VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu logu

https://forum.viry.cz:443/viewtopic.php?t=125708

Stránka 1 z 1

Prosím o kontrolu logu

Napsal: 11 lis 2012 11:16
od Paulie0001
Dobrý den, myslím že jsem stáhl vir....
Mi kamarádka posílala soubor přes Skype, a myslel jsem si že mi posílá fotku. Otevřu to, a nešlo to otevřít, a je to ve formátu SCR..... Kámoška mi nic nepsala, a o další den mi to poslala to samý znova, tak jsem se jí zeptal co mi to posílá, a říká že nic..... Já jsem to zkoušel otevřít ale nic to nešlo, a po chvíli mi došlo.... Že mi ona nic neposílá, že se jí to posílá samo........

No, hned píšu sem, abych se s vámi poradil jestli to není teda vir, a jestli jo tak rychle se ho zbavit prosím :-).
ten soubor se jmenuje "DSC0634723.scr" mám ho uložený na disku D:\
párkrát jsem na něj kliknul ale nic se neděje.
Posílám log z RSIT


Logfile of random's system information tool 1.09 (written by random/random)
Run by Pavel at 2012-11-11 11:15:31
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 12 GB (8%) free of 153 GB
Total RAM: 2038 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:15:47, on 11.11.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Zabezpeceni PC\AntiVirus\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
D:\Zabezpeceni PC\AntiVirus\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hamachi\hamachi.exe
D:\Zabezpeceni PC\AntiVirus\Avira\AntiVir Desktop\avguard.exe
C:\Documents and Settings\All Users\Data aplikací\IBUpdaterService\ibsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
D:\Zabezpeceni PC\AntiVirus\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Rage of Mages 2\rom2.exe
C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pavel\Dokumenty\Downloads\RSIT (1).exe
C:\Program Files\trend micro\Pavel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: CrossriderApp0005060 - {11111111-1111-1111-1111-110011501160} - C:\Program Files\Savings Sidekick\Savings Sidekick.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "D:\Zabezpeceni PC\AntiVirus\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DrivUpdater] C:\WINDOWS\updater\updat.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [DrivUpdater] C:\WINDOWS\updater\updat.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\updater\updat.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\updater\updat.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Zabezpeceni PC\AntiVirus\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Zabezpeceni PC\AntiVirus\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Updater Service (IBUpdaterService) - Unknown owner - C:\Documents and Settings\All Users\Data aplikací\IBUpdaterService\ibsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe

--
End of file - 7186 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\pzadnv70.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.271 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.5.1]
"Description"=
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
np32dsw.dll
npdeployJava1.dll
nppdf32.dll
ShockwavePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
adaradar.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\pzadnv70.default\extensions\
crossriderapp5060@crossrider.com

C:\Documents and Settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\pzadnv70.default\searchplugins\
askcom.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501160}]
Savings Sidekick - C:\Program Files\Savings Sidekick\Savings Sidekick.dll [2012-10-09 612736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04 453504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04 157576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-04-30 19523616]
"avgnt"=D:\Zabezpeceni PC\AntiVirus\Avira\AntiVir Desktop\avgnt.exe [2011-03-28 281768]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2010-01-13 134656]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2010-01-13 166912]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2010-01-13 135680]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]
"DrivUpdater"=C:\WINDOWS\updater\updat.exe [2012-11-10 677852]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Policies"=C:\WINDOWS\updater\updat.exe [2012-11-10 677852]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2012-11-04 963984]
"DrivUpdater"=C:\WINDOWS\updater\updat.exe [2012-11-10 677852]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Policies"=C:\WINDOWS\updater\updat.exe [2012-11-10 677852]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-phishing Domain Advisor]
C:\Documents and Settings\All Users\Data aplikací\Anti-phishing Domain Advisor\visicom_antiphishing.exe [2011-01-31 232104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Update Checker]
C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2008-12-11 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2009-11-16 33681408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
D:\PowerISO\PWRISOVM.EXE [2012-07-19 336992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2012-07-13 17418928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2012-08-08 1353080]

C:\Documents and Settings\Pavel\Nabídka Start\Programy\Po spuštění
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2010-01-13 205824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\QIP 2010\qip.exe"="C:\Program Files\QIP 2010\qip.exe:*:Enabled:QIP 2010"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\NetSpot Device Installer\nsdi.exe"="C:\Program Files\NetSpot Device Installer\nsdi.exe:*:Enabled:NetSpot Device Installer"
"C:\Program Files\Tunngle\TnglCtrl.exe"="C:\Program Files\Tunngle\TnglCtrl.exe:*:Enabled:Tunngle Service"
"C:\Program Files\Tunngle\Tunngle.exe"="C:\Program Files\Tunngle\Tunngle.exe:*:Enabled:Tunngle Client"
"D:\Diablo\SIERRA\HELLFIRE\hellfire.exe"="D:\Diablo\SIERRA\HELLFIRE\hellfire.exe:*:Enabled:Hellfire"
"D:\cs\hl.exe"="D:\cs\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\CNAB4RPK.EXE"="C:\WINDOWS\system32\CNAB4RPK.EXE:*:Enabled:Canon LBP2900 RPC Server Process"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FFDS"=ff_vfw.dll

======List of files/folders created in the last 1 month======

2012-11-10 22:39:13 ----RSHD---- C:\WINDOWS\updater
2012-11-09 12:34:01 ----A---- C:\WINDOWS\rm2uinst.exe
2012-11-09 12:32:26 ----D---- C:\Documents and Settings\Pavel\Data aplikací\avidemux
2012-11-09 12:31:57 ----D---- C:\Program Files\Avidemux 2.6
2012-11-07 21:01:31 ----D---- C:\spoolerlogs
2012-11-07 20:53:04 ----A---- C:\WINDOWS\system32\CNAB4SMK.DLL
2012-11-07 20:53:04 ----A---- C:\WINDOWS\system32\CNAB4RPK.EXE
2012-11-07 20:53:04 ----A---- C:\WINDOWS\system32\CNAB4PTU.DLL
2012-11-07 20:53:04 ----A---- C:\WINDOWS\system32\CNAB4LMK.DLL
2012-11-07 20:53:04 ----A---- C:\WINDOWS\system32\CNAB4EMU.DLL
2012-11-07 20:52:27 ----D---- C:\Program Files\Canon
2012-11-04 21:42:49 ----D---- C:\Program Files\uTorrent
2012-10-29 17:44:54 ----D---- C:\Program Files\VideoPerformer
2012-10-29 17:44:46 ----D---- C:\Program Files\Savings Sidekick
2012-10-29 17:44:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\IBUpdaterService
2012-10-28 16:52:29 ----D---- C:\Program Files\Mozilla Firefox
2012-10-16 15:12:47 ----A---- C:\WINDOWS\system32\Access.dat
2012-10-16 15:08:44 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Tunngle
2012-10-16 15:08:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\Tunngle
2012-10-16 15:08:43 ----A---- C:\WINDOWS\system32\drivers\tap0901t.sys
2012-10-16 15:08:41 ----D---- C:\Program Files\Tunngle
2012-10-16 14:37:38 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Hamachi
2012-10-16 14:37:16 ----D---- C:\Program Files\Hamachi
2012-10-16 14:27:26 ----A---- C:\WINDOWS\DiabUnin.pif
2012-10-16 14:27:26 ----A---- C:\WINDOWS\DiabUnin.exe
2012-10-16 14:27:22 ----A---- C:\WINDOWS\DiabUnin.dat
2012-10-16 14:27:20 ----D---- C:\Program Files\Sierra On-Line
2012-10-16 14:26:51 ----A---- C:\WINDOWS\SIERRA.INI

======List of files/folders modified in the last 1 month======

2012-11-11 11:15:40 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Skype
2012-11-11 11:15:39 ----D---- C:\WINDOWS\Prefetch
2012-11-11 11:15:39 ----D---- C:\Program Files\trend micro
2012-11-11 11:14:02 ----D---- C:\Documents and Settings\Pavel\Data aplikací\uTorrent
2012-11-11 09:41:13 ----D---- C:\WINDOWS\Temp
2012-11-11 09:41:10 ----D---- C:\WINDOWS\system32\CatRoot2
2012-11-10 23:54:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-11-10 22:39:13 ----D---- C:\WINDOWS
2012-11-09 12:31:57 ----RD---- C:\Program Files
2012-11-09 11:25:50 ----D---- C:\Program Files\QIP 2010
2012-11-07 20:53:33 ----HD---- C:\WINDOWS\inf
2012-11-07 20:53:33 ----D---- C:\WINDOWS\system32\CatRoot
2012-11-07 20:53:23 ----D---- C:\WINDOWS\system32
2012-10-29 17:45:20 ----SHD---- C:\WINDOWS\Installer
2012-10-29 17:45:19 ----D---- C:\WINDOWS\WinSxS
2012-10-29 16:11:49 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-10-28 12:15:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-10-22 17:21:34 ----D---- C:\Documents and Settings\Pavel\Data aplikací\vlc
2012-10-16 15:08:54 ----D---- C:\WINDOWS\system32\drivers
2012-10-16 15:08:44 ----RSD---- C:\WINDOWS\Fonts
2012-10-16 14:29:30 ----D---- C:\WINDOWS\system

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2009-08-04 11296]
R1 AsUpIO;AsUpIO; C:\WINDOWS\system32\drivers\AsUpIO.sys [2009-07-06 11448]
R1 avgio;avgio; \??\D:\Zabezpeceni PC\AntiVirus\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-11-19 138192]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SASDIFSV;SASDIFSV; \??\D:\Zabezpeceni PC\AntiSpyware\SASDIFSV.SYS []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2012-07-19 113104]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-11-19 66616]
R2 ithsgt;ithsgt; C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2011-09-16 162432]
R2 lilsgt;lilsgt; C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2011-09-16 12032]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2008-04-14 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2008-04-14 55936]
R2 RtNdPt5x;Realtek NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\RtNdPt5x.sys [2008-07-09 22016]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2012-10-16 25280]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2010-01-13 1730272]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-08-07 111360]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\WINDOWS\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2009-09-30 1418368]
S0 cerc6;cerc6; C:\WINDOWS\system32\drivers\cerc6.sys []
S1 SASKUTIL;SASKUTIL; \??\D:\Zabezpečení PC\AntiSpyware\SASKUTIL.SYS []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\safedrv.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-04-30 6032928]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-09-28 7655872]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda32.sys [2009-08-21 57248]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features; C:\WINDOWS\system32\DRIVERS\RTLTEAMING.SYS [2009-10-12 29440]
S3 RTLVLAN;Realtek VLAN Intermediate Driver; C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS [2009-02-16 17536]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; D:\Zabezpeceni PC\AntiVirus\Avira\AntiVir Desktop\avguard.exe [2011-11-19 269480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; D:\Zabezpeceni PC\AntiVirus\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
R2 IBUpdaterService;Updater Service; C:\Documents and Settings\All Users\Data aplikací\IBUpdaterService\ibsvc.exe [2012-10-29 600096]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe [2012-05-04 161664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-28 115168]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TunngleService;TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [2012-10-02 743320]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Re: Prosím o kontrolu logu

Napsal: 11 lis 2012 11:49
od Rudy
Soubor smažte a dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Re: Prosím o kontrolu logu

Napsal: 11 lis 2012 12:24
od Paulie0001
Dobrý den, děkuju za radu :) , soubor jsem smazal a posílám log z combofix:

ComboFix 12-11-09.02 - Pavel 11.11.2012 11:59:13.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.1480 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pavel\Dokumenty\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Pavel\WINDOWS
c:\program files\Savings Sidekick
c:\program files\Savings Sidekick\ButtonUtil.dll
c:\program files\Savings Sidekick\Savings Sidekick-bg.exe
c:\program files\Savings Sidekick\Savings Sidekick.dll
c:\program files\Savings Sidekick\Savings Sidekick.exe
c:\program files\Savings Sidekick\Savings Sidekick.ico
c:\program files\Savings Sidekick\Savings Sidekick.ini
c:\program files\Savings Sidekick\Savings SidekickInstaller.log
c:\program files\Savings Sidekick\Uninstall.exe
c:\windows\updater\updat.exe
D:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-11 do 2012-11-11 )))))))))))))))))))))))))))))))
.
.
2012-11-10 21:39 . 2012-11-11 11:07 -------- d-sh--r- c:\windows\updater
2012-11-09 11:34 . 1999-02-05 01:47 299008 ----a-w- c:\windows\rm2uinst.exe
2012-11-09 11:32 . 2012-11-10 00:26 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\avidemux
2012-11-09 11:31 . 2012-11-09 11:32 -------- d-----w- c:\program files\Avidemux 2.6
2012-11-07 20:01 . 2012-11-07 20:01 -------- d-----w- C:\spoolerlogs
2012-11-07 19:53 . 2007-09-27 14:00 69632 ----a-w- c:\windows\system32\CNAB4SMK.DLL
2012-11-07 19:53 . 2007-09-27 14:00 135168 ----a-w- c:\windows\system32\CNAB4EMU.DLL
2012-11-07 19:53 . 2007-01-11 11:26 63112 ----a-w- c:\windows\system32\CNAB4RPK.EXE
2012-11-07 19:53 . 2007-01-10 14:00 28672 ----a-w- c:\windows\system32\CNAB4PTU.DLL
2012-11-07 19:53 . 2007-01-10 14:00 28672 ----a-w- c:\windows\system32\CNAB4LMK.DLL
2012-11-07 19:52 . 2012-11-07 19:55 -------- d-----w- c:\program files\Canon
2012-11-04 20:42 . 2012-11-04 20:42 -------- d-----w- c:\program files\uTorrent
2012-10-29 16:44 . 2012-10-29 16:45 -------- d-----w- c:\program files\VideoPerformer
2012-10-29 16:44 . 2012-10-29 16:44 -------- d-----w- c:\documents and settings\Pavel\Local Settings\Data aplikací\Savings Sidekick
2012-10-29 16:44 . 2012-10-29 16:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IBUpdaterService
2012-10-16 17:44 . 2012-10-18 16:05 66936 --sha-w- c:\windows\hrinfo_0.drv
2012-10-16 14:08 . 2012-10-20 17:04 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\Tunngle
2012-10-16 14:08 . 2012-10-16 14:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Tunngle
2012-10-16 14:08 . 2009-09-16 06:02 27136 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2012-10-16 14:08 . 2012-10-16 14:09 -------- d-----w- c:\program files\Tunngle
2012-10-16 13:37 . 2012-11-11 11:07 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\Hamachi
2012-10-16 13:37 . 2012-10-16 13:37 -------- d-----w- c:\program files\Hamachi
2012-10-16 13:27 . 2012-10-16 13:27 2829 ----a-w- c:\windows\DiabUnin.pif
2012-10-16 13:27 . 2012-10-16 13:27 118784 ----a-w- c:\windows\DiabUnin.exe
2012-10-16 13:27 . 2012-10-16 13:27 -------- d-----w- c:\program files\Sierra On-Line
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-16 13:37 . 2009-03-18 15:35 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-08-15 14:25 . 2012-07-12 12:47 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 14:25 . 2012-01-23 03:37 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-28 15:52 . 2012-10-28 15:52 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-11-04 963984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-30 19523616]
"avgnt"="d:\zabezpeceni pc\AntiVirus\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-13 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-13 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-13 135680]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\Pavel\Nabídka Start\Programy\Po spuštění\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2012-10-16 625952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-phishing Domain Advisor]
2011-01-31 22:29 232104 ----a-w- c:\documents and settings\All Users\Data aplikací\Anti-phishing Domain Advisor\visicom_antiphishing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Update Checker]
2008-12-11 11:45 114688 ----a-w- c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-11-16 07:49 33681408 ----a-r- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2012-07-19 09:38 336992 ----a-w- d:\poweriso\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-08-08 07:08 1353080 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\QIP 2010\\qip.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NetSpot Device Installer\\nsdi.exe"=
"c:\\Program Files\\Tunngle\\TnglCtrl.exe"=
"c:\\Program Files\\Tunngle\\Tunngle.exe"=
"d:\\Diablo\\SIERRA\\HELLFIRE\\hellfire.exe"=
"d:\\cs\\hl.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\CNAB4RPK.EXE"=
.
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [5.4.2011 18:39 11448]
R1 SASDIFSV;SASDIFSV;d:\zabezpeceni pc\AntiSpyware\sasdifsv.sys [17.2.2010 19:25 12872]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\zabezpeceni pc\AntiVirus\Avira\AntiVir Desktop\sched.exe [7.5.2011 10:20 136360]
R2 IBUpdaterService;Updater Service;c:\documents and settings\All Users\Data aplikací\IBUpdaterService\ibsvc.exe [29.10.2012 17:44 600096]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [18.7.2010 14:01 22016]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [16.10.2012 15:08 27136]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [5.4.2011 17:23 1418368]
S0 cerc6;cerc6; [x]
S1 SASKUTIL;SASKUTIL;\??\d:\zabezpečení pc\AntiSpyware\SASKUTIL.SYS --> d:\zabezpečení pc\AntiSpyware\SASKUTIL.SYS [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 12:28 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [18.7.2010 14:43 1691480]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [18.7.2010 14:01 29440]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [18.7.2010 14:01 17536]
S3 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [16.10.2012 15:08 743320]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 14:25]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\pzadnv70.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: 2012-10-29 17:44; crossriderapp5060@crossrider.com; c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\pzadnv70.default\extensions\crossriderapp5060@crossrider.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-DrivUpdater - c:\windows\updater\updat.exe
HKLM-Run-DrivUpdater - c:\windows\updater\updat.exe
MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-11 12:08
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-299502267-1409082233-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CFAD54F2-32D7-142E-E775-0B298AF2B47F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-299502267-1409082233-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:a0,0b,20,11,14,5b,7b,b2,cb,41,49,88,ff,7d,62,5d,03,b0,62,bf,51,
e5,41,cc,8c,b8,e2,56,28,e7,94,bf,18,51,bf,36,ce,29,38,5e,2d,8b,53,3c,ca,ba,\
"rkeysecu"=hex:af,b4,29,6c,32,e0,c2,85,72,bd,9c,ec,a2,3c,2f,43
.
Celkový čas: 2012-11-11 12:09:57
ComboFix-quarantined-files.txt 2012-11-11 11:09
.
Před spuštěním: Volných bajtů: 12 497 170 432
Po spuštění: Volných bajtů: 12 513 316 864
.
- - End Of File - - 3819D3B86524451E4718AB6A2F08DDAB

Re: Prosím o kontrolu logu

Napsal: 11 lis 2012 12:56
od Rudy
Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Firefox::
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\pzadnv70.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - ExtSQL: 2012-10-29 17:44; crossriderapp5060@crossrider.com; c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\pzadnv70.default\extensions\crossriderapp5060@crossrider.com

Regnull::
[HKEY_USERS\S-1-5-21-299502267-1409082233-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CFAD54F2-32D7-142E-E775-0B298AF2B47F}*]
[HKEY_USERS\S-1-5-21-299502267-1409082233-682003330-1003\Software\SecuROM\License information*]

Reboot::
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu comboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: Prosím o kontrolu logu

Napsal: 11 lis 2012 20:17
od Paulie0001
Dobrý večer, díky a posílám log:

ComboFix 12-11-10.01 - Pavel 11.11.2012 20:00:38.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.1608 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pavel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pavel\Plocha\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\system32\avgfwdx.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-11 do 2012-11-11 )))))))))))))))))))))))))))))))
.
.
2012-11-11 11:42 . 1998-06-26 17:44 177664 ----a-w- c:\windows\aluinst.exe
2012-11-10 21:39 . 2012-11-11 11:07 -------- d-sh--r- c:\windows\updater
2012-11-09 11:32 . 2012-11-10 00:26 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\avidemux
2012-11-09 11:31 . 2012-11-09 11:32 -------- d-----w- c:\program files\Avidemux 2.6
2012-11-07 20:01 . 2012-11-07 20:01 -------- d-----w- C:\spoolerlogs
2012-11-07 19:53 . 2007-09-27 14:00 69632 ----a-w- c:\windows\system32\CNAB4SMK.DLL
2012-11-07 19:53 . 2007-09-27 14:00 135168 ----a-w- c:\windows\system32\CNAB4EMU.DLL
2012-11-07 19:53 . 2007-01-11 11:26 63112 ----a-w- c:\windows\system32\CNAB4RPK.EXE
2012-11-07 19:53 . 2007-01-10 14:00 28672 ----a-w- c:\windows\system32\CNAB4PTU.DLL
2012-11-07 19:53 . 2007-01-10 14:00 28672 ----a-w- c:\windows\system32\CNAB4LMK.DLL
2012-11-07 19:52 . 2012-11-07 19:55 -------- d-----w- c:\program files\Canon
2012-11-04 20:42 . 2012-11-04 20:42 -------- d-----w- c:\program files\uTorrent
2012-10-29 16:44 . 2012-10-29 16:45 -------- d-----w- c:\program files\VideoPerformer
2012-10-29 16:44 . 2012-10-29 16:44 -------- d-----w- c:\documents and settings\Pavel\Local Settings\Data aplikací\Savings Sidekick
2012-10-29 16:44 . 2012-10-29 16:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IBUpdaterService
2012-10-16 17:44 . 2012-10-18 16:05 66936 --sha-w- c:\windows\hrinfo_0.drv
2012-10-16 14:08 . 2012-10-20 17:04 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\Tunngle
2012-10-16 14:08 . 2012-10-16 14:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Tunngle
2012-10-16 14:08 . 2009-09-16 06:02 27136 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2012-10-16 14:08 . 2012-10-16 14:09 -------- d-----w- c:\program files\Tunngle
2012-10-16 13:37 . 2012-11-11 19:10 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\Hamachi
2012-10-16 13:37 . 2012-10-16 13:37 -------- d-----w- c:\program files\Hamachi
2012-10-16 13:27 . 2012-10-16 13:27 2829 ----a-w- c:\windows\DiabUnin.pif
2012-10-16 13:27 . 2012-10-16 13:27 118784 ----a-w- c:\windows\DiabUnin.exe
2012-10-16 13:27 . 2012-10-16 13:27 -------- d-----w- c:\program files\Sierra On-Line
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-16 13:37 . 2009-03-18 15:35 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-08-15 14:25 . 2012-07-12 12:47 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 14:25 . 2012-01-23 03:37 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-28 15:52 . 2012-10-28 15:52 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-11-04 963984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-30 19523616]
"avgnt"="d:\zabezpeceni pc\AntiVirus\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-13 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-13 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-13 135680]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\Pavel\Nabídka Start\Programy\Po spuštění\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2012-10-16 625952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-phishing Domain Advisor]
2011-01-31 22:29 232104 ----a-w- c:\documents and settings\All Users\Data aplikací\Anti-phishing Domain Advisor\visicom_antiphishing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Update Checker]
2008-12-11 11:45 114688 ----a-w- c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-11-16 07:49 33681408 ----a-r- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2012-07-19 09:38 336992 ----a-w- d:\poweriso\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-08-08 07:08 1353080 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\QIP 2010\\qip.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NetSpot Device Installer\\nsdi.exe"=
"c:\\Program Files\\Tunngle\\TnglCtrl.exe"=
"c:\\Program Files\\Tunngle\\Tunngle.exe"=
"d:\\Diablo\\SIERRA\\HELLFIRE\\hellfire.exe"=
"d:\\cs\\hl.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\CNAB4RPK.EXE"=
.
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [5.4.2011 18:39 11448]
R1 SASDIFSV;SASDIFSV;d:\zabezpeceni pc\AntiSpyware\sasdifsv.sys [17.2.2010 19:25 12872]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\zabezpeceni pc\AntiVirus\Avira\AntiVir Desktop\sched.exe [7.5.2011 10:20 136360]
R2 IBUpdaterService;Updater Service;c:\documents and settings\All Users\Data aplikací\IBUpdaterService\ibsvc.exe [29.10.2012 17:44 600096]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [18.7.2010 14:01 22016]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [16.10.2012 15:08 27136]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [5.4.2011 17:23 1418368]
S0 cerc6;cerc6; [x]
S1 SASKUTIL;SASKUTIL;\??\d:\zabezpečení pc\AntiSpyware\SASKUTIL.SYS --> d:\zabezpečení pc\AntiSpyware\SASKUTIL.SYS [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 12:28 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [18.7.2010 14:43 1691480]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [18.7.2010 14:01 29440]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [18.7.2010 14:01 17536]
S3 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [16.10.2012 15:08 743320]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 14:25]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\pzadnv70.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: 2012-10-29 17:44; crossriderapp5060@crossrider.com; c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\pzadnv70.default\extensions\crossriderapp5060@crossrider.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-Nvidia Omega Drivers for Windows 2k-XPv1.6693 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-11 20:10
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(728)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\zabezpeceni pc\AntiVirus\Avira\AntiVir Desktop\avguard.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
d:\zabezpeceni pc\AntiVirus\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\CNAB4RPK.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-11-11 20:13:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-11 19:13
ComboFix2.txt 2012-11-11 11:09
.
Před spuštěním: Volných bajtů: 12 483 547 136
Po spuštění: Volných bajtů: 12 473 442 304
.
- - End Of File - - C6F4DB2A39BDF9ED0E8EFA740553CF72

Re: Prosím o kontrolu logu

Napsal: 11 lis 2012 20:20
od Rudy
Log již vypadá čistý.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz