Prosim o kontrolu logu - podozrenie na vir

[Márty84]

Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte ComboFix.
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[kirkland]

ComboFix 13-05-01.03 - Tomáš . 05. 2013 19:51:47.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.3583.2935 [GMT 2:00]
Running from: c:\documents and settings\Tomáš\Plocha\ComboFix.exe
AV: ESET Smart Security 6.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\Sylenth_setup.exe
c:\windows\system32\DEBUG.log
c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-04-02 to 2013-05-02 )))))))))))))))))))))))))))))))
.
.
2013-05-01 00:25 . 2013-05-02 13:10 -------- d-----w- c:\program files\trend micro
2013-05-01 00:25 . 2013-05-01 00:25 -------- d-----w- C:\rsit
2013-04-30 16:05 . 2013-04-30 16:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2013-04-27 13:42 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-04-27 13:42 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-04-14 02:02 . 2013-04-14 02:02 -------- dc-h--w- c:\documents and settings\All Users\Data aplikací\{5E4CAE11-3142-4132-BACC-8515F1910998}
2013-04-14 02:00 . 2013-04-14 02:00 -------- dc-h--w- c:\documents and settings\All Users\Data aplikací\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-14 16:44 . 2012-09-15 02:15 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-14 16:44 . 2011-10-05 11:39 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-14 16:44 . 2013-02-21 12:43 16486616 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-03-08 08:36 . 2004-08-17 13:49 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2004-08-17 15:45 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-07 15:56 . 2004-08-17 13:45 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-02 01:57 . 2004-08-17 13:44 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-02-27 07:58 . 2007-08-14 18:17 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-21 19:10 . 2004-08-17 13:49 668160 ----a-w- c:\windows\system32\wininet.dll
2013-02-21 19:10 . 2004-08-03 20:59 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-02-21 19:10 . 2004-08-17 13:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2013-02-21 19:05 . 2004-08-17 13:44 370176 ----a-w- c:\windows\system32\html.iec
2013-02-14 11:21 . 2013-02-14 11:21 62512 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2013-02-12 00:32 . 2011-06-19 21:58 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-03 21:04 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-05-19 1957888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DiagAP8169"="c:\program files\MSI\LAN Utility\DiagAP8169" [X]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 644104]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 5078504]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
INTELLINET Wireless Utility.lnk - c:\program files\INTELLINET\Common\INTELLINET_UI.exe [2012-9-14 1634304]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tomáš^Nabídka Start^Programy^Po spuštění^Facebook Messenger.lnk]
path=c:\documents and settings\Tomáš\Nabídka Start\Programy\Po spuštění\Facebook Messenger.lnk
backup=c:\windows\pss\Facebook Messenger.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
2006-12-19 17:15 1093632 ----a-w- c:\program files\ASUS\SmartDoctor\SmartDoctor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-09-14 14:35 138096 ----atw- c:\documents and settings\Tomáš\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-09-15 02:31 116648 ----atw- c:\documents and settings\Tomáš\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
2011-04-26 15:22 593920 ----a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2012-12-09 09:51 336992 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28. 10. 2011 1:57 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [10. 1. 2013 10:25 122240]
R2 ekrn;ESET Service;c:\program files\Eset\ESET Smart Security\ekrn.exe [21. 3. 2013 15:19 1341664]
R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [19. 6. 2011 22:01 8440]
R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [7. 4. 2011 17:33 3857408]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [31. 3. 2011 16:08 80896]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [14. 9. 2012 16:21 19072]
R3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [19. 6. 2011 22:01 11266]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [17. 6. 2011 18:05 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [17. 6. 2011 18:05 8456]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [19. 6. 2011 23:53 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22. 6. 2010 18:01 21248]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [9. 3. 2008 1:11 21720]
S3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);c:\windows\system32\DRIVERS\mausb.sys --> c:\windows\system32\DRIVERS\mausb.sys [?]
S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\drivers\MAudioFastTrackPro.sys [30. 9. 2012 19:48 158600]
S3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM);c:\windows\system32\DRIVERS\mausb.sys --> c:\windows\system32\DRIVERS\mausb.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-15 16:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 213.151.200.3
FF - ProfilePath - c:\documents and settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\8tu0ij53.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: z: {675eba94-03cf-5dda-6b53-ce37c7e7437c} - c:\program files\Mozilla Firefox\extensions\{675eba94-03cf-5dda-6b53-ce37c7e7437c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-AKAI professional DCVocoder 1.0 - c:\program files\AKAI professional M.I. Corp.\AKAI professional DCVocoder\UninstDCVocoder.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-02 19:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1008)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2013-05-02 19:58:02
ComboFix-quarantined-files.txt 2013-05-02 17:58
ComboFix2.txt 2011-10-26 14:36
.
Pre-Run: Volných bajtů: 68 687 855 616
Post-Run: Volných bajtů: 68 851 093 504
.
- - End Of File - - C7C64A5082AE5FDCDDF2BD5DFCA3BF86

[Márty84]

Dejte novy log z RSIT



3.7.2013 pro neaktivitu http://forum.viry.cz/viewtopic.php?f=12&t=123975