Udělal jsem znovu CFScript, ale výsledek je stejný.
ComboFix 17-05-16.14 - Administrator 19.06.2017 21:46:14.3.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.895.694 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: Kaspersky Total Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Total Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Total Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
FILE ::
"c:\windows\system32\drivers\SbFwIm.sys"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SBAMSVC
-------\Legacy_SKYPEUPDATE
-------\Legacy_UPDATERSVCTOWERTILT
-------\Service_SBAMSvc
-------\Service_SBFWIMCL
-------\Service_SkypeUpdate
-------\Service_UpdaterSvcTowerTilt
-------\Legacy_gupdate
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-05-19 do 2017-06-19 )))))))))))))))))))))))))))))))
.
.
2017-06-19 19:12 . 2017-06-19 19:12 -------- d-----w- c:\program files\VirusTotalUploader2
2017-06-19 01:14 . 2017-06-19 01:14 687539 ----a-w- c:\windows\Counter-Strike 1.6 Standalone Uninstaller.exe
2017-06-19 01:12 . 2017-06-19 18:16 -------- d-----w- c:\program files\Counter-Strike 1.6 Standalone
2017-06-19 01:12 . 2017-06-19 01:12 -------- d-----w- c:\program files\Common Files\Thraex Software
2017-06-18 23:35 . 2017-06-18 23:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Zemana
2017-06-18 21:15 . 2017-06-18 21:15 -------- d-----w- c:\documents and settings\Adam\Data aplikací\NVIDIA
2017-06-18 19:12 . 2017-06-18 19:12 181496 ----a-w- c:\windows\system32\drivers\zam32.sys
2017-06-18 19:12 . 2017-06-18 19:12 181496 ----a-w- c:\windows\system32\drivers\zamguard32.sys
2017-06-18 19:11 . 2017-06-18 19:12 -------- d-----w- c:\program files\Zemana AntiMalware
2017-06-18 19:11 . 2017-06-18 19:11 -------- d-----w- c:\documents and settings\Adam\Local Settings\Data aplikací\Zemana
2017-06-18 19:04 . 2017-06-18 19:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ProductData
2017-06-18 19:01 . 2017-06-18 19:01 -------- d-----w- c:\documents and settings\Adam\Data aplikací\ProductData
2017-06-18 18:32 . 2017-06-18 17:49 24064 ----a-w- c:\windows\zoek-delete.exe
2017-06-18 17:49 . 2017-06-18 18:20 -------- d-----w- C:\zoek_backup
2017-06-17 21:59 . 2017-06-17 21:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sophos
2017-06-17 21:58 . 2017-06-17 21:58 -------- d-----w- c:\program files\Sophos
2017-06-17 19:43 . 2009-08-13 18:33 239616 ----a-w- c:\windows\system32\rsnp2uvc.dll
2017-06-17 19:43 . 2017-06-17 19:43 -------- d-----w- c:\program files\Common Files\SNP2UVC
2017-06-17 19:43 . 2017-06-17 19:43 -------- d-----w- c:\documents and settings\Adam\Data aplikací\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-06-19 13:57 . 2014-06-13 15:49 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-06-18 13:25 . 2015-03-12 09:28 23840 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 22:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\erdnt\cache\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{014F27E2-6D75-4E42-A0E9-2A2C68498AFA}"
[HKEY_CLASSES_ROOT\CLSID\{014F27E2-6D75-4E42-A0E9-2A2C68498AFA}]
2014-12-03 07:54 552232 ----a-w- c:\program files\Kaspersky Lab\Kaspersky Total Security 15.0.1\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-02-19 5503768]
"icq"="c:\documents and settings\Adam\Data aplikací\ICQM\icq.exe" [2014-12-30 35224072]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2016-10-17 27011712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2014-06-17 20145368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-02-10 335232]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2017-03-02 5883912]
"tsnp2uvc"="c:\program files\Common Files\SNP2UVC\tsnp2uvc.exe" [2010-09-20 321024]
"ZAM"="c:\program files\Zemana AntiMalware\ZAM.exe" [2017-06-16 15534736]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Adam\\Data aplikací\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Counter-Strike 1.6 Standalone\\launcher.exe"=
"c:\\Documents and Settings\\Adam\\Data aplikací\\ICQM\\icq.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [23.6.2014 0:01 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [23.6.2014 0:01 5248]
R0 cm_km_w;Kaspersky Lab Crypto Module (FDE PDK);c:\windows\system32\drivers\cm_km_w.sys [14.1.2013 21:10 189136]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [12.3.2015 11:28 23840]
R1 klhk;klhk;c:\windows\system32\drivers\klhk.sys [5.3.2015 20:10 36024]
R1 klpd;klpd;c:\windows\system32\drivers\klpd.sys [12.4.2013 15:34 14432]
R1 kltdf;kltdf;c:\windows\system32\drivers\kltdf.sys [21.8.2014 15:39 60552]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [5.6.2014 19:02 44992]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [9.7.2014 16:23 146240]
R1 uzmymjk3;AVZ-RK Kernel Driver;c:\windows\system32\drivers\uzmymjk3.sys [4.7.2014 2:27 11264]
R1 ZAM;ZAM Helper Driver;c:\windows\system32\drivers\zam32.sys [18.6.2017 21:12 181496]
R1 ZAM_Guard;ZAM Guard Driver;c:\windows\system32\drivers\zamguard32.sys [18.6.2017 21:12 181496]
R2 AVP15.0.1;Kaspersky Anti-Virus Service 15.0.1;c:\program files\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe [30.8.2014 17:48 234520]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2.3.2017 13:26 2282504]
R2 ChromodoUpdater;COMODO Chromodo Update Service;c:\program files\Comodo\Chromodo\chromodo_updater.exe [3.2.2016 19:10 2062384]
R2 kldisk;kldisk;c:\windows\system32\drivers\kldisk.sys [2.7.2014 16:10 36928]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [27.2.2017 11:01 405424]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [12.3.2015 13:37 743688]
R2 ZAMSvc;ZAM Controller Service;c:\program files\Zemana AntiMalware\ZAM.exe [18.6.2017 21:11 15534736]
R3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\drivers\klflt.sys [5.3.2015 20:10 116744]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [19.4.2013 11:44 36448]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [28.3.2014 17:51 23648]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [8.8.2013 17:11 24672]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [7.5.2014 23:52 95488]
S0 sptd;sptd; [x]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service; [x]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [11.2.2014 20:48 2600704]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [12.3.2015 13:36 32064]
S3 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [21.5.2014 12:22 2135232]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22.6.2014 18:21 22856]
S3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [22.6.2014 18:21 701512]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [12.3.2015 13:36 136904]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [12.3.2015 13:36 17864]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [12.3.2015 13:36 153672]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [12.3.2015 13:36 130248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-06-17 21:13 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2017-06-19 c:\windows\Tasks\Driver Booster Scheduler.job
- c:\program files\IObit\Driver Booster\4.4.0\Scheduler.exe [2017-06-18 13:04]
.
.
------- Doplňkový sken -------
.
IE: {{09A10376-994C-4BBF-9121-F50CF7BA237E} - {F2A56BFE-7911-451A-BC74-A9C3C2E95126} - c:\program files\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2017-06-19 22:02
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(7124)
c:\program files\Kaspersky Lab\Kaspersky Total Security 15.0.1\remote_eka_prague_loader.dll
c:\program files\Kaspersky Lab\Kaspersky Total Security 15.0.1\prcore.dll
c:\program files\Kaspersky Lab\Kaspersky Total Security 15.0.1\kl_service.dll
c:\program files\Kaspersky Lab\Kaspersky Total Security 15.0.1\params.ppl
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Kaspersky Lab\Kaspersky Total Security 15.0.1\avpui.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2017-06-19 22:05:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2017-06-19 20:05
ComboFix2.txt 2017-06-19 15:19
ComboFix3.txt 2017-06-19 03:28
.
Před spuštěním: 7 146 426 368
Po spuštění: 7 097 577 472
.
- - End Of File - - F7D3C5B7816E09E1DD5FD48115A4050B
671B81004FDD1588FA9ED1331C9CECA9