Vypínání štítů avastu

[Trhace]

Combofix:

ComboFix 14-11-18.01 - Owner 27.11.2014 10:36:46.3.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2266 [GMT 1:00]
Spuštěný z: c:\documents and settings\Owner.F-55412FB590154\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Owner.F-55412FB590154\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Kerio Personal Firewall *Disabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_wfcxtcap
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-10-27 do 2014-11-27 )))))))))))))))))))))))))))))))
.
.
2050-04-30 12:51 . 2050-04-30 12:51 -------- d-----w- C:\totalcmd
2050-04-30 12:45 . 2009-08-29 20:59 -------- d-----w- c:\program files\DAEMON Tools Lite
2050-04-30 12:38 . 2050-04-30 12:38 -------- d-----w- c:\program files\Sunbelt Software
2050-04-30 12:32 . 2050-04-30 12:32 -------- d-----w- c:\windows\Sun
2050-04-30 12:29 . 2013-08-27 16:21 -------- d-----w- c:\program files\Common Files\Java
2050-04-30 12:17 . 2011-10-25 15:36 -------- d-----w- c:\program files\The KMPlayer
2050-04-30 11:49 . 2012-11-18 22:39 -------- d-----w- C:\Warez
2050-04-30 11:24 . 2050-04-30 11:24 -------- d-----w- c:\program files\Lavalys
2050-04-30 11:11 . 2014-08-17 21:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2050-04-30 11:08 . 2014-07-02 15:47 -------- d-s---w- c:\windows\system32\Microsoft
2050-04-30 11:03 . 2014-11-24 12:23 -------- d-sh--w- c:\documents and settings\LocalService
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-23 17:28 . 2012-05-01 08:03 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-21 10:31 . 2010-11-27 09:28 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-11-09 17:46 . 2014-10-03 11:58 70384 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-10-23 11:13 . 2014-10-03 11:58 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-10-23 11:13 . 2010-11-27 09:28 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-10-23 11:13 . 2014-10-03 12:03 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-10-23 11:13 . 2014-10-03 11:58 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-10-23 11:13 . 2010-11-27 09:28 55240 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-10-23 11:12 . 2014-10-23 11:13 291352 ----a-w- c:\windows\system32\aswBoot.exe
2014-10-23 11:12 . 2014-10-23 11:12 43152 ----a-w- c:\windows\avastSS.scr
2014-08-29 23:08 . 2014-08-29 23:08 82432 ----a-w- c:\windows\system32\msxml4r.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-11-23 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
[-] 2008-07-22 . 3BA3D565D3C031DA39F55F7D6F41BF89 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-08-27 22041192]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-05-24 33747360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"Nero MediaHome 4"="c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2012-02-28 5178664]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2012-03-06 4241512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\Guest\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^forteManager.lnk]
backup=c:\windows\pss\forteManager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^GamePark klient 2.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\GamePark klient 2.lnk
backup=c:\windows\pss\GamePark klient 2.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-23 19:43 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]
2012-05-28 13:56 288128 ----a-w- c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 09:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent]
2014-09-16 10:16 839384 ----a-w- c:\program files\BlueStacks\HD-Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2002-10-15 17:00 1818624 -c--a-w- c:\windows\mixer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM tray]
2014-03-06 15:07 2086568 ----a-w- c:\program files\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM Tray Agent]
2014-02-13 13:37 254024 ----a-w- c:\program files\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX600FW Series]
2008-03-05 15:00 188928 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIEKE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GAINWARD]
2008-05-23 14:48 2170880 ----a-w- c:\program files\EXPERTool\TBPANEL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2014-10-26 22:18 107912 ----atw- c:\documents and settings\Owner.F-55412FB590154\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-04-17 11:41 196608 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-03-20 15:34 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-08-29 10:03 1996200 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero MediaHome 4]
2012-02-28 15:12 5178664 ----a-w- c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2011-10-08 04:50 1632360 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2012-06-26 11:10 1516632 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RandomMouseClicker]
2012-06-22 17:16 59776 ----a-w- c:\program files\Random Mouse Clicker\RandomMouseClicker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-08-27 07:20 22041192 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2012-05-25 07:42 3318784 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=3 (0x3)
"PnkBstrA"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"BstHdUpdaterSvc"=2 (0x2)
"BstHdLogRotatorSvc"=2 (0x2)
"BstHdAndroidSvc"=2 (0x2)
"AODService"=2 (0x2)
"AdvancedSystemCareService5"=3 (0x3)
"HiPatchService"=2 (0x2)
"ACDaemon"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EPSON SX600FW Series (kopie 5)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "c:\windows\TEMP\E_S52.tmp" /EF "HKCU"
"EPSON Stylus SX600FW(Síť) (kopie 1)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "c:\windows\TEMP\E_S57C.tmp" /EF "HKCU"
"EPSON Stylus SX600FW(Síť)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "c:\docume~1\OWNER~1.F-5\LOCALS~1\Temp\E_S353.tmp" /EF "HKCU"
"EPSON SX600FW Series (kopie 1)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "c:\windows\TEMP\E_S179.tmp" /EF "HKCU"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Ultima Online\\client.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Owner.F-55412FB590154\\Plocha\\Torrent\\utorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Owner.F-55412FB590154\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58204:TCP"= 58204:TCP:Pando Media Booster
"58204:UDP"= 58204:UDP:Pando Media Booster
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"57217:TCP"= 57217:TCP:Pando Media Booster
"57217:UDP"= 57217:UDP:Pando Media Booster
"56874:TCP"= 56874:TCP:Pando Media Booster
"56874:UDP"= 56874:UDP:Pando Media Booster
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.8.2008 10:46 721904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [1.5.2012 9:03 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [27.11.2010 10:28 423784]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [20.2.2007 12:34 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [20.2.2007 12:34 71088]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [19.5.2010 14:58 142592]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe [16.9.2014 11:14 409304]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [16.9.2014 11:14 112344]
R2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files\BlueStacks\HD-UpdaterService.exe [16.9.2014 11:16 777944]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [23.8.2010 11:07 20328]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users.WINDOWS\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [9.10.2013 10:58 3275136]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [15.9.2009 12:59 38248]
R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [21.4.2007 15:15 9344]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [31.8.2010 18:25 2136224]
S1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\DRIVERS\wfcxacap.sys --> c:\windows\system32\DRIVERS\wfcxacap.sys [?]
S2 aswFsBlk;aswFsBlk; [x]
S2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys --> c:\windows\system32\drivers\wfcxatun.sys [?]
S2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys --> c:\windows\system32\drivers\wfcxvcap.sys [?]
S3 AMDMSRIO;AMDMSRIO; [x]
S3 AODDriver;AODDriver;\??\c:\program files\AMD\OverDrive\i386\AODDriver.sys --> c:\program files\AMD\OverDrive\i386\AODDriver.sys [?]
S3 ATICDSDr;ATICDSDr; [x]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [20.1.2011 17:39 64320]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [31.7.2014 23:06 13896]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [31.7.2014 23:06 9160]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [21.10.2010 17:59 36640]
S3 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [21.10.2010 17:59 217088]
S3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.8.2012 11:03 1385896]
S3 RTXNKKJVHKKV;RTXNKKJVHKKV; [x]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [21.10.2010 18:01 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [21.10.2010 18:01 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [21.10.2010 18:01 121576]
S3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys --> c:\windows\system32\drivers\wfcxdtun.sys [?]
S3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys --> c:\windows\system32\drivers\wfcxxbar.sys [?]
S4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [13.9.2012 13:53 913792]
S4 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [22.10.2009 2:49 136544]
S4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [16.9.2014 11:15 384728]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;h:\hry-instalovany\Hi-Rez Studio\HiPatchService.exe [17.8.2014 22:57 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2014-11-27 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-10-23 11:12]
.
2014-11-09 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-10-07 23:28]
.
2014-11-27 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-10-07 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://beemp3.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
FF - ProfilePath - c:\documents and settings\Owner.F-55412FB590154\Data aplikací\Mozilla\Firefox\Profiles\8y1vap2l.default-1373020015046\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-11-27 10:55
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1343024091-651377827-682003330-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{01D88ABF-E583-DC9C-1694-BA26C6B026CB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nafjgcmfinhidbccojcmbpocmmnl"=hex:69,61,6c,6e,67,63,66,70,63,6a,70,64,63,69,
6d,63,67,67,00,00
"mapiaalgodokoghacaaehifanc"=hex:69,61,6c,6e,67,63,66,70,63,6a,70,64,63,69,6d,
63,67,67,00,00
.
[HKEY_USERS\S-1-5-21-1343024091-651377827-682003330-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:8a,a8,95,7b,45,8b,44,01,20,0b,b8,c9,a5,b4,b0,32,b7,d7,60,22,7b,af,3c,
55,aa,87,6e,15,dd,b9,4e,20,b7,7a,42,3f,e4,6b,a2,cf,97,f0,e1,15,44,5c,cb,2b,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-1343024091-651377827-682003330-1001\Software\SecuROM\License information*]
"datasecu"=hex:29,b1,4e,77,35,81,3d,ff,13,5c,93,c4,c4,15,f1,7b,b9,52,d3,70,d1,
ab,9f,1a,dd,cf,95,fe,cc,bd,93,40,d1,27,30,e5,7c,b4,7d,30,54,92,bd,dd,2c,2c,\
"rkeysecu"=hex:85,5d,af,5b,e3,55,d0,19,81,31,57,73,e4,f6,85,b7
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1196)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'lsass.exe'(1252)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(3564)
c:\windows\system32\msi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Nero\Nero MediaHome 4\NMMediaServerService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\program files\BlueStacks\HD-Network.exe
c:\program files\BlueStacks\HD-BlockDevice.exe
c:\program files\BlueStacks\HD-SharedFolder.exe
.
**************************************************************************
.
Celkový čas: 2014-11-27 11:03:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-11-27 10:03
ComboFix2.txt 2014-11-25 16:28
ComboFix3.txt 2014-11-24 12:23
.
Před spuštěním: 1 645 236 224
Po spuštění: 1 611 743 232
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 63EEE4987D2CD128E1D04DA1ECAF17AA
413FC2A0C716421B3158746D63736515

[Reklama]

[Trhace]

Virustotal:
https://www.virustotal.com/cs/file/9cb1 ... /analysis/

Virscan:
http://r.virscan.org/report/8fe0205d369 ... e47d587066

[Orcus]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený červeně:

ClearJavaCache::
KillAll::

Quarantine::
C:\Documents and Settings\Owner.F-55412FB590154\Local Settings\Apps\2.0\PX0JAH1A.Z60\8D281MNB.19J\macr...exe_0a345d07a48f8f00_0005.0006_none_9afe817851bd965c\extp.etl
C:\Documents and Settings\Owner.F-55412FB590154\Local Settings\Apps\2.0\PX0JAH1A.Z60\8D281MNB.19J\macr..tion_0a345d07a48f8f00_0005.0006_2c2c28435787bc80\extp.etl



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu

Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

[Trhace]

Combofix:

ComboFix 14-11-18.01 - Owner 27.11.2014 19:19:32.4.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.1884 [GMT 1:00]
Spuštěný z: c:\documents and settings\Owner.F-55412FB590154\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Owner.F-55412FB590154\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Kerio Personal Firewall *Disabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-10-27 do 2014-11-27 )))))))))))))))))))))))))))))))
.
.
2050-04-30 12:51 . 2050-04-30 12:51 -------- d-----w- C:\totalcmd
2050-04-30 12:45 . 2009-08-29 20:59 -------- d-----w- c:\program files\DAEMON Tools Lite
2050-04-30 12:38 . 2050-04-30 12:38 -------- d-----w- c:\program files\Sunbelt Software
2050-04-30 12:32 . 2050-04-30 12:32 -------- d-----w- c:\windows\Sun
2050-04-30 12:29 . 2013-08-27 16:21 -------- d-----w- c:\program files\Common Files\Java
2050-04-30 12:17 . 2011-10-25 15:36 -------- d-----w- c:\program files\The KMPlayer
2050-04-30 11:49 . 2012-11-18 22:39 -------- d-----w- C:\Warez
2050-04-30 11:24 . 2050-04-30 11:24 -------- d-----w- c:\program files\Lavalys
2050-04-30 11:11 . 2014-08-17 21:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2050-04-30 11:08 . 2014-07-02 15:47 -------- d-s---w- c:\windows\system32\Microsoft
2050-04-30 11:03 . 2014-11-24 12:23 -------- d-sh--w- c:\documents and settings\LocalService
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-23 17:28 . 2012-05-01 08:03 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-21 10:31 . 2010-11-27 09:28 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-11-09 17:46 . 2014-10-03 11:58 70384 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-10-23 11:13 . 2014-10-03 11:58 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-10-23 11:13 . 2010-11-27 09:28 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-10-23 11:13 . 2014-10-03 12:03 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-10-23 11:13 . 2014-10-03 11:58 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-10-23 11:13 . 2010-11-27 09:28 55240 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-10-23 11:12 . 2014-10-23 11:13 291352 ----a-w- c:\windows\system32\aswBoot.exe
2014-10-23 11:12 . 2014-10-23 11:12 43152 ----a-w- c:\windows\avastSS.scr
2014-08-29 23:08 . 2014-08-29 23:08 82432 ----a-w- c:\windows\system32\msxml4r.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-11-23 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
[-] 2008-07-22 . 3BA3D565D3C031DA39F55F7D6F41BF89 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-08-27 22041192]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-05-24 33747360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"Nero MediaHome 4"="c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2012-02-28 5178664]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2012-03-06 4241512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\Guest\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^forteManager.lnk]
backup=c:\windows\pss\forteManager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^GamePark klient 2.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\GamePark klient 2.lnk
backup=c:\windows\pss\GamePark klient 2.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-23 19:43 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]
2012-05-28 13:56 288128 ----a-w- c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 09:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent]
2014-09-16 10:16 839384 ----a-w- c:\program files\BlueStacks\HD-Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2002-10-15 17:00 1818624 -c--a-w- c:\windows\mixer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM tray]
2014-03-06 15:07 2086568 ----a-w- c:\program files\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM Tray Agent]
2014-02-13 13:37 254024 ----a-w- c:\program files\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX600FW Series]
2008-03-05 15:00 188928 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIEKE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GAINWARD]
2008-05-23 14:48 2170880 ----a-w- c:\program files\EXPERTool\TBPANEL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2014-10-26 22:18 107912 ----atw- c:\documents and settings\Owner.F-55412FB590154\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-04-17 11:41 196608 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-03-20 15:34 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-08-29 10:03 1996200 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero MediaHome 4]
2012-02-28 15:12 5178664 ----a-w- c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2011-10-08 04:50 1632360 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2012-06-26 11:10 1516632 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RandomMouseClicker]
2012-06-22 17:16 59776 ----a-w- c:\program files\Random Mouse Clicker\RandomMouseClicker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-08-27 07:20 22041192 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2012-05-25 07:42 3318784 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=3 (0x3)
"PnkBstrA"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"BstHdUpdaterSvc"=2 (0x2)
"BstHdLogRotatorSvc"=2 (0x2)
"BstHdAndroidSvc"=2 (0x2)
"AODService"=2 (0x2)
"AdvancedSystemCareService5"=3 (0x3)
"HiPatchService"=2 (0x2)
"ACDaemon"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EPSON SX600FW Series (kopie 5)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "c:\windows\TEMP\E_S52.tmp" /EF "HKCU"
"EPSON Stylus SX600FW(Síť) (kopie 1)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "c:\windows\TEMP\E_S57C.tmp" /EF "HKCU"
"EPSON Stylus SX600FW(Síť)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "c:\docume~1\OWNER~1.F-5\LOCALS~1\Temp\E_S353.tmp" /EF "HKCU"
"EPSON SX600FW Series (kopie 1)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "c:\windows\TEMP\E_S179.tmp" /EF "HKCU"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Ultima Online\\client.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Owner.F-55412FB590154\\Plocha\\Torrent\\utorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Owner.F-55412FB590154\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58204:TCP"= 58204:TCP:Pando Media Booster
"58204:UDP"= 58204:UDP:Pando Media Booster
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"57217:TCP"= 57217:TCP:Pando Media Booster
"57217:UDP"= 57217:UDP:Pando Media Booster
"56874:TCP"= 56874:TCP:Pando Media Booster
"56874:UDP"= 56874:UDP:Pando Media Booster
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.8.2008 10:46 721904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [1.5.2012 9:03 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [27.11.2010 10:28 423784]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [20.2.2007 12:34 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [20.2.2007 12:34 71088]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [19.5.2010 14:58 142592]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe [16.9.2014 11:14 409304]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [16.9.2014 11:14 112344]
R2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files\BlueStacks\HD-UpdaterService.exe [16.9.2014 11:16 777944]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [23.8.2010 11:07 20328]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users.WINDOWS\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [9.10.2013 10:58 3275136]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [15.9.2009 12:59 38248]
R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [21.4.2007 15:15 9344]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [31.8.2010 18:25 2136224]
S1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\DRIVERS\wfcxacap.sys --> c:\windows\system32\DRIVERS\wfcxacap.sys [?]
S2 aswFsBlk;aswFsBlk; [x]
S2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys --> c:\windows\system32\drivers\wfcxatun.sys [?]
S2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys --> c:\windows\system32\drivers\wfcxvcap.sys [?]
S3 AMDMSRIO;AMDMSRIO; [x]
S3 AODDriver;AODDriver;\??\c:\program files\AMD\OverDrive\i386\AODDriver.sys --> c:\program files\AMD\OverDrive\i386\AODDriver.sys [?]
S3 ATICDSDr;ATICDSDr; [x]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [20.1.2011 17:39 64320]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [31.7.2014 23:06 13896]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [31.7.2014 23:06 9160]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [21.10.2010 17:59 36640]
S3 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [21.10.2010 17:59 217088]
S3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.8.2012 11:03 1385896]
S3 RTXNKKJVHKKV;RTXNKKJVHKKV; [x]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [21.10.2010 18:01 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [21.10.2010 18:01 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [21.10.2010 18:01 121576]
S3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys --> c:\windows\system32\drivers\wfcxdtun.sys [?]
S3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys --> c:\windows\system32\drivers\wfcxxbar.sys [?]
S4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [13.9.2012 13:53 913792]
S4 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [22.10.2009 2:49 136544]
S4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [16.9.2014 11:15 384728]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;h:\hry-instalovany\Hi-Rez Studio\HiPatchService.exe [17.8.2014 22:57 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2014-11-27 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-10-23 11:12]
.
2014-11-09 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-10-07 23:28]
.
2014-11-27 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-10-07 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://beemp3.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
FF - ProfilePath - c:\documents and settings\Owner.F-55412FB590154\Data aplikací\Mozilla\Firefox\Profiles\8y1vap2l.default-1373020015046\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-11-27 19:36
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1343024091-651377827-682003330-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{01D88ABF-E583-DC9C-1694-BA26C6B026CB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nafjgcmfinhidbccojcmbpocmmnl"=hex:69,61,6c,6e,67,63,66,70,63,6a,70,64,63,69,
6d,63,67,67,00,00
"mapiaalgodokoghacaaehifanc"=hex:69,61,6c,6e,67,63,66,70,63,6a,70,64,63,69,6d,
63,67,67,00,00
.
[HKEY_USERS\S-1-5-21-1343024091-651377827-682003330-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:8a,a8,95,7b,45,8b,44,01,20,0b,b8,c9,a5,b4,b0,32,b7,d7,60,22,7b,af,3c,
55,aa,87,6e,15,dd,b9,4e,20,b7,7a,42,3f,e4,6b,a2,cf,97,f0,e1,15,44,5c,cb,2b,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-1343024091-651377827-682003330-1001\Software\SecuROM\License information*]
"datasecu"=hex:29,b1,4e,77,35,81,3d,ff,13,5c,93,c4,c4,15,f1,7b,b9,52,d3,70,d1,
ab,9f,1a,dd,cf,95,fe,cc,bd,93,40,d1,27,30,e5,7c,b4,7d,30,54,92,bd,dd,2c,2c,\
"rkeysecu"=hex:85,5d,af,5b,e3,55,d0,19,81,31,57,73,e4,f6,85,b7
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1196)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'lsass.exe'(1252)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(3824)
c:\windows\system32\msi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Nero\Nero MediaHome 4\NMMediaServerService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\program files\BlueStacks\HD-Network.exe
c:\program files\BlueStacks\HD-BlockDevice.exe
c:\program files\BlueStacks\HD-SharedFolder.exe
.
**************************************************************************
.
Celkový čas: 2014-11-27 19:45:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-11-27 18:45
ComboFix2.txt 2014-11-27 10:03
ComboFix3.txt 2014-11-25 16:28
ComboFix4.txt 2014-11-24 12:23
.
Před spuštěním: 1 587 716 096
Po spuštění: 1 578 061 824
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 17E782FEBA74160031920CEEE2395CC8
413FC2A0C716421B3158746D63736515

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

Driver::
wfcxxbar

RegLock::
[HKEY_USERS\S-1-5-21-1343024091-651377827-682003330-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{01D88ABF-E583-DC9C-1694-BA26C6B026CB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nafjgcmfinhidbccojcmbpocmmnl"=hex:69,61,6c,6e,67,63,66,70,63,6a,70,64,63,69,
 6d,63,67,67,00,00
"mapiaalgodokoghacaaehifanc"=hex:69,61,6c,6e,67,63,66,70,63,6a,70,64,63,69,6d,
 63,67,67,00,00
.
[HKEY_USERS\S-1-5-21-1343024091-651377827-682003330-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:8a,a8,95,7b,45,8b,44,01,20,0b,b8,c9,a5,b4,b0,32,b7,d7,60,22,7b,af,3c,
 55,aa,87,6e,15,dd,b9,4e,20,b7,7a,42,3f,e4,6b,a2,cf,97,f0,e1,15,44,5c,cb,2b,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-1343024091-651377827-682003330-1001\Software\SecuROM\License information*]
"datasecu"=hex:29,b1,4e,77,35,81,3d,ff,13,5c,93,c4,c4,15,f1,7b,b9,52,d3,70,d1,
 ab,9f,1a,dd,cf,95,fe,cc,bd,93,40,d1,27,30,e5,7c,b4,7d,30,54,92,bd,dd,2c,2c,\
"rkeysecu"=hex:85,5d,af,5b,e3,55,d0,19,81,31,57,73,e4,f6,85,b7

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[Trhace]

Combofix:

ComboFix 14-11-18.01 - Owner 01.12.2014 11:37:48.5.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2141 [GMT 1:00]
Spuštěný z: c:\documents and settings\Owner.F-55412FB590154\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Owner.F-55412FB590154\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Kerio Personal Firewall *Disabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_wfcxxbar
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-11-01 do 2014-12-01 )))))))))))))))))))))))))))))))
.
.
2050-04-30 12:51 . 2050-04-30 12:51 -------- d-----w- C:\totalcmd
2050-04-30 12:45 . 2009-08-29 20:59 -------- d-----w- c:\program files\DAEMON Tools Lite
2050-04-30 12:38 . 2050-04-30 12:38 -------- d-----w- c:\program files\Sunbelt Software
2050-04-30 12:32 . 2050-04-30 12:32 -------- d-----w- c:\windows\Sun
2050-04-30 12:29 . 2013-08-27 16:21 -------- d-----w- c:\program files\Common Files\Java
2050-04-30 12:17 . 2011-10-25 15:36 -------- d-----w- c:\program files\The KMPlayer
2050-04-30 11:49 . 2012-11-18 22:39 -------- d-----w- C:\Warez
2050-04-30 11:24 . 2050-04-30 11:24 -------- d-----w- c:\program files\Lavalys
2050-04-30 11:11 . 2014-08-17 21:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2050-04-30 11:08 . 2014-07-02 15:47 -------- d-s---w- c:\windows\system32\Microsoft
2050-04-30 11:03 . 2014-11-24 12:23 -------- d-sh--w- c:\documents and settings\LocalService
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-23 17:28 . 2012-05-01 08:03 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-21 10:31 . 2010-11-27 09:28 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-11-09 17:46 . 2014-10-03 11:58 70384 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-10-23 11:13 . 2014-10-03 11:58 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-10-23 11:13 . 2010-11-27 09:28 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-10-23 11:13 . 2014-10-03 12:03 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-10-23 11:13 . 2014-10-03 11:58 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-10-23 11:13 . 2010-11-27 09:28 55240 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-10-23 11:12 . 2014-10-23 11:13 291352 ----a-w- c:\windows\system32\aswBoot.exe
2014-10-23 11:12 . 2014-10-23 11:12 43152 ----a-w- c:\windows\avastSS.scr
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-11-23 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
[-] 2008-07-22 . 3BA3D565D3C031DA39F55F7D6F41BF89 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-08-27 22041192]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-05-24 33747360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"Nero MediaHome 4"="c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2012-02-28 5178664]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2012-03-06 4241512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\Guest\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^forteManager.lnk]
backup=c:\windows\pss\forteManager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^GamePark klient 2.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\GamePark klient 2.lnk
backup=c:\windows\pss\GamePark klient 2.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-23 19:43 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]
2012-05-28 13:56 288128 ----a-w- c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 09:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent]
2014-09-16 10:16 839384 ----a-w- c:\program files\BlueStacks\HD-Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2002-10-15 17:00 1818624 -c--a-w- c:\windows\mixer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM tray]
2014-03-06 15:07 2086568 ----a-w- c:\program files\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM Tray Agent]
2014-02-13 13:37 254024 ----a-w- c:\program files\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX600FW Series]
2008-03-05 15:00 188928 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIEKE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GAINWARD]
2008-05-23 14:48 2170880 ----a-w- c:\program files\EXPERTool\TBPANEL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2014-10-26 22:18 107912 ----atw- c:\documents and settings\Owner.F-55412FB590154\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-04-17 11:41 196608 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-03-20 15:34 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-08-29 10:03 1996200 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero MediaHome 4]
2012-02-28 15:12 5178664 ----a-w- c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2011-10-08 04:50 1632360 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2012-06-26 11:10 1516632 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RandomMouseClicker]
2012-06-22 17:16 59776 ----a-w- c:\program files\Random Mouse Clicker\RandomMouseClicker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-08-27 07:20 22041192 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2012-05-25 07:42 3318784 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=3 (0x3)
"PnkBstrA"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"BstHdUpdaterSvc"=2 (0x2)
"BstHdLogRotatorSvc"=2 (0x2)
"BstHdAndroidSvc"=2 (0x2)
"AODService"=2 (0x2)
"AdvancedSystemCareService5"=3 (0x3)
"HiPatchService"=2 (0x2)
"ACDaemon"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EPSON SX600FW Series (kopie 5)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "c:\windows\TEMP\E_S52.tmp" /EF "HKCU"
"EPSON Stylus SX600FW(Síť) (kopie 1)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "c:\windows\TEMP\E_S57C.tmp" /EF "HKCU"
"EPSON Stylus SX600FW(Síť)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "c:\docume~1\OWNER~1.F-5\LOCALS~1\Temp\E_S353.tmp" /EF "HKCU"
"EPSON SX600FW Series (kopie 1)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "c:\windows\TEMP\E_S179.tmp" /EF "HKCU"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Ultima Online\\client.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Owner.F-55412FB590154\\Plocha\\Torrent\\utorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Owner.F-55412FB590154\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58204:TCP"= 58204:TCP:Pando Media Booster
"58204:UDP"= 58204:UDP:Pando Media Booster
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"57217:TCP"= 57217:TCP:Pando Media Booster
"57217:UDP"= 57217:UDP:Pando Media Booster
"56874:TCP"= 56874:TCP:Pando Media Booster
"56874:UDP"= 56874:UDP:Pando Media Booster
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.8.2008 10:46 721904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [1.5.2012 9:03 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [27.11.2010 10:28 423784]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [20.2.2007 12:34 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [20.2.2007 12:34 71088]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [19.5.2010 14:58 142592]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe [16.9.2014 11:14 409304]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [16.9.2014 11:14 112344]
R2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files\BlueStacks\HD-UpdaterService.exe [16.9.2014 11:16 777944]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [23.8.2010 11:07 20328]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users.WINDOWS\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [9.10.2013 10:58 3275136]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [15.9.2009 12:59 38248]
R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [21.4.2007 15:15 9344]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [31.8.2010 18:25 2136224]
S1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\DRIVERS\wfcxacap.sys --> c:\windows\system32\DRIVERS\wfcxacap.sys [?]
S2 aswFsBlk;aswFsBlk; [x]
S2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys --> c:\windows\system32\drivers\wfcxatun.sys [?]
S2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys --> c:\windows\system32\drivers\wfcxvcap.sys [?]
S3 AMDMSRIO;AMDMSRIO; [x]
S3 AODDriver;AODDriver;\??\c:\program files\AMD\OverDrive\i386\AODDriver.sys --> c:\program files\AMD\OverDrive\i386\AODDriver.sys [?]
S3 ATICDSDr;ATICDSDr; [x]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [20.1.2011 17:39 64320]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [31.7.2014 23:06 13896]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [31.7.2014 23:06 9160]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [21.10.2010 17:59 36640]
S3 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [21.10.2010 17:59 217088]
S3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.8.2012 11:03 1385896]
S3 RTXNKKJVHKKV;RTXNKKJVHKKV; [x]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [21.10.2010 18:01 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [21.10.2010 18:01 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [21.10.2010 18:01 121576]
S3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys --> c:\windows\system32\drivers\wfcxdtun.sys [?]
S4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [13.9.2012 13:53 913792]
S4 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [22.10.2009 2:49 136544]
S4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [16.9.2014 11:15 384728]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;h:\hry-instalovany\Hi-Rez Studio\HiPatchService.exe [17.8.2014 22:57 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2014-12-01 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-10-23 11:12]
.
2014-11-09 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-10-07 23:28]
.
2014-12-01 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-10-07 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://beemp3.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
FF - ProfilePath - c:\documents and settings\Owner.F-55412FB590154\Data aplikací\Mozilla\Firefox\Profiles\8y1vap2l.default-1373020015046\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-12-01 11:56
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1343024091-651377827-682003330-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{01D88ABF-E583-DC9C-1694-BA26C6B026CB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nafjgcmfinhidbccojcmbpocmmnl"=hex:69,61,6c,6e,67,63,66,70,63,6a,70,64,63,69,
6d,63,67,67,00,00
"mapiaalgodokoghacaaehifanc"=hex:69,61,6c,6e,67,63,66,70,63,6a,70,64,63,69,6d,
63,67,67,00,00
.
[HKEY_USERS\S-1-5-21-1343024091-651377827-682003330-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:8a,a8,95,7b,45,8b,44,01,20,0b,b8,c9,a5,b4,b0,32,b7,d7,60,22,7b,af,3c,
55,aa,87,6e,15,dd,b9,4e,20,b7,7a,42,3f,e4,6b,a2,cf,97,f0,e1,15,44,5c,cb,2b,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-1343024091-651377827-682003330-1001\Software\SecuROM\License information*]
"datasecu"=hex:29,b1,4e,77,35,81,3d,ff,13,5c,93,c4,c4,15,f1,7b,b9,52,d3,70,d1,
ab,9f,1a,dd,cf,95,fe,cc,bd,93,40,d1,27,30,e5,7c,b4,7d,30,54,92,bd,dd,2c,2c,\
"rkeysecu"=hex:85,5d,af,5b,e3,55,d0,19,81,31,57,73,e4,f6,85,b7
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1196)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'lsass.exe'(1252)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(3168)
c:\windows\system32\msi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Nero\Nero MediaHome 4\NMMediaServerService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\program files\BlueStacks\HD-Network.exe
c:\program files\BlueStacks\HD-BlockDevice.exe
c:\program files\BlueStacks\HD-SharedFolder.exe
.
**************************************************************************
.
Celkový čas: 2014-12-01 12:04:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-12-01 11:04
ComboFix2.txt 2014-11-27 18:45
ComboFix3.txt 2014-11-27 10:03
ComboFix4.txt 2014-11-25 16:28
ComboFix5.txt 2014-12-01 10:28
.
Před spuštěním: Volných bajtů: 27 151 925 248
Po spuštění: Volných bajtů: 27 123 408 896
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - D094BBDC4701367183EA11F9ED9122BD
413FC2A0C716421B3158746D63736515

[Trhace]

aswMBR:

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2014-12-01 17:04:42
-----------------------------
17:04:42.231 OS Version: Windows 5.1.2600 Service Pack 3
17:04:42.231 Number of processors: 4 586 0x503
17:04:42.231 ComputerName: HLAVNI UserName: Owner
17:04:45.059 Initialize success
17:04:49.684 AVAST engine defs: 14102100
17:06:36.684 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
17:06:36.684 Disk 0 Vendor: ST3500320AS SD1A Size: 476940MB BusType: 3
17:06:36.700 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
17:06:36.700 Disk 1 Vendor: WDC_WD20EARS-00MVWB0 51.0AB51 Size: 1907729MB BusType: 3
17:06:36.700 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-1b
17:06:36.700 Disk 2 Vendor: WDC_WD2500JB-00GVC0 08.02D08 Size: 238475MB BusType: 3
17:06:36.809 Disk 2 MBR read successfully
17:06:36.809 Disk 2 MBR scan
17:06:37.606 Disk 2 Windows XP default MBR code
17:06:37.637 Disk 2 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238472 MB offset 63
17:06:37.653 Disk 2 Boot: NTFS code=1
17:06:37.856 Disk 2 scanning sectors +488392065
17:06:37.997 Disk 2 scanning C:\WINDOWS\system32\drivers
17:06:49.965 Service scanning
17:07:03.903 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
17:07:07.497 Modules scanning
17:07:07.512 \Driver\nvata MajorFunction[ IRP_MJ_CREATE ] @ 0x8b7f41f8 suspicious
17:07:07.512 \Driver\nvata MajorFunction[ IRP_MJ_CREATE_NAMED_PIPE ] @ 0x8b7f41f8 suspicious
17:07:07.512 \Driver\nvata MajorFunction[ IRP_MJ_CLOSE ] @ 0x8b7f41f8 suspicious
17:07:07.512 \Driver\nvata MajorFunction[ IRP_MJ_READ ] @ 0x8b7f41f8 suspicious
17:07:07.512 \Driver\nvata MajorFunction[ IRP_MJ_WRITE ] @ 0x8b7f41f8 suspicious
17:07:07.512 \Driver\nvata MajorFunction[ IRP_MJ_QUERY_INFORMATION ] @ 0x8b7f41f8 suspicious
17:07:07.528 \Driver\nvata MajorFunction[ IRP_MJ_SET_INFORMATION ] @ 0x8b7f41f8 suspicious
17:07:07.528 \Driver\nvata MajorFunction[ IRP_MJ_QUERY_EA ] @ 0x8b7f41f8 suspicious
17:07:07.528 \Driver\nvata MajorFunction[ IRP_MJ_SET_EA ] @ 0x8b7f41f8 suspicious
17:07:07.528 \Driver\nvata MajorFunction[ IRP_MJ_FLUSH_BUFFERS ] @ 0x8b7f41f8 suspicious
17:07:07.528 \Driver\nvata MajorFunction[ IRP_MJ_QUERY_VOLUME_INFORMATION ] @ 0x8b7f41f8 suspicious
17:07:07.528 \Driver\nvata MajorFunction[ IRP_MJ_SET_VOLUME_INFORMATION ] @ 0x8b7f41f8 suspicious
17:07:07.544 \Driver\nvata MajorFunction[ IRP_MJ_DIRECTORY_CONTROL ] @ 0x8b7f41f8 suspicious
17:07:07.544 \Driver\nvata MajorFunction[ IRP_MJ_FILE_SYSTEM_CONTROL ] @ 0x8b7f41f8 suspicious
17:07:07.544 \Driver\nvata MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b7f41f8 suspicious
17:07:07.544 \Driver\nvata MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b7f41f8 suspicious
17:07:07.544 \Driver\nvata MajorFunction[ IRP_MJ_SHUTDOWN ] @ 0x8b7f41f8 suspicious
17:07:07.559 \Driver\nvata MajorFunction[ IRP_MJ_LOCK_CONTROL ] @ 0x8b7f41f8 suspicious
17:07:07.559 \Driver\nvata MajorFunction[ IRP_MJ_CLEANUP ] @ 0x8b7f41f8 suspicious
17:07:07.559 \Driver\nvata MajorFunction[ IRP_MJ_CREATE_MAILSLOT ] @ 0x8b7f41f8 suspicious
17:07:07.559 \Driver\nvata MajorFunction[ IRP_MJ_QUERY_SECURITY ] @ 0x8b7f41f8 suspicious
17:07:07.559 \Driver\nvata MajorFunction[ IRP_MJ_SET_SECURITY ] @ 0x8b7f41f8 suspicious
17:07:07.575 \Driver\nvata MajorFunction[ IRP_MJ_POWER ] @ 0x8b7f41f8 suspicious
17:07:07.575 \Driver\nvata MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b7f41f8 suspicious
17:07:07.575 \Driver\nvata MajorFunction[ IRP_MJ_DEVICE_CHANGE ] @ 0x8b7f41f8 suspicious
17:07:07.575 \Driver\nvata MajorFunction[ IRP_MJ_QUERY_QUOTA ] @ 0x8b7f41f8 suspicious
17:07:07.575 \Driver\nvata MajorFunction[ IRP_MJ_SET_QUOTA ] @ 0x8b7f41f8 suspicious
17:07:07.590 \Driver\atapi DriverInit @ 0x8b86b298 suspicious
17:07:07.590 \Driver\dmio MajorFunction[ IRP_MJ_CREATE ] @ 0x8b7f51f8 suspicious
17:07:07.590 \Driver\dmio MajorFunction[ IRP_MJ_CLOSE ] @ 0x8b7f51f8 suspicious
17:07:07.590 \Driver\dmio MajorFunction[ IRP_MJ_READ ] @ 0x8b7f51f8 suspicious
17:07:07.590 \Driver\dmio MajorFunction[ IRP_MJ_WRITE ] @ 0x8b7f51f8 suspicious
17:07:07.606 \Driver\dmio MajorFunction[ IRP_MJ_FLUSH_BUFFERS ] @ 0x8b7f51f8 suspicious
17:07:07.606 \Driver\dmio MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b7f51f8 suspicious
17:07:07.606 \Driver\dmio MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b7f51f8 suspicious
17:07:07.606 \Driver\dmio MajorFunction[ IRP_MJ_SHUTDOWN ] @ 0x8b7f51f8 suspicious
17:07:07.606 \Driver\dmio MajorFunction[ IRP_MJ_POWER ] @ 0x8b7f51f8 suspicious
17:07:07.622 \Driver\dmio MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b7f51f8 suspicious
17:07:07.622 \Driver\usbohci MajorFunction[ IRP_MJ_CREATE ] @ 0x8b6411f8 suspicious
17:07:07.622 \Driver\usbohci MajorFunction[ IRP_MJ_CLOSE ] @ 0x8b6411f8 suspicious
17:07:07.622 \Driver\usbohci MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b6411f8 suspicious
17:07:07.622 \Driver\usbohci MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b6411f8 suspicious
17:07:07.637 \Driver\usbohci MajorFunction[ IRP_MJ_POWER ] @ 0x8b6411f8 suspicious
17:07:07.637 \Driver\usbohci MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b6411f8 suspicious
17:07:07.637 \Driver\Ftdisk MajorFunction[ IRP_MJ_CREATE ] @ 0x8b86c1f8 suspicious
17:07:07.637 \Driver\Ftdisk MajorFunction[ IRP_MJ_READ ] @ 0x8b86c1f8 suspicious
17:07:07.653 \Driver\Ftdisk MajorFunction[ IRP_MJ_WRITE ] @ 0x8b86c1f8 suspicious
17:07:07.653 \Driver\Ftdisk MajorFunction[ IRP_MJ_FLUSH_BUFFERS ] @ 0x8b86c1f8 suspicious
17:07:07.653 \Driver\Ftdisk MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b86c1f8 suspicious
17:07:07.653 \Driver\Ftdisk MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b86c1f8 suspicious
17:07:07.653 \Driver\Ftdisk MajorFunction[ IRP_MJ_SHUTDOWN ] @ 0x8b86c1f8 suspicious
17:07:07.669 \Driver\Ftdisk MajorFunction[ IRP_MJ_CLEANUP ] @ 0x8b86c1f8 suspicious
17:07:07.669 \Driver\Ftdisk MajorFunction[ IRP_MJ_POWER ] @ 0x8b86c1f8 suspicious
17:07:07.669 \Driver\Ftdisk MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b86c1f8 suspicious
17:07:07.669 \Driver\a4h8dvy0 MajorFunction[ IRP_MJ_CREATE ] @ 0x8b54b500 suspicious
17:07:07.669 \Driver\a4h8dvy0 MajorFunction[ IRP_MJ_CLOSE ] @ 0x8b54b500 suspicious
17:07:07.684 \Driver\a4h8dvy0 MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b54b500 suspicious
17:07:07.684 \Driver\a4h8dvy0 MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b54b500 suspicious
17:07:07.684 \Driver\a4h8dvy0 MajorFunction[ IRP_MJ_POWER ] @ 0x8b54b500 suspicious
17:07:07.684 \Driver\a4h8dvy0 MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b54b500 suspicious
17:07:07.684 \Driver\NetBT MajorFunction[ IRP_MJ_CREATE ] @ 0x8abc01f8 suspicious
17:07:07.700 \Driver\NetBT MajorFunction[ IRP_MJ_CLOSE ] @ 0x8abc01f8 suspicious
17:07:07.700 \Driver\NetBT MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8abc01f8 suspicious
17:07:07.700 \Driver\NetBT MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8abc01f8 suspicious
17:07:07.700 \Driver\NetBT MajorFunction[ IRP_MJ_CLEANUP ] @ 0x8abc01f8 suspicious
17:07:07.700 \Driver\Cdrom MajorFunction[ IRP_MJ_CREATE ] @ 0x8b4961f8 suspicious
17:07:07.715 \Driver\Cdrom MajorFunction[ IRP_MJ_CLOSE ] @ 0x8b4961f8 suspicious
17:07:07.715 \Driver\Cdrom MajorFunction[ IRP_MJ_READ ] @ 0x8b4961f8 suspicious
17:07:07.715 \Driver\Cdrom MajorFunction[ IRP_MJ_WRITE ] @ 0x8b4961f8 suspicious
17:07:07.715 \Driver\Cdrom MajorFunction[ IRP_MJ_FLUSH_BUFFERS ] @ 0x8b4961f8 suspicious
17:07:07.715 \Driver\Cdrom MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b4961f8 suspicious
17:07:07.731 \Driver\Cdrom MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b4961f8 suspicious
17:07:07.731 \Driver\Cdrom MajorFunction[ IRP_MJ_SHUTDOWN ] @ 0x8b4961f8 suspicious
17:07:07.731 \Driver\Cdrom MajorFunction[ IRP_MJ_POWER ] @ 0x8b4961f8 suspicious
17:07:07.731 \Driver\Cdrom MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b4961f8 suspicious
17:07:07.731 \Driver\usbehci MajorFunction[ IRP_MJ_CREATE ] @ 0x8b54c500 suspicious
17:07:07.747 \Driver\usbehci MajorFunction[ IRP_MJ_CLOSE ] @ 0x8b54c500 suspicious
17:07:07.747 \Driver\usbehci MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b54c500 suspicious
17:07:07.747 \Driver\usbehci MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b54c500 suspicious
17:07:07.747 \Driver\usbehci MajorFunction[ IRP_MJ_POWER ] @ 0x8b54c500 suspicious
17:07:07.762 \Driver\usbehci MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b54c500 suspicious
17:07:07.762 Disk 2 trace - called modules:
17:07:07.778 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spcp.sys >>UNKNOWN [0x8b815938]<<
17:07:07.794 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0x8b776ab8]
17:07:07.794 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\0000009b[0x8b7a89e8]
17:07:07.794 5 ACPI.sys[b7e66620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-1b[0x8b742940]
17:07:08.669 AVAST engine scan C:\WINDOWS
17:07:17.215 AVAST engine scan C:\WINDOWS\system32
17:10:56.809 AVAST engine scan C:\WINDOWS\system32\drivers
17:11:17.528 AVAST engine scan C:\Documents and Settings\Owner.F-55412FB590154
17:44:07.856 File: C:\Documents and Settings\Owner.F-55412FB590154\Local Settings\Apps\2.0\PX0JAH1A.Z60\8D281MNB.19J\macr...exe_0a345d07a48f8f00_0005.0006_none_9afe817851bd965c\extp.etl **INFECTED** Win32:Malware-gen
17:44:09.200 File: C:\Documents and Settings\Owner.F-55412FB590154\Local Settings\Apps\2.0\PX0JAH1A.Z60\8D281MNB.19J\macr..tion_0a345d07a48f8f00_0005.0006_2c2c28435787bc80\extp.etl **INFECTED** Win32:Malware-gen
18:15:44.372 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
18:41:06.044 Disk 2 statistics 4153050/0/0 @ 0,39 MB/s
18:41:06.059 Scan finished successfully
18:41:22.247 Disk 2 MBR has been saved successfully to "C:\Documents and Settings\Owner.F-55412FB590154\Plocha\MBR.dat"
18:41:22.262 The log file has been saved successfully to "C:\Documents and Settings\Owner.F-55412FB590154\Plocha\aswMBR.txt"
18:43:12.762 Disk 2 MBR has been saved successfully to "C:\Documents and Settings\Owner.F-55412FB590154\Plocha\MBR.dat"
18:43:12.794 The log file has been saved successfully to "C:\Documents and Settings\Owner.F-55412FB590154\Plocha\aswMBR.txt"

[jaro3]

Odinstaluj:
Spyware Terminator
Advanced SystemCare 5

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

File::
c:\windows\system32\drivers\sp_rsdrv2.sys

Driver::
sp_rsdrv2

RegLock::
[HKEY_USERS\S-1-5-21-1343024091-651377827-682003330-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{01D88ABF-E583-DC9C-1694-BA26C6B026CB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nafjgcmfinhidbccojcmbpocmmnl"=hex:69,61,6c,6e,67,63,66,70,63,6a,70,64,63,69,
 6d,63,67,67,00,00
"mapiaalgodokoghacaaehifanc"=hex:69,61,6c,6e,67,63,66,70,63,6a,70,64,63,69,6d,
 63,67,67,00,00
.
[HKEY_USERS\S-1-5-21-1343024091-651377827-682003330-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:8a,a8,95,7b,45,8b,44,01,20,0b,b8,c9,a5,b4,b0,32,b7,d7,60,22,7b,af,3c,
 55,aa,87,6e,15,dd,b9,4e,20,b7,7a,42,3f,e4,6b,a2,cf,97,f0,e1,15,44,5c,cb,2b,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-1343024091-651377827-682003330-1001\Software\SecuROM\License information*]
"datasecu"=hex:29,b1,4e,77,35,81,3d,ff,13,5c,93,c4,c4,15,f1,7b,b9,52,d3,70,d1,
 ab,9f,1a,dd,cf,95,fe,cc,bd,93,40,d1,27,30,e5,7c,b4,7d,30,54,92,bd,dd,2c,2c,\
"rkeysecu"=hex:85,5d,af,5b,e3,55,d0,19,81,31,57,73,e4,f6,85,b7


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[Trhace]

Combofix:

ComboFix 14-11-18.01 - Owner 03.12.2014 13:19:08.6.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2242 [GMT 1:00]
Spuštěný z: c:\documents and settings\Owner.F-55412FB590154\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Owner.F-55412FB590154\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Kerio Personal Firewall *Disabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.
FILE ::
"c:\windows\system32\drivers\sp_rsdrv2.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SP_RSDRV2
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-11-03 do 2014-12-03 )))))))))))))))))))))))))))))))
.
.
2050-04-30 12:51 . 2050-04-30 12:51 -------- d-----w- C:\totalcmd
2050-04-30 12:45 . 2009-08-29 20:59 -------- d-----w- c:\program files\DAEMON Tools Lite
2050-04-30 12:38 . 2050-04-30 12:38 -------- d-----w- c:\program files\Sunbelt Software
2050-04-30 12:32 . 2050-04-30 12:32 -------- d-----w- c:\windows\Sun
2050-04-30 12:29 . 2014-12-02 17:06 -------- d-----w- c:\program files\Common Files\Java
2050-04-30 12:17 . 2011-10-25 15:36 -------- d-----w- c:\program files\The KMPlayer
2050-04-30 11:49 . 2012-11-18 22:39 -------- d-----w- C:\Warez
2050-04-30 11:24 . 2050-04-30 11:24 -------- d-----w- c:\program files\Lavalys
2050-04-30 11:11 . 2014-12-02 21:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2050-04-30 11:08 . 2014-07-02 15:47 -------- d-s---w- c:\windows\system32\Microsoft
2050-04-30 11:03 . 2014-11-24 12:23 -------- d-sh--w- c:\documents and settings\LocalService
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-02 17:05 . 2013-08-27 16:21 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-12-02 17:05 . 2008-08-17 20:22 146432 ----a-w- c:\windows\system32\javacpl.cpl
2014-11-23 17:28 . 2012-05-01 08:03 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-21 10:31 . 2010-11-27 09:28 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-11-09 17:46 . 2014-10-03 11:58 70384 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-10-23 11:13 . 2014-10-03 11:58 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-10-23 11:13 . 2010-11-27 09:28 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-10-23 11:13 . 2014-10-03 12:03 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-10-23 11:13 . 2014-10-03 11:58 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-10-23 11:13 . 2010-11-27 09:28 55240 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-10-23 11:12 . 2014-10-23 11:13 291352 ----a-w- c:\windows\system32\aswBoot.exe
2014-10-23 11:12 . 2014-10-23 11:12 43152 ----a-w- c:\windows\avastSS.scr
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-11-23 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
[-] 2008-07-22 . 3BA3D565D3C031DA39F55F7D6F41BF89 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-08-27 22041192]
"DAEMON Tools Lite"="c:\program files\daemon tools lite\daemon.exe" [2009-04-23 691656]
"PC Suite Tray"="c:\program files\nokia\nokia pc suite 7\pcsuite.exe" [2012-06-26 1516632]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-05-24 33747360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"Nero MediaHome 4"="c:\program files\nero\nero mediahome 4\neromediahome.exe" [2012-02-28 5178664]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2012-03-06 4241512]
"LogMeIn Hamachi Ui"="c:\program files\logmein hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
"GrooveMonitor"="c:\program files\microsoft office\office12\groovemonitor.exe" [2006-10-26 31016]
"nwiz"="c:\program files\nvidia corporation\nview\nwiz.exe" [2011-10-08 1632360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"BlueStacks Agent"="c:\program files\BlueStacks\HD-Agent.exe" [2014-06-23 832272]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\Guest\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^forteManager.lnk]
backup=c:\windows\pss\forteManager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^GamePark klient 2.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\GamePark klient 2.lnk
backup=c:\windows\pss\GamePark klient 2.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-23 19:43 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 09:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent]
2014-06-23 10:36 832272 ----a-w- c:\program files\BlueStacks\HD-Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2002-10-15 17:00 1818624 -c--a-w- c:\windows\mixer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM tray]
2014-03-06 15:07 2086568 ----a-w- c:\program files\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM Tray Agent]
2014-02-13 13:37 254024 ----a-w- c:\program files\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GAINWARD]
2008-05-23 14:48 2170880 ----a-w- c:\program files\EXPERTool\TBPANEL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2014-10-26 22:18 107912 ----atw- c:\documents and settings\Owner.F-55412FB590154\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-04-17 11:41 196608 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-03-20 15:34 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RandomMouseClicker]
2012-06-22 17:16 59776 ----a-w- c:\program files\Random Mouse Clicker\RandomMouseClicker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-08-27 07:20 22041192 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=3 (0x3)
"PnkBstrA"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"BstHdUpdaterSvc"=2 (0x2)
"BstHdLogRotatorSvc"=2 (0x2)
"BstHdAndroidSvc"=2 (0x2)
"AODService"=2 (0x2)
"AdvancedSystemCareService5"=3 (0x3)
"HiPatchService"=2 (0x2)
"ACDaemon"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EPSON SX600FW Series (kopie 5)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "c:\windows\TEMP\E_S52.tmp" /EF "HKCU"
"EPSON Stylus SX600FW(Síť) (kopie 1)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "c:\windows\TEMP\E_S57C.tmp" /EF "HKCU"
"EPSON Stylus SX600FW(Síť)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "c:\docume~1\OWNER~1.F-5\LOCALS~1\Temp\E_S353.tmp" /EF "HKCU"
"EPSON SX600FW Series (kopie 1)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "c:\windows\TEMP\E_S179.tmp" /EF "HKCU"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Ultima Online\\client.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Owner.F-55412FB590154\\Plocha\\Torrent\\utorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Owner.F-55412FB590154\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58204:TCP"= 58204:TCP:Pando Media Booster
"58204:UDP"= 58204:UDP:Pando Media Booster
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"57217:TCP"= 57217:TCP:Pando Media Booster
"57217:UDP"= 57217:UDP:Pando Media Booster
"56874:TCP"= 56874:TCP:Pando Media Booster
"56874:UDP"= 56874:UDP:Pando Media Booster
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.8.2008 10:46 721904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [1.5.2012 9:03 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [27.11.2010 10:28 423784]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [20.2.2007 12:34 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [20.2.2007 12:34 71088]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [23.6.2014 11:35 113424]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [23.6.2014 11:35 385808]
R2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files\BlueStacks\HD-UpdaterService.exe [23.6.2014 11:37 774928]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [23.8.2010 11:07 20328]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users.WINDOWS\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [9.10.2013 10:58 3275136]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [15.9.2009 12:59 38248]
R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [21.4.2007 15:15 9344]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [31.8.2010 18:25 2136224]
S1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\DRIVERS\wfcxacap.sys --> c:\windows\system32\DRIVERS\wfcxacap.sys [?]
S2 aswFsBlk;aswFsBlk; [x]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe [23.6.2014 11:34 406288]
S2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys --> c:\windows\system32\drivers\wfcxatun.sys [?]
S2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys --> c:\windows\system32\drivers\wfcxvcap.sys [?]
S3 AMDMSRIO;AMDMSRIO; [x]
S3 AODDriver;AODDriver;\??\c:\program files\AMD\OverDrive\i386\AODDriver.sys --> c:\program files\AMD\OverDrive\i386\AODDriver.sys [?]
S3 ATICDSDr;ATICDSDr; [x]
S3 DBKDRVR54;DBKDRVR54;c:\program files\Cheat Engine\dbk32.sys [16.12.2012 2:48 36096]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [20.1.2011 17:39 64320]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [31.7.2014 23:06 13896]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [31.7.2014 23:06 9160]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [21.10.2010 17:59 36640]
S3 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [21.10.2010 17:59 217088]
S3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.8.2012 11:03 1385896]
S3 RTXNKKJVHKKV;RTXNKKJVHKKV; [x]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [21.10.2010 18:01 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [21.10.2010 18:01 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [21.10.2010 18:01 121576]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [12.4.2013 12:33 104720]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys --> c:\windows\system32\drivers\wfcxdtun.sys [?]
S4 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [22.10.2009 2:49 136544]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;h:\hry-instalovany\Hi-Rez Studio\HiPatchService.exe [17.8.2014 22:57 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2014-12-03 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-10-23 11:12]
.
2014-11-09 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-10-07 23:28]
.
2014-12-03 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-10-07 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://beemp3.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
FF - ProfilePath - c:\documents and settings\Owner.F-55412FB590154\Data aplikací\Mozilla\Firefox\Profiles\8y1vap2l.default-1373020015046\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-Advanced SystemCare 5 - c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
MSConfigStartUp-SpywareTerminatorUpdate - c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-12-03 13:36
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1343024091-651377827-682003330-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{01D88ABF-E583-DC9C-1694-BA26C6B026CB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nafjgcmfinhidbccojcmbpocmmnl"=hex:69,61,6c,6e,67,63,66,70,63,6a,70,64,63,69,
6d,63,67,67,00,00
"mapiaalgodokoghacaaehifanc"=hex:69,61,6c,6e,67,63,66,70,63,6a,70,64,63,69,6d,
63,67,67,00,00
.
[HKEY_USERS\S-1-5-21-1343024091-651377827-682003330-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:8a,a8,95,7b,45,8b,44,01,20,0b,b8,c9,a5,b4,b0,32,b7,d7,60,22,7b,af,3c,
55,aa,87,6e,15,dd,b9,4e,20,b7,7a,42,3f,e4,6b,a2,cf,97,f0,e1,15,44,5c,cb,2b,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-1343024091-651377827-682003330-1001\Software\SecuROM\License information*]
"datasecu"=hex:29,b1,4e,77,35,81,3d,ff,13,5c,93,c4,c4,15,f1,7b,b9,52,d3,70,d1,
ab,9f,1a,dd,cf,95,fe,cc,bd,93,40,d1,27,30,e5,7c,b4,7d,30,54,92,bd,dd,2c,2c,\
"rkeysecu"=hex:85,5d,af,5b,e3,55,d0,19,81,31,57,73,e4,f6,85,b7
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1196)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'lsass.exe'(1252)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(2840)
c:\windows\system32\msi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Nero\Nero MediaHome 4\NMMediaServerService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2014-12-03 13:45:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-12-03 12:45
ComboFix2.txt 2014-12-01 11:04
ComboFix3.txt 2014-11-27 18:45
ComboFix4.txt 2014-11-27 10:03
ComboFix5.txt 2014-12-03 12:10
.
Před spuštěním: Volných bajtů: 24 737 173 504
Po spuštění: Volných bajtů: 24 714 207 232
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 3BF3558CFD1615594A4CA4DD5EC93A2F
413FC2A0C716421B3158746D63736515

[jaro3]

WinFast TV si odinstaloval/smazal?

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

KillAll::
File::
C:\Documents and Settings\Owner.F-55412FB590154\Local Settings\Apps\2.0\PX0JAH1A.Z60\8D281MNB.19J\macr..tion_0a345d07a48f8f00_0005.0006_2c2c28435787bc80\extp.etl
C:\Documents and Settings\Owner.F-55412FB590154\Local Settings\Apps\2.0\PX0JAH1A.Z60\8D281MNB.19J\macr...exe_0a345d07a48f8f00_0005.0006_none_9afe817851bd965c\extp.etl

Driver::
wfcxacap
wfcxatun
WFCXVCAP
AODDriver
Wfcxdtun

RegLockDel::
[HKEY_USERS\S-1-5-21-1343024091-651377827-682003330-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{01D88ABF-E583-DC9C-1694-BA26C6B026CB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nafjgcmfinhidbccojcmbpocmmnl"=hex:69,61,6c,6e,67,63,66,70,63,6a,70,64,63,69,
 6d,63,67,67,00,00
"mapiaalgodokoghacaaehifanc"=hex:69,61,6c,6e,67,63,66,70,63,6a,70,64,63,69,6d,
 63,67,67,00,00



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Spusť znovu aswMBR , dej sken a poté klikni na „Fix“
Zavři program , restartuj PC , po restartu

Po restartu vypni obnovení systému na všech discích.
http://support.microsoft.com/kb/310405/cs
Podívej se sem:
C:\System Volume Information\Microsoft--- pokud tam je tato složka (Microsoft) , tak jí smaž.
Nakonec si znovu zapni obnovu systému.
znovu spusť aswMBR a dej sken , klikni na „Save log“
Obsah logu sem znovu vlož.

[Trhace]

Včera jsem mazal pár věcí Bluestack, Aurora, Assassin Creed, XNA Gaming Studio možná jsem při tom sfouknul i WinFast, ale nejsem si jistej.

[Orcus]

No, použij combofix a uvidíme.