Trojan Agent?

[Jonsh]

Zdravim,

prosim o kontrolu logu (Combofix). Asi jednou za tzden mi pri udrzbe softwarem Advanced system Care,vyskočí hlaska, ze byl nalezen malware (Trojan Agent win32) a to v souborech: sw20.exe a winsys.exe. Necham to opravit a za dva tri dny jsou tam zpatky... Tak nevim, zda se s tim da neco delat nebo ne...?

Dale bych rad zkratil dobu vypinani: Vse je OK, jen ukladani nastaveni trva asi minutu, pak uz se to vypne hned...

Za pripadnou pomoc dekuji...

ComboFix 14-03-10.01 - Greggy 11.03.2014 22:49:30.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1506 [GMT 1:00]
Spuštěný z: c:\documents and settings\Greggy\Plocha\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-11 do 2014-03-11 )))))))))))))))))))))))))))))))
.
.
2014-03-10 10:10 . 2014-02-26 23:28 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe
2014-03-10 10:10 . 2014-02-26 23:28 13312 ------w- c:\windows\system32\xp_eos.exe
2014-02-28 21:04 . 2014-02-28 21:04 -------- d-----w- c:\documents and settings\Greggy\Data aplikací\SUPERAntiSpyware.com
2014-02-19 19:06 . 2014-02-08 18:18 1049888 ----a-w- c:\windows\system32\nvdispco3233489.dll
2014-02-19 19:05 . 2014-02-08 18:18 895264 ----a-w- c:\windows\system32\nvdispgenco3233489.dll
2014-02-19 19:03 . 2014-02-19 19:03 -------- d-----w- C:\NVIDIA
2014-02-18 17:22 . 2014-02-18 17:22 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-02-18 17:22 . 2014-02-18 17:22 -------- d-----w- c:\program files\DAEMON Tools Lite
2014-02-18 17:18 . 2014-02-18 17:20 -------- d-----w- c:\documents and settings\Greggy\Data aplikací\rmi
2014-02-17 22:19 . 2014-02-17 22:19 -------- d-----w- c:\documents and settings\Greggy\Data aplikací\LolClient
2014-02-17 20:23 . 2014-02-27 21:38 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2014-02-17 20:22 . 2014-02-17 20:22 -------- d-----w- c:\documents and settings\All Users\Data aplikac
2014-02-17 20:22 . 2014-02-27 21:29 -------- d-----w- c:\program files\Pando Networks
2014-02-17 20:22 . 2014-02-17 20:22 -------- d-----w- c:\documents and settings\Greggy\Data aplikací\Riot Games
2014-02-12 12:16 . 2014-02-04 04:49 628224 -c----w- c:\windows\system32\dllcache\urlmon.dll
2014-02-12 12:16 . 2014-02-04 04:49 532480 -c----w- c:\windows\system32\dllcache\mstime.dll
2014-02-12 12:16 . 2014-02-04 04:49 37888 -c----w- c:\windows\system32\dllcache\url.dll
2014-02-12 12:16 . 2014-02-04 04:49 852992 -c----w- c:\windows\system32\dllcache\vgx.dll
2014-02-12 12:16 . 2014-02-04 04:49 81920 -c----w- c:\windows\system32\dllcache\ieencode.dll
2014-02-12 12:16 . 2014-02-04 04:49 669696 -c----w- c:\windows\system32\dllcache\wininet.dll
2014-02-12 12:16 . 2014-02-04 04:49 251904 -c----w- c:\windows\system32\dllcache\iepeers.dll
2014-02-12 12:16 . 2014-02-04 04:49 1025024 -c----w- c:\windows\system32\dllcache\browseui.dll
2014-02-12 12:16 . 2014-02-04 04:49 450048 -c----w- c:\windows\system32\dllcache\mshtmled.dll
2014-02-12 12:16 . 2014-02-04 04:49 1510912 -c----w- c:\windows\system32\dllcache\shdocvw.dll
2014-02-12 12:11 . 2013-12-05 11:26 1172992 -c----w- c:\windows\system32\dllcache\msxml3.dll
2014-02-12 12:06 . 2013-12-31 00:45 434176 -c----w- c:\windows\system32\dllcache\vbscript.dll
2014-02-11 08:25 . 2014-02-11 08:25 -------- d-----w- c:\documents and settings\Greggy\Data aplikací\IObit Apps
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-03 15:34 . 2013-06-14 14:12 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-03 15:34 . 2013-06-14 14:12 692616 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-08 18:18 . 2014-01-18 23:14 9674752 ----a-w- c:\windows\system32\nvopencl.dll
2014-02-08 18:18 . 2014-01-18 23:14 22888448 ----a-w- c:\windows\system32\nvoglnt.dll
2014-02-08 18:18 . 2014-01-18 23:14 9707520 ----a-w- c:\windows\system32\nvcuda.dll
2014-02-08 18:18 . 2014-01-18 23:14 2961184 ----a-w- c:\windows\system32\nvcuvid.dll
2014-02-08 18:18 . 2014-01-18 23:14 2410784 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-02-08 18:18 . 2014-01-18 23:14 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2014-02-08 18:18 . 2014-01-18 23:14 2649600 ----a-w- c:\windows\system32\nvapi.dll
2014-02-08 18:18 . 2014-01-18 23:14 4080384 ----a-w- c:\windows\system32\nv4_disp.dll
2014-02-08 18:18 . 2014-01-18 23:14 12508768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2014-02-08 17:11 . 2009-03-27 08:03 229376 -c--a-w- c:\windows\system32\nvrszhc.dll
2014-02-08 17:11 . 2009-03-27 08:03 126976 -c--a-w- c:\windows\system32\nvrszht.dll
2014-02-08 17:11 . 2009-03-27 08:03 274432 -c--a-w- c:\windows\system32\nvrspt.dll
2014-02-08 17:11 . 2009-03-27 08:03 270336 -c--a-w- c:\windows\system32\nvrsru.dll
2014-02-08 17:11 . 2009-03-27 08:03 270336 -c--a-w- c:\windows\system32\nvrsptb.dll
2014-02-08 17:11 . 2009-03-27 08:03 258048 -c--a-w- c:\windows\system32\nvrstr.dll
2014-02-08 17:11 . 2009-03-27 08:03 258048 -c--a-w- c:\windows\system32\nvrssl.dll
2014-02-08 17:11 . 2009-03-27 08:03 258048 -c--a-w- c:\windows\system32\nvrssk.dll
2014-02-08 17:11 . 2009-03-27 08:03 253952 -c--a-w- c:\windows\system32\nvrsth.dll
2014-02-08 17:11 . 2009-03-27 08:03 253952 -c--a-w- c:\windows\system32\nvrssv.dll
2014-02-08 17:11 . 2009-03-27 08:03 282624 -c--a-w- c:\windows\system32\nvrsit.dll
2014-02-08 17:11 . 2009-03-27 08:03 274432 -c--a-w- c:\windows\system32\nvrsnl.dll
2014-02-08 17:11 . 2009-03-27 08:03 274432 -c--a-w- c:\windows\system32\nvrsja.dll
2014-02-08 17:11 . 2009-03-27 08:03 266240 -c--a-w- c:\windows\system32\nvrsko.dll
2014-02-08 17:11 . 2009-03-27 08:03 258048 -c--a-w- c:\windows\system32\nvrspl.dll
2014-02-08 17:11 . 2009-03-27 08:03 253952 -c--a-w- c:\windows\system32\nvrsno.dll
2014-02-08 17:11 . 2009-03-27 08:03 335872 -c--a-w- c:\windows\system32\nvrshe.dll
2014-02-08 17:11 . 2009-03-27 08:03 286720 -c--a-w- c:\windows\system32\nvrsfr.dll
2014-02-08 17:11 . 2009-03-27 08:03 282624 -c--a-w- c:\windows\system32\nvrses.dll
2014-02-08 17:11 . 2009-03-27 08:03 282624 -c--a-w- c:\windows\system32\nvrsel.dll
2014-02-08 17:11 . 2009-03-27 08:03 278528 -c--a-w- c:\windows\system32\nvrsde.dll
2014-02-08 17:11 . 2009-03-27 08:03 274432 -c--a-w- c:\windows\system32\nvrsesm.dll
2014-02-08 17:11 . 2009-03-27 08:03 262144 -c--a-w- c:\windows\system32\nvrshu.dll
2014-02-08 17:11 . 2009-03-27 08:03 253952 -c--a-w- c:\windows\system32\nvrsda.dll
2014-02-08 17:11 . 2009-03-27 08:03 249856 -c--a-w- c:\windows\system32\nvrsfi.dll
2014-02-08 17:11 . 2009-03-27 08:03 249856 -c--a-w- c:\windows\system32\nvrseng.dll
2014-02-08 17:11 . 2009-03-27 08:03 335872 -c--a-w- c:\windows\system32\nvrsar.dll
2014-02-08 17:11 . 2009-03-27 08:03 249856 ----a-w- c:\windows\system32\nvrscs.dll
2014-02-08 17:08 . 2009-03-27 08:03 54272 ----a-w- c:\windows\system32\nvwddi.dll
2014-02-08 17:08 . 2009-03-27 08:03 15714080 ----a-w- c:\windows\system32\nvcpl.dll
2014-02-08 17:08 . 2009-03-27 08:03 156960 ----a-w- c:\windows\system32\nvsvc32.exe
2014-02-08 17:08 . 2009-03-27 08:03 376096 ----a-w- c:\windows\system32\nvmctray.dll
2014-02-08 17:08 . 2009-03-27 08:03 144160 -c--a-w- c:\windows\system32\nvcolor.exe
2014-02-07 15:32 . 2014-01-19 09:09 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-02-04 04:49 . 2013-01-14 00:30 81920 ----a-w- c:\windows\system32\ieencode.dll
2014-02-04 04:49 . 2004-08-17 14:49 669696 ----a-w- c:\windows\system32\wininet.dll
2014-02-04 04:49 . 2004-08-03 21:59 61952 ----a-w- c:\windows\system32\tdc.ocx
2014-02-04 04:48 . 2004-08-17 14:44 370176 ----a-w- c:\windows\system32\html.iec
2014-01-25 12:03 . 2014-01-19 09:09 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-01-25 12:03 . 2014-01-19 09:09 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-25 12:03 . 2014-01-19 09:09 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-25 12:03 . 2014-01-19 09:09 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-01-25 12:03 . 2014-01-19 09:09 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-25 12:03 . 2014-01-19 09:09 43152 ----a-w- c:\windows\avastSS.scr
2014-01-25 12:03 . 2014-01-19 10:16 252592 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2014-01-19 11:07 . 2014-01-19 11:07 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-19 11:07 . 2014-01-19 11:07 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-01-19 10:16 . 2014-01-19 10:16 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-01-19 10:16 . 2014-01-19 10:16 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2014-01-19 09:09 . 2014-01-19 09:09 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-19 09:09 . 2014-01-19 09:09 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-18 23:47 . 2014-01-18 23:29 891976 ----a-w- c:\windows\system32\RTSndMgr.CPL
2014-01-18 23:47 . 2014-01-18 23:29 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2014-01-18 23:47 . 2014-01-18 23:29 359016 ----a-w- c:\windows\vncutil.exe
2014-01-18 23:47 . 2014-01-18 23:29 9721960 ----a-w- c:\windows\RTLCPL.EXE
2014-01-18 23:47 . 2014-01-18 23:29 1523416 ----a-w- c:\windows\RtlUpd.exe
2014-01-18 23:47 . 2014-01-18 23:29 5620440 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2014-01-18 23:47 . 2014-01-18 23:29 86232 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2014-01-18 23:47 . 2014-01-18 23:29 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2014-01-18 23:47 . 2014-01-18 23:29 129640 ----a-w- c:\windows\RtkAudioService.exe
2014-01-18 23:47 . 2014-01-18 23:29 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2014-01-18 23:47 . 2014-01-18 23:29 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2014-01-18 23:47 . 2014-01-18 23:29 64104 ----a-w- c:\windows\ALCMTR.EXE
2014-01-18 23:47 . 2014-01-18 23:29 285288 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2014-01-18 23:47 . 2014-01-18 23:29 2815592 ----a-w- c:\windows\ALCWZRD.EXE
2014-01-18 23:47 . 2014-01-18 23:29 2180712 ----a-w- c:\windows\MicCal.exe
2014-01-18 23:42 . 2014-01-18 23:32 215656 ----a-w- c:\windows\system32\NVCOSMB.DLL
2014-01-18 23:42 . 2014-01-18 23:32 18024 ----a-w- c:\windows\system32\NvRCoPtb.dll
2014-01-18 23:42 . 2014-01-18 23:32 18024 ----a-w- c:\windows\system32\NvRCoIt.dll
2014-01-18 23:42 . 2014-01-18 23:32 18024 ----a-w- c:\windows\system32\NvRCoFr.dll
2014-01-18 23:42 . 2014-01-18 23:32 17512 ----a-w- c:\windows\system32\NvRCoSv.dll
2014-01-18 23:42 . 2014-01-18 23:32 17512 ----a-w- c:\windows\system32\NvRCoRu.dll
2014-01-18 23:42 . 2014-01-18 23:32 17512 ----a-w- c:\windows\system32\NvRCoNo.dll
2014-01-18 23:42 . 2014-01-18 23:32 17512 ----a-w- c:\windows\system32\NvRCoNl.dll
2014-01-18 23:42 . 2014-01-18 23:32 15464 ----a-w- c:\windows\system32\NvRCoKo.dll
2014-01-18 23:42 . 2014-01-18 23:32 15464 ----a-w- c:\windows\system32\NvRCoJa.dll
2014-01-18 23:42 . 2014-01-18 23:32 14952 ----a-w- c:\windows\system32\NvRCoZht.dll
2014-01-18 23:42 . 2014-01-18 23:32 14952 ----a-w- c:\windows\system32\NvRCoZhc.dll
2014-01-18 23:42 . 2014-01-18 23:32 372840 ----a-w- c:\windows\system32\nvraiins.dll
2014-01-18 23:42 . 2014-01-18 23:32 372840 ----a-w- c:\windows\system32\nvraidco.dll
2014-01-18 23:42 . 2014-01-18 23:32 18024 ----a-w- c:\windows\system32\NvRCoEsm.dll
2014-01-18 23:42 . 2014-01-18 23:32 18024 ----a-w- c:\windows\system32\NvRCoEs.dll
2014-01-18 23:42 . 2014-01-18 23:32 18024 ----a-w- c:\windows\system32\NvRCoDe.dll
2014-01-18 23:42 . 2014-01-18 23:32 17512 ----a-w- c:\windows\system32\NvRCoFi.dll
2014-01-18 23:42 . 2014-01-18 23:32 17512 ----a-w- c:\windows\system32\NvRCoDa.dll
2014-01-18 23:42 . 2014-01-18 23:32 17000 ----a-w- c:\windows\system32\NvRCoENU.dll
2014-01-18 23:42 . 2014-01-18 23:32 17000 ----a-w- c:\windows\system32\NvRCoEng.dll
2014-01-18 23:42 . 2014-01-18 23:32 168040 ----a-w- c:\windows\system32\drivers\nvgts.sys
2014-01-18 23:14 . 2014-01-18 23:14 893728 ----a-w- c:\windows\system32\nvdispgenco3232723.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"= "c:\program files\IObit Apps Toolbar\IE\8.7\iobitappsToolbarIE.dll" [2014-02-05 1398080]
.
[HKEY_CLASSES_ROOT\clsid\{03eb0e9c-7a91-4381-a220-9b52b641cdb1}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
2014-02-05 17:58 1398080 ----a-w- c:\program files\IObit Apps Toolbar\IE\8.7\iobitappsToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"= "c:\program files\IObit Apps Toolbar\IE\8.7\iobitappsToolbarIE.dll" [2014-02-05 1398080]
.
[HKEY_CLASSES_ROOT\clsid\{03eb0e9c-7a91-4381-a220-9b52b641cdb1}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-25 12:03 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 7"="c:\program files\IObit\Advanced SystemCare 7\ASCTray.exe" [2014-02-11 2288928]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"RTHDCPL"="RTHDCPL.EXE" [2010-01-19 18790432]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-25 3767096]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2014-02-08 15714080]
"NvMediaCenter"="NvMCTray.dll" [2014-02-08 376096]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2014-02-08 2593056]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVFX Engine]
2006-10-19 17:44 20480 -c----w- c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 02:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-09-29 22:14 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"SW20"=c:\windows\system32\sw20.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SW24"=c:\windows\system32\sw24.exe
"nwiz"=nwiz.exe /install
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58636:TCP"= 58636:TCP:Pando Media Booster
"58636:UDP"= 58636:UDP:Pando Media Booster
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [19.1.2014 11:16 12112]
R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswNdis2.sys [19.1.2014 11:16 252592]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [19.1.2014 10:09 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [19.1.2014 10:09 180248]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [19.1.2014 11:16 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [19.1.2014 10:09 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19.1.2014 10:09 410784]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [18.2.2014 18:22 243128]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\IObit\Advanced SystemCare 7\ASCService.exe [7.2.2014 16:47 881952]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [19.1.2014 10:09 67824]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [19.1.2014 11:16 113704]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [7.2.2014 16:48 2151200]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [19.1.2014 0:29 1691480]
S3 EagleXNt;EagleXNt; [x]
S3 eiqhwmef;eiqhwmef; [x]
S3 go4X1394;go4X1394;c:\windows\system32\drivers\go4X1394.sys [23.1.2010 16:00 113664]
S3 go4XWDM;go4XWDM;c:\windows\system32\drivers\go4XWDM.sys [23.1.2010 16:00 28672]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys --> c:\windows\system32\DRIVERS\netaapl.sys [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [16.10.2007 9:59 47360]
S3 rockusb27;Driver for Emgeton E9 Cult Device;c:\windows\system32\drivers\rockusb27.sys [28.12.2010 18:50 35072]
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-14 15:34]
.
2014-03-11 c:\windows\Tasks\ASC7_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 7\Monitor.exe [2014-02-07 12:46]
.
2014-03-11 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-19 12:03]
.
2014-03-10 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-10 23:28]
.
2014-03-11 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-10 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.sweetim.com
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Greggy\Data aplikací\Mozilla\Firefox\Profiles\28gdfzop.default-1369842232234\
FF - prefs.js: browser.startup.homepage - http://www.google.com
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - ExtSQL: 2014-02-08 21:24; iobitapps@mybrowserbar.com; c:\program files\IObit Apps Toolbar\FF
FF - ExtSQL: 2014-03-06 20:46; ascsurfingprotection@iobit.com; c:\documents and settings\Greggy\Data aplikacĂ­\Mozilla\Firefox\Profiles\28gdfzop.default-1369842232234\extensions\ascsurfingprotection@iobit.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-11 22:53
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\avast! sandbox
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1606980848-602162358-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e9,7d,81,a8,fe,8f,14,d4,e5,1c,91,b4,0c,94,c4,83,ae,12,5c,9c,32,df,e6,
ae,ed,21,f1,9b,a4,4a,40,51,b3,29,ce,e4,3e,fd,a0,85,7a,59,41,5f,4c,23,c7,4d,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2272)
c:\program files\NVIDIA Corporation\nview\nview.dll
c:\program files\NVIDIA Corporation\nview\NVWRSCS.DLL
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2014-03-11 22:55:23
ComboFix-quarantined-files.txt 2014-03-11 21:55
ComboFix2.txt 2014-02-25 21:15
ComboFix3.txt 2014-02-15 13:38
ComboFix4.txt 2009-07-08 12:39
.
Před spuštěním: 4 851 490 816
Po spuštění: 4 834 639 872
.
- - End Of File - - 397A0E5011E8CD829C15FDA1A1DD13A0
413FC2A0C716421B3158746D63736515

[Reklama]

[jaro3]

Kdo Ti poradil Combofix , tak by Ti měl poradit jak dál!

Advanced system Care,--to bych odinstaloval..

Vlož log z HJT:
viewtopic.php?f=70&t=5119

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

[Jonsh]

Omlouvam se... Tady je ten z HiJacku:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:51:12, on 12.3.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IObit\Advanced SystemCare 7\RealTimeProtector.exe
G:\Utility\FirefoxPortable\App\firefox\firefox.exe
G:\Utility\FirefoxPortable\App\firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\8.7\iobitappsToolbarIE.dll
O2 - BHO: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\8.7\iobitappsToolbarIE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\8.7\iobitappsToolbarIE.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKCU\..\Run: [Advanced SystemCare 7] "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: InterCasino EUR - {9536DF30-CF04-4A89-B26B-4781E242230C} - http://www.intercasino.com/?utm_source= ... d-casino-l (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: InterCasino EUR - {9536DF30-CF04-4A89-B26B-4781E242230C} - http://www.intercasino.com/?utm_source= ... d-casino-l (file missing) (HKCU)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6964 bytes