Vypínání štítů avastu

[Trhace]

U aswMBR jsem neudělal Fix, protože je aktivní jen FixMBR a ten to asi není že? Případně jestli to je ono tak to pak provedu.

Combofix:
ComboFix 14-11-18.01 - Owner 11.12.2014 15:36:32.7.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.1793 [GMT 1:00]
Spuštěný z: c:\documents and settings\Owner.F-55412FB590154\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Owner.F-55412FB590154\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Kerio Personal Firewall *Disabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.
FILE ::
"c:\documents and settings\Owner.F-55412FB590154\Local Settings\Apps\2.0\PX0JAH1A.Z60\8D281MNB.19J\macr...exe_0a345d07a48f8f00_0005.0006_none_9afe817851bd965c\extp.etl"
"c:\documents and settings\Owner.F-55412FB590154\Local Settings\Apps\2.0\PX0JAH1A.Z60\8D281MNB.19J\macr..tion_0a345d07a48f8f00_0005.0006_2c2c28435787bc80\extp.etl"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AODDRIVER
-------\Legacy_WFCXATUN
-------\Legacy_WFCXVCAP
-------\Service_AODDriver
-------\Service_wfcxacap
-------\Service_wfcxatun
-------\Service_wfcxdtun
-------\Service_WFCXVCAP
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-11-11 do 2014-12-11 )))))))))))))))))))))))))))))))
.
.
2050-04-30 12:51 . 2050-04-30 12:51 -------- d-----w- C:\totalcmd
2050-04-30 12:45 . 2009-08-29 20:59 -------- d-----w- c:\program files\DAEMON Tools Lite
2050-04-30 12:38 . 2050-04-30 12:38 -------- d-----w- c:\program files\Sunbelt Software
2050-04-30 12:32 . 2050-04-30 12:32 -------- d-----w- c:\windows\Sun
2050-04-30 12:29 . 2014-12-02 17:06 -------- d-----w- c:\program files\Common Files\Java
2050-04-30 12:17 . 2011-10-25 15:36 -------- d-----w- c:\program files\The KMPlayer
2050-04-30 11:49 . 2012-11-18 22:39 -------- d-----w- C:\Warez
2050-04-30 11:24 . 2050-04-30 11:24 -------- d-----w- c:\program files\Lavalys
2050-04-30 11:11 . 2014-12-02 21:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2050-04-30 11:08 . 2014-07-02 15:47 -------- d-s---w- c:\windows\system32\Microsoft
2050-04-30 11:03 . 2014-11-24 12:23 -------- d-sh--w- c:\documents and settings\LocalService
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-02 17:05 . 2013-08-27 16:21 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-12-02 17:05 . 2008-08-17 20:22 146432 ----a-w- c:\windows\system32\javacpl.cpl
2014-11-23 17:28 . 2012-05-01 08:03 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-21 10:31 . 2010-11-27 09:28 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-11-09 17:46 . 2014-10-03 11:58 70384 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-10-23 11:13 . 2014-10-03 11:58 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-10-23 11:13 . 2010-11-27 09:28 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-10-23 11:13 . 2014-10-03 12:03 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-10-23 11:13 . 2014-10-03 11:58 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-10-23 11:13 . 2010-11-27 09:28 55240 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-10-23 11:12 . 2014-10-23 11:13 291352 ----a-w- c:\windows\system32\aswBoot.exe
2014-10-23 11:12 . 2014-10-23 11:12 43152 ----a-w- c:\windows\avastSS.scr
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-11-23 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
[-] 2008-07-22 . 3BA3D565D3C031DA39F55F7D6F41BF89 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-08-27 22041192]
"DAEMON Tools Lite"="c:\program files\daemon tools lite\daemon.exe" [2009-04-23 691656]
"PC Suite Tray"="c:\program files\nokia\nokia pc suite 7\pcsuite.exe" [2012-06-26 1516632]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-05-24 33747360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"Nero MediaHome 4"="c:\program files\nero\nero mediahome 4\neromediahome.exe" [2012-02-28 5178664]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2012-03-06 4241512]
"LogMeIn Hamachi Ui"="c:\program files\logmein hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
"GrooveMonitor"="c:\program files\microsoft office\office12\groovemonitor.exe" [2006-10-26 31016]
"nwiz"="c:\program files\nvidia corporation\nview\nwiz.exe" [2011-10-08 1632360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"BlueStacks Agent"="c:\program files\BlueStacks\HD-Agent.exe" [2014-06-23 832272]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\Guest\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^forteManager.lnk]
backup=c:\windows\pss\forteManager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^GamePark klient 2.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\GamePark klient 2.lnk
backup=c:\windows\pss\GamePark klient 2.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-23 19:43 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 09:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent]
2014-06-23 10:36 832272 ----a-w- c:\program files\BlueStacks\HD-Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2002-10-15 17:00 1818624 -c--a-w- c:\windows\mixer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM tray]
2014-03-06 15:07 2086568 ----a-w- c:\program files\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM Tray Agent]
2014-02-13 13:37 254024 ----a-w- c:\program files\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GAINWARD]
2008-05-23 14:48 2170880 ----a-w- c:\program files\EXPERTool\TBPANEL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2014-10-26 22:18 107912 ----atw- c:\documents and settings\Owner.F-55412FB590154\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-04-17 11:41 196608 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-03-20 15:34 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RandomMouseClicker]
2012-06-22 17:16 59776 ----a-w- c:\program files\Random Mouse Clicker\RandomMouseClicker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-08-27 07:20 22041192 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=3 (0x3)
"PnkBstrA"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"BstHdUpdaterSvc"=2 (0x2)
"BstHdLogRotatorSvc"=2 (0x2)
"BstHdAndroidSvc"=2 (0x2)
"AODService"=2 (0x2)
"AdvancedSystemCareService5"=3 (0x3)
"HiPatchService"=2 (0x2)
"ACDaemon"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EPSON SX600FW Series (kopie 5)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "c:\windows\TEMP\E_S52.tmp" /EF "HKCU"
"EPSON Stylus SX600FW(Síť) (kopie 1)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "c:\windows\TEMP\E_S57C.tmp" /EF "HKCU"
"EPSON Stylus SX600FW(Síť)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "c:\docume~1\OWNER~1.F-5\LOCALS~1\Temp\E_S353.tmp" /EF "HKCU"
"EPSON SX600FW Series (kopie 1)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "c:\windows\TEMP\E_S179.tmp" /EF "HKCU"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Ultima Online\\client.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Owner.F-55412FB590154\\Plocha\\Torrent\\utorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Owner.F-55412FB590154\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58204:TCP"= 58204:TCP:Pando Media Booster
"58204:UDP"= 58204:UDP:Pando Media Booster
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"57217:TCP"= 57217:TCP:Pando Media Booster
"57217:UDP"= 57217:UDP:Pando Media Booster
"56874:TCP"= 56874:TCP:Pando Media Booster
"56874:UDP"= 56874:UDP:Pando Media Booster
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.8.2008 10:46 721904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [1.5.2012 9:03 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [27.11.2010 10:28 423784]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [20.2.2007 12:34 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [20.2.2007 12:34 71088]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [23.6.2014 11:35 113424]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [23.6.2014 11:35 385808]
R2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files\BlueStacks\HD-UpdaterService.exe [23.6.2014 11:37 774928]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [23.8.2010 11:07 20328]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users.WINDOWS\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [9.10.2013 10:58 3275136]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [4.12.2014 15:39 741640]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [15.9.2009 12:59 38248]
R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [21.4.2007 15:15 9344]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [31.8.2010 18:25 2136224]
S2 aswFsBlk;aswFsBlk; [x]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe [23.6.2014 11:34 406288]
S3 AMDMSRIO;AMDMSRIO; [x]
S3 ATICDSDr;ATICDSDr; [x]
S3 DBKDRVR54;DBKDRVR54;c:\program files\Cheat Engine\dbk32.sys [16.12.2012 2:48 36096]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [4.12.2014 15:39 89856]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [31.7.2014 23:06 13896]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [31.7.2014 23:06 9160]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [21.10.2010 17:59 36640]
S3 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [21.10.2010 17:59 217088]
S3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.8.2012 11:03 1385896]
S3 RTXNKKJVHKKV;RTXNKKJVHKKV; [x]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [4.12.2014 15:39 184192]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [12.4.2013 12:33 104720]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S4 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [22.10.2009 2:49 136544]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;h:\hry-instalovany\Hi-Rez Studio\HiPatchService.exe [17.8.2014 22:57 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2014-12-11 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-10-23 11:12]
.
2014-12-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-10-07 23:28]
.
2014-12-11 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-10-07 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://beemp3.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\documents and settings\Owner.F-55412FB590154\Data aplikací\Mozilla\Firefox\Profiles\8y1vap2l.default-1373020015046\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-12-11 15:53
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1343024091-651377827-682003330-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{01D88ABF-E583-DC9C-1694-BA26C6B026CB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nafjgcmfinhidbccojcmbpocmmnl"=hex:69,61,6c,6e,67,63,66,70,63,6a,70,64,63,69,
6d,63,67,67,00,00
"mapiaalgodokoghacaaehifanc"=hex:69,61,6c,6e,67,63,66,70,63,6a,70,64,63,69,6d,
63,67,67,00,00
.
[HKEY_USERS\S-1-5-21-1343024091-651377827-682003330-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:8a,a8,95,7b,45,8b,44,01,20,0b,b8,c9,a5,b4,b0,32,b7,d7,60,22,7b,af,3c,
55,aa,87,6e,15,dd,b9,4e,20,b7,7a,42,3f,e4,6b,a2,cf,97,f0,e1,15,44,5c,cb,2b,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-1343024091-651377827-682003330-1001\Software\SecuROM\License information*]
"datasecu"=hex:29,b1,4e,77,35,81,3d,ff,13,5c,93,c4,c4,15,f1,7b,b9,52,d3,70,d1,
ab,9f,1a,dd,cf,95,fe,cc,bd,93,40,d1,27,30,e5,7c,b4,7d,30,54,92,bd,dd,2c,2c,\
"rkeysecu"=hex:85,5d,af,5b,e3,55,d0,19,81,31,57,73,e4,f6,85,b7
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(996)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'lsass.exe'(1052)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(3128)
c:\windows\system32\msi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Nero\Nero MediaHome 4\NMMediaServerService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2014-12-11 16:02:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-12-11 15:02
ComboFix2.txt 2014-12-03 12:45
ComboFix3.txt 2014-12-01 11:04
ComboFix4.txt 2014-11-27 18:45
ComboFix5.txt 2014-12-11 14:27
.
Před spuštěním: Volných bajtů: 21 097 259 008
Po spuštění: Volných bajtů: 21 087 862 784
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 834F16FA3D8C30334ED4776F2BDB77B8
413FC2A0C716421B3158746D63736515





aswMBR:
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2014-12-01 17:04:42
-----------------------------
17:04:42.231 OS Version: Windows 5.1.2600 Service Pack 3
17:04:42.231 Number of processors: 4 586 0x503
17:04:42.231 ComputerName: HLAVNI UserName: Owner
17:04:45.059 Initialize success
17:04:49.684 AVAST engine defs: 14102100
17:06:36.684 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
17:06:36.684 Disk 0 Vendor: ST3500320AS SD1A Size: 476940MB BusType: 3
17:06:36.700 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
17:06:36.700 Disk 1 Vendor: WDC_WD20EARS-00MVWB0 51.0AB51 Size: 1907729MB BusType: 3
17:06:36.700 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-1b
17:06:36.700 Disk 2 Vendor: WDC_WD2500JB-00GVC0 08.02D08 Size: 238475MB BusType: 3
17:06:36.809 Disk 2 MBR read successfully
17:06:36.809 Disk 2 MBR scan
17:06:37.606 Disk 2 Windows XP default MBR code
17:06:37.637 Disk 2 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238472 MB offset 63
17:06:37.653 Disk 2 Boot: NTFS code=1
17:06:37.856 Disk 2 scanning sectors +488392065
17:06:37.997 Disk 2 scanning C:\WINDOWS\system32\drivers
17:06:49.965 Service scanning
17:07:03.903 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
17:07:07.497 Modules scanning
17:07:07.512 \Driver\nvata MajorFunction[ IRP_MJ_CREATE ] @ 0x8b7f41f8 suspicious
17:07:07.512 \Driver\nvata MajorFunction[ IRP_MJ_CREATE_NAMED_PIPE ] @ 0x8b7f41f8 suspicious
17:07:07.512 \Driver\nvata MajorFunction[ IRP_MJ_CLOSE ] @ 0x8b7f41f8 suspicious
17:07:07.512 \Driver\nvata MajorFunction[ IRP_MJ_READ ] @ 0x8b7f41f8 suspicious
17:07:07.512 \Driver\nvata MajorFunction[ IRP_MJ_WRITE ] @ 0x8b7f41f8 suspicious
17:07:07.512 \Driver\nvata MajorFunction[ IRP_MJ_QUERY_INFORMATION ] @ 0x8b7f41f8 suspicious
17:07:07.528 \Driver\nvata MajorFunction[ IRP_MJ_SET_INFORMATION ] @ 0x8b7f41f8 suspicious
17:07:07.528 \Driver\nvata MajorFunction[ IRP_MJ_QUERY_EA ] @ 0x8b7f41f8 suspicious
17:07:07.528 \Driver\nvata MajorFunction[ IRP_MJ_SET_EA ] @ 0x8b7f41f8 suspicious
17:07:07.528 \Driver\nvata MajorFunction[ IRP_MJ_FLUSH_BUFFERS ] @ 0x8b7f41f8 suspicious
17:07:07.528 \Driver\nvata MajorFunction[ IRP_MJ_QUERY_VOLUME_INFORMATION ] @ 0x8b7f41f8 suspicious
17:07:07.528 \Driver\nvata MajorFunction[ IRP_MJ_SET_VOLUME_INFORMATION ] @ 0x8b7f41f8 suspicious
17:07:07.544 \Driver\nvata MajorFunction[ IRP_MJ_DIRECTORY_CONTROL ] @ 0x8b7f41f8 suspicious
17:07:07.544 \Driver\nvata MajorFunction[ IRP_MJ_FILE_SYSTEM_CONTROL ] @ 0x8b7f41f8 suspicious
17:07:07.544 \Driver\nvata MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b7f41f8 suspicious
17:07:07.544 \Driver\nvata MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b7f41f8 suspicious
17:07:07.544 \Driver\nvata MajorFunction[ IRP_MJ_SHUTDOWN ] @ 0x8b7f41f8 suspicious
17:07:07.559 \Driver\nvata MajorFunction[ IRP_MJ_LOCK_CONTROL ] @ 0x8b7f41f8 suspicious
17:07:07.559 \Driver\nvata MajorFunction[ IRP_MJ_CLEANUP ] @ 0x8b7f41f8 suspicious
17:07:07.559 \Driver\nvata MajorFunction[ IRP_MJ_CREATE_MAILSLOT ] @ 0x8b7f41f8 suspicious
17:07:07.559 \Driver\nvata MajorFunction[ IRP_MJ_QUERY_SECURITY ] @ 0x8b7f41f8 suspicious
17:07:07.559 \Driver\nvata MajorFunction[ IRP_MJ_SET_SECURITY ] @ 0x8b7f41f8 suspicious
17:07:07.575 \Driver\nvata MajorFunction[ IRP_MJ_POWER ] @ 0x8b7f41f8 suspicious
17:07:07.575 \Driver\nvata MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b7f41f8 suspicious
17:07:07.575 \Driver\nvata MajorFunction[ IRP_MJ_DEVICE_CHANGE ] @ 0x8b7f41f8 suspicious
17:07:07.575 \Driver\nvata MajorFunction[ IRP_MJ_QUERY_QUOTA ] @ 0x8b7f41f8 suspicious
17:07:07.575 \Driver\nvata MajorFunction[ IRP_MJ_SET_QUOTA ] @ 0x8b7f41f8 suspicious
17:07:07.590 \Driver\atapi DriverInit @ 0x8b86b298 suspicious
17:07:07.590 \Driver\dmio MajorFunction[ IRP_MJ_CREATE ] @ 0x8b7f51f8 suspicious
17:07:07.590 \Driver\dmio MajorFunction[ IRP_MJ_CLOSE ] @ 0x8b7f51f8 suspicious
17:07:07.590 \Driver\dmio MajorFunction[ IRP_MJ_READ ] @ 0x8b7f51f8 suspicious
17:07:07.590 \Driver\dmio MajorFunction[ IRP_MJ_WRITE ] @ 0x8b7f51f8 suspicious
17:07:07.606 \Driver\dmio MajorFunction[ IRP_MJ_FLUSH_BUFFERS ] @ 0x8b7f51f8 suspicious
17:07:07.606 \Driver\dmio MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b7f51f8 suspicious
17:07:07.606 \Driver\dmio MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b7f51f8 suspicious
17:07:07.606 \Driver\dmio MajorFunction[ IRP_MJ_SHUTDOWN ] @ 0x8b7f51f8 suspicious
17:07:07.606 \Driver\dmio MajorFunction[ IRP_MJ_POWER ] @ 0x8b7f51f8 suspicious
17:07:07.622 \Driver\dmio MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b7f51f8 suspicious
17:07:07.622 \Driver\usbohci MajorFunction[ IRP_MJ_CREATE ] @ 0x8b6411f8 suspicious
17:07:07.622 \Driver\usbohci MajorFunction[ IRP_MJ_CLOSE ] @ 0x8b6411f8 suspicious
17:07:07.622 \Driver\usbohci MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b6411f8 suspicious
17:07:07.622 \Driver\usbohci MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b6411f8 suspicious
17:07:07.637 \Driver\usbohci MajorFunction[ IRP_MJ_POWER ] @ 0x8b6411f8 suspicious
17:07:07.637 \Driver\usbohci MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b6411f8 suspicious
17:07:07.637 \Driver\Ftdisk MajorFunction[ IRP_MJ_CREATE ] @ 0x8b86c1f8 suspicious
17:07:07.637 \Driver\Ftdisk MajorFunction[ IRP_MJ_READ ] @ 0x8b86c1f8 suspicious
17:07:07.653 \Driver\Ftdisk MajorFunction[ IRP_MJ_WRITE ] @ 0x8b86c1f8 suspicious
17:07:07.653 \Driver\Ftdisk MajorFunction[ IRP_MJ_FLUSH_BUFFERS ] @ 0x8b86c1f8 suspicious
17:07:07.653 \Driver\Ftdisk MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b86c1f8 suspicious
17:07:07.653 \Driver\Ftdisk MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b86c1f8 suspicious
17:07:07.653 \Driver\Ftdisk MajorFunction[ IRP_MJ_SHUTDOWN ] @ 0x8b86c1f8 suspicious
17:07:07.669 \Driver\Ftdisk MajorFunction[ IRP_MJ_CLEANUP ] @ 0x8b86c1f8 suspicious
17:07:07.669 \Driver\Ftdisk MajorFunction[ IRP_MJ_POWER ] @ 0x8b86c1f8 suspicious
17:07:07.669 \Driver\Ftdisk MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b86c1f8 suspicious
17:07:07.669 \Driver\a4h8dvy0 MajorFunction[ IRP_MJ_CREATE ] @ 0x8b54b500 suspicious
17:07:07.669 \Driver\a4h8dvy0 MajorFunction[ IRP_MJ_CLOSE ] @ 0x8b54b500 suspicious
17:07:07.684 \Driver\a4h8dvy0 MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b54b500 suspicious
17:07:07.684 \Driver\a4h8dvy0 MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b54b500 suspicious
17:07:07.684 \Driver\a4h8dvy0 MajorFunction[ IRP_MJ_POWER ] @ 0x8b54b500 suspicious
17:07:07.684 \Driver\a4h8dvy0 MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b54b500 suspicious
17:07:07.684 \Driver\NetBT MajorFunction[ IRP_MJ_CREATE ] @ 0x8abc01f8 suspicious
17:07:07.700 \Driver\NetBT MajorFunction[ IRP_MJ_CLOSE ] @ 0x8abc01f8 suspicious
17:07:07.700 \Driver\NetBT MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8abc01f8 suspicious
17:07:07.700 \Driver\NetBT MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8abc01f8 suspicious
17:07:07.700 \Driver\NetBT MajorFunction[ IRP_MJ_CLEANUP ] @ 0x8abc01f8 suspicious
17:07:07.700 \Driver\Cdrom MajorFunction[ IRP_MJ_CREATE ] @ 0x8b4961f8 suspicious
17:07:07.715 \Driver\Cdrom MajorFunction[ IRP_MJ_CLOSE ] @ 0x8b4961f8 suspicious
17:07:07.715 \Driver\Cdrom MajorFunction[ IRP_MJ_READ ] @ 0x8b4961f8 suspicious
17:07:07.715 \Driver\Cdrom MajorFunction[ IRP_MJ_WRITE ] @ 0x8b4961f8 suspicious
17:07:07.715 \Driver\Cdrom MajorFunction[ IRP_MJ_FLUSH_BUFFERS ] @ 0x8b4961f8 suspicious
17:07:07.715 \Driver\Cdrom MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b4961f8 suspicious
17:07:07.731 \Driver\Cdrom MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b4961f8 suspicious
17:07:07.731 \Driver\Cdrom MajorFunction[ IRP_MJ_SHUTDOWN ] @ 0x8b4961f8 suspicious
17:07:07.731 \Driver\Cdrom MajorFunction[ IRP_MJ_POWER ] @ 0x8b4961f8 suspicious
17:07:07.731 \Driver\Cdrom MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b4961f8 suspicious
17:07:07.731 \Driver\usbehci MajorFunction[ IRP_MJ_CREATE ] @ 0x8b54c500 suspicious
17:07:07.747 \Driver\usbehci MajorFunction[ IRP_MJ_CLOSE ] @ 0x8b54c500 suspicious
17:07:07.747 \Driver\usbehci MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b54c500 suspicious
17:07:07.747 \Driver\usbehci MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b54c500 suspicious
17:07:07.747 \Driver\usbehci MajorFunction[ IRP_MJ_POWER ] @ 0x8b54c500 suspicious
17:07:07.762 \Driver\usbehci MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b54c500 suspicious
17:07:07.762 Disk 2 trace - called modules:
17:07:07.778 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spcp.sys >>UNKNOWN [0x8b815938]<<
17:07:07.794 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0x8b776ab8]
17:07:07.794 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\0000009b[0x8b7a89e8]
17:07:07.794 5 ACPI.sys[b7e66620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-1b[0x8b742940]
17:07:08.669 AVAST engine scan C:\WINDOWS
17:07:17.215 AVAST engine scan C:\WINDOWS\system32
17:10:56.809 AVAST engine scan C:\WINDOWS\system32\drivers
17:11:17.528 AVAST engine scan C:\Documents and Settings\Owner.F-55412FB590154
17:44:07.856 File: C:\Documents and Settings\Owner.F-55412FB590154\Local Settings\Apps\2.0\PX0JAH1A.Z60\8D281MNB.19J\macr...exe_0a345d07a48f8f00_0005.0006_none_9afe817851bd965c\extp.etl **INFECTED** Win32:Malware-gen
17:44:09.200 File: C:\Documents and Settings\Owner.F-55412FB590154\Local Settings\Apps\2.0\PX0JAH1A.Z60\8D281MNB.19J\macr..tion_0a345d07a48f8f00_0005.0006_2c2c28435787bc80\extp.etl **INFECTED** Win32:Malware-gen
18:15:44.372 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
18:41:06.044 Disk 2 statistics 4153050/0/0 @ 0,39 MB/s
18:41:06.059 Scan finished successfully
18:41:22.247 Disk 2 MBR has been saved successfully to "C:\Documents and Settings\Owner.F-55412FB590154\Plocha\MBR.dat"
18:41:22.262 The log file has been saved successfully to "C:\Documents and Settings\Owner.F-55412FB590154\Plocha\aswMBR.txt"
18:43:12.762 Disk 2 MBR has been saved successfully to "C:\Documents and Settings\Owner.F-55412FB590154\Plocha\MBR.dat"
18:43:12.794 The log file has been saved successfully to "C:\Documents and Settings\Owner.F-55412FB590154\Plocha\aswMBR.txt"


aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2014-12-11 16:02:53
-----------------------------
16:02:53.796 OS Version: Windows 5.1.2600 Service Pack 3
16:02:53.796 Number of processors: 4 586 0x503
16:02:53.796 ComputerName: HLAVNI UserName: Owner
16:02:54.718 Initialize success
16:02:58.750 AVAST engine defs: 14102100
16:03:03.265 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
16:03:03.265 Disk 0 Vendor: ST3500320AS SD1A Size: 476940MB BusType: 3
16:03:03.265 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
16:03:03.265 Disk 1 Vendor: WDC_WD20EARS-00MVWB0 51.0AB51 Size: 1907729MB BusType: 3
16:03:03.265 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-1b
16:03:03.265 Disk 2 Vendor: WDC_WD2500JB-00GVC0 08.02D08 Size: 238475MB BusType: 3
16:03:03.375 Disk 2 MBR read successfully
16:03:03.390 Disk 2 MBR scan
16:03:04.187 Disk 2 Windows XP default MBR code
16:03:04.203 Disk 2 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238472 MB offset 63
16:03:04.234 Disk 2 Boot: NTFS code=1
16:03:04.421 Disk 2 scanning sectors +488392065
16:03:04.578 Disk 2 scanning C:\WINDOWS\system32\drivers
16:03:15.531 Service scanning
16:03:27.984 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
16:03:31.656 Modules scanning
16:03:31.656 \Driver\nvata MajorFunction[ IRP_MJ_CREATE ] @ 0x8b7f41f8 suspicious
16:03:31.656 \Driver\nvata MajorFunction[ IRP_MJ_CREATE_NAMED_PIPE ] @ 0x8b7f41f8 suspicious
16:03:31.656 \Driver\nvata MajorFunction[ IRP_MJ_CLOSE ] @ 0x8b7f41f8 suspicious
16:03:31.656 \Driver\nvata MajorFunction[ IRP_MJ_READ ] @ 0x8b7f41f8 suspicious
16:03:31.656 \Driver\nvata MajorFunction[ IRP_MJ_WRITE ] @ 0x8b7f41f8 suspicious
16:03:31.656 \Driver\nvata MajorFunction[ IRP_MJ_QUERY_INFORMATION ] @ 0x8b7f41f8 suspicious
16:03:31.671 \Driver\nvata MajorFunction[ IRP_MJ_SET_INFORMATION ] @ 0x8b7f41f8 suspicious
16:03:31.671 \Driver\nvata MajorFunction[ IRP_MJ_QUERY_EA ] @ 0x8b7f41f8 suspicious
16:03:31.671 \Driver\nvata MajorFunction[ IRP_MJ_SET_EA ] @ 0x8b7f41f8 suspicious
16:03:31.671 \Driver\nvata MajorFunction[ IRP_MJ_FLUSH_BUFFERS ] @ 0x8b7f41f8 suspicious
16:03:31.671 \Driver\nvata MajorFunction[ IRP_MJ_QUERY_VOLUME_INFORMATION ] @ 0x8b7f41f8 suspicious
16:03:31.671 \Driver\nvata MajorFunction[ IRP_MJ_SET_VOLUME_INFORMATION ] @ 0x8b7f41f8 suspicious
16:03:31.687 \Driver\nvata MajorFunction[ IRP_MJ_DIRECTORY_CONTROL ] @ 0x8b7f41f8 suspicious
16:03:31.687 \Driver\nvata MajorFunction[ IRP_MJ_FILE_SYSTEM_CONTROL ] @ 0x8b7f41f8 suspicious
16:03:31.687 \Driver\nvata MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b7f41f8 suspicious
16:03:31.687 \Driver\nvata MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b7f41f8 suspicious
16:03:31.687 \Driver\nvata MajorFunction[ IRP_MJ_SHUTDOWN ] @ 0x8b7f41f8 suspicious
16:03:31.703 \Driver\nvata MajorFunction[ IRP_MJ_LOCK_CONTROL ] @ 0x8b7f41f8 suspicious
16:03:31.703 \Driver\nvata MajorFunction[ IRP_MJ_CLEANUP ] @ 0x8b7f41f8 suspicious
16:03:31.703 \Driver\nvata MajorFunction[ IRP_MJ_CREATE_MAILSLOT ] @ 0x8b7f41f8 suspicious
16:03:31.703 \Driver\nvata MajorFunction[ IRP_MJ_QUERY_SECURITY ] @ 0x8b7f41f8 suspicious
16:03:31.703 \Driver\nvata MajorFunction[ IRP_MJ_SET_SECURITY ] @ 0x8b7f41f8 suspicious
16:03:31.718 \Driver\nvata MajorFunction[ IRP_MJ_POWER ] @ 0x8b7f41f8 suspicious
16:03:31.718 \Driver\nvata MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b7f41f8 suspicious
16:03:31.718 \Driver\nvata MajorFunction[ IRP_MJ_DEVICE_CHANGE ] @ 0x8b7f41f8 suspicious
16:03:31.718 \Driver\nvata MajorFunction[ IRP_MJ_QUERY_QUOTA ] @ 0x8b7f41f8 suspicious
16:03:31.718 \Driver\nvata MajorFunction[ IRP_MJ_SET_QUOTA ] @ 0x8b7f41f8 suspicious
16:03:31.734 \Driver\axx39q0a MajorFunction[ IRP_MJ_CREATE ] @ 0x8b63f1f8 suspicious
16:03:31.734 \Driver\axx39q0a MajorFunction[ IRP_MJ_CLOSE ] @ 0x8b63f1f8 suspicious
16:03:31.734 \Driver\axx39q0a MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b63f1f8 suspicious
16:03:31.734 \Driver\axx39q0a MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b63f1f8 suspicious
16:03:31.734 \Driver\axx39q0a MajorFunction[ IRP_MJ_POWER ] @ 0x8b63f1f8 suspicious
16:03:31.750 \Driver\axx39q0a MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b63f1f8 suspicious
16:03:31.750 \Driver\atapi DriverInit @ 0x8b86b298 suspicious
16:03:31.750 \Driver\dmio MajorFunction[ IRP_MJ_CREATE ] @ 0x8b7f51f8 suspicious
16:03:31.750 \Driver\dmio MajorFunction[ IRP_MJ_CLOSE ] @ 0x8b7f51f8 suspicious
16:03:31.750 \Driver\dmio MajorFunction[ IRP_MJ_READ ] @ 0x8b7f51f8 suspicious
16:03:31.765 \Driver\dmio MajorFunction[ IRP_MJ_WRITE ] @ 0x8b7f51f8 suspicious
16:03:31.765 \Driver\dmio MajorFunction[ IRP_MJ_FLUSH_BUFFERS ] @ 0x8b7f51f8 suspicious
16:03:31.765 \Driver\dmio MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b7f51f8 suspicious
16:03:31.765 \Driver\dmio MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b7f51f8 suspicious
16:03:31.765 \Driver\dmio MajorFunction[ IRP_MJ_SHUTDOWN ] @ 0x8b7f51f8 suspicious
16:03:31.781 \Driver\dmio MajorFunction[ IRP_MJ_POWER ] @ 0x8b7f51f8 suspicious
16:03:31.781 \Driver\dmio MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b7f51f8 suspicious
16:03:31.781 \Driver\usbohci MajorFunction[ IRP_MJ_CREATE ] @ 0x8b561500 suspicious
16:03:31.781 \Driver\usbohci MajorFunction[ IRP_MJ_CLOSE ] @ 0x8b561500 suspicious
16:03:31.796 \Driver\usbohci MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b561500 suspicious
16:03:31.796 \Driver\usbohci MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b561500 suspicious
16:03:31.796 \Driver\usbohci MajorFunction[ IRP_MJ_POWER ] @ 0x8b561500 suspicious
16:03:31.796 \Driver\usbohci MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b561500 suspicious
16:03:31.796 \Driver\Ftdisk MajorFunction[ IRP_MJ_CREATE ] @ 0x8b86c1f8 suspicious
16:03:31.812 \Driver\Ftdisk MajorFunction[ IRP_MJ_READ ] @ 0x8b86c1f8 suspicious
16:03:31.812 \Driver\Ftdisk MajorFunction[ IRP_MJ_WRITE ] @ 0x8b86c1f8 suspicious
16:03:31.812 \Driver\Ftdisk MajorFunction[ IRP_MJ_FLUSH_BUFFERS ] @ 0x8b86c1f8 suspicious
16:03:31.812 \Driver\Ftdisk MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b86c1f8 suspicious
16:03:31.812 \Driver\Ftdisk MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b86c1f8 suspicious
16:03:31.828 \Driver\Ftdisk MajorFunction[ IRP_MJ_SHUTDOWN ] @ 0x8b86c1f8 suspicious
16:03:31.828 \Driver\Ftdisk MajorFunction[ IRP_MJ_CLEANUP ] @ 0x8b86c1f8 suspicious
16:03:31.828 \Driver\Ftdisk MajorFunction[ IRP_MJ_POWER ] @ 0x8b86c1f8 suspicious
16:03:31.828 \Driver\Ftdisk MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b86c1f8 suspicious
16:03:31.843 \Driver\NetBT MajorFunction[ IRP_MJ_CREATE ] @ 0x8abc31f8 suspicious
16:03:31.843 \Driver\NetBT MajorFunction[ IRP_MJ_CLOSE ] @ 0x8abc31f8 suspicious
16:03:31.843 \Driver\NetBT MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8abc31f8 suspicious
16:03:31.843 \Driver\NetBT MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8abc31f8 suspicious
16:03:31.843 \Driver\NetBT MajorFunction[ IRP_MJ_CLEANUP ] @ 0x8abc31f8 suspicious
16:03:31.859 \Driver\Cdrom MajorFunction[ IRP_MJ_CREATE ] @ 0x8b5661f8 suspicious
16:03:31.859 \Driver\Cdrom MajorFunction[ IRP_MJ_CLOSE ] @ 0x8b5661f8 suspicious
16:03:31.859 \Driver\Cdrom MajorFunction[ IRP_MJ_READ ] @ 0x8b5661f8 suspicious
16:03:31.859 \Driver\Cdrom MajorFunction[ IRP_MJ_WRITE ] @ 0x8b5661f8 suspicious
16:03:31.859 \Driver\Cdrom MajorFunction[ IRP_MJ_FLUSH_BUFFERS ] @ 0x8b5661f8 suspicious
16:03:31.875 \Driver\Cdrom MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b5661f8 suspicious
16:03:31.875 \Driver\Cdrom MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b5661f8 suspicious
16:03:31.875 \Driver\Cdrom MajorFunction[ IRP_MJ_SHUTDOWN ] @ 0x8b5661f8 suspicious
16:03:31.875 \Driver\Cdrom MajorFunction[ IRP_MJ_POWER ] @ 0x8b5661f8 suspicious
16:03:31.890 \Driver\Cdrom MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b5661f8 suspicious
16:03:31.890 \Driver\usbehci MajorFunction[ IRP_MJ_CREATE ] @ 0x8b562500 suspicious
16:03:31.890 \Driver\usbehci MajorFunction[ IRP_MJ_CLOSE ] @ 0x8b562500 suspicious
16:03:31.890 \Driver\usbehci MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b562500 suspicious
16:03:31.890 \Driver\usbehci MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b562500 suspicious
16:03:31.906 \Driver\usbehci MajorFunction[ IRP_MJ_POWER ] @ 0x8b562500 suspicious
16:03:31.906 \Driver\usbehci MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b562500 suspicious
16:03:31.906 Disk 2 trace - called modules:
16:03:31.921 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spsr.sys >>UNKNOWN [0x8b815938]<<
16:03:31.921 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0x8b742ab8]
16:03:31.921 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\0000009c[0x8b7a99e8]
16:03:31.937 5 ACPI.sys[b7e66620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-1b[0x8b775d98]
16:03:32.890 AVAST engine scan C:\WINDOWS
16:03:39.640 AVAST engine scan C:\WINDOWS\system32
16:07:19.046 AVAST engine scan C:\WINDOWS\system32\drivers
16:07:38.546 AVAST engine scan C:\Documents and Settings\Owner.F-55412FB590154
16:41:19.718 File: C:\Documents and Settings\Owner.F-55412FB590154\Local Settings\Apps\2.0\PX0JAH1A.Z60\8D281MNB.19J\macr...exe_0a345d07a48f8f00_0005.0006_none_9afe817851bd965c\extp.etl **INFECTED** Win32:Malware-gen
16:41:21.093 File: C:\Documents and Settings\Owner.F-55412FB590154\Local Settings\Apps\2.0\PX0JAH1A.Z60\8D281MNB.19J\macr..tion_0a345d07a48f8f00_0005.0006_2c2c28435787bc80\extp.etl **INFECTED** Win32:Malware-gen
17:08:55.187 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
17:37:46.171 Disk 2 statistics 4165546/0/0 @ 0,39 MB/s
17:37:46.187 Scan finished successfully
17:38:04.015 Disk 2 MBR has been saved successfully to "C:\Documents and Settings\Owner.F-55412FB590154\Plocha\MBR.dat"
17:38:04.015 The log file has been saved successfully to "C:\Documents and Settings\Owner.F-55412FB590154\Plocha\aswMBR.txt"

[Reklama]

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

KillAll::
Driver::
RTXNKKJVHKKV

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

RegLock::
[HKEY_USERS\S-1-5-21-1343024091-651377827-682003330-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{01D88ABF-E583-DC9C-1694-BA26C6B026CB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nafjgcmfinhidbccojcmbpocmmnl"=hex:69,61,6c,6e,67,63,66,70,63,6a,70,64,63,69,
 6d,63,67,67,00,00
"mapiaalgodokoghacaaehifanc"=hex:69,61,6c,6e,67,63,66,70,63,6a,70,64,63,69,6d,
 63,67,67,00,00
[HKEY_USERS\S-1-5-21-1343024091-651377827-682003330-1001\Software\SecuROM\License information*]
"datasecu"=hex:29,b1,4e,77,35,81,3d,ff,13,5c,93,c4,c4,15,f1,7b,b9,52,d3,70,d1,
 ab,9f,1a,dd,cf,95,fe,cc,bd,93,40,d1,27,30,e5,7c,b4,7d,30,54,92,bd,dd,2c,2c,\
"rkeysecu"=hex:85,5d,af,5b,e3,55,d0,19,81,31,57,73,e4,f6,85,b7

RegNull::
[HKEY_USERS\S-1-5-21-1343024091-651377827-682003330-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si z některého odkazu SystemLook
SystemLook (32-bit)
http://jpshortstuff.247fixes.com/SystemLook.exe

SystemLook (64-bit)
http://jpshortstuff.247fixes.com/SystemLook_x64.exe

a ulož si ho na plochu.

Poklepej na stažený SystemLook , zkopíruj do hlavního text. okna tento následující text:

Kód: Vybrat vše

:filefind
extp.etl.*



Klikni na Look ke startu skenu. Když program skončí objeví se v poznámkovém bloku zpráva skenu. Zkopíruj sem celý jeho obsah. Log se také nachází na ploše pod názvem SystemLook.txt.

[Trhace]

ComboFix:

ComboFix 14-11-18.01 - Owner 12.12.2014 8:31.8.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2002 [GMT 1:00]
Spuštěný z: c:\documents and settings\Owner.F-55412FB590154\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Owner.F-55412FB590154\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Kerio Personal Firewall *Disabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RTXNKKJVHKKV
-------\Service_RTXNKKJVHKKV
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-11-12 do 2014-12-12 )))))))))))))))))))))))))))))))
.
.
2050-04-30 12:51 . 2050-04-30 12:51 -------- d-----w- C:\totalcmd
2050-04-30 12:45 . 2009-08-29 20:59 -------- d-----w- c:\program files\DAEMON Tools Lite
2050-04-30 12:38 . 2050-04-30 12:38 -------- d-----w- c:\program files\Sunbelt Software
2050-04-30 12:32 . 2050-04-30 12:32 -------- d-----w- c:\windows\Sun
2050-04-30 12:29 . 2014-12-02 17:06 -------- d-----w- c:\program files\Common Files\Java
2050-04-30 12:17 . 2011-10-25 15:36 -------- d-----w- c:\program files\The KMPlayer
2050-04-30 11:49 . 2012-11-18 22:39 -------- d-----w- C:\Warez
2050-04-30 11:24 . 2050-04-30 11:24 -------- d-----w- c:\program files\Lavalys
2050-04-30 11:11 . 2014-12-02 21:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2050-04-30 11:08 . 2014-07-02 15:47 -------- d-s---w- c:\windows\system32\Microsoft
2050-04-30 11:03 . 2014-11-24 12:23 -------- d-sh--w- c:\documents and settings\LocalService
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-02 17:05 . 2013-08-27 16:21 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-12-02 17:05 . 2008-08-17 20:22 146432 ----a-w- c:\windows\system32\javacpl.cpl
2014-11-23 17:28 . 2012-05-01 08:03 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-21 10:31 . 2010-11-27 09:28 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-11-09 17:46 . 2014-10-03 11:58 70384 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-10-23 11:13 . 2014-10-03 11:58 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-10-23 11:13 . 2010-11-27 09:28 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-10-23 11:13 . 2014-10-03 12:03 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-10-23 11:13 . 2014-10-03 11:58 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-10-23 11:13 . 2010-11-27 09:28 55240 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-10-23 11:12 . 2014-10-23 11:13 291352 ----a-w- c:\windows\system32\aswBoot.exe
2014-10-23 11:12 . 2014-10-23 11:12 43152 ----a-w- c:\windows\avastSS.scr
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-11-23 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
[-] 2008-07-22 . 3BA3D565D3C031DA39F55F7D6F41BF89 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-08-27 22041192]
"DAEMON Tools Lite"="c:\program files\daemon tools lite\daemon.exe" [2009-04-23 691656]
"PC Suite Tray"="c:\program files\nokia\nokia pc suite 7\pcsuite.exe" [2012-06-26 1516632]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-05-24 33747360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"Nero MediaHome 4"="c:\program files\nero\nero mediahome 4\neromediahome.exe" [2012-02-28 5178664]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2012-03-06 4241512]
"LogMeIn Hamachi Ui"="c:\program files\logmein hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
"GrooveMonitor"="c:\program files\microsoft office\office12\groovemonitor.exe" [2006-10-26 31016]
"nwiz"="c:\program files\nvidia corporation\nview\nwiz.exe" [2011-10-08 1632360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"BlueStacks Agent"="c:\program files\BlueStacks\HD-Agent.exe" [2014-06-23 832272]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\Guest\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^forteManager.lnk]
backup=c:\windows\pss\forteManager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^GamePark klient 2.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\GamePark klient 2.lnk
backup=c:\windows\pss\GamePark klient 2.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-23 19:43 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 09:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent]
2014-06-23 10:36 832272 ----a-w- c:\program files\BlueStacks\HD-Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2002-10-15 17:00 1818624 -c--a-w- c:\windows\mixer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM tray]
2014-03-06 15:07 2086568 ----a-w- c:\program files\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM Tray Agent]
2014-02-13 13:37 254024 ----a-w- c:\program files\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GAINWARD]
2008-05-23 14:48 2170880 ----a-w- c:\program files\EXPERTool\TBPANEL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-04-17 11:41 196608 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-03-20 15:34 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RandomMouseClicker]
2012-06-22 17:16 59776 ----a-w- c:\program files\Random Mouse Clicker\RandomMouseClicker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-08-27 07:20 22041192 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=3 (0x3)
"PnkBstrA"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"BstHdUpdaterSvc"=2 (0x2)
"BstHdLogRotatorSvc"=2 (0x2)
"BstHdAndroidSvc"=2 (0x2)
"AODService"=2 (0x2)
"AdvancedSystemCareService5"=3 (0x3)
"HiPatchService"=2 (0x2)
"ACDaemon"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EPSON SX600FW Series (kopie 5)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "c:\windows\TEMP\E_S52.tmp" /EF "HKCU"
"EPSON Stylus SX600FW(Síť) (kopie 1)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "c:\windows\TEMP\E_S57C.tmp" /EF "HKCU"
"EPSON Stylus SX600FW(Síť)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "c:\docume~1\OWNER~1.F-5\LOCALS~1\Temp\E_S353.tmp" /EF "HKCU"
"EPSON SX600FW Series (kopie 1)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "c:\windows\TEMP\E_S179.tmp" /EF "HKCU"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Ultima Online\\client.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Owner.F-55412FB590154\\Plocha\\Torrent\\utorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Owner.F-55412FB590154\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58204:TCP"= 58204:TCP:Pando Media Booster
"58204:UDP"= 58204:UDP:Pando Media Booster
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"57217:TCP"= 57217:TCP:Pando Media Booster
"57217:UDP"= 57217:UDP:Pando Media Booster
"56874:TCP"= 56874:TCP:Pando Media Booster
"56874:UDP"= 56874:UDP:Pando Media Booster
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.8.2008 10:46 721904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [1.5.2012 9:03 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [27.11.2010 10:28 423784]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [20.2.2007 12:34 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [20.2.2007 12:34 71088]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [23.6.2014 11:35 113424]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [23.6.2014 11:35 385808]
R2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files\BlueStacks\HD-UpdaterService.exe [23.6.2014 11:37 774928]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [23.8.2010 11:07 20328]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users.WINDOWS\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [9.10.2013 10:58 3275136]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [4.12.2014 15:39 741640]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [15.9.2009 12:59 38248]
R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [21.4.2007 15:15 9344]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [31.8.2010 18:25 2136224]
S2 aswFsBlk;aswFsBlk; [x]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe [23.6.2014 11:34 406288]
S3 AMDMSRIO;AMDMSRIO; [x]
S3 ATICDSDr;ATICDSDr; [x]
S3 DBKDRVR54;DBKDRVR54;c:\program files\Cheat Engine\dbk32.sys [16.12.2012 2:48 36096]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [4.12.2014 15:39 89856]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [31.7.2014 23:06 13896]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [31.7.2014 23:06 9160]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [21.10.2010 17:59 36640]
S3 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [21.10.2010 17:59 217088]
S3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.8.2012 11:03 1385896]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [4.12.2014 15:39 184192]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [12.4.2013 12:33 104720]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S4 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [22.10.2009 2:49 136544]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;h:\hry-instalovany\Hi-Rez Studio\HiPatchService.exe [17.8.2014 22:57 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2014-12-12 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-10-23 11:12]
.
2014-12-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-10-07 23:28]
.
2014-12-12 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-10-07 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://beemp3.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\documents and settings\Owner.F-55412FB590154\Data aplikací\Mozilla\Firefox\Profiles\8y1vap2l.default-1373020015046\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-12-12 08:49
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1343024091-651377827-682003330-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{01D88ABF-E583-DC9C-1694-BA26C6B026CB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nafjgcmfinhidbccojcmbpocmmnl"=hex:69,61,6c,6e,67,63,66,70,63,6a,70,64,63,69,
6d,63,67,67,00,00
"mapiaalgodokoghacaaehifanc"=hex:69,61,6c,6e,67,63,66,70,63,6a,70,64,63,69,6d,
63,67,67,00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(996)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'lsass.exe'(1052)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(1988)
c:\windows\system32\msi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Nero\Nero MediaHome 4\NMMediaServerService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2014-12-12 08:57:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-12-12 07:57
ComboFix2.txt 2014-12-11 15:02
ComboFix3.txt 2014-12-03 12:45
ComboFix4.txt 2014-12-01 11:04
ComboFix5.txt 2014-12-12 07:21
.
Před spuštěním: Volných bajtů: 20 838 436 864
Po spuštění: Volných bajtů: 20 809 084 928
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 3EB5F7C78A2003EDC306F3BBE2FF3E5D
413FC2A0C716421B3158746D63736515





HJT:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:32:34, on 12.12.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
CHROME: 39.0.2171.65
FIREFOX: 34.0.5 (x86 cs)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BlueStacks\HD-LogRotatorService.exe
C:\Program Files\BlueStacks\HD-UpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\program files\nero\nero mediahome 4\neromediahome.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\program files\microsoft office\office12\groovemonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\BlueStacks\HD-Agent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\program files\daemon tools lite\daemon.exe
C:\program files\nokia\nokia pc suite 7\pcsuite.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Owner.F-55412FB590154\Plocha\SystemLook.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner.F-55412FB590154\Plocha\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://beemp3.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Nero MediaHome 4] "c:\program files\nero\nero mediahome 4\neromediahome.exe" /autorun
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [GrooveMonitor] c:\program files\microsoft office\office12\groovemonitor.exe
O4 - HKLM\..\Run: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files\BlueStacks\HD-Agent.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\program files\daemon tools lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\program files\nokia\nokia pc suite 7\pcsuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-UpdaterService.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users.WINDOWS\Data aplikací\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users.WINDOWS\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe

--
End of file - 9665 bytes

[Trhace]

System Look:

SystemLook 30.07.11 by jpshortstuff
Log created at 12:33 on 12/12/2014 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "extp.etl.*"
C:\Documents and Settings\Owner.F-55412FB590154\Local Settings\Apps\2.0\0055DJZ7.1R3\LHC6JQ7C.0CG\macr...exe_0a345d07a48f8f00_0005.0006_none_9afe817851bd965c\extp.etl --a---- 280064 bytes [19:36 27/11/2012] [19:36 27/11/2012] E9166CEF0E3305AB12F15D5A783D09F3
C:\Documents and Settings\Owner.F-55412FB590154\Local Settings\Apps\2.0\0055DJZ7.1R3\LHC6JQ7C.0CG\macr..tion_0a345d07a48f8f00_0005.0006_2c2c28435787bc80\extp.etl --a---- 280064 bytes [19:36 27/11/2012] [19:36 27/11/2012] E9166CEF0E3305AB12F15D5A783D09F3
C:\Documents and Settings\Owner.F-55412FB590154\Local Settings\Apps\2.0\56034V7G.X4X\7P3AMC3Z.M1P\macr...exe_0a345d07a48f8f00_0005.0006_none_9afe817851bd965c\extp.etl --a---- 280064 bytes [21:49 03/12/2012] [21:49 03/12/2012] E9166CEF0E3305AB12F15D5A783D09F3
C:\Documents and Settings\Owner.F-55412FB590154\Local Settings\Apps\2.0\56034V7G.X4X\7P3AMC3Z.M1P\macr..tion_0a345d07a48f8f00_0005.0006_2c2c28435787bc80\extp.etl --a---- 280064 bytes [21:49 03/12/2012] [21:49 03/12/2012] E9166CEF0E3305AB12F15D5A783D09F3
C:\Documents and Settings\Owner.F-55412FB590154\Local Settings\Apps\2.0\BQR2V0GW.9MC\OKR54A11.J0X\macr...exe_0a345d07a48f8f00_0005.0006_none_9afe817851bd965c\extp.etl --a---- 280064 bytes [12:34 24/11/2014] [12:34 24/11/2014] E9166CEF0E3305AB12F15D5A783D09F3
C:\Documents and Settings\Owner.F-55412FB590154\Local Settings\Apps\2.0\BQR2V0GW.9MC\OKR54A11.J0X\macr..tion_0a345d07a48f8f00_0005.0006_2c2c28435787bc80\extp.etl --a---- 280064 bytes [12:34 24/11/2014] [12:34 24/11/2014] E9166CEF0E3305AB12F15D5A783D09F3
C:\Documents and Settings\Owner.F-55412FB590154\Local Settings\Apps\2.0\GAC9NZT3.354\4MBCP680.X1J\macr...exe_0a345d07a48f8f00_0005.0006_none_9afe817851bd965c\extp.etl --a---- 280064 bytes [11:42 01/12/2012] [11:42 01/12/2012] E9166CEF0E3305AB12F15D5A783D09F3
C:\Documents and Settings\Owner.F-55412FB590154\Local Settings\Apps\2.0\GAC9NZT3.354\4MBCP680.X1J\macr..tion_0a345d07a48f8f00_0005.0006_2c2c28435787bc80\extp.etl --a---- 280064 bytes [11:42 01/12/2012] [11:42 01/12/2012] E9166CEF0E3305AB12F15D5A783D09F3
C:\Documents and Settings\Owner.F-55412FB590154\Local Settings\Apps\2.0\PX0JAH1A.Z60\8D281MNB.19J\macr...exe_0a345d07a48f8f00_0005.0006_none_9afe817251bd9677\extp.etl --a---- 279040 bytes [20:39 11/02/2013] [20:39 11/02/2013] EBAC7536ED6721DAAD7C02998E3B371D
C:\Documents and Settings\Owner.F-55412FB590154\Local Settings\Apps\2.0\PX0JAH1A.Z60\8D281MNB.19J\macr...exe_0a345d07a48f8f00_0005.0006_none_9afe817851bd965c\extp.etl --a---- 280064 bytes [12:40 29/05/2012] [12:40 29/05/2012] E95EA98F4C8843FCD073C1FBE294BCBF
C:\Documents and Settings\Owner.F-55412FB590154\Local Settings\Apps\2.0\PX0JAH1A.Z60\8D281MNB.19J\macr..tion_0a345d07a48f8f00_0005.0006_2931c9de64ee65c0\extp.etl --a---- 279040 bytes [20:39 11/02/2013] [20:39 11/02/2013] EBAC7536ED6721DAAD7C02998E3B371D
C:\Documents and Settings\Owner.F-55412FB590154\Local Settings\Apps\2.0\PX0JAH1A.Z60\8D281MNB.19J\macr..tion_0a345d07a48f8f00_0005.0006_2c2c28435787bc80\extp.etl --a---- 280064 bytes [12:40 29/05/2012] [12:40 29/05/2012] E95EA98F4C8843FCD073C1FBE294BCBF

-= EOF =-

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)


Spusť znovu aswMBR , dej sken a poté klikni na „Fix“
Zavři program , restartuj PC , po restartu

Po restartu vypni obnovení systému na všech discích.
http://support.microsoft.com/kb/310405/cs
Podívej se sem:
C:\System Volume Information\Microsoft--- pokud tam je tato složka (Microsoft) , tak jí smaž.
Nakonec si znovu zapni obnovu systému.
znovu spusť aswMBR a dej sken , klikni na „Save log“
Obsah logu sem znovu vlož.

[Trhace]

Po dlouhé době mi už zase jdou i weby aukro.cz a zive.cz takže i za to díky PC prodeju dalším krokem snad zítra.

[jaro3]

Ok..


Pak:
Stáhni si zde DelFix

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Pokud nebudou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

[Trhace]

V HJT fixnuto. První aswMBR asi nic nenašel (neaktivní "Fix" button). Ve složce "C:\System Volume Information" jsou jen dvě "_restore{xxxxxx}" složky z roku 2008.

aswMBR:
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2014-12-15 15:38:23
-----------------------------
15:38:23.640 OS Version: Windows 5.1.2600 Service Pack 3
15:38:23.640 Number of processors: 4 586 0x503
15:38:23.640 ComputerName: HLAVNI UserName: Owner
15:38:24.828 Initialize success
15:38:31.281 AVAST engine defs: 14102100
15:38:40.312 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
15:38:40.312 Disk 0 Vendor: ST3500320AS SD1A Size: 476940MB BusType: 3
15:38:40.312 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
15:38:40.328 Disk 1 Vendor: WDC_WD20EARS-00MVWB0 51.0AB51 Size: 1907729MB BusType: 3
15:38:40.328 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-1b
15:38:40.328 Disk 2 Vendor: WDC_WD2500JB-00GVC0 08.02D08 Size: 238475MB BusType: 3
15:38:40.437 Disk 2 MBR read successfully
15:38:40.437 Disk 2 MBR scan
15:38:41.343 Disk 2 Windows XP default MBR code
15:38:41.375 Disk 2 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238472 MB offset 63
15:38:41.421 Disk 2 Boot: NTFS code=1
15:38:41.625 Disk 2 scanning sectors +488392065
15:38:41.781 Disk 2 scanning C:\WINDOWS\system32\drivers
15:39:02.671 Service scanning
15:39:16.500 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
15:39:20.250 Modules scanning
15:39:20.250 \Driver\nvata MajorFunction[ IRP_MJ_CREATE ] @ 0x8b86d1f8 suspicious
15:39:20.250 \Driver\nvata MajorFunction[ IRP_MJ_CREATE_NAMED_PIPE ] @ 0x8b86d1f8 suspicious
15:39:20.250 \Driver\nvata MajorFunction[ IRP_MJ_CLOSE ] @ 0x8b86d1f8 suspicious
15:39:20.250 \Driver\nvata MajorFunction[ IRP_MJ_READ ] @ 0x8b86d1f8 suspicious
15:39:20.250 \Driver\nvata MajorFunction[ IRP_MJ_WRITE ] @ 0x8b86d1f8 suspicious
15:39:20.250 \Driver\nvata MajorFunction[ IRP_MJ_QUERY_INFORMATION ] @ 0x8b86d1f8 suspicious
15:39:20.250 \Driver\nvata MajorFunction[ IRP_MJ_SET_INFORMATION ] @ 0x8b86d1f8 suspicious
15:39:20.250 \Driver\nvata MajorFunction[ IRP_MJ_QUERY_EA ] @ 0x8b86d1f8 suspicious
15:39:20.250 \Driver\nvata MajorFunction[ IRP_MJ_SET_EA ] @ 0x8b86d1f8 suspicious
15:39:20.250 \Driver\nvata MajorFunction[ IRP_MJ_FLUSH_BUFFERS ] @ 0x8b86d1f8 suspicious
15:39:20.250 \Driver\nvata MajorFunction[ IRP_MJ_QUERY_VOLUME_INFORMATION ] @ 0x8b86d1f8 suspicious
15:39:20.250 \Driver\nvata MajorFunction[ IRP_MJ_SET_VOLUME_INFORMATION ] @ 0x8b86d1f8 suspicious
15:39:20.250 \Driver\nvata MajorFunction[ IRP_MJ_DIRECTORY_CONTROL ] @ 0x8b86d1f8 suspicious
15:39:20.250 \Driver\nvata MajorFunction[ IRP_MJ_FILE_SYSTEM_CONTROL ] @ 0x8b86d1f8 suspicious
15:39:20.250 \Driver\nvata MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b86d1f8 suspicious
15:39:20.250 \Driver\nvata MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b86d1f8 suspicious
15:39:20.265 \Driver\nvata MajorFunction[ IRP_MJ_SHUTDOWN ] @ 0x8b86d1f8 suspicious
15:39:20.265 \Driver\nvata MajorFunction[ IRP_MJ_LOCK_CONTROL ] @ 0x8b86d1f8 suspicious
15:39:20.265 \Driver\nvata MajorFunction[ IRP_MJ_CLEANUP ] @ 0x8b86d1f8 suspicious
15:39:20.265 \Driver\nvata MajorFunction[ IRP_MJ_CREATE_MAILSLOT ] @ 0x8b86d1f8 suspicious
15:39:20.265 \Driver\nvata MajorFunction[ IRP_MJ_QUERY_SECURITY ] @ 0x8b86d1f8 suspicious
15:39:20.265 \Driver\nvata MajorFunction[ IRP_MJ_SET_SECURITY ] @ 0x8b86d1f8 suspicious
15:39:20.265 \Driver\nvata MajorFunction[ IRP_MJ_POWER ] @ 0x8b86d1f8 suspicious
15:39:20.265 \Driver\nvata MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b86d1f8 suspicious
15:39:20.265 \Driver\nvata MajorFunction[ IRP_MJ_DEVICE_CHANGE ] @ 0x8b86d1f8 suspicious
15:39:20.265 \Driver\nvata MajorFunction[ IRP_MJ_QUERY_QUOTA ] @ 0x8b86d1f8 suspicious
15:39:20.265 \Driver\nvata MajorFunction[ IRP_MJ_SET_QUOTA ] @ 0x8b86d1f8 suspicious
15:39:20.265 \Driver\atapi DriverInit @ 0x8b7f3298 suspicious
15:39:20.265 \Driver\dmio MajorFunction[ IRP_MJ_CREATE ] @ 0x8b86e1f8 suspicious
15:39:20.265 \Driver\dmio MajorFunction[ IRP_MJ_CLOSE ] @ 0x8b86e1f8 suspicious
15:39:20.265 \Driver\dmio MajorFunction[ IRP_MJ_READ ] @ 0x8b86e1f8 suspicious
15:39:20.265 \Driver\dmio MajorFunction[ IRP_MJ_WRITE ] @ 0x8b86e1f8 suspicious
15:39:20.265 \Driver\dmio MajorFunction[ IRP_MJ_FLUSH_BUFFERS ] @ 0x8b86e1f8 suspicious
15:39:20.265 \Driver\dmio MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b86e1f8 suspicious
15:39:20.265 \Driver\dmio MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b86e1f8 suspicious
15:39:20.265 \Driver\dmio MajorFunction[ IRP_MJ_SHUTDOWN ] @ 0x8b86e1f8 suspicious
15:39:20.265 \Driver\dmio MajorFunction[ IRP_MJ_POWER ] @ 0x8b86e1f8 suspicious
15:39:20.265 \Driver\dmio MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b86e1f8 suspicious
15:39:20.265 \Driver\usbohci MajorFunction[ IRP_MJ_CREATE ] @ 0x8b6241f8 suspicious
15:39:20.265 \Driver\usbohci MajorFunction[ IRP_MJ_CLOSE ] @ 0x8b6241f8 suspicious
15:39:20.265 \Driver\usbohci MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b6241f8 suspicious
15:39:20.265 \Driver\usbohci MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b6241f8 suspicious
15:39:20.265 \Driver\usbohci MajorFunction[ IRP_MJ_POWER ] @ 0x8b6241f8 suspicious
15:39:20.265 \Driver\usbohci MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b6241f8 suspicious
15:39:20.265 \Driver\Ftdisk MajorFunction[ IRP_MJ_CREATE ] @ 0x8b7f41f8 suspicious
15:39:20.265 \Driver\Ftdisk MajorFunction[ IRP_MJ_READ ] @ 0x8b7f41f8 suspicious
15:39:20.265 \Driver\Ftdisk MajorFunction[ IRP_MJ_WRITE ] @ 0x8b7f41f8 suspicious
15:39:20.265 \Driver\Ftdisk MajorFunction[ IRP_MJ_FLUSH_BUFFERS ] @ 0x8b7f41f8 suspicious
15:39:20.265 \Driver\Ftdisk MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b7f41f8 suspicious
15:39:20.265 \Driver\Ftdisk MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b7f41f8 suspicious
15:39:20.265 \Driver\Ftdisk MajorFunction[ IRP_MJ_SHUTDOWN ] @ 0x8b7f41f8 suspicious
15:39:20.265 \Driver\Ftdisk MajorFunction[ IRP_MJ_CLEANUP ] @ 0x8b7f41f8 suspicious
15:39:20.265 \Driver\Ftdisk MajorFunction[ IRP_MJ_POWER ] @ 0x8b7f41f8 suspicious
15:39:20.265 \Driver\Ftdisk MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b7f41f8 suspicious
15:39:20.265 \Driver\NetBT MajorFunction[ IRP_MJ_CREATE ] @ 0x8abc71f8 suspicious
15:39:20.265 \Driver\NetBT MajorFunction[ IRP_MJ_CLOSE ] @ 0x8abc71f8 suspicious
15:39:20.265 \Driver\NetBT MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8abc71f8 suspicious
15:39:20.265 \Driver\NetBT MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8abc71f8 suspicious
15:39:20.265 \Driver\NetBT MajorFunction[ IRP_MJ_CLEANUP ] @ 0x8abc71f8 suspicious
15:39:20.265 \Driver\Cdrom MajorFunction[ IRP_MJ_CREATE ] @ 0x8b5921f8 suspicious
15:39:20.265 \Driver\Cdrom MajorFunction[ IRP_MJ_CLOSE ] @ 0x8b5921f8 suspicious
15:39:20.265 \Driver\Cdrom MajorFunction[ IRP_MJ_READ ] @ 0x8b5921f8 suspicious
15:39:20.265 \Driver\Cdrom MajorFunction[ IRP_MJ_WRITE ] @ 0x8b5921f8 suspicious
15:39:20.265 \Driver\Cdrom MajorFunction[ IRP_MJ_FLUSH_BUFFERS ] @ 0x8b5921f8 suspicious
15:39:20.265 \Driver\Cdrom MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b5921f8 suspicious
15:39:20.265 \Driver\Cdrom MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b5921f8 suspicious
15:39:20.265 \Driver\Cdrom MajorFunction[ IRP_MJ_SHUTDOWN ] @ 0x8b5921f8 suspicious
15:39:20.265 \Driver\Cdrom MajorFunction[ IRP_MJ_POWER ] @ 0x8b5921f8 suspicious
15:39:20.265 \Driver\Cdrom MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b5921f8 suspicious
15:39:20.265 \Driver\usbehci MajorFunction[ IRP_MJ_CREATE ] @ 0x8b5e61f8 suspicious
15:39:20.265 \Driver\usbehci MajorFunction[ IRP_MJ_CLOSE ] @ 0x8b5e61f8 suspicious
15:39:20.265 \Driver\usbehci MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b5e61f8 suspicious
15:39:20.265 \Driver\usbehci MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b5e61f8 suspicious
15:39:20.265 \Driver\usbehci MajorFunction[ IRP_MJ_POWER ] @ 0x8b5e61f8 suspicious
15:39:20.265 \Driver\usbehci MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b5e61f8 suspicious
15:39:20.265 \Driver\ax38vbp2 MajorFunction[ IRP_MJ_CREATE ] @ 0x8b5f61f8 suspicious
15:39:20.265 \Driver\ax38vbp2 MajorFunction[ IRP_MJ_CLOSE ] @ 0x8b5f61f8 suspicious
15:39:20.265 \Driver\ax38vbp2 MajorFunction[ IRP_MJ_DEVICE_CONTROL ] @ 0x8b5f61f8 suspicious
15:39:20.265 \Driver\ax38vbp2 MajorFunction[ IRP_MJ_INTERNAL_DEVICE_CONTROL ] @ 0x8b5f61f8 suspicious
15:39:20.265 \Driver\ax38vbp2 MajorFunction[ IRP_MJ_POWER ] @ 0x8b5f61f8 suspicious
15:39:20.265 \Driver\ax38vbp2 MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] @ 0x8b5f61f8 suspicious
15:39:20.265 Disk 2 trace - called modules:
15:39:20.281 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spdm.sys >>UNKNOWN [0x8b815938]<<
15:39:20.281 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0x8b741ab8]
15:39:20.281 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000097[0x8b85f9e8]
15:39:20.281 5 ACPI.sys[b7e66620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-1b[0x8b773940]
15:39:21.250 AVAST engine scan C:\WINDOWS
15:39:29.859 AVAST engine scan C:\WINDOWS\system32
15:43:02.468 AVAST engine scan C:\WINDOWS\system32\drivers
15:43:21.250 AVAST engine scan C:\Documents and Settings\Owner.F-55412FB590154
16:16:51.859 File: C:\Documents and Settings\Owner.F-55412FB590154\Local Settings\Apps\2.0\PX0JAH1A.Z60\8D281MNB.19J\macr...exe_0a345d07a48f8f00_0005.0006_none_9afe817851bd965c\extp.etl **INFECTED** Win32:Malware-gen
16:16:53.203 File: C:\Documents and Settings\Owner.F-55412FB590154\Local Settings\Apps\2.0\PX0JAH1A.Z60\8D281MNB.19J\macr..tion_0a345d07a48f8f00_0005.0006_2c2c28435787bc80\extp.etl **INFECTED** Win32:Malware-gen
16:43:17.109 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
17:10:48.562 Disk 2 statistics 4168635/0/0 @ 0,40 MB/s
17:10:48.578 Scan finished successfully
17:22:27.406 Disk 2 MBR has been saved successfully to "C:\Documents and Settings\Owner.F-55412FB590154\Plocha\MBR.dat"
17:22:27.406 The log file has been saved successfully to "C:\Documents and Settings\Owner.F-55412FB590154\Plocha\aswMBR3.txt"

[jaro3]

Stáhni si program OTM (by OldTimer)
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg

:Files
C:\Documents and Settings\Owner.F-55412FB590154\Local Settings\Apps\2.0\PX0JAH1A.Z60\8D281MNB.19J\macr...exe_0a345d07a48f8f00_0005.0006_none_9afe817851bd965c\extp.etl
C:\Documents and Settings\Owner.F-55412FB590154\Local Settings\Apps\2.0\PX0JAH1A.Z60\8D281MNB.19J\macr..tion_0a345d07a48f8f00_0005.0006_2c2c28435787bc80\extp.etl

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.
C:\_OTMoveIt\MovedFiles\********_******.log

[Trhace]

OTM:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\Owner.F-55412FB590154\Local Settings\Apps\2.0\PX0JAH1A.Z60\8D281MNB.19J\macr...exe_0a345d07a48f8f00_0005.0006_none_9afe817851bd965c\extp.etl moved successfully.
C:\Documents and Settings\Owner.F-55412FB590154\Local Settings\Apps\2.0\PX0JAH1A.Z60\8D281MNB.19J\macr..tion_0a345d07a48f8f00_0005.0006_2c2c28435787bc80\extp.etl moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 0 bytes

User: All Users.WINDOWS

User: Default User.WINDOWS
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NeroMediaHomeUser.4
->Temporary Internet Files folder emptied: 0 bytes

User: NeroMediaHomeUser.4.HLAVNI
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temporary Internet Files folder emptied: 0 bytes

User: Owner.F-55412FB590154
->Temp folder emptied: 5290935 bytes
->Temporary Internet Files folder emptied: 2191046 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 371952958 bytes
->Google Chrome cache emptied: 279033500 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 240 bytes
->Flash cache emptied: 21711 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 27129974 bytes

Total Files Cleaned = 654,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 12152014_231018

Files moved on Reboot...

Registry entries deleted on Reboot...

[Trhace]

Zkusil jsem nainstalovat nejnovější verzi Avastu a po restartu kdy už začal nabíhat Windows naskočila modrá smrt:

DRIVER_IRQL_NOT_LESS_OR_EQUAL
STOP: 0x000000D1 (0x804944B4, 0x000000FF, 0x00000000, 0xAFC5DF28)

[Oxxid]

Podařilo se Ti posléze nabootovat do prostředí OS? Nebo je to zasekle ve smyčce? Není tam napsaný pod STOP codem chybujici modul?