Kontrola logu

Zpráva

Plukovník · #1 Příspěvek od **Plukovník** » 14 kvě 2013 12:27

Prosím o kontrolu logu.Plukovník.
ComboFix 13-05-12.01 - Vachek 13.05.2013 14:06:16.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1570 [GMT 2:00]
Spuštěný z: d:\pc dokumenty-d\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-13 do 2013-05-13 )))))))))))))))))))))))))))))))
.
.
2013-05-13 10:02 . 2013-05-13 10:02 -------- d-----w- c:\program files\Uniblue
2013-05-13 10:02 . 2013-05-13 10:02 -------- d-----w- c:\documents and settings\Vachek\Data aplikací\Uniblue
2013-05-13 10:02 . 2013-05-13 10:02 201802 ----a-w- c:\windows\system32\poclbm130302GeForce 9800 GTv1w256l4.bin
2013-05-13 10:02 . 2013-05-13 10:02 -------- d-----w- c:\windows\system32\Printing_Admin_Scripts
2013-05-11 10:18 . 2013-05-11 10:18 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Google
2013-05-07 18:46 . 2013-05-07 17:46 -------- d-----w- c:\program files\Hewlett-Packard
2013-05-07 18:16 . 2013-05-07 18:16 -------- d-----w- c:\windows\system32\wbem\Repository
2013-05-07 18:00 . 2013-05-07 18:00 -------- d-----w- c:\windows\Downloaded Installations
2013-05-07 16:07 . 2013-05-07 16:07 1409 ----a-w- c:\windows\system32\tmp8A09D.FOT
2013-05-07 16:07 . 2013-05-07 16:07 1409 ----a-w- c:\windows\system32\tmpE0D8D.FOT
2013-05-07 16:07 . 2013-05-07 16:07 1409 ----a-w- c:\windows\system32\tmp85B8D.FOT
2013-05-07 16:07 . 2013-05-07 16:07 1409 ----a-w- c:\windows\system32\tmp6CB8D.FOT
2013-05-07 16:07 . 2013-05-07 16:07 1409 ----a-w- c:\windows\system32\tmp32C8D.FOT
2013-05-07 16:07 . 2013-05-07 16:07 1409 ----a-w- c:\windows\system32\tmp17C8D.FOT
2013-05-07 16:07 . 2013-05-07 16:07 1409 ----a-w- c:\windows\system32\tmp0CC8D.FOT
2013-05-07 15:29 . 2013-05-07 15:29 -------- d-----w- c:\program files\HP
2013-05-07 15:24 . 2013-05-07 15:24 -------- d-----w- c:\program files\DIFX
2013-05-07 15:23 . 2007-01-16 23:19 438272 ----a-r- c:\windows\system32\hp2436co.dll
2013-05-07 15:23 . 2007-01-16 23:21 622592 ----a-r- c:\windows\system32\hpxp2436.dll
2013-05-07 15:18 . 2013-05-07 15:18 -------- d-----w- c:\documents and settings\Vachek\Data aplikací\Hewlett-Packard
2013-05-07 15:12 . 2013-05-07 15:12 -------- d-----w- c:\documents and settings\Vachek\Data aplikací\Složka odesílání Share-to-Web
2013-05-07 15:12 . 2008-04-13 22:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2013-05-07 15:12 . 2008-04-13 22:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2013-05-07 15:11 . 2013-05-07 15:11 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2013-05-06 18:02 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2013-05-06 07:28 . 2013-05-06 07:28 -------- d-----w- c:\documents and settings\Vachek\Data aplikací\Downloaded Installations
2013-05-05 09:06 . 2013-05-05 09:06 -------- d-----w- c:\documents and settings\Vachek\Data aplikací\Nitro
2013-05-05 09:06 . 2013-05-05 09:06 -------- d-----w- c:\documents and settings\Vachek\Data aplikací\FileOpen
2013-05-03 22:57 . 2013-05-01 23:34 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-04-28 12:39 . 2013-03-28 17:50 33624 ----a-w- c:\windows\system32\drivers\eve.sys
2013-04-28 12:39 . 2013-04-28 12:39 -------- d-----w- c:\program files\VSO
2013-04-28 12:39 . 2013-04-28 12:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\VSO
2013-04-25 14:56 . 2013-05-01 09:35 -------- d-----w- c:\documents and settings\Vachek\Data aplikací\SolSuite
2013-04-25 14:56 . 2013-04-25 14:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TreeCardGames
2013-04-25 07:05 . 2013-04-25 07:05 -------- d-----w- c:\program files\Common Files\Skype
2013-04-21 11:24 . 2013-04-21 11:24 -------- d-----w- c:\program files\Common Files\Java
2013-04-21 11:23 . 2013-04-04 03:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-17 05:40 . 2013-05-13 11:43 -------- d-----w- c:\documents and settings\Vachek\Data aplikací\vlc
2013-04-16 21:21 . 2013-04-16 21:21 -------- d-----w- c:\documents and settings\Vachek\Local Settings\Data aplikací\CounterPath
2013-04-16 20:49 . 2013-04-16 21:22 -------- d-----w- c:\program files\CounterPath
2013-04-16 19:45 . 2013-04-16 21:22 -------- d-----w- c:\documents and settings\Vachek\Local Settings\Data aplikací\CounterPath Corporation
2013-04-16 11:51 . 2013-04-16 11:51 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 14:52 . 2013-03-20 15:22 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-01 23:34 . 2013-03-20 15:22 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-01 23:34 . 2013-03-20 15:22 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-01 23:34 . 2013-03-20 15:22 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-01 23:34 . 2013-03-20 15:22 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-01 23:34 . 2013-03-20 15:22 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-05-01 23:34 . 2013-03-20 15:22 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-01 23:34 . 2013-03-20 15:22 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-01 23:33 . 2013-03-20 15:22 41664 ----a-w- c:\windows\avastSS.scr
2013-05-01 23:33 . 2012-11-06 16:13 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-04-13 07:51 . 2012-11-06 16:09 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-13 07:51 . 2012-11-06 16:09 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-05 10:26 . 2013-05-13 10:02 84992 ----a-w- c:\windows\inf\zlib1.dll
2013-04-05 10:26 . 2013-05-13 10:02 528398 ----a-w- c:\windows\inf\MSASGui.exe
2013-04-05 10:26 . 2013-05-13 10:02 352768 ----a-w- c:\windows\inf\ssleay32.dll
2013-04-05 10:26 . 2013-05-13 10:02 192512 ----a-w- c:\windows\inf\libidn-11.dll
2013-04-05 10:26 . 2013-05-13 10:02 170496 ----a-w- c:\windows\inf\libssh2.dll
2013-04-05 10:26 . 2013-05-13 10:02 133632 ----a-w- c:\windows\inf\librtmp.dll
2013-04-05 10:26 . 2013-05-13 10:02 110094 ----a-w- c:\windows\inf\libusb-1.0.dll
2013-04-05 10:26 . 2013-05-13 10:02 602624 ----a-w- c:\windows\inf\libcurl.dll
2013-04-05 10:26 . 2013-05-13 10:02 1664000 ----a-w- c:\windows\inf\libeay32.dll
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\system32\GPhotos.scr
2013-03-15 08:47 . 2003-11-07 12:28 221184 ----a-w- c:\windows\system32\wrap_oal.dll
2013-03-15 08:47 . 2008-04-14 12:00 712704 ----a-w- c:\windows\system32\windowscodecs.dll
2013-03-15 08:47 . 2008-04-14 12:00 8192 ----a-w- c:\windows\system32\tssoft32.acm
2013-03-15 08:47 . 2008-04-14 12:00 28672 ----a-w- c:\windows\system32\verclsid.exe
2013-03-15 08:47 . 2012-11-06 10:37 262144 ------r- c:\windows\system32\sptlib01.dll
2013-03-15 08:47 . 2008-04-14 12:00 86016 ----a-w- c:\windows\system32\sl_anet.acm
2013-03-15 08:46 . 2003-11-07 12:28 81920 ----a-w- c:\windows\system32\OpenAL32.dll
2013-03-15 08:46 . 2009-01-07 17:20 24576 ----a-w- c:\windows\system32\nlsdl.dll
2013-03-15 08:46 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-03-15 08:46 . 2008-04-14 12:00 1355776 ----a-w- c:\windows\system32\msvbvm50.dll
2013-03-15 08:46 . 2012-11-06 10:08 118784 ----a-w- c:\windows\system32\msg723.acm
2013-03-15 08:46 . 2012-11-06 10:07 188416 ----a-w- c:\windows\system32\msh261.drv
2013-03-15 08:46 . 2009-03-08 13:19 53248 ----a-w- c:\windows\system32\msrating.dll.mui
2013-03-15 08:46 . 2008-04-14 08:53 294912 ----a-w- c:\windows\system32\msh263.drv
2013-03-15 08:46 . 2011-09-08 13:59 24576 ----a-w- c:\windows\system32\mkunicode.dll
2013-03-15 08:46 . 2012-07-19 18:56 233472 ----a-w- c:\windows\system32\LAVAudio.ax
2013-03-15 08:46 . 2008-09-24 20:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2013-03-15 08:46 . 2009-03-08 13:20 1282048 ----a-w- c:\windows\system32\ieframe.dll.mui
2013-03-15 08:46 . 2009-03-08 13:17 81920 ----a-w- c:\windows\system32\iedkcs32.dll.mui
2013-03-15 08:46 . 2008-04-14 12:00 16384 ----a-w- c:\windows\system32\imaadp32.acm
2013-03-15 08:46 . 2009-03-08 13:18 4096 ----a-w- c:\windows\system32\ie4uinit.exe.mui
2013-03-15 08:46 . 2008-08-19 00:18 77824 ----a-w- c:\windows\system32\fmcodec.DLL
2013-03-15 08:46 . 2008-04-14 12:00 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys
2013-03-15 08:46 . 2012-11-06 10:50 196608 ----a-w- c:\windows\system32\drivers\nVivid.bin
2013-03-15 08:46 . 2012-11-06 10:50 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2013-03-15 08:46 . 2012-11-06 10:50 196608 ----a-w- c:\windows\system32\drivers\nAsmedia.bin
2013-03-15 08:46 . 2012-11-06 10:50 196608 ----a-w- c:\windows\system32\drivers\nAdvanced.bin
2013-03-15 08:46 . 2012-11-06 10:37 1171456 ----a-w- c:\windows\system32\drivers\AVerBDA3x.sys
2013-03-15 08:46 . 2012-11-06 10:50 196608 ----a-w- c:\windows\system32\drivers\aAdvanced.bin
2013-03-15 08:45 . 2013-01-02 20:10 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2013-03-15 08:45 . 2012-11-06 10:37 65536 ------r- c:\windows\system32\CardID.dll
2013-03-15 08:45 . 2012-11-06 10:50 2097152 ----a-w- c:\windows\system32\ATKDispCPL.dll
2013-03-15 08:45 . 2004-05-25 14:06 417792 ----a-w- c:\windows\system32\ac3filter.cpl
2013-03-15 08:41 . 2012-11-06 10:50 57344 ----a-w- c:\windows\i2c.dll
2013-03-15 08:40 . 2012-11-06 10:50 90112 ----a-w- c:\windows\ASMT_CE.dll
2013-03-15 05:47 . 2013-03-26 14:11 892704 ----a-w- c:\windows\system32\nvdispgenco3231422.dll
2013-03-15 05:47 . 2013-03-26 14:11 1012512 ----a-w- c:\windows\system32\nvdispco3231422.dll
2013-03-15 05:47 . 2012-11-06 11:00 6074368 ----a-w- c:\windows\system32\nvopencl.dll
2013-03-15 05:47 . 2012-11-06 11:00 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2013-03-15 05:47 . 2009-08-16 16:57 7745536 ----a-w- c:\windows\system32\nvcuda.dll
2013-03-15 05:47 . 2009-08-16 16:57 4079104 ----a-w- c:\windows\system32\nv4_disp.dll
2013-03-15 05:47 . 2009-08-16 16:57 2733344 ----a-w- c:\windows\system32\nvcuvid.dll
2013-03-15 05:47 . 2009-08-16 16:57 2490368 ----a-w- c:\windows\system32\nvapi.dll
2013-03-15 05:47 . 2009-08-16 16:57 1995552 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-03-15 05:47 . 2009-08-16 16:57 19689472 ----a-w- c:\windows\system32\nvoglnt.dll
2013-03-15 05:47 . 2009-08-16 16:57 10713024 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2013-03-15 02:59 . 2012-11-06 11:01 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2013-03-15 02:59 . 2012-11-06 11:01 126976 ----a-w- c:\windows\system32\nvrszht.dll
2013-03-15 02:59 . 2012-11-06 11:01 258048 ----a-w- c:\windows\system32\nvrstr.dll
2013-03-15 02:59 . 2012-11-06 11:01 253952 ----a-w- c:\windows\system32\nvrsth.dll
2013-03-15 02:59 . 2012-11-06 11:01 274432 ----a-w- c:\windows\system32\nvrspt.dll
2013-03-15 02:59 . 2012-11-06 11:01 270336 ----a-w- c:\windows\system32\nvrsru.dll
2013-03-15 02:59 . 2012-11-06 11:01 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2013-03-15 02:59 . 2012-11-06 11:01 258048 ----a-w- c:\windows\system32\nvrssl.dll
2013-03-15 02:59 . 2012-11-06 11:01 258048 ----a-w- c:\windows\system32\nvrssk.dll
2013-03-15 02:59 . 2012-11-06 11:01 253952 ----a-w- c:\windows\system32\nvrssv.dll
2013-03-15 02:59 . 2012-11-06 11:01 335872 ----a-w- c:\windows\system32\nvrshe.dll
2013-03-15 02:59 . 2012-11-06 11:01 282624 ----a-w- c:\windows\system32\nvrsit.dll
2013-03-15 02:59 . 2012-11-06 11:01 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2013-03-15 02:59 . 2012-11-06 11:01 274432 ----a-w- c:\windows\system32\nvrsja.dll
2013-03-15 02:59 . 2012-11-06 11:01 266240 ----a-w- c:\windows\system32\nvrsko.dll
2013-03-15 02:59 . 2012-11-06 11:01 262144 ----a-w- c:\windows\system32\nvrshu.dll
2013-03-15 02:59 . 2012-11-06 11:01 258048 ----a-w- c:\windows\system32\nvrspl.dll
2013-03-15 02:59 . 2012-11-06 11:01 253952 ----a-w- c:\windows\system32\nvrsno.dll
2013-03-15 02:59 . 2012-11-06 11:01 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2013-03-15 02:59 . 2012-11-06 11:01 282624 ----a-w- c:\windows\system32\nvrses.dll
2013-03-15 02:59 . 2012-11-06 11:01 282624 ----a-w- c:\windows\system32\nvrsel.dll
2013-03-15 02:59 . 2012-11-06 11:01 278528 ----a-w- c:\windows\system32\nvrsde.dll
2013-03-15 02:59 . 2012-11-06 11:01 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2013-03-15 02:59 . 2012-11-06 11:01 253952 ----a-w- c:\windows\system32\nvrsda.dll
2013-03-15 02:59 . 2012-11-06 11:01 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2013-03-15 02:59 . 2012-11-06 11:01 249856 ----a-w- c:\windows\system32\nvrseng.dll
2013-03-15 02:59 . 2012-11-06 11:01 335872 ----a-w- c:\windows\system32\nvrsar.dll
2013-03-15 02:59 . 2012-11-06 11:01 249856 ----a-w- c:\windows\system32\nvrscs.dll
2013-03-15 02:57 . 2012-11-06 11:01 54272 ----a-w- c:\windows\system32\nvwddi.dll
2013-03-15 02:57 . 2012-11-06 11:01 156960 ----a-w- c:\windows\system32\nvsvc32.exe
2013-03-15 02:57 . 2012-11-06 11:01 223008 ----a-w- c:\windows\system32\nvmctray.dll
2013-03-15 02:57 . 2012-11-06 11:01 15668512 ----a-w- c:\windows\system32\nvcpl.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-01 23:33 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\programy - instal\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"SpybotSD TeaTimer"="d:\programy - instal\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"TrueImageMonitor.exe"="d:\programy - instal\Acronis\TrueImageMonitor.exe" [2011-10-13 5574456]
"Služba Acronis Scheduler2"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-10-13 394744]
"SAOB Monitor"="c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-09-22 2537096]
"RTHDCPL"="RTHDCPL.EXE" [2012-10-30 20117648]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-01 4858456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-03-15 15668512]
"NvMediaCenter"="NvMCTray.dll" [2013-03-15 223008]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-03-15 1982312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Printsrv"="c:\windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs" [2013-05-01 543]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programy - instal\\VLC\\vlc.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Programy - instal\\VSO 3\\VsoDownloader.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [20.3.2013 17:22 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [20.3.2013 17:22 174664]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [7.11.2012 11:48 752128]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [4.5.2013 0:57 21576]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [20.3.2013 17:22 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.3.2013 17:22 368944]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [29.11.2012 15:09 242240]
R1 Eve;EVE Protocol Driver;c:\windows\system32\drivers\eve.sys [28.4.2013 14:39 33624]
R2 afcdpsrv;Služba Acronis Nonstop Backup;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [7.11.2012 12:22 3246040]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.3.2013 17:22 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [20.3.2013 17:22 66336]
R2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver;d:\programy - instal\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor32.sys [10.3.2013 11:00 12696]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.7.2010 2:45 35088]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [7.11.2012 12:22 167968]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [6.11.2012 12:37 1171456]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\Drivers\SmartDefragDriver.sys --> c:\windows\system32\Drivers\SmartDefragDriver.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28.2.2013 18:45 161384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11.11.2012 13:39 1691480]
S3 DfSdkS;Defragmentation-Service;d:\programy - instal\Ashampoo\Ashampoo WinOptimizer 10\DfSdkS.exe [10.3.2013 11:00 406016]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11.2.2013 0:11 40776]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [26.11.2012 17:16 27064]
S3 WO_LiveService;Ashampoo LiveTuner Service;d:\programy - instal\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe [10.3.2013 11:00 885096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 05:18 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-06 07:51]
.
2013-05-13 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-03-20 23:33]
.
2013-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-04 13:13]
.
2013-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-04 13:13]
.
2012-11-06 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2011-08-10 15:39]
.
2013-05-13 c:\windows\Tasks\spmonitor.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2013-05-13 09:51]
.
2013-05-13 c:\windows\Tasks\User_Feed_Synchronization-{5E6C40AC-A310-4A46-9E6C-442B7CF95AA4}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-13 14:12
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1684)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2013-05-13 14:14:07
ComboFix-quarantined-files.txt 2013-05-13 12:14
.
Před spuštěním: Volných bajtů: 66 811 305 984
Po spuštění: Volných bajtů: 66 796 748 800
.
- - End Of File - - 9267DC03F5E7FA981EF4346D70145ED7

#2 Příspěvek od **Rudy** » 14 kvě 2013 18:06

Zdravím!
Proč spouštíte ComboFix, utilitu určenou profesionálům, bez konzultace s rádcem? Hodláte si nabořit systém?

Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj?

KillAll::

Collect::
c:\windows\system32\tmp8A09D.FOT
c:\windows\system32\tmpE0D8D.FOT
c:\windows\system32\tmp85B8D.FOT
c:\windows\system32\tmp6CB8D.FOT
c:\windows\system32\tmp32C8D.FOT
c:\windows\system32\tmp17C8D.FOT
c:\windows\system32\tmp0CC8D.FOT

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

FCopy::
c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys | c:\windows\system32\drivers\tcpip.sys

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

VIRY.CZ

Kontrola logu

Kontrola logu

Re: Kontrola logu