014 14:24 126752]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [6.1.2015 21:58 3440080]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2.1.2015 19:45 315488]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [24.5.2014 21:08 1691480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-04 16:23 1059656 ----a-w- c:\program files\Google\Chrome\Application\41.0.2272.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-19 15:19]
.
2015-03-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2015-02-27 c:\windows\Tasks\AVG_SYS_TASK_0215av_RUN.job
- c:\documents and settings\All Users.WINDOWS\Application Data\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe [2015-02-26 14:16]
.
2015-01-15 c:\windows\Tasks\AVG_SYS_TASK_1014av_RUN.job
- c:\documents and settings\All Users.WINDOWS\Application Data\Avg_Update_1014av\AVG-Secure-Search-Update_1014av.exe [2015-01-15 13:50]
.
2015-03-07 c:\windows\Tasks\Driver Booster Scan.job
- c:\program files\IObit\Driver Booster\Scheduler.exe [2014-06-19 15:30]
.
2015-03-07 c:\windows\Tasks\Driver Booster Update.job
- c:\program files\IObit\Driver Booster\AutoUpdate.exe [2014-06-19 14:00]
.
2015-03-06 c:\windows\Tasks\DriverEasy Scheduled Scan.job
- c:\program files\Easeware\DriverEasy\DriverEasy.exe [2015-03-06 06:13]
.
2015-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-05-24 17:56]
.
2015-01-15 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-05-24 01:59]
.
2015-01-15 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-05-24 01:59]
.
.
------- Supplementary Scan -------
.
IE: Stiahnuť s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stiahnuť s IDM všetky prepojenia - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8B83C8EC-910D-4E05-ABBC-517181816B20}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vc35kbc2.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-03-08 13:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ee,a9,8b,ca,43,f6,76,dd,83,18,72,ea,ee,f6,14,37,4c,55,f8,01,c8,
ac,f2,c2,32,97,9c,54,a6,e6,27,aa,ee,0e,54,4f,a1,5f,d7,80,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9dc61f3f-61f2-4e67-9d6a-589e6893a94a}]
@Denied: (Full) (Everyone)
"Model"=dword:00000019
"Therad"=dword:00000009
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2096)
c:\windows\system32\WININET.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2015-03-08 13:05:38
ComboFix-quarantined-files.txt 2015-03-08 12:05
.
Pre-Run: 182 969 135 104 bytes free
Post-Run: 182 963 232 768 bytes free
.
- - End Of File - - A334F3B816CAF65FCB9EE5164AAF89DB
8F558EB6672622401DA993E1E865C861
Re: Zasekava sa PC
Napsal: 08 bře 2015 13:09
Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptuKillAll::
File::
c:\program files\WGA Remover\wgaremover.exe
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WGA Remover"=-
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9dc61f3f-61f2-4e67-9d6a-589e6893a94a}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
Reboot::
Re: Zasekava sa PC
Napsal: 08 bře 2015 13:27
problem pretrvava
ComboFix 15-03-01.01 - Administrator 08.03.2015 13:25:43.3.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2814.1683 [GMT 1:00]
Running from: D:\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\program files\WGA Remover\wgaremover.exe"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\WGA Remover\wgaremover.exe
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2015-02-08 to 2015-03-08 )))))))))))))))))))))))))))))))
.
.
2015-03-08 11:46 . 2015-03-08 11:47 -------- d-----w- c:\program files\Advanced Fix 2014
2015-03-08 11:28 . 2015-03-08 11:45 -------- d-----w- c:\program files\Advanced Fix
2015-03-07 16:53 . 2015-03-07 16:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2015-03-06 18:55 . 2015-03-06 18:56 -------- d-----w- C:\rsit
2015-03-06 14:37 . 2014-12-04 03:48 76872 ----a-w- c:\windows\system32\RtNicProp32.dll
2015-03-06 14:37 . 2014-12-04 03:48 102416 ----a-w- c:\windows\system32\RTNUninst32.dll
2015-03-06 14:14 . 2015-03-06 14:14 -------- d-----w- c:\program files\Easeware
2015-03-06 14:03 . 2015-03-06 14:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\ViberPC
2015-03-05 12:36 . 2015-03-08 11:47 -------- d-----w- c:\program files\trend micro
2015-03-01 12:37 . 2015-03-01 12:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subtitle Edit
2015-03-01 12:37 . 2015-03-01 12:37 -------- d-----w- c:\program files\Subtitle Edit
2015-02-26 17:56 . 2015-02-26 17:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Avg_Update_0215av
2015-02-23 17:50 . 2015-02-23 17:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AVG
2015-02-23 17:50 . 2015-02-23 17:50 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AVG
2015-02-22 15:36 . 2015-02-22 15:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG
2015-02-22 15:33 . 2015-02-22 15:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Avg
2015-02-22 15:33 . 2015-02-22 15:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG
2015-02-22 15:22 . 2015-02-22 15:22 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\TechGenie
2015-02-22 15:21 . 2015-02-22 15:27 -------- d-----w- c:\program files\TechGenie
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-22 15:19 . 2014-06-19 17:11 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-22 15:19 . 2014-06-19 17:11 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-01-15 11:56 . 2015-01-15 11:56 23840 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
2014-12-08 20:25 . 2014-07-24 13:04 192792 ----a-w- c:\windows\system32\drivers\avgidsdriverlx.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-02-13 . 7E2814A54208F306B284780A3D834BBE . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 10:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-01-23 31090272]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2014-07-10 3858000]
"uTorrent"="c:\documents and settings\Administrator\Application Data\uTorrent\uTorrent.exe" [2015-01-22 1377872]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vilaunch"="c:\windows\system32\vilaunch.exe" [2011-03-30 184142]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2014-07-10 3858000]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2015-01-06 3674576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2015\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\bin\\steamwebhelper.exe"=
"c:\\Program Files\\LibreOffice 4\\program\\soffice.bin"=
"c:\\Program Files\\AVG\\AVG2015\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgemcx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [18.6.2014 21:16 154904]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [18.7.2014 15:55 230680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [18.6.2014 21:03 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [18.6.2014 21:03 121624]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [24.7.2014 14:04 192792]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [18.6.2014 21:03 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [20.8.2014 21:49 192792]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2.7.2014 10:01 200984]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [1.6.2014 13:54 243128]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [15.1.2015 12:56 23840]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [10.7.2014 15:51 121440]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [13.7.2014 16:32 204064]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [13.7.2014 16:32 104736]
R2 ANPD;ANPD Service;c:\windows\system32\ANPD.SYS [25.5.2014 3:00 29411]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [6.1.2015 21:58 3440080]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2015\avgwdsvc.exe [6.1.2015 21:49 309232]
R2 D-Link GO-USB-N150_PBC_WPS;D-Link GO-USB-N150_PBC_WPS Service;c:\program files\D-Link\GO-USB-N150\ALPBCSVC.exe [18.10.2014 15:35 61440]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [16.12.2014 11:58 244448]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2.1.2015 19:45 315488]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [7.8.2003 15:42 6528]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [16.5.2014 14:24 116512]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [16.5.2014 14:24 126752]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [24.5.2014 21:08 1691480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-04 16:23 1059656 ----a-w- c:\program files\Google\Chrome\Application\41.0.2272.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-19 15:19]
.
2015-03-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2015-02-27 c:\windows\Tasks\AVG_SYS_TASK_0215av_RUN.job
- c:\documents and settings\All Users.WINDOWS\Application Data\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe [2015-02-26 14:16]
.
2015-01-15 c:\windows\Tasks\AVG_SYS_TASK_1014av_RUN.job
- c:\documents and settings\All Users.WINDOWS\Application Data\Avg_Update_1014av\AVG-Secure-Search-Update_1014av.exe [2015-01-15 13:50]
.
2015-03-07 c:\windows\Tasks\Driver Booster Scan.job
- c:\program files\IObit\Driver Booster\Scheduler.exe [2014-06-19 15:30]
.
2015-03-07 c:\windows\Tasks\Driver Booster Update.job
- c:\program files\IObit\Driver Booster\AutoUpdate.exe [2014-06-19 14:00]
.
2015-03-06 c:\windows\Tasks\DriverEasy Scheduled Scan.job
- c:\program files\Easeware\DriverEasy\DriverEasy.exe [2015-03-06 06:13]
.
2015-01-15 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-05-24 01:59]
.
2015-01-15 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-05-24 01:59]
.
.
------- Supplementary Scan -------
.
IE: Stiahnuť s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stiahnuť s IDM všetky prepojenia - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8B83C8EC-910D-4E05-ABBC-517181816B20}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vc35kbc2.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-03-08 13:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1004)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2796)
c:\windows\system32\WININET.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\windows\system32\ieframe.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2015-03-08 13:32:31 - machine was rebooted
ComboFix-quarantined-files.txt 2015-03-08 12:32
ComboFix2.txt 2015-03-08 12:05
.
Pre-Run: 182 922 035 200 bytes free
Post-Run: 9 adresárov, 182 917 980 160 voľných bajtov
.
- - End Of File - - 5613259CF60D57C4D6B298E00B7EF090
8F558EB6672622401DA993E1E865C861
ComboFix 15-03-01.01 - Administrator 08.03.2015 13:25:43.3.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2814.1683 [GMT 1:00]
Running from: D:\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\program files\WGA Remover\wgaremover.exe"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\WGA Remover\wgaremover.exe
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2015-02-08 to 2015-03-08 )))))))))))))))))))))))))))))))
.
.
2015-03-08 11:46 . 2015-03-08 11:47 -------- d-----w- c:\program files\Advanced Fix 2014
2015-03-08 11:28 . 2015-03-08 11:45 -------- d-----w- c:\program files\Advanced Fix
2015-03-07 16:53 . 2015-03-07 16:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2015-03-06 18:55 . 2015-03-06 18:56 -------- d-----w- C:\rsit
2015-03-06 14:37 . 2014-12-04 03:48 76872 ----a-w- c:\windows\system32\RtNicProp32.dll
2015-03-06 14:37 . 2014-12-04 03:48 102416 ----a-w- c:\windows\system32\RTNUninst32.dll
2015-03-06 14:14 . 2015-03-06 14:14 -------- d-----w- c:\program files\Easeware
2015-03-06 14:03 . 2015-03-06 14:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\ViberPC
2015-03-05 12:36 . 2015-03-08 11:47 -------- d-----w- c:\program files\trend micro
2015-03-01 12:37 . 2015-03-01 12:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subtitle Edit
2015-03-01 12:37 . 2015-03-01 12:37 -------- d-----w- c:\program files\Subtitle Edit
2015-02-26 17:56 . 2015-02-26 17:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Avg_Update_0215av
2015-02-23 17:50 . 2015-02-23 17:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AVG
2015-02-23 17:50 . 2015-02-23 17:50 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AVG
2015-02-22 15:36 . 2015-02-22 15:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG
2015-02-22 15:33 . 2015-02-22 15:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Avg
2015-02-22 15:33 . 2015-02-22 15:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG
2015-02-22 15:22 . 2015-02-22 15:22 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\TechGenie
2015-02-22 15:21 . 2015-02-22 15:27 -------- d-----w- c:\program files\TechGenie
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-22 15:19 . 2014-06-19 17:11 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-22 15:19 . 2014-06-19 17:11 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-01-15 11:56 . 2015-01-15 11:56 23840 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
2014-12-08 20:25 . 2014-07-24 13:04 192792 ----a-w- c:\windows\system32\drivers\avgidsdriverlx.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-02-13 . 7E2814A54208F306B284780A3D834BBE . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 10:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-01-23 31090272]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2014-07-10 3858000]
"uTorrent"="c:\documents and settings\Administrator\Application Data\uTorrent\uTorrent.exe" [2015-01-22 1377872]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vilaunch"="c:\windows\system32\vilaunch.exe" [2011-03-30 184142]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2014-07-10 3858000]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2015-01-06 3674576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2015\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\bin\\steamwebhelper.exe"=
"c:\\Program Files\\LibreOffice 4\\program\\soffice.bin"=
"c:\\Program Files\\AVG\\AVG2015\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgemcx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [18.6.2014 21:16 154904]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [18.7.2014 15:55 230680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [18.6.2014 21:03 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [18.6.2014 21:03 121624]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [24.7.2014 14:04 192792]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [18.6.2014 21:03 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [20.8.2014 21:49 192792]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2.7.2014 10:01 200984]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [1.6.2014 13:54 243128]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [15.1.2015 12:56 23840]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [10.7.2014 15:51 121440]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [13.7.2014 16:32 204064]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [13.7.2014 16:32 104736]
R2 ANPD;ANPD Service;c:\windows\system32\ANPD.SYS [25.5.2014 3:00 29411]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [6.1.2015 21:58 3440080]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2015\avgwdsvc.exe [6.1.2015 21:49 309232]
R2 D-Link GO-USB-N150_PBC_WPS;D-Link GO-USB-N150_PBC_WPS Service;c:\program files\D-Link\GO-USB-N150\ALPBCSVC.exe [18.10.2014 15:35 61440]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [16.12.2014 11:58 244448]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2.1.2015 19:45 315488]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [7.8.2003 15:42 6528]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [16.5.2014 14:24 116512]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [16.5.2014 14:24 126752]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [24.5.2014 21:08 1691480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-04 16:23 1059656 ----a-w- c:\program files\Google\Chrome\Application\41.0.2272.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-19 15:19]
.
2015-03-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2015-02-27 c:\windows\Tasks\AVG_SYS_TASK_0215av_RUN.job
- c:\documents and settings\All Users.WINDOWS\Application Data\Avg_Update_0215av\AVG-Secure-Search-Update_0215av.exe [2015-02-26 14:16]
.
2015-01-15 c:\windows\Tasks\AVG_SYS_TASK_1014av_RUN.job
- c:\documents and settings\All Users.WINDOWS\Application Data\Avg_Update_1014av\AVG-Secure-Search-Update_1014av.exe [2015-01-15 13:50]
.
2015-03-07 c:\windows\Tasks\Driver Booster Scan.job
- c:\program files\IObit\Driver Booster\Scheduler.exe [2014-06-19 15:30]
.
2015-03-07 c:\windows\Tasks\Driver Booster Update.job
- c:\program files\IObit\Driver Booster\AutoUpdate.exe [2014-06-19 14:00]
.
2015-03-06 c:\windows\Tasks\DriverEasy Scheduled Scan.job
- c:\program files\Easeware\DriverEasy\DriverEasy.exe [2015-03-06 06:13]
.
2015-01-15 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-05-24 01:59]
.
2015-01-15 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-05-24 01:59]
.
.
------- Supplementary Scan -------
.
IE: Stiahnuť s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stiahnuť s IDM všetky prepojenia - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8B83C8EC-910D-4E05-ABBC-517181816B20}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vc35kbc2.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-03-08 13:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1004)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2796)
c:\windows\system32\WININET.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\windows\system32\ieframe.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2015-03-08 13:32:31 - machine was rebooted
ComboFix-quarantined-files.txt 2015-03-08 12:32
ComboFix2.txt 2015-03-08 12:05
.
Pre-Run: 182 922 035 200 bytes free
Post-Run: 9 adresárov, 182 917 980 160 voľných bajtov
.
- - End Of File - - 5613259CF60D57C4D6B298E00B7EF090
8F558EB6672622401DA993E1E865C861
Re: Zasekava sa PC
Napsal: 08 bře 2015 17:22
Smazáno. CF odinstalujte pomocí T-Cleaneru: http://vyosek.tym.cz/pro_usery/T-Cleaner.exe . Nastala nějaká změna?
Re: Zasekava sa PC
Napsal: 08 bře 2015 19:05
nefunguje link na download cez google to neviem najst hlasi trojana
cez google to neviem najst hlasi trojanaRe: Zasekava sa PC
Napsal: 08 bře 2015 19:09
Zkuste odtud: http://www.softpedia.com/get/Security/S ... aner.shtml .
Re: Zasekava sa PC
Napsal: 08 bře 2015 19:16
Spustil som T-Cleaner, odklikal vsetky tlacitka na paneli, spravil restart, chybove hlasky zobrazuje stale, chrome mrzne stale
Re: Zasekava sa PC
Napsal: 08 bře 2015 20:22
Zazálohujte Chrome pomocí ChromeBackup: http://www.stahuj.centrum.cz/internet_a ... me-backup/ . Pak Chrome odinstalujte vč. jeho profilu. Znovu nainstalujte a zpět z zálohy zkopírujte pouze záložky, příp. hesla.
Re: Zasekava sa PC
Napsal: 12 bře 2015 19:16
vyborne toto pomohlo, hlaska sa sice zobrazuje stale ale pocitac ide bez problemov dakujem
Re: Zasekava sa PC
Napsal: 12 bře 2015 19:54
Rádo se stalo!