VIRY.CZ

Dobrý večer prajme.
Včera som zistil na PC (v domácnosti ho využíva každý), ako mrzne PC. 100% CPU pritom zabralo svchost.exe
Spustil som test avastu po restartu PC. AVAST detekoval Win32:Somoto K/PUP/ a Win:Idile, ale ten bol v adresáry Kaspersky Rescue 10
Následne som spustil Kaspersky Rescue 10, ten nič nenašiel.
Spustil som aj test MBAM a ten detekoval trojany /log z MBAM tiež pripajam/, tie som zmazal.

Log z RSIT :
Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2013-11-14 18:44:26
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 20 GB (44%) free of 45 GB
Total RAM: 1023 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:44:59, on 14. 11. 2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
D:\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\All Users\Plocha\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-220523388-839522115-1343024091-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Kováčik')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: XIII Century Drivers Auto Removal (pr2aqn8b) (pr2aqn8b) - Cenega Czech - C:\WINDOWS\system32\pr2aqn8b.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 5858 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\avast! Emergency Update.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2009-11-25 202080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-08-30 201784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 323904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2009-11-25 1496408]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-08-30 201784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2009-02-25 2553088]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-08-30 4858968]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [2004-03-04 172032]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
D:\Programy\Eraser\Eraser.exe [2007-12-23 916240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2013-05-01 421888]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\Stano\Torent\uTorrent\utorrent.exe"="D:\Stano\Torent\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"D:\Game\Return to Castle Wolfenstein\WolfMP.exe"="D:\Game\Return to Castle Wolfenstein\WolfMP.exe:*:Enabled:WolfMP"
"D:\Game\Call of Duty 2\CoD2MP_s.exe"="D:\Game\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\Game\Call of duty\CoDMP.exe"="D:\Game\Call of duty\CoDMP.exe:*:Disabled:CoDMP"
"D:\Game\Age of Empire\Age Of Empire 2\empires2.exe"="D:\Game\Age of Empire\Age Of Empire 2\empires2.exe:*:Disabled:Age of Empires II"
"D:\Game\Mooha Assault\MOHAA.EXE"="D:\Game\Mooha Assault\MOHAA.EXE:*:Disabled:Medal of Honor Allied Assault"
"D:\Game\Medal of honor\MOHAA.exe"="D:\Game\Medal of honor\MOHAA.exe:*:Disabled:Medal of Honor Allied Assault"
"D:\Game\Mooha Assault\moh_spearhead_server.exe"="D:\Game\Mooha Assault\moh_spearhead_server.exe:*:Disabled:Medal of Honor Allied Assault(tm) Spearhead"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MagicTune Premium\MagicTune.exe"="C:\Program Files\MagicTune Premium\MagicTune.exe:*:Disabled:MagicTune"
"D:\Game\XIII CENTURY\engine.exe"="D:\Game\XIII CENTURY\engine.exe:*:Disabled:engine"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\Game\SNIPER\Sniper Elite\SniperElite.exe"="D:\Game\SNIPER\Sniper Elite\SniperElite.exe:*:Enabled:SniperElite"
"D:\Game\Blitzkrieg\Bin\Game.exe"="D:\Game\Blitzkrieg\Bin\Game.exe:*:Enabled:Game"
"D:\Game\airborne\EMPIRESX.EXE"="D:\Game\airborne\EMPIRESX.EXE:*:Enabled:Age of Empires, the Rise of Rome"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.WMV3"=wmv9vcm.dll
"vidc.tscc"=tsccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"msacm.vorbis"=vorbis.acm
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"msacm.ac3filter"=ac3filter.acm

======List of files/folders created in the last 1 month======

2013-11-14 09:50:40 ----AD---- C:\Kaspersky Rescue Disk 10.0
2013-11-14 08:11:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2868626$
2013-11-14 08:11:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2900986$
2013-11-14 08:10:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2862152$
2013-11-14 08:10:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2876331$
2013-11-12 10:38:16 ----A---- C:\WINDOWS\system32\javaws.exe
2013-11-12 10:38:01 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-11-12 10:38:01 ----A---- C:\WINDOWS\system32\javaw.exe
2013-11-12 10:38:01 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 month======

2013-11-14 18:44:33 ----D---- C:\Program Files\trend micro
2013-11-14 18:44:10 ----D---- C:\WINDOWS\Prefetch
2013-11-14 18:30:33 ----D---- C:\WINDOWS\Temp
2013-11-14 18:05:53 ----D---- C:\Program Files\SeaMonkey
2013-11-14 17:57:23 ----D---- C:\WINDOWS\system32\drivers
2013-11-14 17:56:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-11-14 17:54:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2503665$
2013-11-14 14:16:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-11-14 14:11:07 ----D---- C:\WINDOWS
2013-11-14 08:41:38 ----D---- C:\WINDOWS\Debug
2013-11-14 08:17:32 ----D---- C:\WINDOWS\system32
2013-11-14 08:16:45 ----D---- C:\WINDOWS\system32\CatRoot2
2013-11-14 08:11:50 ----HD---- C:\WINDOWS\inf
2013-11-14 08:11:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-11-14 08:09:26 ----D---- C:\Program Files\Internet Explorer
2013-11-14 08:09:08 ----D---- C:\WINDOWS\ie8updates
2013-11-14 08:04:00 ----D---- C:\WINDOWS\system32\MRT
2013-11-14 08:03:42 ----A---- C:\WINDOWS\system32\MRT.exe
2013-11-12 11:12:43 ----A---- C:\WINDOWS\win.ini
2013-11-12 10:38:21 ----SHD---- C:\WINDOWS\Installer
2013-11-12 10:38:21 ----D---- C:\Config.Msi
2013-11-12 10:38:01 ----D---- C:\Program Files\Java
2013-11-12 10:36:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-10 18:16:11 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2013-08-30 49376]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2013-08-30 177864]
R0 imagedrv;imagedrv; C:\WINDOWS\System32\Drivers\imagedrv.sys [2004-03-02 5504]
R0 imagesrv;imagesrv; C:\WINDOWS\system32\DRIVERS\imagesrv.sys [2004-03-02 125184]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 pe3aqn8b;XIII Century Environment Driver (pe3aqn8b); C:\WINDOWS\system32\drivers\pe3aqn8b.sys [2008-02-11 64632]
R0 ps7aqn8b;XIII Century Synchronization Driver (ps7aqn8b); C:\WINDOWS\system32\drivers\ps7aqn8b.sys [2008-02-11 68736]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2006-08-25 36528]
R0 Vax347b;Vax347b; C:\WINDOWS\system32\DRIVERS\Vax347b.sys [2005-04-25 159616]
R0 Vax347s;Vax347s; C:\WINDOWS\System32\Drivers\Vax347s.sys [2004-04-30 5248]
R0 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2009-12-25 82380]
R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2012-03-07 24408]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2013-08-30 49760]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2013-08-30 770344]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2013-08-30 369584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2013-08-30 56080]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 NCPro;NCPro; C:\WINDOWS\system32\drivers\MTictwl.sys [2008-01-17 13184]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-12-14 20747]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2013-08-30 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-12-26 15440]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-17 701440]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2006-12-26 34760]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-03-08 255232]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudio.sys [2003-10-20 73856]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2002-06-20 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2002-06-20 39776]
S0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-12-06 691696]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner; \??\C:\WINDOWS\system32\drivers\AWRTPD.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2003-08-20 740992]
S3 MagicTune;MagicTune; C:\WINDOWS\system32\drivers\MTiCtwl.sys [2008-01-17 13184]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2002-06-20 20128]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2002-06-20 5728]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-08-30 46808]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2009-02-10 116104]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-10-08 182696]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2009-02-25 1352960]
R2 StarWindService;StarWind iSCSI Service; D:\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
R2 UMWdf;Sada ovladačů pro uživatelský režim systému Windows; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2003-06-03 282624]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2003-06-05 114688]
S2 pr2aqn8b;XIII Century Drivers Auto Removal (pr2aqn8b); C:\WINDOWS\system32\pr2aqn8b.exe [2008-02-11 411000]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-09-12 118680]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2010-02-08 360192]
S4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2010-02-08 603904]

-----------------EOF-----------------

Log z MBAM :

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2013.11.14.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Kováčik :: KOV [administrátor]

14.11.2013 14:19:35
mbam-log-2013-11-14 (14-19-35).txt

Typ: Kompletní kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 341070
Uplynulý čas: 1 hodin, 22 minut, 4 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 1
C:\Documents and Settings\Kováčik\Data aplikací\archsoft (Trojan.Agent) -> Přesun do karantény a smazání se zdařilo.

Nalezené soubory: 29
D:\Instal\Kodeky\cole2k.media.-.codec.pack.v7.9.0.-advanced-.setup.exe (PUP.Dealio.TB) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Kováčik\Data aplikací\archsoft\winzipf.exe (Trojan.FakeSMS) -> Přesun do karantény a smazání se zdařilo.
D:\Instal\Alkohol 120\Alcohol.120.v1.9.8.7117\Alcohol.120.v1.9.8.7117.Retail.Incl.keygen.rar (RiskWare.Tool.CK) -> Přesun do karantény a smazání se zdařilo.
D:\Instal\Call of duty 2 keygen\uKMSdH7Ij2.zip (Trojan.Agent) -> Přesun do karantény a smazání se zdařilo.
D:\Instal\Sony Vegas Pro\SoMulKey.rar (Trojan.Agent.CK) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Kováčik\Data aplikací\archsoft\rubashka.css (Trojan.Agent) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Kováčik\Data aplikací\archsoft\sb-scroll-back.png (Trojan.Agent) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Kováčik\Data aplikací\archsoft\bander.png (Trojan.Agent) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Kováčik\Data aplikací\archsoft\dir.png (Trojan.Agent) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Kováčik\Data aplikací\archsoft\dot.gif (Trojan.Agent) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Kováčik\Data aplikací\archsoft\htmlayout.dll (Trojan.Agent) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Kováčik\Data aplikací\archsoft\logo.png (Trojan.Agent) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Kováčik\Data aplikací\archsoft\logo2.png (Trojan.Agent) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Kováčik\Data aplikací\archsoft\sb-h-scroll-next.png (Trojan.Agent) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Kováčik\Data aplikací\archsoft\sb-h-scroll-prev.png (Trojan.Agent) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Kováčik\Data aplikací\archsoft\sb-scroll-base.png (Trojan.Agent) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Kováčik\Data aplikací\archsoft\sb-scroll-slider.png (Trojan.Agent) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Kováčik\Data aplikací\archsoft\sb-v-scroll-next.png (Trojan.Agent) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Kováčik\Data aplikací\archsoft\sb-v-scroll-prev.png (Trojan.Agent) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Kováčik\Data aplikací\archsoft\scroll.css (Trojan.Agent) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Kováčik\Data aplikací\archsoft\wfont.ttf (Trojan.Agent) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Kováčik\Data aplikací\archsoft\_todel.png (Trojan.Agent) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Kováčik\Data aplikací\archsoft\_todel2.png (Trojan.Agent) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Kováčik\Data aplikací\archsoft\_todel3.png (Trojan.Agent) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Kováčik\Data aplikací\archsoft\_todel4.png (Trojan.Agent) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Kováčik\Data aplikací\archsoft\_todel5.png (Trojan.Agent) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Kováčik\Data aplikací\archsoft\_todel6.png (Trojan.Agent) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Kováčik\Data aplikací\archsoft\_todel7.png (Trojan.Agent) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\Kováčik\Data aplikací\archsoft\_todel8.png (Trojan.Agent) -> Přesun do karantény a smazání se zdařilo.

(konec)

Zdravim

Kdyz si cpete do PC cracky\keygeny, tak se neni cemu divit

Microsoft ma nyni nejake problemy s aktualizacemi, zrejme uz mysli vazne a opousti podporu (ackoliv oficialne az nekdy na jare 2014)

Zkuste jit na stranku windows update a nainstalovat vsechny aktualizace, je to bohuzel na dyl - vizte citaci kolegy

cernohous13 píše: Na stránce http://update.microsoft.com/microsoftup ... aspx?ln=cs po povolení instalace AktiveX jsem se po půl hodině stahování (svchost 99%)
dostal až na instalace (dalších 15min)

Něco u Mrkvosoftu asi změnili

Pekný deň Vám prajem,

včera som stiahol všetky aktualizácie od Microsoftu ako ste mi odporučil, bolo ich 19. Všetko to zbehlo a nainštalovalo sa. Ráno si Windovs stiahol ďalších 7 aktualizácii a pri tom včera po ukončení scenu na viry si stiahol tiež nejaké. Tento týždeň vydali Microsoft fakt veľa auktualizácií.
Teraz mi po štarte niekedy svchost.exe začne bežať tak 1-2minúty ma 100% CPU a niekedy vôbec. Tak neviem. Dosť mi trhá videá na youtube. Keď však spustím vedeo z HD alebo flash-ky ide normálne. Používam prehliadač SeaMonkey aj ten mi zaberie pri spustení cca 60% CPU. Toto PC je už dávno za svojim zenitom. Ako som písal využíva ho každý v domácnosti.

Problem je jen v prohlizeci SeaMonkey nebo i v jinych??

Dobrý večer,
skúšal som aj IE, ale je to asi to isté.
Teraz som si po dlhšomo čase sadol k tomuto PC a znova svchost berie spolu so Seamonkey cca 100% CPU

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Pekný večer prajem,
prikladám log z RKill

Rkill 2.6.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/20/2013 06:01:23 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* System Restore Disabled

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = dword:00000001

Checking Windows Service Integrity:

* Služba obnovení systému (srservice) is not Running.
Startup Type set to: Automatic

* Ovladač filtru Obnovy systému (sr) is not Running.
Startup Type set to: Disabled

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\drivers\mqac.sys : 91 776 : 06/22/2009 12:48 AM : eee50bf24caeedb515a8f3b22756d3bb [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqac.sys : 72 960 : 07/06/2007 10:52 AM : d92fce6729ee150a15a7cdbc433f390e [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB971032\SP2QFE\mqac.sys : 91 776 : 06/22/2009 12:30 AM : 9229e191fe206628be17d1e67a5faed9 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB937894$\mqac.sys : 72 960 : 08/03/2004 09:58 PM : db07b0088cdfd20c2a22e675120ede34 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB971032$\mqac.sys : 72 960 : 08/03/2004 09:58 PM : db07b0088cdfd20c2a22e675120ede34 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\mqac.sys : 92 544 : 04/13/2008 07:39 PM : 70c14f5cca5cf73f8a645c73a01d8726 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\mqac.sys : 91 776 : 06/22/2009 12:48 AM : eee50bf24caeedb515a8f3b22756d3bb [Pos Repl]

Checking HOSTS File:

* HOSTS file entries found:

ÿþ1 2 7 . 0 . 0 . 1 l o c a l h o s t

: : 1 l o c a l h o s t

Program finished at: 11/20/2013 06:02:43 PM
Execution time: 0 hours(s), 1 minute(s), and 20 seconds(s)

Pekny vecer i Vam, pokracujte ComboFixem

Spustil som ComboFix, šlo to bez problémov.
Tu je log z ComboFixu :

ComboFix 13-11-19.01 - Administrator . 11. 2013 21:00:40.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.645 [GMT 1:00]
Spuštěný z: c:\documents and settings\Kováčik\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\FlashPlayerApp.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-20 do 2013-11-20 )))))))))))))))))))))))))))))))
.
.
2013-11-15 08:17 . 2012-06-02 14:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2013-11-14 20:34 . 2013-11-14 20:34 -------- d-----w- c:\program files\Common Files\Skype
2013-11-14 20:29 . 2013-11-14 20:29 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2013-11-14 08:50 . 2013-11-14 14:08 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-11-12 09:38 . 2013-10-08 06:50 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 18:15 . 2011-05-19 06:04 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-13 11:42 . 2004-08-17 13:49 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:12 . 2004-08-17 13:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:12 . 2004-08-17 13:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-13 07:12 . 2004-08-17 13:49 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57 . 2004-08-17 13:44 385024 ----a-w- c:\windows\system32\html.iec
2013-10-12 15:57 . 2004-08-17 13:49 279552 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:13 . 2004-08-17 13:49 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-08 06:29 . 2009-11-03 08:43 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-07 11:00 . 2004-08-17 13:49 606208 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:42 . 2008-05-05 05:25 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-08-30 07:48 . 2013-03-21 06:48 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2012-02-24 12:24 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2012-02-24 12:24 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2013-03-21 06:48 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2012-02-24 12:24 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-08-30 07:48 . 2012-02-24 12:24 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2013-03-21 06:48 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:48 . 2012-02-24 12:24 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:47 . 2012-02-24 12:23 41664 ----a-w- c:\windows\avastSS.scr
2013-08-30 07:47 . 2012-02-24 12:23 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-29 07:01 . 2004-08-17 13:44 1878656 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-02-25 2553088]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-17 44544]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe -s [2008-12-14 593920]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2007-12-22 23:03 916240 ----a-w- d:\programy\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 01:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
"HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"Share-to-Web Namespace Daemon"=c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
"CloneCDTray"="d:\programy\CloneCD\CloneCDTray.exe" /s
"ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"CleanDiskAutoRun"=d:\programy\cleandiskse\cleandisk.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"RemoteControl"="d:\programy\Power DVD 6\PDVDServ.exe"
"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Stano\\Torent\\uTorrent\\utorrent.exe"=
"d:\\Game\\Return to Castle Wolfenstein\\WolfMP.exe"=
"d:\\Game\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Game\\Call of duty\\CoDMP.exe"=
"d:\\Game\\Age of Empire\\Age Of Empire 2\\empires2.exe"=
"d:\\Game\\Mooha Assault\\MOHAA.EXE"=
"d:\\Game\\Medal of honor\\MOHAA.exe"=
"d:\\Game\\Mooha Assault\\moh_spearhead_server.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MagicTune Premium\\MagicTune.exe"=
"d:\\Game\\XIII CENTURY\\engine.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"d:\\Game\\SNIPER\\Sniper Elite\\SniperElite.exe"=
"d:\\Game\\Blitzkrieg\\Bin\\Game.exe"=
"d:\\Game\\airborne\\EMPIRESX.EXE"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [21. 3. 2013 7:48 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [21. 3. 2013 7:48 177864]
R0 pe3aqn8b;XIII Century Environment Driver (pe3aqn8b);c:\windows\system32\drivers\pe3aqn8b.sys [11. 2. 2008 18:35 64632]
R0 ps7aqn8b;XIII Century Synchronization Driver (ps7aqn8b);c:\windows\system32\drivers\ps7aqn8b.sys [11. 2. 2008 18:35 68736]
R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [7. 2. 2010 12:31 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [7. 2. 2010 12:31 5248]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [22. 3. 2012 8:26 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [24. 2. 2012 13:24 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24. 2. 2012 13:24 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24. 2. 2012 13:24 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [21. 3. 2013 7:48 66336]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13. 5. 2007 11:57 691696]
S2 pr2aqn8b;XIII Century Drivers Auto Removal (pr2aqn8b);c:\windows\system32\pr2aqn8b.exe svc --> c:\windows\system32\pr2aqn8b.exe svc [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13. 7. 2012 13:28 160944]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-11-20 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-03 07:47]
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 217.119.113.244 172.18.100.15
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-20 21:10
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\avast! sandbox
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="028A31B0783276A75B614B3D2D445449D4AA63D5FBEC9E2FBA8E54FD14503AA0C05918B0DF3CA5F676862636E27CF8819BDCA819F236457B359AF821BC62B794FEAAF1E112CA998628738E5C97A08F3AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D5D575E7D6A3B9808A2D97226D213B5554C2EFB02FC9CA14E189FAE4AAA067FAC630CC7E039F78D1CE918EDA689476BF8623CD0306FBF5A0E3D96C86656BC804432BE4BB1324706CF9D35A63DC64CFB7AA8DA92413BDC13FCC9FE93650104A75F8F75ACA9832298733DC4D8EB30E76DDC39DC63704B52D3A2C4E505031242E2580E99D227321AB6558A2803518973D8FB20BCF83D40E1780B287FA7422842718BB5B341CBF7A0A542B6633C53C7AAA8B5DE169B6BEA2FB048E01F18E692B1E85C01F409FEC28F000C6D9E2A95172F1AED6A2B2A0555C4016D52408A7A5623312FDE2FD169B4A0340B47248A865484418EAB609455BA10BF94D17FC44BAA8E09EEB258D6FA21730219D5662D52931305007F3E60EB8A639A59A82021E87E4B7F88538D6764130B00151D76F6EE9A272035B6F1A69DE6F18FDC17860D296F1B79EC8B0C679C48CF19E1168E5E9164F19F9F174B1681A8577344CCBE8C25D41DB0131AB7CD5D328C8965AA0A71B59E8668B659416D755B0FED37F0F4B3B934DAB1733396A424F570E48ABCE7D09B2C5EB1772BEC83993EFB79629DFBAE884DBBDB8CFCD30DB46C0F0F401FCB2EC423558461AC0943CF446368F760C7BA760E11665F933E39932460C1791BFED4F94F2C3F77F2F627C2956D5C2A3BF4AA2D9C8B5872844AF00CDEBE8CAC6B6D2044AE0896C0073C40DC0EA84E34A4BFE39851C18ECD538C8FAB11EBD0D34026FE75F26F104B6681B64FBC860951860B616BB72E3A81F6400345E408C2EE3EDDF61F04CF08A38115C10DE5DBACC1BEDCB19911AEE09D5B46D06E381DEDFE7D6B2018FA7AAAE0BD65AFCF00622ECA20DDF6DCD18659385E1F8E811C14AE8B89CAA67C27A1FB977489E092B637D336EEDB67B1235DD1EA53F3681D553F371F639C4B2B0C60D3E472B8C916695CB94E66C94D5ADFBACAD2028D1C225F4F0F487C2561C65E315CE7F751F5DE2D36CFE4B53E06DA998E1992A45C7FB766DD0D9ABFCA51B709741345BB530134C710DACFFB71057D162B664E6AF27748CB65E0AB091A99272CEF4CA3E4E21E23361571E5D142504F4CC72DB1F686810026458C95A5C4460698CA2E2F91CA107AA5577E84C0B102A0687CC0695FF4AA543D40E4785C9C7F86D4123417D2F6B14F7CCDC30C45E6C7074B494427B13B177811FE1476E4197CA09B362B8F2DF7EE79514FD361D2ABE5DA0B91B0A06A7CFE68D00C17B669D7080FDC0BB850"
.
Celkový čas: 2013-11-20 21:13:32
ComboFix-quarantined-files.txt 2013-11-20 20:13
.
Před spuštěním: Volných bajtů: 19 804 536 832
Po spuštění: Volných bajtů: 19 746 582 528
.
- - End Of File - - 8294BF0CCDCF6F8DD3D642913FF26897
413FC2A0C716421B3158746D63736515

Pokud nemate, tak presunte Combofix primo na disk c:\

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Collect::
c:\windows\system32\drivers\pe3aqn8b.sys
c:\windows\system32\drivers\ps7aqn8b.sys
c:\windows\system32\pr2aqn8b.exe

Rootkit::
c:\windows\system32\drivers\ps7aqn8b.sys
c:\windows\system32\pr2aqn8b.exe

Driver::
pe3aqn8b
ps7aqn8b
pr2aqn8b

File::
c:\windows\Tasks\avast! Emergency Update.job

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

FCopy::
C:\WINDOWS\ServicePackFiles\i386\mqac.sys | C:\WINDOWS\System32\drivers\mqac.sys

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt tez primo na c:\
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Dobrý večer,
spustil som ComboFix so scriptom. Tu je log :

ComboFix 13-11-19.01 - Kováčik 21.11.2013 18:33:04.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.652 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\Tasks\avast! Emergency Update.job"
.
file zipped: c:\windows\system32\drivers\pe3aqn8b.sys
file zipped: c:\windows\system32\drivers\ps7aqn8b.sys
file zipped: c:\windows\system32\pr2aqn8b.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\pe3aqn8b.sys
c:\windows\system32\drivers\ps7aqn8b.sys
c:\windows\system32\pr2aqn8b.exe
c:\windows\Tasks\avast! Emergency Update.job
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\mqac.sys --> c:\windows\System32\drivers\mqac.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PE3AQN8B
-------\Legacy_PR2AQN8B
-------\Legacy_PS7AQN8B
-------\Service_pe3aqn8b
-------\Service_pr2aqn8b
-------\Service_ps7aqn8b
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-21 do 2013-11-21 )))))))))))))))))))))))))))))))
.
.
2013-11-15 08:17 . 2012-06-02 14:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2013-11-14 20:34 . 2013-11-14 20:34 -------- d-----w- c:\program files\Common Files\Skype
2013-11-14 20:29 . 2013-11-14 20:29 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2013-11-14 08:50 . 2013-11-14 14:08 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-11-12 09:38 . 2013-10-08 06:50 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 18:15 . 2011-05-19 06:04 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-13 11:42 . 2004-08-17 13:49 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:12 . 2004-08-17 13:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:12 . 2004-08-17 13:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-13 07:12 . 2004-08-17 13:49 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57 . 2004-08-17 13:44 385024 ----a-w- c:\windows\system32\html.iec
2013-10-12 15:57 . 2004-08-17 13:49 279552 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:13 . 2004-08-17 13:49 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-08 06:29 . 2009-11-03 08:43 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-07 11:00 . 2004-08-17 13:49 606208 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:42 . 2008-05-05 05:25 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-08-30 07:48 . 2013-03-21 06:48 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2012-02-24 12:24 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2012-02-24 12:24 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2013-03-21 06:48 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2012-02-24 12:24 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-08-30 07:48 . 2012-02-24 12:24 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2013-03-21 06:48 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:48 . 2012-02-24 12:24 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:47 . 2012-02-24 12:23 41664 ----a-w- c:\windows\avastSS.scr
2013-08-30 07:47 . 2012-02-24 12:23 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-29 07:01 . 2004-08-17 13:44 1878656 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-02-25 2553088]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-17 44544]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe -s [2008-12-14 593920]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2007-12-22 23:03 916240 ----a-w- d:\programy\Eraser\Eraser.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Stano\\Torent\\uTorrent\\utorrent.exe"=
"d:\\Game\\Return to Castle Wolfenstein\\WolfMP.exe"=
"d:\\Game\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Game\\Call of duty\\CoDMP.exe"=
"d:\\Game\\Age of Empire\\Age Of Empire 2\\empires2.exe"=
"d:\\Game\\Mooha Assault\\MOHAA.EXE"=
"d:\\Game\\Medal of honor\\MOHAA.exe"=
"d:\\Game\\Mooha Assault\\moh_spearhead_server.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MagicTune Premium\\MagicTune.exe"=
"d:\\Game\\XIII CENTURY\\engine.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"d:\\Game\\SNIPER\\Sniper Elite\\SniperElite.exe"=
"d:\\Game\\Blitzkrieg\\Bin\\Game.exe"=
"d:\\Game\\airborne\\EMPIRESX.EXE"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [21.3.2013 7:48 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [21.3.2013 7:48 177864]
R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [7.2.2010 12:31 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [7.2.2010 12:31 5248]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [22.3.2012 8:26 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [24.2.2012 13:24 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24.2.2012 13:24 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.2.2012 13:24 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [21.3.2013 7:48 66336]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.5.2007 11:57 691696]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 13:28 160944]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.sk/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 217.119.113.244 172.18.100.15
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-21 18:47
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="028A31B0783276A75B614B3D2D445449D4AA63D5FBEC9E2FBA8E54FD14503AA0C05918B0DF3CA5F676862636E27CF8819BDCA819F236457B359AF821BC62B794FEAAF1E112CA998628738E5C97A08F3AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D5D575E7D6A3B9808A2D97226D213B5554C2EFB02FC9CA14E189FAE4AAA067FAC630CC7E039F78D1CE918EDA689476BF8623CD0306FBF5A0E3D96C86656BC804432BE4BB1324706CF9D35A63DC64CFB7AA8DA92413BDC13FCC9FE93650104A75F8F75ACA9832298733DC4D8EB30E76DDC39DC63704B52D3A2C4E505031242E2580E99D227321AB6558A2803518973D8FB20BCF83D40E1780B287FA7422842718BB5B341CBF7A0A542B6633C53C7AAA8B5DE169B6BEA2FB048E01F18E692B1E85C01F409FEC28F000C6D9E2A95172F1AED6A2B2A0555C4016D52408A7A5623312FDE2FD169B4A0340B47248A865484418EAB609455BA10BF94D17FC44BAA8E09EEB258D6FA21730219D5662D52931305007F3E60EB8A639A59A82021E87E4B7F88538D6764130B00151D76F6EE9A272035B6F1A69DE6F18FDC17860D296F1B79EC8B0C679C48CF19E1168E5E9164F19F9F174B1681A8577344CCBE8C25D41DB0131AB7CD5D328C8965AA0A71B59E8668B659416D755B0FED37F0F4B3B934DAB1733396A424F570E48ABCE7D09B2C5EB1772BEC83993EFB79629DFBAE884DBBDB8CFCD30DB46C0F0F401FCB2EC423558461AC0943CF446368F760C7BA760E11665F933E39932460C1791BFED4F94F2C3F77F2F627C2956D5C2A3BF4AA2D9C8B5872844AF00CDEBE8CAC6B6D2044AE0896C0073C40DC0EA84E34A4BFE39851C18ECD538C8FAB11EBD0D34026FE75F26F104B6681B64FBC860951860B616BB72E3A81F6400345E408C2EE3EDDF61F04CF08A38115C10DE5DBACC1BEDCB19911AEE09D5B46D06E381DEDFE7D6B2018FA7AAAE0BD65AFCF00622ECA20DDF6DCD18659385E1F8E811C14AE8B89CAA67C27A1FB977489E092B637D336EEDB67B1235DD1EA53F3681D553F371F639C4B2B0C60D3E472B8C916695CB94E66C94D5ADFBACAD2028D1C225F4F0F487C2561C65E315CE7F751F5DE2D36CFE4B53E06DA998E1992A45C7FB766DD0D9ABFCA51B709741345BB530134C710DACFFB71057D162B664E6AF27748CB65E0AB091A99272CEF4CA3E4E21E23361571E5D142504F4CC72DB1F686810026458C95A5C4460698CA2E2F91CA107AA5577E84C0B102A0687CC0695FF4AA543D40E4785C9C7F86D4123417D2F6B14F7CCDC30C45E6C7074B494427B13B177811FE1476E4197CA09B362B8F2DF7EE79514FD361D2ABE5DA0B91B0A06A7CFE68D00C17B669D7080FDC0BB850"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2440)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\oodag.exe
d:\programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2013-11-21 18:53:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-11-21 17:53
ComboFix2.txt 2013-11-20 20:13
.
Před spuštěním: Volných bajtů: 19 202 711 552
Po spuštění: Volných bajtů: 19 210 211 328
.
- - End Of File - - 68FE061F429D14B59B8D00DC25CA3806
413FC2A0C716421B3158746D63736515

Vyyyyborne, jak se chova nas pacient??

No vyzerá to podstatne lepšie

Skúšal som pustiť video z youtube trhalo ho, ale nebolo to už také ako pred tým (ako hovorím toto PC si už svoje vyslúžilo). To trhanie videa nie v spojení skúšal som spustiť na inom PC a šlo to plynule. Hlavne teraz už neťahá svchost na 100% CPU.

Tak jeste uklidime

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

VIRY.CZ

Avast detekoval viry-pomalé PC

Avast detekoval viry-pomalé PC

Re: Avast detekoval viry-pomalé PC

Re: Avast detekoval viry-pomalé PC

Re: Avast detekoval viry-pomalé PC

Re: Avast detekoval viry-pomalé PC

Re: Avast detekoval viry-pomalé PC

Re: Avast detekoval viry-pomalé PC

Re: Avast detekoval viry-pomalé PC

Re: Avast detekoval viry-pomalé PC

Re: Avast detekoval viry-pomalé PC

Re: Avast detekoval viry-pomalé PC

Re: Avast detekoval viry-pomalé PC

Re: Avast detekoval viry-pomalé PC

Re: Avast detekoval viry-pomalé PC

Re: Avast detekoval viry-pomalé PC