Avast nedokaze najit vir - svchost.exe
Napsal: 07 pro 2013 16:41
Dobry den,
chtel bych pozadat o pomoc. Avast mi pravidelne hlasil, ze zablokoval virus. Vir byl lokalizovan v svchost.exe. Pred nalezenim tohoto fora mi bylo doporuceno, abych spustil program ComboFix. Bohuzel jsem si az po spusteni precetl, ze bych toto sam nemel delat a ze bych tuto akci mel provest az po vyzvani odbornika. Vim, ze jsem udelal chybu. Ackoli muj postup nebyl spravny, mohl bych Vas pozadat o analyzu vysledneho logu?
Predem dekuji za odpoved a pomoc.
ComboFix 13-12-07.01 - Růžička 07.12.2013 14:49:07.1.4 - x86
Microsoft® Windows Vista™ Business 6.0.6001.1.1250.420.1029.18.3070.2195 [GMT 1:00]
Spuštěný z: c:\users\Růžička\Desktop\ABC.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
c:\windows\system32\ntos.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-07 do 2013-12-07 )))))))))))))))))))))))))))))))
.
.
2013-12-07 14:57 . 2013-12-07 15:02 -------- d-----w- c:\users\Růžička\AppData\Local\temp
2013-12-07 14:57 . 2013-12-07 14:57 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-12-07 14:57 . 2013-12-07 14:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-07 13:31 . 2013-12-07 13:31 -------- d-----w- c:\users\Růžička\AppData\Roaming\AVAST Software
2013-12-07 13:07 . 2013-12-07 13:07 -------- d-----w- c:\users\Růžička\DoctorWeb
2013-12-07 10:32 . 2013-12-07 10:50 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-07 10:32 . 2013-12-07 10:50 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-07 10:18 . 2013-11-08 01:15 7772552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A913994-96D3-4A7D-822F-4BDA123F2498}\mpengine.dll
2013-11-24 12:18 . 2013-11-28 18:36 -------- d-----w- c:\users\Růžička\AppData\Roaming\HpUpdate
2013-11-24 12:17 . 2013-11-24 12:18 -------- d-----w- c:\programdata\Hewlett-Packard
2013-11-24 12:16 . 2011-04-13 12:08 306688 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpcpp108.DLL
2013-11-24 12:09 . 2011-05-10 03:56 751160 ----a-w- c:\windows\system32\hpptsp10.dll
2013-11-24 12:09 . 2011-05-10 03:54 460344 ----a-w- c:\windows\system32\hpwia2_lj100m175.dll
2013-11-24 12:09 . 2011-05-10 03:54 187960 ----a-w- c:\windows\system32\hppscancoins32.dll
2013-11-24 12:09 . 2011-05-10 03:56 26648 ----a-w- c:\windows\system32\drivers\hppcgenio.sys
2013-11-24 12:09 . 2011-05-10 03:54 188416 ----a-w- c:\windows\system32\hpmldm01.dll
2013-11-24 12:09 . 2011-05-10 03:53 20504 ----a-w- c:\windows\system32\drivers\hppcbulkio.sys
2013-11-24 12:08 . 2011-05-10 03:54 238080 ----a-w- c:\windows\system32\hpbcoins32.dll
2013-11-24 12:08 . 2011-02-11 14:23 167480 ----a-w- c:\windows\system32\hppccompio.dll
2013-11-24 12:08 . 2011-04-13 12:08 279552 ----a-w- c:\windows\system32\hpcpn108.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-07 15:00 . 2009-08-25 13:32 16608 ----a-w- c:\windows\gdrv.sys
2013-12-07 10:50 . 2011-03-26 16:39 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-07 10:50 . 2009-11-22 17:43 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-12-07 10:50 . 2009-11-22 17:43 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-12-07 10:50 . 2009-11-22 17:43 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-12-07 10:50 . 2009-11-22 17:43 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-07 10:50 . 2009-11-22 17:43 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-12-07 10:49 . 2011-03-26 16:38 43152 ----a-w- c:\windows\avastSS.scr
2013-12-07 10:49 . 2009-11-22 17:43 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-11-11 04:50 . 2009-10-24 15:07 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-09 19:36 . 2012-05-01 14:24 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-09 19:36 . 2011-06-15 12:16 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-07 10:49 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"bluebirds"="c:\users\Růžička\Bluebirds\BlueBirds.exe" [2009-04-29 270336]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-01-29 888120]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-01-29 3372856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"Akamai NetSession Interface"="c:\users\Růžička\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2013-03-27 1098072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-20 6711840]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-20 1833504]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"SMART Board Service"="c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe" [2009-04-15 2519040]
"SMART SNMP Agent"="c:\program files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe" [2009-04-15 1048576]
"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]
"tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-12 270336]
"snp2std"="c:\windows\vsnp2std.exe" [2007-05-10 344064]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-07 585728]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-09-02 315478]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2012-05-07 160840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2012-09-06 2777296]
"SpywareTerminatorUpdater"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-04-03 3684488]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-01 1263512]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-07 3568312]
.
c:\users\Růžička\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe -e "c:\program files\Panasonic\PHOTOfunSTUDIO 6.1 HD Lite\PHOTOfunSTUDIO.exe" [2011-6-25 174064]
SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe [2009-4-8 9723904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
Akamai REG_MULTI_SZ Akamai
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'
.
2013-12-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 19:36]
.
2013-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-10 17:37]
.
2013-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-10 17:37]
.
2013-11-10 c:\windows\Tasks\Norton Security Scan for Růžička.job
- c:\progra~1\NORTON~2\Engine\376~1.5\Nss.exe [2012-11-24 10:19]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: Add to AMV/AVI Video Converter... - c:\program files\Media Player Utilities 4.39\AMVConverter\grab.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\www
Trusted Zone: postsignum.cz\www
TCP: DhcpNameServer = 10.0.0.138
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-BSPlayer - c:\users\Růžička\Desktop\bsplayer\uninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-07 16:03
Windows 6.0.6001 Service Pack 1 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_8fa3539.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL55]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.5\my.ini\" MySQL55"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(2324)
c:\windows\system32\BsSDK.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Gigabyte\EasySaver\ESSVR.EXE
c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
c:\program files\HP\HPBDSService\HPBDSService.exe
c:\program files\HP\HPLaserJetService\HPLaserJetService.exe
c:\program files\MySQL\MySQL Server 5.5\bin\mysqld.exe
c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Spyware Terminator\st_rsser.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\conime.exe
c:\windows\System32\WerFault.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2013-12-07 16:09:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-12-07 15:09
.
Před spuštěním: Volných bajtů: 628 535 377 920
Po spuštění: Volných bajtů: 630 357 524 480
.
- - End Of File - - 496D2ADAB83F931B49FBE05900768181
5C616939100B85E558DA92B899A0FC36
chtel bych pozadat o pomoc. Avast mi pravidelne hlasil, ze zablokoval virus. Vir byl lokalizovan v svchost.exe. Pred nalezenim tohoto fora mi bylo doporuceno, abych spustil program ComboFix. Bohuzel jsem si az po spusteni precetl, ze bych toto sam nemel delat a ze bych tuto akci mel provest az po vyzvani odbornika. Vim, ze jsem udelal chybu. Ackoli muj postup nebyl spravny, mohl bych Vas pozadat o analyzu vysledneho logu?
Predem dekuji za odpoved a pomoc.
ComboFix 13-12-07.01 - Růžička 07.12.2013 14:49:07.1.4 - x86
Microsoft® Windows Vista™ Business 6.0.6001.1.1250.420.1029.18.3070.2195 [GMT 1:00]
Spuštěný z: c:\users\Růžička\Desktop\ABC.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
c:\windows\system32\ntos.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-07 do 2013-12-07 )))))))))))))))))))))))))))))))
.
.
2013-12-07 14:57 . 2013-12-07 15:02 -------- d-----w- c:\users\Růžička\AppData\Local\temp
2013-12-07 14:57 . 2013-12-07 14:57 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-12-07 14:57 . 2013-12-07 14:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-07 13:31 . 2013-12-07 13:31 -------- d-----w- c:\users\Růžička\AppData\Roaming\AVAST Software
2013-12-07 13:07 . 2013-12-07 13:07 -------- d-----w- c:\users\Růžička\DoctorWeb
2013-12-07 10:32 . 2013-12-07 10:50 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-07 10:32 . 2013-12-07 10:50 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-07 10:18 . 2013-11-08 01:15 7772552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A913994-96D3-4A7D-822F-4BDA123F2498}\mpengine.dll
2013-11-24 12:18 . 2013-11-28 18:36 -------- d-----w- c:\users\Růžička\AppData\Roaming\HpUpdate
2013-11-24 12:17 . 2013-11-24 12:18 -------- d-----w- c:\programdata\Hewlett-Packard
2013-11-24 12:16 . 2011-04-13 12:08 306688 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpcpp108.DLL
2013-11-24 12:09 . 2011-05-10 03:56 751160 ----a-w- c:\windows\system32\hpptsp10.dll
2013-11-24 12:09 . 2011-05-10 03:54 460344 ----a-w- c:\windows\system32\hpwia2_lj100m175.dll
2013-11-24 12:09 . 2011-05-10 03:54 187960 ----a-w- c:\windows\system32\hppscancoins32.dll
2013-11-24 12:09 . 2011-05-10 03:56 26648 ----a-w- c:\windows\system32\drivers\hppcgenio.sys
2013-11-24 12:09 . 2011-05-10 03:54 188416 ----a-w- c:\windows\system32\hpmldm01.dll
2013-11-24 12:09 . 2011-05-10 03:53 20504 ----a-w- c:\windows\system32\drivers\hppcbulkio.sys
2013-11-24 12:08 . 2011-05-10 03:54 238080 ----a-w- c:\windows\system32\hpbcoins32.dll
2013-11-24 12:08 . 2011-02-11 14:23 167480 ----a-w- c:\windows\system32\hppccompio.dll
2013-11-24 12:08 . 2011-04-13 12:08 279552 ----a-w- c:\windows\system32\hpcpn108.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-07 15:00 . 2009-08-25 13:32 16608 ----a-w- c:\windows\gdrv.sys
2013-12-07 10:50 . 2011-03-26 16:39 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-07 10:50 . 2009-11-22 17:43 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-12-07 10:50 . 2009-11-22 17:43 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-12-07 10:50 . 2009-11-22 17:43 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-12-07 10:50 . 2009-11-22 17:43 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-07 10:50 . 2009-11-22 17:43 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-12-07 10:49 . 2011-03-26 16:38 43152 ----a-w- c:\windows\avastSS.scr
2013-12-07 10:49 . 2009-11-22 17:43 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-11-11 04:50 . 2009-10-24 15:07 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-09 19:36 . 2012-05-01 14:24 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-09 19:36 . 2011-06-15 12:16 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-07 10:49 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"bluebirds"="c:\users\Růžička\Bluebirds\BlueBirds.exe" [2009-04-29 270336]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-01-29 888120]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-01-29 3372856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"Akamai NetSession Interface"="c:\users\Růžička\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2013-03-27 1098072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-20 6711840]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-20 1833504]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"SMART Board Service"="c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe" [2009-04-15 2519040]
"SMART SNMP Agent"="c:\program files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe" [2009-04-15 1048576]
"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]
"tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-12 270336]
"snp2std"="c:\windows\vsnp2std.exe" [2007-05-10 344064]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-07 585728]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-09-02 315478]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2012-05-07 160840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2012-09-06 2777296]
"SpywareTerminatorUpdater"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-04-03 3684488]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-01 1263512]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-07 3568312]
.
c:\users\Růžička\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe -e "c:\program files\Panasonic\PHOTOfunSTUDIO 6.1 HD Lite\PHOTOfunSTUDIO.exe" [2011-6-25 174064]
SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe [2009-4-8 9723904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
Akamai REG_MULTI_SZ Akamai
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'
.
2013-12-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 19:36]
.
2013-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-10 17:37]
.
2013-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-10 17:37]
.
2013-11-10 c:\windows\Tasks\Norton Security Scan for Růžička.job
- c:\progra~1\NORTON~2\Engine\376~1.5\Nss.exe [2012-11-24 10:19]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: Add to AMV/AVI Video Converter... - c:\program files\Media Player Utilities 4.39\AMVConverter\grab.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\www
Trusted Zone: postsignum.cz\www
TCP: DhcpNameServer = 10.0.0.138
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-BSPlayer - c:\users\Růžička\Desktop\bsplayer\uninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-07 16:03
Windows 6.0.6001 Service Pack 1 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_8fa3539.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL55]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.5\my.ini\" MySQL55"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(2324)
c:\windows\system32\BsSDK.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Gigabyte\EasySaver\ESSVR.EXE
c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
c:\program files\HP\HPBDSService\HPBDSService.exe
c:\program files\HP\HPLaserJetService\HPLaserJetService.exe
c:\program files\MySQL\MySQL Server 5.5\bin\mysqld.exe
c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Spyware Terminator\st_rsser.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\conime.exe
c:\windows\System32\WerFault.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2013-12-07 16:09:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-12-07 15:09
.
Před spuštěním: Volných bajtů: 628 535 377 920
Po spuštění: Volných bajtů: 630 357 524 480
.
- - End Of File - - 496D2ADAB83F931B49FBE05900768181
5C616939100B85E558DA92B899A0FC36
Licencni podminky ComboFixu hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"
