vrací se mi Gen-Dedipros

Zpráva

jask · #1 Příspěvek od **jask** » 15 čer 2014 12:42

Dobrý den,
zpomalil se mi ntb FUJITSU SIEMENS e-serie a několikrát byla modrá smrt, superantispyware mi našel
a vymazal TROJAN.AGENT/Gen-Dedipros, za dva dny tam byl zpátky ale tentokrát v adresáři system
volumeinformation (poprvé byl v programfiles pod názvem WEBPORPOISEBAAPP.DLL). Asi na to superantispyware nestačí, prosím o posouzení logu z ersitu.

Logfile of random's system information tool 1.10 (written by random/random)
Run by uživatel at 2014-06-15 13:33:45
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (5%) free of 38 GB
Total RAM: 511 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:34:00, on 15.6.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Garmin\Express Tray\ExpressTray.exe
C:\WINDOWS\STK03N\STK03NM.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\PDF Architect\HelperService.exe
C:\Program Files\PDF Architect\ConversionService.exe
C:\Program Files\Ralink\Common\RaRegistry.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\webporpoise\updatewebporpoise.exe
C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Program Files\webporpoise\bin\utilwebporpoise.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Ralink\Common\RaUI.exe
C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\uživatel\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\uživatel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll
O3 - Toolbar: PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: STK03N PNP Monitor.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} - http://bossard.partcommunity.com/FileSe ... loader.cab
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://proxynet.mbudejovice.cz:3333/VatDec.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files\PDF Architect\ConversionService.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Ralink\Common\RaRegistry.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Update webporpoise - Unknown owner - C:\Program Files\webporpoise\updatewebporpoise.exe
O23 - Service: Util webporpoise - Unknown owner - C:\Program Files\webporpoise\bin\utilwebporpoise.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--
End of file - 8352 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job - C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe update all silent
C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\avast! Emergency Update.job - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\User_Feed_Synchronization-{1B131A00-58C7-4C4E-B13D-BC945599ED7F}.job - C:\WINDOWS\system32\msfeedssync.exe sync

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\7wgvahbn.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

"FFPDFArchitectConverter@pdfarchitect.com"=C:\Program Files\PDF Architect\FFPDFArchitectExt
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.125 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@cadenas.de/PARTwebViewer]
"Description"=PARTcommunity 3D Web Viewer
"Path"=C:\Program Files\cadenas\partwebviewer\bin\x86\32\npwebviewerplugins.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@garmin.com/GpsControl]
"Description"=Garmin GPS Control for Firefox
"Path"=C:\Program Files\Garmin GPS Plugin\npGarmin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}]
PDF Architect Helper - C:\Program Files\PDF Architect\PDFIEHelper.dll [2013-04-08 92208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-04-24 436600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-12 1431712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{25A3A431-30BB-47C8-AD6A-E1063801134F} - PDF Architect Toolbar - C:\Program Files\PDF Architect\PDFIEPlugin.dll [2013-04-08 654384]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-12 1431712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2001-08-09 118784]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]
"AtiPTA"=C:\WINDOWS\system32\atiptaxx.exe [2002-03-12 286720]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2009-03-18 767312]
"Sunkist2k"=C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2005-10-27 139264]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-06-08 3890208]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2001-11-20 196608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2014-01-15 5625624]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-09-18 171464]
"GarminExpressTrayApp"=C:\Program Files\Garmin\Express Tray\ExpressTray.exe [2014-04-01 118104]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
STK03N PNP Monitor.lnk - C:\WINDOWS\STK03N\STK03NM.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-19 113024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\uživatel\Plocha\btest.exe"="C:\Documents and Settings\uživatel\Plocha\btest.exe:*:Enabled:btest"
"C:\Documents and Settings\uživatel\Dokumenty\Warcraft III\Warcraft III.exe"="C:\Documents and Settings\uživatel\Dokumenty\Warcraft III\Warcraft III.exe:*:Disabled:Warcraft III"
"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires III: Complete Collection"
"C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III: Complete Collection"
"C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III: Complete Collection"
"C:\Program Files\Microsoft Games\Age of Empires III\autopatcher.exe"="C:\Program Files\Microsoft Games\Age of Empires III\autopatcher.exe:*:Enabled:Age of Empires III: Complete Collection"
"C:\Program Files\Microsoft Games\Age of Empires III\autopatcher2.exe"="C:\Program Files\Microsoft Games\Age of Empires III\autopatcher2.exe:*:Enabled:Age of Empires III: Complete Collection"
"C:\Program Files\Microsoft Games\Age of Empires III\autopatcherx.exe"="C:\Program Files\Microsoft Games\Age of Empires III\autopatcherx.exe:*:Enabled:Age of Empires III: Complete Collection"
"C:\Program Files\Microsoft Games\Age of Empires III\autopatchery.exe"="C:\Program Files\Microsoft Games\Age of Empires III\autopatchery.exe:*:Enabled:Age of Empires III: Complete Collection"
"C:\Program Files\Cossacks\dmcr.exe"="C:\Program Files\Cossacks\dmcr.exe:*:Disabled:dmcr"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FFDS"=ff_vfw.dll
"vidc.tscc"=C:\PROGRA~1\MpcStar\Codecs\tscc\tsccvid.dll
"VIDC.XVID"=xvidvfw.dll
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2014-06-09 17:56:56 ----D---- C:\Documents and Settings\uživatel\Data aplikací\SplitCam
2014-06-09 17:53:33 ----D---- C:\Program Files\SplitCam
2014-06-09 14:46:25 ----A---- C:\WINDOWS\system32\drivers\MSTEE.sys
2014-06-09 14:46:15 ----A---- C:\WINDOWS\system32\drivers\NdisIP.sys
2014-06-09 14:46:12 ----A---- C:\WINDOWS\system32\drivers\StreamIP.sys
2014-06-09 14:46:08 ----A---- C:\WINDOWS\system32\drivers\SLIP.sys
2014-06-09 14:46:03 ----A---- C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2014-06-09 14:45:58 ----A---- C:\WINDOWS\system32\drivers\NABTSFEC.sys
2014-06-09 14:45:54 ----A---- C:\WINDOWS\system32\drivers\CCDECODE.sys
2014-06-09 14:45:25 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2014-06-09 14:41:54 ----A---- C:\WINDOWS\system32\drivers\STK03NW2.sys
2014-06-09 14:41:53 ----A---- C:\WINDOWS\system32\drivers\STK03NW1.sys
2014-06-09 14:41:43 ----D---- C:\WINDOWS\STK03N
2014-06-09 11:06:56 ----D---- C:\Program Files\Mozilla Firefox
2014-06-09 01:04:58 ----D---- C:\Documents and Settings\uživatel\Data aplikací\Mozilla
2014-06-09 01:04:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Mozilla
2014-06-09 01:04:27 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-06-08 20:04:28 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2014-06-08 20:04:27 ----A---- C:\WINDOWS\system32\xvidcore.dll
2014-06-08 20:04:27 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2014-06-08 20:02:07 ----D---- C:\Program Files\webporpoise
2014-06-06 11:02:34 ----A---- C:\WINDOWS\system32\drivers\TrueSight.sys
2014-06-06 11:02:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\RogueKiller
2014-06-05 10:12:59 ----D---- C:\Python27
2014-06-01 14:17:16 ----A---- C:\WINDOWS\system32\python27.dll

======List of files/folders modified in the last 1 month======

2014-06-15 13:33:51 ----D---- C:\Program Files\trend micro
2014-06-15 13:32:36 ----D---- C:\WINDOWS\Prefetch
2014-06-15 12:56:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-06-15 02:20:43 ----D---- C:\WINDOWS\system32\CatRoot2
2014-06-14 22:56:23 ----D---- C:\WINDOWS\Temp
2014-06-13 22:05:52 ----D---- C:\Documents and Settings\uživatel\Data aplikací\Skype
2014-06-13 18:11:43 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-06-13 12:20:21 ----D---- C:\Program Files\AutoCAD R14
2014-06-13 11:19:44 ----D---- C:\WINDOWS\system32
2014-06-10 09:24:50 ----D---- C:\WINDOWS
2014-06-09 17:56:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-06-09 17:56:28 ----D---- C:\WINDOWS\system32\drivers
2014-06-09 17:53:33 ----D---- C:\Program Files
2014-06-09 14:43:38 ----HD---- C:\WINDOWS\inf
2014-06-09 14:41:47 ----D---- C:\WINDOWS\twain_32
2014-06-09 14:41:39 ----HD---- C:\Program Files\InstallShield Installation Information
2014-06-09 10:08:33 ----D---- C:\Program Files\Google
2014-06-09 02:18:57 ----A---- C:\WINDOWS\win.ini
2014-06-09 01:28:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2014-06-09 01:28:40 ----SHD---- C:\WINDOWS\Installer
2014-06-08 23:23:19 ----D---- C:\WINDOWS\Minidump
2014-06-08 20:04:14 ----D---- C:\WINDOWS\WinSxS
2014-06-08 12:20:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\boost_interprocess

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
R0 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2013-05-09 21576]
R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2014-04-24 49944]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2014-04-24 180632]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2013-06-17 685816]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2014-05-16 54832]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2014-05-16 777488]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2014-05-16 411680]
R1 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2014-04-24 57672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2011-04-19 21035]
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2014-04-24 24184]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2014-04-24 67824]
R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2007-10-09 38144]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 Scutum50;Scutum50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\Scutum50.sys [2009-04-21 19072]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2001-08-08 49585]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2002-03-22 419200]
R3 FUJ02B1;Fujitsu FUJ02B1 Device Driver; C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys [2001-08-01 5248]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 LucentSoftModem;Lucent Technologies Soft Modem; C:\WINDOWS\system32\DRIVERS\LTSM.sys [2001-12-18 807021]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 OkiPar;OkiPar; C:\WINDOWS\System32\DRIVERS\OKIPAR.SYS [2001-10-02 40192]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2009-08-03 724736]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-14 20992]
R3 scvad_simple;SplitCam Virtual Microphone (WDM); C:\WINDOWS\system32\drivers\SplitCamAudio.sys [2013-11-01 18944]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-10-24 35913]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 agyq0ywp;agyq0ywp; C:\WINDOWS\system32\drivers\agyq0ywp.sys []
S3 AtiDCM;AtiDCM; \??\C:\AMD\Support\13-4_xp32_dd_ccc_whql\Bin\atidcmxx.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 DCamUSBSTK03N;Standard_Camera; C:\WINDOWS\system32\DRIVERS\STK03NW2.sys [2009-12-18 108544]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2008-06-27 332928]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver; C:\WINDOWS\system32\DRIVERS\silabenm.sys [2011-10-14 47176]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver; C:\WINDOWS\system32\DRIVERS\silabser.sys [2011-10-14 61312]
S3 slabbus;CP2101 USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\slabbus.sys [2004-03-11 52384]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SunkFilt;Alcor Micro Corp Reader; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
S3 TrueSight;TrueSight; \??\C:\WINDOWS\system32\drivers\TrueSight.sys []
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB RS-232 Emulation Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-14 26112]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2012-07-11 116608]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2002-02-19 110592]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-04-24 50344]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 PDF Architect Helper Service;PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [2013-04-08 1320496]
R2 PDF Architect Service;PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [2013-04-08 799280]
R2 RalinkRegistryWriter;Ralink Registry Writer; C:\Program Files\Ralink\Common\RaRegistry.exe [2009-07-14 185632]
R2 Update webporpoise;Update webporpoise; C:\Program Files\webporpoise\updatewebporpoise.exe [2014-06-08 317728]
R2 Util webporpoise;Util webporpoise; C:\Program Files\webporpoise\bin\utilwebporpoise.exe [2014-06-08 317728]
R2 WDDMService;WD SmartWare Drive Manager; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
R3 BBUpdate;BBUpdate; C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.exe [2014-03-12 247968]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 BBSvc;BingBar Service; C:\Program Files\Microsoft\BingBar\7.3.132.0\BBSvc.exe [2014-03-12 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-24 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-09-05 171680]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-13 262320]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2013-06-17 77944]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-24 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-06-09 119408]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

#2 Příspěvek od **Márty84** » 15 čer 2014 14:10

Zdravim

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Spustte ho.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

jask píše:za dva dny tam byl zpátky ale tentokrát v adresáři system volume information

SVI jsou body obnovy, je treba je vymazat http://forum.viry.cz/viewtopic.php?f=46&t=47040

jask · #3 Příspěvek od **jask** » 15 čer 2014 15:44

tady je log z Adw

# AdwCleaner v3.212 - Report created 15/06/2014 at 16:31:36
# Updated 05/06/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : uživatel - U-F3DA959F89254
# Running from : C:\Documents and Settings\uživatel\Plocha\adwcleaner_3.212.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Ask
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\speedypc software
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\AlawarWrapper
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Documents and Settings\All Users\Dokumenty\AlawarWrapper
Folder Deleted : C:\Documents and Settings\uživatel\Local Settings\Data aplikací\iac
Folder Deleted : C:\Documents and Settings\uživatel\AppData\LocalLow\DataMngr
Folder Deleted : C:\Documents and Settings\uživatel\Data aplikací\DriverCure
Folder Deleted : C:\Documents and Settings\uživatel\Data aplikací\pdfforge
Folder Deleted : C:\Documents and Settings\uživatel\Data aplikací\searchresultstb
Folder Deleted : C:\Documents and Settings\uživatel\Data aplikací\speedypc software
File Deleted : C:\WINDOWS\system32\Uninstall.exe
File Deleted : C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Documents and Settings\uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Documents and Settings\uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\FilesFrog Update Checker
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3444C3C5-6C56-4A16-A453-832B05BF6EA4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3444C3C5-6C56-4A16-A453-832B05BF6EA4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3444C3C5-6C56-4A16-A453-832B05BF6EA4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF6E4B1C-DBDE-457E-9CEF-AB8ECAC8A5E8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF6E4B1C-DBDE-457E-9CEF-AB8ECAC8A5E8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\speedypc software
Key Deleted : HKLM\Software\SafetyNut
Key Deleted : HKLM\Software\speedypc software
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v29.0.1 (cs)

[ File : C:\Documents and Settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\7wgvahbn.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Documents and Settings\uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=108&systemid=473&v=n11111-249&apn_uid=1323307342574940&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}

*************************

AdwCleaner[R0].txt - [8717 octets] - [15/06/2014 16:27:31]
AdwCleaner[S0].txt - [8211 octets] - [15/06/2014 16:31:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8271 octets] ##########

#4 Příspěvek od **Márty84** » 15 čer 2014 15:47

Udelejte !!!kompletni!!! kontrolu s MBAM http://www.bleepingcomputer.com/downloa ... re/dl/241/ a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce. Navod zde http://forum.viry.cz/viewtopic.php?f=29&t=115222

jask · #5 Příspěvek od **jask** » 15 čer 2014 20:22

konečně doběhl mbam tak ho vkládám

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2014.06.15.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
uživatel :: U-F3DA959F89254 [administrátor]

Ochrana: Povolena

15.6.2014 18:20:00
MBAM-log-2014-06-15 (21-16-45).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 360565
Uplynulý čas: 2 hodin, 9 minut, 32 sekund

Nalezené procesy v paměti: 2
C:\Program Files\webporpoise\updatewebporpoise.exe (PUP.Optional.Webporpoise.A) -> 1224 -> Nebyla provedena žádná instrukce.
C:\Program Files\webporpoise\bin\utilwebporpoise.exe (PUP.Optional.Webporpoise.A) -> 1360 -> Nebyla provedena žádná instrukce.

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 4
HKLM\SYSTEM\CurrentControlSet\Services\Update webporpoise (PUP.Optional.Webporpoise.A) -> Nebyla provedena žádná instrukce.
HKLM\SYSTEM\CurrentControlSet\Services\Util webporpoise (PUP.Optional.Webporpoise.A) -> Nebyla provedena žádná instrukce.
HKCU\Software\webporpoise (PUP.Optional.Webporpoise.A) -> Nebyla provedena žádná instrukce.
HKLM\Software\webporpoise (PUP.Optional.Webporpoise.A) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 3
C:\Program Files\webporpoise (PUP.Optional.Webporpoise.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\webporpoise\bin (PUP.Optional.Webporpoise.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\webporpoise\bin\plugins (PUP.Optional.Webporpoise.A) -> Nebyla provedena žádná instrukce.

Nalezené soubory: 23
C:\Program Files\webporpoise\updatewebporpoise.exe (PUP.Optional.Webporpoise.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\webporpoise\bin\utilwebporpoise.exe (PUP.Optional.Webporpoise.A) -> Nebyla provedena žádná instrukce.
C:\327EN (D)\Digimoto+v4[1].03.zip (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\uživatel\Dokumenty\3D\SoftonicDownloader_for_opengl-extensions-viewer.exe (PUP.Optional.Softonic.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\uživatel\Local Settings\Temporary Internet Files\Content.IE5\UPUSH8AI\SplitCam_5414[1].exe (PUP.Optional.InstallMonetizer.NS) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\uživatel\Plocha\SafePCRepair.exe (PUP.Optional.MindSpark.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\webporpoise\bin\plugins\webporpoise.BrowserAdapterS.dll (PUP.Optional.Sanbreel.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\webporpoise\bin\plugins\webporpoise.PurBrowseG.dll (PUP.Optional.Sanbreel.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{D28A4629-A001-47CB-8CD0-2166A7B228E8}\RP553\A0175571.exe (PUP.Optional.Sambreel.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{D28A4629-A001-47CB-8CD0-2166A7B228E8}\RP553\A0176590.exe (PUP.Optional.Webporpoise.A) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\system32\acumncwtas.exe (PUP.Optional.Bitcoin) -> Nebyla provedena žádná instrukce.
C:\Program Files\webporpoise\webporpoise.ico (PUP.Optional.Webporpoise.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\webporpoise\0 (PUP.Optional.Webporpoise.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\webporpoise\7za.exe (PUP.Optional.Webporpoise.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\webporpoise\updatewebporpoise.InstallState (PUP.Optional.Webporpoise.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\webporpoise\bin\7za.exe (PUP.Optional.Webporpoise.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\webporpoise\bin\sqlite3.dll (PUP.Optional.Webporpoise.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\webporpoise\bin\utilwebporpoise.InstallState (PUP.Optional.Webporpoise.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\webporpoise\bin\plugins\webporpoise.Bromon.dll (PUP.Optional.Webporpoise.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\webporpoise\bin\plugins\webporpoise.BroStats.dll (PUP.Optional.Webporpoise.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\webporpoise\bin\plugins\webporpoise.CompatibilityChecker.dll (PUP.Optional.Webporpoise.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\webporpoise\bin\plugins\webporpoise.FFUpdate.dll (PUP.Optional.Webporpoise.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\webporpoise\bin\plugins\webporpoise.IEUpdate.dll (PUP.Optional.Webporpoise.A) -> Nebyla provedena žádná instrukce.

(konec)

#6 Příspěvek od **Márty84** » 16 čer 2014 03:47

Porad je havet v bodech obnovy. Smazal jste je?

Postupujte presne v tomto poradi.
1) MBAM nezavirejte, jen minimalizujte.
2) Vymazte/Vypnete vytvareni bodu obnovy http://forum.viry.cz/viewtopic.php?f=46&t=47040 , ale nerestartujte pc.
3) Ted nechte nalezy MBAM odstranit a restartujte pc.
4) Udelejte novy test s MBAM a dejte sem vysledky.

jask · #7 Příspěvek od **jask** » 16 čer 2014 13:16

Dobrý den,
ze včerejška jsem měl počítač vypnutý, tak jsem to udělal takto:
1 udělal jsem vymazání bodů obnovy dle pokynů a nerestartoval ntb
2 udělal jsem nový sken mbam
3 vymazal jsem havěť
4 restartoval ntb
5 udělal jsem nový sken mbam a tento Vám posílám

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2014.06.15.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
uživatel :: U-F3DA959F89254 [administrátor]

Ochrana: Povolena

16.6.2014 12:04:14
mbam-log-2014-06-16 (12-04-14).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 354748
Uplynulý čas: 1 hodin, 52 minut, 32 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

#8 Příspěvek od **Márty84** » 16 čer 2014 18:14

Vyborne

MBAM odinstalujte.

Pokud jste to neudelal, zapnete opet funkci vytvareni bodu obnovy.

Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte ComboFix.
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

jask · #9 Příspěvek od **jask** » 17 čer 2014 18:34

trošku déle mi trvalo než jsem sehnal ext. HD pro zálohu dat.

combofix z toho odkazu nešel stáhnout, tak jsem ho stáhnul přímo z uvedeného servru
(nebude to vadit?)

tadx je log z combofixu

ComboFix 14-06-16.01 - uživatel 17.06.2014 19:01:47.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.299 [GMT 2:00]
Spuštěný z: c:\documents and settings\u×ivatel\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Documents
c:\program files\proscan
c:\program files\proscan\CommBase.dll
c:\program files\proscan\DGDyno.dll
c:\program files\proscan\DGChart.dll
c:\program files\proscan\DiagnosticReport.dll
c:\program files\proscan\dotnetfx.exe
c:\program files\proscan\dtc.dat
c:\program files\proscan\DundasWinGauge.dll
c:\program files\proscan\FreezeFrameData.dll
c:\program files\proscan\Gauge.dll
c:\program files\proscan\generic.dat
c:\program files\proscan\O2TestResults.dll
c:\program files\proscan\O2Waveform.dll
c:\program files\proscan\pid.dat
c:\program files\proscan\preferences.dat
c:\program files\proscan\ProScan.exe
c:\program files\proscan\ProScan_Help.chm
c:\program files\proscan\ProScan_Web_Setup.s2g
c:\program files\proscan\ProScan4-0a.exe
c:\program files\proscan\reg.dat
c:\program files\proscan\RichTextBoxPrintCtrl.dll
c:\program files\proscan\SensorDisplay.dll
c:\program files\proscan\settings.dat
c:\program files\proscan\setup.log
c:\program files\proscan\Setup_Logo.jpg
c:\program files\proscan\uninstall.exe
c:\program files\proscan\vehicles.dat
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\Temp\tmp3.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-05-17 do 2014-06-17 )))))))))))))))))))))))))))))))
.
.
2014-06-15 15:02 . 2014-06-15 15:02 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Malwarebytes
2014-06-15 15:02 . 2014-06-15 15:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2014-06-15 14:29 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-06-15 14:27 . 2014-06-15 14:32 -------- d-----w- C:\AdwCleaner
2014-06-09 15:56 . 2014-06-09 15:59 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\SplitCam
2014-06-09 15:53 . 2014-06-09 15:58 -------- d-----w- c:\program files\SplitCam
2014-06-09 12:46 . 2008-04-13 22:09 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2014-06-09 12:46 . 2008-04-13 22:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2014-06-09 12:46 . 2008-04-13 22:16 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2014-06-09 12:46 . 2008-04-13 22:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2014-06-09 12:46 . 2008-04-14 06:52 16384 ----a-w- c:\windows\system32\ipsink.ax
2014-06-09 12:46 . 2008-04-13 22:16 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2014-06-09 12:46 . 2008-04-13 22:16 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2014-06-09 12:46 . 2008-04-13 22:16 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2014-06-09 12:46 . 2008-04-13 22:16 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2014-06-09 12:46 . 2008-04-13 22:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2014-06-09 12:46 . 2008-04-13 22:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2014-06-09 12:45 . 2008-04-13 22:16 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2014-06-09 12:45 . 2008-04-13 22:16 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2014-06-09 12:45 . 2008-04-13 22:16 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2014-06-09 12:45 . 2008-04-13 22:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2014-06-09 12:45 . 2008-04-14 06:52 91648 ----a-w- c:\windows\system32\kswdmcap.ax
2014-06-09 12:45 . 2008-04-14 06:52 28672 ----a-w- c:\windows\system32\vidcap.ax
2014-06-09 12:45 . 2008-04-14 06:52 61952 ----a-w- c:\windows\system32\kstvtune.ax
2014-06-09 12:45 . 2008-04-14 06:52 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2014-06-09 12:45 . 2008-04-14 06:52 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2014-06-09 12:45 . 2008-04-14 06:52 20992 ----a-w- c:\windows\system32\dshowext.ax
2014-06-09 12:45 . 2008-04-14 06:52 43008 ----a-w- c:\windows\system32\ksxbar.ax
2014-06-09 12:41 . 2009-12-18 08:51 108544 ----a-w- c:\windows\system32\drivers\STK03NW2.sys
2014-06-09 12:41 . 2009-12-18 08:51 40872 ----a-w- c:\windows\system32\drivers\STK03NW1.sys
2014-06-09 12:41 . 2009-12-18 08:23 40960 ----a-w- c:\windows\system32\STK03NP.ax
2014-06-09 12:41 . 2014-06-09 12:41 -------- d-----w- c:\windows\STK03N
2014-06-09 11:41 . 2014-06-09 11:41 -------- d-----w- c:\documents and settings\uživatel\Local Settings\Data aplikací\Adobe
2014-06-08 23:04 . 2014-06-08 23:04 -------- d-----w- c:\documents and settings\uživatel\Local Settings\Data aplikací\Mozilla
2014-06-08 23:04 . 2014-06-09 09:59 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-06-08 21:46 . 2014-06-08 21:46 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2014-06-08 18:04 . 2013-11-01 09:12 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2014-06-08 18:04 . 2013-11-01 09:12 810496 ----a-w- c:\windows\system32\xvidcore.dll
2014-06-08 18:04 . 2013-11-01 09:12 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2014-06-06 09:02 . 2014-06-08 22:01 26624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-06-06 09:02 . 2014-06-06 09:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RogueKiller
2014-06-05 08:12 . 2014-06-05 08:13 -------- d-----w- C:\Python27
2014-06-01 12:17 . 2014-06-01 12:17 2452992 ----a-w- c:\windows\system32\python27.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-13 16:11 . 2012-04-24 22:04 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-13 16:11 . 2012-04-24 22:04 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-16 11:21 . 2011-04-24 14:50 777488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-16 11:21 . 2011-04-24 14:51 411680 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-05-16 11:21 . 2011-04-24 14:50 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2014-04-24 19:03 . 2013-03-13 11:00 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-24 19:03 . 2011-04-24 14:50 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-04-24 19:03 . 2011-04-24 14:50 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1400239291446
2014-04-24 19:03 . 2014-04-24 19:03 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-04-24 19:03 . 2013-03-13 11:00 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-24 19:03 . 2013-03-13 11:00 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-04-24 19:03 . 2011-04-24 14:50 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys.1400239291446
2014-04-24 19:03 . 2014-04-24 19:03 43152 ----a-w- c:\windows\avastSS.scr
2014-04-24 19:03 . 2011-04-24 14:50 271264 ----a-w- c:\windows\system32\aswBoot.exe
2014-04-11 14:26 . 2014-04-11 14:26 249856 ------w- c:\windows\Setup1.exe
2014-04-11 14:26 . 2014-04-11 14:26 73216 ----a-w- c:\windows\ST6UNST.EXE
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-24 19:03 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-06-15 5626136]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2014-04-01 118104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2001-08-09 118784]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"AtiPTA"="atiptaxx.exe" [2002-03-12 286720]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2005-10-27 139264]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-08 3890208]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-20 196608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
STK03N PNP Monitor.lnk - c:\windows\STK03N\STK03NM.exe [2014-6-9 163840]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\uživatel\\Plocha\\btest.exe"=
"c:\\Documents and Settings\\uživatel\\Dokumenty\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\autopatcher.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\autopatcher2.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\autopatcherx.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\autopatchery.exe"=
"c:\\Program Files\\Cossacks\\dmcr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [15.4.2012 17:21 21576]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [13.3.2013 13:00 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [13.3.2013 13:00 180632]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.6.2013 22:22 685816]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [24.4.2011 16:50 777488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [24.4.2011 16:51 411680]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 23:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11.7.2012 20:54 116608]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [24.4.2014 21:03 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [13.3.2013 13:00 67824]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [19.4.2011 22:14 38144]
R2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files\PDF Architect\HelperService.exe [8.4.2013 18:44 1320496]
R2 PDF Architect Service;PDF Architect Service;c:\program files\PDF Architect\ConversionService.exe [8.4.2013 18:43 799280]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [9.9.2011 0:17 19072]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [21.1.2010 17:24 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 9:58 20480]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [12.3.2014 0:36 247968]
R3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [18.12.2001 17:42 807021]
R3 OkiPar;OkiPar;c:\windows\system32\drivers\OKIPAR.SYS [2.10.2001 17:54 40192]
R3 scvad_simple;SplitCam Virtual Microphone (WDM);c:\windows\system32\drivers\SplitCamAudio.sys [1.11.2013 11:12 18944]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [12.3.2014 0:36 193696]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5.9.2013 10:34 171680]
S3 AtiDCM;AtiDCM;c:\amd\Support\13-4_xp32_dd_ccc_whql\Bin\atidcmxx.sys [11.4.2013 19:55 27872]
S3 DCamUSBSTK03N;Standard_Camera;c:\windows\system32\drivers\STK03NW2.sys [9.6.2014 14:41 108544]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys [19.4.2011 22:14 332928]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [5.3.2013 14:13 47176]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [5.3.2013 14:13 61312]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [28.10.2012 15:55 11520]
.
Obsah adresáře 'Naplánované úlohy'
.
2014-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 16:12]
.
2014-06-17 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-24 19:03]
.
2014-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-24 14:51]
.
2014-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-24 14:51]
.
2014-06-17 c:\windows\Tasks\User_Feed_Synchronization-{1B131A00-58C7-4C4E-B13D-BC945599ED7F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
TCP: DhcpNameServer = 192.168.0.1
DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} - hxxp://bossard.partcommunity.com/FileService/FileLoader/cnsViewer3D/pwebdownloader.cab
FF - ProfilePath - c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\7wgvahbn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
AddRemove-ProScan - c:\program files\ProScan\uninstall.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\program files\Silabs\MCU\DriverUninstall\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-17 19:20
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1343024091-1993962763-1708537768-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\@*‘|˙˙˙˙]
"DisplayName"="u\1d\01"
"DeviceDesc"="u\1d\01"
"ProviderName"="?\13?????"
"MFG"="?\13????"
"ReinstallString"="2002, 6.13.10.6052"
"DeviceInstanceIds"=multi:"\00"
.
Celkový čas: 2014-06-17 19:24:58
ComboFix-quarantined-files.txt 2014-06-17 17:24
.
Před spuštěním: 6 306 529 280
Po spuštění: Volných bajtů: 10 655 240 192
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 770981A4DFBA4DA48CDE7EF932A9DDF3
413FC2A0C716421B3158746D63736515

#10 Příspěvek od **Márty84** » 17 čer 2014 20:31

Presunte ComboFix primo na disk C (takze cesta k nemu bude c:\ComboFix.exe )!

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=-
"DAEMON Tools"=-
"GarminExpressTrayApp"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
"SunJavaUpdateSched"=-

Regnull::
[HKEY_USERS\S-1-5-21-1343024091-1993962763-1708537768-1003\Software\Microsoft\SystemCertificates\AddressBook*]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\@*‘|˙˙˙˙]

DDS::
DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} - hxxp://bossard.partcommunity.com/FileSe ... loader.cab

Driver::
BBUpdate
BBSvc
SkypeUpdate

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte take primo na C (takze cesta k nemu bude c:\CFScript.txt ).
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

jask · #11 Příspěvek od **jask** » 17 čer 2014 22:36

udělal jsem to dle Vašeho postupu ale combofix se ukončil černou obrazovkou, tak jsem
vypnul a znovu zapnul ntb, win naběhl ale nenašel jsem žádný log, v c:/ se udělal podadresář combofix ale v něm taky žádný log není (je tam spousta dat, souborů, aplikací atd)

jask · #12 Příspěvek od **jask** » 17 čer 2014 22:58

Poslední hlášení combofixu myslím bylo něco že připravuje log ...
vyskočila bublina "počítač je ohrožen automatické aktualizace jsou vypnuté" a dlouho ho takto stálo a pak zčernala obrazovka. Ostatní tak jak jsem napsal prve.
Programy jsem zkoušel pouštět a fungují.

#13 Příspěvek od **Márty84** » 18 čer 2014 06:29

Zkuste to jeste jednou, ale v nouzovem rezimu.

jask · #14 Příspěvek od **jask** » 18 čer 2014 12:50

Dobrý den,

tady je log

ComboFix 14-06-16.01 - Administrator 18.06.2014 13:22:29.3.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.246 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BBSVC
-------\Legacy_BBUPDATE
-------\Legacy_SKYPEUPDATE
-------\Service_BBSvc
-------\Service_BBUpdate
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-05-18 do 2014-06-18 )))))))))))))))))))))))))))))))
.
.
2014-06-18 11:13 . 2014-06-18 11:13 -------- d-----w- c:\documents and settings\Administrator
2014-06-15 15:02 . 2014-06-15 15:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2014-06-15 14:29 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-06-15 14:27 . 2014-06-15 14:32 -------- d-----w- C:\AdwCleaner
2014-06-09 15:53 . 2014-06-09 15:58 -------- d-----w- c:\program files\SplitCam
2014-06-09 12:46 . 2008-04-13 22:09 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2014-06-09 12:46 . 2008-04-13 22:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2014-06-09 12:46 . 2008-04-13 22:16 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2014-06-09 12:46 . 2008-04-13 22:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2014-06-09 12:46 . 2008-04-14 06:52 16384 ----a-w- c:\windows\system32\ipsink.ax
2014-06-09 12:46 . 2008-04-13 22:16 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2014-06-09 12:46 . 2008-04-13 22:16 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2014-06-09 12:46 . 2008-04-13 22:16 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2014-06-09 12:46 . 2008-04-13 22:16 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2014-06-09 12:46 . 2008-04-13 22:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2014-06-09 12:46 . 2008-04-13 22:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2014-06-09 12:45 . 2008-04-13 22:16 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2014-06-09 12:45 . 2008-04-13 22:16 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2014-06-09 12:45 . 2008-04-13 22:16 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2014-06-09 12:45 . 2008-04-13 22:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2014-06-09 12:45 . 2008-04-14 06:52 91648 ----a-w- c:\windows\system32\kswdmcap.ax
2014-06-09 12:45 . 2008-04-14 06:52 28672 ----a-w- c:\windows\system32\vidcap.ax
2014-06-09 12:45 . 2008-04-14 06:52 61952 ----a-w- c:\windows\system32\kstvtune.ax
2014-06-09 12:45 . 2008-04-14 06:52 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2014-06-09 12:45 . 2008-04-14 06:52 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2014-06-09 12:45 . 2008-04-14 06:52 20992 ----a-w- c:\windows\system32\dshowext.ax
2014-06-09 12:45 . 2008-04-14 06:52 43008 ----a-w- c:\windows\system32\ksxbar.ax
2014-06-09 12:41 . 2009-12-18 08:51 108544 ----a-w- c:\windows\system32\drivers\STK03NW2.sys
2014-06-09 12:41 . 2009-12-18 08:51 40872 ----a-w- c:\windows\system32\drivers\STK03NW1.sys
2014-06-09 12:41 . 2009-12-18 08:23 40960 ----a-w- c:\windows\system32\STK03NP.ax
2014-06-09 12:41 . 2014-06-09 12:41 -------- d-----w- c:\windows\STK03N
2014-06-08 23:04 . 2014-06-09 09:59 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-06-08 21:46 . 2014-06-08 21:46 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2014-06-08 18:04 . 2013-11-01 09:12 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2014-06-08 18:04 . 2013-11-01 09:12 810496 ----a-w- c:\windows\system32\xvidcore.dll
2014-06-08 18:04 . 2013-11-01 09:12 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2014-06-06 09:02 . 2014-06-08 22:01 26624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-06-06 09:02 . 2014-06-06 09:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RogueKiller
2014-06-05 08:12 . 2014-06-05 08:13 -------- d-----w- C:\Python27
2014-06-01 12:17 . 2014-06-01 12:17 2452992 ----a-w- c:\windows\system32\python27.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-13 16:11 . 2012-04-24 22:04 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-13 16:11 . 2012-04-24 22:04 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-16 11:21 . 2011-04-24 14:50 777488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-16 11:21 . 2011-04-24 14:51 411680 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-05-16 11:21 . 2011-04-24 14:50 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2014-04-24 19:03 . 2013-03-13 11:00 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-24 19:03 . 2011-04-24 14:50 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-04-24 19:03 . 2011-04-24 14:50 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1400239291446
2014-04-24 19:03 . 2014-04-24 19:03 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-04-24 19:03 . 2013-03-13 11:00 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-24 19:03 . 2013-03-13 11:00 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-04-24 19:03 . 2011-04-24 14:50 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys.1400239291446
2014-04-24 19:03 . 2014-04-24 19:03 43152 ----a-w- c:\windows\avastSS.scr
2014-04-24 19:03 . 2011-04-24 14:50 271264 ----a-w- c:\windows\system32\aswBoot.exe
2014-04-11 14:26 . 2014-04-11 14:26 249856 ------w- c:\windows\Setup1.exe
2014-04-11 14:26 . 2014-04-11 14:26 73216 ----a-w- c:\windows\ST6UNST.EXE
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-24 19:03 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2001-08-09 118784]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"AtiPTA"="atiptaxx.exe" [2002-03-12 286720]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2005-10-27 139264]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-08 3890208]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-20 196608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
STK03N PNP Monitor.lnk - c:\windows\STK03N\STK03NM.exe [2014-6-9 163840]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\uživatel\\Plocha\\btest.exe"=
"c:\\Documents and Settings\\uživatel\\Dokumenty\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\autopatcher.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\autopatcher2.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\autopatcherx.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\autopatchery.exe"=
"c:\\Program Files\\Cossacks\\dmcr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [15.4.2012 17:21 21576]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [13.3.2013 13:00 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [13.3.2013 13:00 180632]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.6.2013 22:22 685816]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [24.4.2011 16:50 777488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [24.4.2011 16:51 411680]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 23:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11.7.2012 20:54 116608]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [24.4.2014 21:03 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [13.3.2013 13:00 67824]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [19.4.2011 22:14 38144]
R2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files\PDF Architect\HelperService.exe [8.4.2013 18:44 1320496]
R2 PDF Architect Service;PDF Architect Service;c:\program files\PDF Architect\ConversionService.exe [8.4.2013 18:43 799280]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [9.9.2011 0:17 19072]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [21.1.2010 17:24 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 9:58 20480]
R3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [18.12.2001 17:42 807021]
R3 OkiPar;OkiPar;c:\windows\system32\drivers\OKIPAR.SYS [2.10.2001 17:54 40192]
R3 scvad_simple;SplitCam Virtual Microphone (WDM);c:\windows\system32\drivers\SplitCamAudio.sys [1.11.2013 11:12 18944]
S3 AtiDCM;AtiDCM;c:\amd\Support\13-4_xp32_dd_ccc_whql\Bin\atidcmxx.sys [11.4.2013 19:55 27872]
S3 DCamUSBSTK03N;Standard_Camera;c:\windows\system32\drivers\STK03NW2.sys [9.6.2014 14:41 108544]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys [19.4.2011 22:14 332928]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [5.3.2013 14:13 47176]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [5.3.2013 14:13 61312]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [28.10.2012 15:55 11520]
.
Obsah adresáře 'Naplánované úlohy'
.
2014-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 16:12]
.
2014-06-18 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-24 19:03]
.
2014-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-24 14:51]
.
2014-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-24 14:51]
.
2014-06-18 c:\windows\Tasks\User_Feed_Synchronization-{1B131A00-58C7-4C4E-B13D-BC945599ED7F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\7wgvahbn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-18 13:40
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1343024091-1993962763-1708537768-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\@*‘|˙˙˙˙]
"DisplayName"="u\1d\01"
"DeviceDesc"="u\1d\01"
"ProviderName"="?\13?????"
"MFG"="?\13????"
"ReinstallString"="2002, 6.13.10.6052"
"DeviceInstanceIds"=multi:"\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(388)
c:\program files\Apoint2K\EzAuto.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Ralink\Common\RaRegistry.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\atiptaxx.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2014-06-18 13:45:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-06-18 11:45
ComboFix2.txt 2014-06-17 17:25
.
Před spuštěním: Volných bajtů: 10 369 667 072
Po spuštění: Volných bajtů: 10 422 575 104
.
- - End Of File - - 46724747D13221282F78D41E6FA381A2
413FC2A0C716421B3158746D63736515

#15 Příspěvek od **Márty84** » 18 čer 2014 15:59

Jak to zatim vypada, objevil se trojan jeste?

Dejte novy log z RSIT

VIRY.CZ

vrací se mi Gen-Dedipros

vrací se mi Gen-Dedipros

Re: vrací se mi Gen-Dedipros

Re: vrací se mi Gen-Dedipros

Re: vrací se mi Gen-Dedipros

Re: vrací se mi Gen-Dedipros

Re: vrací se mi Gen-Dedipros

Re: vrací se mi Gen-Dedipros

Re: vrací se mi Gen-Dedipros

Re: vrací se mi Gen-Dedipros

Re: vrací se mi Gen-Dedipros

Re: vrací se mi Gen-Dedipros

Re: vrací se mi Gen-Dedipros

Re: vrací se mi Gen-Dedipros

Re: vrací se mi Gen-Dedipros

Re: vrací se mi Gen-Dedipros