Prosím o kontrolu logu, děkuji.

[SPI]

ComboFix 14-01-29.01 - Spike 31.01.2014 21:29:57.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1393 [GMT 1:00]
Spuštěný z: c:\documents and settings\Spike\Plocha\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Spike\WINDOWS
c:\windows\iun6002.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\0b36709e5371ac19.fb
c:\windows\system32\Cache\0d9cc09f865b50a9.fb
c:\windows\system32\Cache\1db04135128b4bc5.fb
c:\windows\system32\Cache\22dfee79b71d4050.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\3ad4210584f64c9a.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\59fe3a6a461d62d1.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\8e41fdcb144e2f7f.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b8b6d88386979904.fb
c:\windows\system32\Cache\be281f9ea0289337.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\cf1c6c04e8715803.fb
c:\windows\system32\Cache\d0d53284473d5d42.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d5af0f4be00aed22.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f5918119380b4383.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\tmp38C.tmp
c:\windows\system32\tmp38D.tmp
c:\windows\wininit.ini
.
Nakažená kopie c:\windows\system32\midimap.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\NiwradSoft Shell Pack\Backup\midimap.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-12-28 do 2014-01-31 )))))))))))))))))))))))))))))))
.
.
2014-01-31 14:22 . 2014-01-31 14:22 -------- d-----w- c:\documents and settings\Spike\Data aplikací\AVG2014
2014-01-31 14:21 . 2014-01-31 14:21 -------- d-----w- C:\$AVG
2014-01-31 14:18 . 2014-01-31 14:22 -------- d-----w- c:\documents and settings\Spike\Local Settings\Data aplikací\Avg2014
2014-01-30 21:15 . 2014-01-30 21:15 -------- d-----w- c:\windows\ERUNT
2014-01-30 15:49 . 2014-01-30 20:58 -------- d-----w- C:\AdwCleaner
2014-01-30 15:36 . 2014-01-30 15:36 388096 ----a-r- c:\documents and settings\Spike\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-01-30 15:36 . 2014-01-30 15:36 -------- d-----w- c:\program files\Trend Micro
2014-01-30 14:26 . 2014-01-30 14:26 -------- d-----w- c:\program files\Loaris
2014-01-30 14:26 . 2014-01-30 14:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Loaris
2014-01-29 15:39 . 2014-01-29 15:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\GridinSoft
2014-01-29 15:21 . 2014-01-29 15:21 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-01-29 14:33 . 2014-01-29 14:33 -------- d--h--w- c:\windows\system32\GroupPolicy
2014-01-29 14:33 . 2014-01-29 14:33 -------- d-----w- c:\program files\MediaPlayerV1
2014-01-10 14:33 . 2014-01-30 20:47 -------- d-----w- c:\program files\VideoPlayerV3
2014-01-05 18:57 . 2014-01-05 18:57 -------- d-----w- c:\documents and settings\Spike\Data aplikací\Malwarebytes
2014-01-05 18:56 . 2014-01-05 18:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-01-05 18:56 . 2014-01-05 18:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2014-01-05 18:56 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-05 18:17 . 2014-01-05 18:17 -------- d-----w- c:\program files\Enigma Software Group
2014-01-05 18:17 . 2014-01-05 20:59 -------- d-----w- c:\windows\220FB0354744483A9A0B41DF77061583.TMP
2014-01-05 18:17 . 2014-01-05 18:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-01 00:27 . 2011-07-01 21:44 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-12-01 00:27 . 2011-07-01 21:44 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-11-30 02:43 . 2013-11-30 02:43 22328 ----a-w- c:\documents and settings\Spike\Data aplikací\PnkBstrK.sys
2013-11-30 02:43 . 2013-11-30 02:43 22328 ----a-w- c:\documents and settings\Spike\Data aplikací\PnkBstrK.sys
2013-11-30 02:43 . 2013-11-30 02:43 22328 ----a-w- c:\documents and settings\Spike\Data aplikací\PnkBstrK.sys
2013-11-30 02:43 . 2013-11-30 02:43 22328 ----a-w- c:\documents and settings\Spike\Data aplikací\PnkBstrK.sys
2013-11-30 02:43 . 2013-11-30 02:43 682280 ----a-w- c:\windows\system32\pbsvc.exe
2013-11-30 02:43 . 2011-07-01 21:44 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-11-10 16:36 . 2012-09-04 11:44 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-11-05 20:50 . 2013-11-05 20:50 120600 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-11-04 20:57 . 2013-11-04 20:57 209176 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2004-08-18 12:00 . B44F68274AB7B8A54E9AD74AFF0EFAAC . 806912 . . [2001.12.4414.258] . . c:\windows\NiwradSoft Shell Pack\Backup\comres.dll
[-] 2004-08-18 12:00 . 0811E66E2C2D8CC151DCB10F3BF39106 . 1508864 . . [2001.12.4414.258] . . c:\windows\system32\comres.dll
[-] 2004-08-18 12:00 . 0811E66E2C2D8CC151DCB10F3BF39106 . 1508864 . . [2001.12.4414.258] . . c:\windows\system32\dllcache\comres.dll
.
[7] 2004-08-18 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2004-08-18 . 96112B362A1F419384CE57E5D92C6267 . 541696 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2004-08-18 . 96112B362A1F419384CE57E5D92C6267 . 541696 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe
.
[7] 2004-08-18 . E9F9CD3C7F2E56505A0AC166580120E3 . 111104 . . [5.4.3790.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\wuauclt.exe
[-] 2004-08-18 . 2A7DE1DDA6445D19C66E4D5510DD5430 . 115712 . . [5.4.3790.2180] . . c:\windows\system32\wuauclt.exe
[-] 2004-08-18 . 2A7DE1DDA6445D19C66E4D5510DD5430 . 115712 . . [5.4.3790.2180] . . c:\windows\system32\dllcache\wuauclt.exe
.
[7] 2004-08-18 . 876C658C44F2BF4AF050E5534A9F066F . 611328 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2004-08-18 . D1C758D6B44D3E7CD32822B6D59611C9 . 636928 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2004-08-18 . D1C758D6B44D3E7CD32822B6D59611C9 . 636928 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2004-08-18 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\InstallTemp\44859\comctl32.dll
[7] 2004-08-18 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2004-08-18 . F76B3003366A205E05AFC0D034C7D3E9 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[7] 2004-08-18 . EF74351C9098210CC9C1A3679DB62041 . 3003392 . . [6.00.2900.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2004-08-18 . BA6D78A56067ECC121B45B2736F97903 . 3331584 . . [6.00.2900.2180] . . c:\windows\system32\mshtml.dll
[-] 2004-08-18 . BA6D78A56067ECC121B45B2736F97903 . 3331584 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\mshtml.dll
.
[7] 2004-08-18 . 1B4CCC59980DA34E75F20E42B283B027 . 577024 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2004-08-18 . CA2BE87B92496E69BC62EFD69F6084B1 . 577024 . . [5.1.2600.2180] . . c:\windows\system32\user32.dll
[-] 2004-08-18 . CA2BE87B92496E69BC62EFD69F6084B1 . 577024 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\user32.dll
.
[7] 2004-08-18 . 50D263E3454E8357D13BB598129185AD . 657408 . . [6.00.2900.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2004-08-18 . C63D825FA2DD977470185B0481201E29 . 767488 . . [6.00.2900.2180] . . c:\windows\system32\wininet.dll
[-] 2004-08-18 . C63D825FA2DD977470185B0481201E29 . 767488 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\wininet.dll
.
[-] 2004-08-18 . 10F4E152AF64AF03AD48BC75AE814679 . 1539584 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[7] 2004-08-18 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2004-08-18 . 10F4E152AF64AF03AD48BC75AE814679 . 1539584 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2004-08-18 . F9E96DBD817BD1E4F0824D42EC2E5476 . 277504 . . [5.1.2600.2180] . . c:\windows\regedit.exe
[7] 2004-08-18 . CB5A91928D94224E7E30EE277B45E8A3 . 147968 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\regedit.exe
[-] 2004-08-18 . F9E96DBD817BD1E4F0824D42EC2E5476 . 277504 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regedit.exe
.
[7] 2004-08-18 . 7FE54C063DDA8EF226846510852E6B1B . 1281024 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\ole32.dll
[-] 2004-08-18 . AF7DA2DFF2A3DF82682E99B135F4AD90 . 1306112 . . [5.1.2600.2180] . . c:\windows\system32\ole32.dll
[-] 2004-08-18 . AF7DA2DFF2A3DF82682E99B135F4AD90 . 1306112 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ole32.dll
.
[7] 2004-08-18 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2004-08-18 . 82B0ED1EE0F3552290749FB80C074835 . 40448 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-18 . 82B0ED1EE0F3552290749FB80C074835 . 40448 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe
.
[7] 2004-08-18 . FAABA83BE47C5B15F620FAA53267A9B8 . 345088 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\hnetcfg.dll
[-] 2004-08-18 . 9AF19443BF37A8B20EB994198ACAB945 . 369152 . . [5.1.2600.2180] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-18 . 9AF19443BF37A8B20EB994198ACAB945 . 369152 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\hnetcfg.dll
.
[7] 2004-08-18 . 7715EDDD01EDFEF9EF335D29C6DFE212 . 2017280 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2004-08-18 . A685C800061DB16981B58387DD2FBA4D . 2178560 . . [5.1.2600.2180] . . c:\windows\system32\ntkrnlpa.exe
.
[7] 2004-08-18 . 63E527C26AC3059EAD766C6C11746D07 . 93184 . . [6.00.2900.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\IEXPLORE.EXE
[-] 2004-08-18 . F4DB1A37131E852B2069615B9534BAC3 . 102912 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\iexplore.exe
.
[7] 2004-08-18 . 84FEF6BE553ACC66729F5D4113F53310 . 2150400 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2004-08-18 . 43DDBCD1F560AE90AB4DDF0E845A4541 . 2311680 . . [5.1.2600.2180] . . c:\windows\system32\ntoskrnl.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2011-05-25 2301752]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"mobilegeni daemon"="c:\program files\Mobogenie\DaemonProcess.exe" [2014-01-27 775872]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-11-07 4956176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 40448]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-18 12:00 40448 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-11-10 09:17 3514176 ----a-w- d:\daemon\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-06-05 06:39 33628160 ----a-r- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-17 14:58 1667584 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NiwradSoft Welcome]
2010-07-04 04:14 243442 ----a-w- c:\windows\NiwradSoft Shell Pack\Tools\NS Welcome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-09-02 11:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Six Engine]
2009-06-24 21:24 5782528 ----a-w- c:\program files\ASUS\EPU-4 Engine\FourEngine.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
2013-01-07 11:03 446648 ----a-w- c:\program files\Sony\Sony PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-06-25 17:05 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2014-01-07 21:00 1815464 ----a-w- d:\csanthology\Steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\hry\\Counter-Strike Source\\hl2.exe"=
"d:\\hry\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\CSAnthology\\SteamApps\\goodluck705\\counter-strike\\hl.exe"=
"d:\\hry\\Porsche 2000 Unleashed\\Porsche.exe"=
"d:\\hry\\Far Cry 2\\bin\\farcry2.exe"=
"d:\\hry\\World_of_Tanks\\WorldOfTanks.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\hry\\Heroes IV\\heroes4c.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\hry\\World_of_Tanks\\WOTLauncher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\CSAnthology\\SteamApps\\common\\Half-Life\\hl.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [24.10.2013 22:28 147768]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [31.10.2013 22:30 222520]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [10.9.2013 0:43 27448]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [5.11.2013 21:50 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [4.11.2013 21:57 209176]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [17.9.2013 0:57 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [31.10.2013 23:00 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [1.8.2013 16:08 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [4.9.2012 12:44 37664]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [14.12.2011 22:49 239168]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [24.9.2013 1:33 348008]
R2 MgAssistService;MgAssist Service;c:\program files\Mobogenie\MgAssist.exe [10.1.2014 9:03 63168]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [7.12.2012 17:27 167424]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [9.10.2013 9:58 3275136]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28.2.2013 17:45 161384]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [5.2.2011 22:44 1374464]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [11.11.2013 22:02 3478544]
S2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [?]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [17.7.2013 9:22 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [7.12.2012 17:27 21248]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [26.4.2012 9:26 155320]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2014-01-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://go.microsoft.com
mStart Page = about:blank
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-DriverCD - E:\Run.exe
AddRemove-FlatOut Ultimate Carnage - d:\hry\FlatOut2\FlatOut Ultimate Carnage\Uninstall.exe
AddRemove-MediaPlayerV1alpha757 - c:\program files\MediaPlayerV1\MediaPlayerV1alpha757\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-31 21:34
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
mobilegeni daemon = c:\program files\Mobogenie\DaemonProcess.exe?????????????????????????????????????????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll
c:\windows\system32\COMRes.dll
.
- - - - - - - > 'lsass.exe'(944)
c:\windows\system32\setupapi.dll
c:\windows\system32\psbase.dll
.
- - - - - - - > 'explorer.exe'(2268)
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\System32\snmp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2014-01-31 21:35:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-01-31 20:35
.
Před spuštěním: Volných bajtů: 10 831 048 704
Po spuštění: Volných bajtů: 10 885 349 376
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer /noguiboot
.
- - End Of File - - A47CA733F34E2946F75F2409D3BB86AD
413FC2A0C716421B3158746D63736515

[Reklama]

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClaerJavaCache::

KillAll::
Folder::
c:\windows\220FB0354744483A9A0B41DF77061583.TMP
c:\program files\Skype\Updater
c:\program files\Common Files\AVG Secure Search

Driver::
SkypeUpdate
vToolbarUpdater17.3.0

DDS::
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\midimap.dll

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

[SPI]

ComboFix 14-01-29.01 - Spike 01.02.2014 15:09:51.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1485 [GMT 1:00]
Spuštěný z: c:\documents and settings\Spike\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Spike\Plocha\CFScript.txt
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
c:\windows\220FB0354744483A9A0B41DF77061583.TMP
c:\windows\220FB0354744483A9A0B41DF77061583.TMP\WiseCustomCall.dll
c:\windows\220FB0354744483A9A0B41DF77061583.TMP\WiseCustomCalla.dll
c:\windows\220FB0354744483A9A0B41DF77061583.TMP\WiseCustomCalla17.dll
c:\windows\220FB0354744483A9A0B41DF77061583.TMP\WiseCustomCalla18.dll
c:\windows\220FB0354744483A9A0B41DF77061583.TMP\WiseCustomCalla18.exe
c:\windows\220FB0354744483A9A0B41DF77061583.TMP\WiseCustomCalla19.dll
c:\windows\220FB0354744483A9A0B41DF77061583.TMP\WiseCustomCalla2.dll
c:\windows\220FB0354744483A9A0B41DF77061583.TMP\WiseCustomCalla20.dll
c:\windows\220FB0354744483A9A0B41DF77061583.TMP\WiseCustomCalla22.dll
c:\windows\220FB0354744483A9A0B41DF77061583.TMP\WiseCustomCalla22.exe
c:\windows\220FB0354744483A9A0B41DF77061583.TMP\WiseData.ini
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SKYPEUPDATE
-------\Legacy_VTOOLBARUPDATER17.3.0
-------\Service_SkypeUpdate
-------\Service_vToolbarUpdater17.3.0
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-01 do 2014-02-01 )))))))))))))))))))))))))))))))
.
.
2014-01-31 14:22 . 2014-01-31 14:22 -------- d-----w- c:\documents and settings\Spike\Data aplikací\AVG2014
2014-01-31 14:21 . 2014-01-31 14:21 -------- d-----w- C:\$AVG
2014-01-31 14:18 . 2014-01-31 14:22 -------- d-----w- c:\documents and settings\Spike\Local Settings\Data aplikací\Avg2014
2014-01-30 21:15 . 2014-01-30 21:15 -------- d-----w- c:\windows\ERUNT
2014-01-30 15:49 . 2014-01-30 20:58 -------- d-----w- C:\AdwCleaner
2014-01-30 15:36 . 2014-01-30 15:36 388096 ----a-r- c:\documents and settings\Spike\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-01-30 15:36 . 2014-01-30 15:36 -------- d-----w- c:\program files\Trend Micro
2014-01-30 14:26 . 2014-01-30 14:26 -------- d-----w- c:\program files\Loaris
2014-01-30 14:26 . 2014-01-30 14:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Loaris
2014-01-29 15:39 . 2014-01-29 15:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\GridinSoft
2014-01-29 15:21 . 2014-01-29 15:21 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-01-29 14:33 . 2014-01-29 14:33 -------- d--h--w- c:\windows\system32\GroupPolicy
2014-01-29 14:33 . 2014-01-29 14:33 -------- d-----w- c:\program files\MediaPlayerV1
2014-01-10 14:33 . 2014-01-30 20:47 -------- d-----w- c:\program files\VideoPlayerV3
2014-01-05 18:57 . 2014-01-05 18:57 -------- d-----w- c:\documents and settings\Spike\Data aplikací\Malwarebytes
2014-01-05 18:56 . 2014-01-05 18:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-01-05 18:56 . 2014-01-05 18:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2014-01-05 18:56 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-05 18:17 . 2014-01-05 18:17 -------- d-----w- c:\program files\Enigma Software Group
2014-01-05 18:17 . 2014-01-05 18:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-01 00:27 . 2011-07-01 21:44 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-12-01 00:27 . 2011-07-01 21:44 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-11-30 02:43 . 2013-11-30 02:43 22328 ----a-w- c:\documents and settings\Spike\Data aplikací\PnkBstrK.sys
2013-11-30 02:43 . 2013-11-30 02:43 22328 ----a-w- c:\documents and settings\Spike\Data aplikací\PnkBstrK.sys
2013-11-30 02:43 . 2013-11-30 02:43 22328 ----a-w- c:\documents and settings\Spike\Data aplikací\PnkBstrK.sys
2013-11-30 02:43 . 2013-11-30 02:43 22328 ----a-w- c:\documents and settings\Spike\Data aplikací\PnkBstrK.sys
2013-11-30 02:43 . 2013-11-30 02:43 682280 ----a-w- c:\windows\system32\pbsvc.exe
2013-11-30 02:43 . 2011-07-01 21:44 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-11-10 16:36 . 2012-09-04 11:44 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-11-05 20:50 . 2013-11-05 20:50 120600 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-11-04 20:57 . 2013-11-04 20:57 209176 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2004-08-18 12:00 . B44F68274AB7B8A54E9AD74AFF0EFAAC . 806912 . . [2001.12.4414.258] . . c:\windows\NiwradSoft Shell Pack\Backup\comres.dll
[-] 2004-08-18 12:00 . 0811E66E2C2D8CC151DCB10F3BF39106 . 1508864 . . [2001.12.4414.258] . . c:\windows\system32\comres.dll
[-] 2004-08-18 12:00 . 0811E66E2C2D8CC151DCB10F3BF39106 . 1508864 . . [2001.12.4414.258] . . c:\windows\system32\dllcache\comres.dll
.
[7] 2004-08-18 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2004-08-18 . 96112B362A1F419384CE57E5D92C6267 . 541696 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2004-08-18 . 96112B362A1F419384CE57E5D92C6267 . 541696 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe
.
[7] 2004-08-18 . E9F9CD3C7F2E56505A0AC166580120E3 . 111104 . . [5.4.3790.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\wuauclt.exe
[-] 2004-08-18 . 2A7DE1DDA6445D19C66E4D5510DD5430 . 115712 . . [5.4.3790.2180] . . c:\windows\system32\wuauclt.exe
[-] 2004-08-18 . 2A7DE1DDA6445D19C66E4D5510DD5430 . 115712 . . [5.4.3790.2180] . . c:\windows\system32\dllcache\wuauclt.exe
.
[7] 2004-08-18 . 876C658C44F2BF4AF050E5534A9F066F . 611328 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2004-08-18 . D1C758D6B44D3E7CD32822B6D59611C9 . 636928 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2004-08-18 . D1C758D6B44D3E7CD32822B6D59611C9 . 636928 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2004-08-18 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\InstallTemp\44859\comctl32.dll
[7] 2004-08-18 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2004-08-18 . F76B3003366A205E05AFC0D034C7D3E9 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[7] 2004-08-18 . EF74351C9098210CC9C1A3679DB62041 . 3003392 . . [6.00.2900.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2004-08-18 . BA6D78A56067ECC121B45B2736F97903 . 3331584 . . [6.00.2900.2180] . . c:\windows\system32\mshtml.dll
[-] 2004-08-18 . BA6D78A56067ECC121B45B2736F97903 . 3331584 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\mshtml.dll
.
[7] 2004-08-18 . 1B4CCC59980DA34E75F20E42B283B027 . 577024 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2004-08-18 . CA2BE87B92496E69BC62EFD69F6084B1 . 577024 . . [5.1.2600.2180] . . c:\windows\system32\user32.dll
[-] 2004-08-18 . CA2BE87B92496E69BC62EFD69F6084B1 . 577024 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\user32.dll
.
[7] 2004-08-18 . 50D263E3454E8357D13BB598129185AD . 657408 . . [6.00.2900.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2004-08-18 . C63D825FA2DD977470185B0481201E29 . 767488 . . [6.00.2900.2180] . . c:\windows\system32\wininet.dll
[-] 2004-08-18 . C63D825FA2DD977470185B0481201E29 . 767488 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\wininet.dll
.
[-] 2004-08-18 . 10F4E152AF64AF03AD48BC75AE814679 . 1539584 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[7] 2004-08-18 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2004-08-18 . 10F4E152AF64AF03AD48BC75AE814679 . 1539584 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2004-08-18 . F9E96DBD817BD1E4F0824D42EC2E5476 . 277504 . . [5.1.2600.2180] . . c:\windows\regedit.exe
[7] 2004-08-18 . CB5A91928D94224E7E30EE277B45E8A3 . 147968 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\regedit.exe
[-] 2004-08-18 . F9E96DBD817BD1E4F0824D42EC2E5476 . 277504 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regedit.exe
.
[7] 2004-08-18 . 7FE54C063DDA8EF226846510852E6B1B . 1281024 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\ole32.dll
[-] 2004-08-18 . AF7DA2DFF2A3DF82682E99B135F4AD90 . 1306112 . . [5.1.2600.2180] . . c:\windows\system32\ole32.dll
[-] 2004-08-18 . AF7DA2DFF2A3DF82682E99B135F4AD90 . 1306112 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ole32.dll
.
[7] 2004-08-18 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2004-08-18 . 82B0ED1EE0F3552290749FB80C074835 . 40448 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-18 . 82B0ED1EE0F3552290749FB80C074835 . 40448 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe
.
[7] 2004-08-18 . FAABA83BE47C5B15F620FAA53267A9B8 . 345088 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\hnetcfg.dll
[-] 2004-08-18 . 9AF19443BF37A8B20EB994198ACAB945 . 369152 . . [5.1.2600.2180] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-18 . 9AF19443BF37A8B20EB994198ACAB945 . 369152 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\hnetcfg.dll
.
[7] 2004-08-18 . 7715EDDD01EDFEF9EF335D29C6DFE212 . 2017280 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2004-08-18 . A685C800061DB16981B58387DD2FBA4D . 2178560 . . [5.1.2600.2180] . . c:\windows\system32\ntkrnlpa.exe
.
[7] 2004-08-18 . 63E527C26AC3059EAD766C6C11746D07 . 93184 . . [6.00.2900.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\IEXPLORE.EXE
[-] 2004-08-18 . F4DB1A37131E852B2069615B9534BAC3 . 102912 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\iexplore.exe
.
[7] 2004-08-18 . 84FEF6BE553ACC66729F5D4113F53310 . 2150400 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2004-08-18 . 43DDBCD1F560AE90AB4DDF0E845A4541 . 2311680 . . [5.1.2600.2180] . . c:\windows\system32\ntoskrnl.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2011-05-25 2301752]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"mobilegeni daemon"="c:\program files\Mobogenie\DaemonProcess.exe" [2014-01-27 775872]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-11-07 4956176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 40448]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-18 12:00 40448 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-11-10 09:17 3514176 ----a-w- d:\daemon\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-06-05 06:39 33628160 ----a-r- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-17 14:58 1667584 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NiwradSoft Welcome]
2010-07-04 04:14 243442 ----a-w- c:\windows\NiwradSoft Shell Pack\Tools\NS Welcome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-09-02 11:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Six Engine]
2009-06-24 21:24 5782528 ----a-w- c:\program files\ASUS\EPU-4 Engine\FourEngine.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
2013-01-07 11:03 446648 ----a-w- c:\program files\Sony\Sony PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-06-25 17:05 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2014-01-07 21:00 1815464 ----a-w- d:\csanthology\Steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\hry\\Counter-Strike Source\\hl2.exe"=
"d:\\hry\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\CSAnthology\\SteamApps\\goodluck705\\counter-strike\\hl.exe"=
"d:\\hry\\Porsche 2000 Unleashed\\Porsche.exe"=
"d:\\hry\\Far Cry 2\\bin\\farcry2.exe"=
"d:\\hry\\World_of_Tanks\\WorldOfTanks.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\hry\\Heroes IV\\heroes4c.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\hry\\World_of_Tanks\\WOTLauncher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\CSAnthology\\SteamApps\\common\\Half-Life\\hl.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [24.10.2013 22:28 147768]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [31.10.2013 22:30 222520]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [10.9.2013 0:43 27448]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [5.11.2013 21:50 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [4.11.2013 21:57 209176]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [17.9.2013 0:57 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [31.10.2013 23:00 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [1.8.2013 16:08 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [4.9.2012 12:44 37664]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [14.12.2011 22:49 239168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [11.11.2013 22:02 3478544]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [24.9.2013 1:33 348008]
R2 MgAssistService;MgAssist Service;c:\program files\Mobogenie\MgAssist.exe [10.1.2014 9:03 63168]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [7.12.2012 17:27 167424]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [9.10.2013 9:58 3275136]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [5.2.2011 22:44 1374464]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [17.7.2013 9:22 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [7.12.2012 17:27 21248]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [26.4.2012 9:26 155320]
.
Obsah adresáře 'Naplánované úlohy'
.
2014-01-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://go.microsoft.com
mStart Page = about:blank
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-01 15:14
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
mobilegeni daemon = c:\program files\Mobogenie\DaemonProcess.exe?????????????????????????????????????????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll
c:\windows\system32\COMRes.dll
.
- - - - - - - > 'lsass.exe'(944)
c:\windows\system32\setupapi.dll
c:\windows\system32\psbase.dll
.
- - - - - - - > 'explorer.exe'(2428)
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\System32\snmp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2014-02-01 15:15:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-02-01 14:15
ComboFix2.txt 2014-01-31 20:35
.
Před spuštěním: Volných bajtů: 10 647 912 448
Po spuštění: Volných bajtů: 10 677 854 208
.
- - End Of File - - 668F96F9453C8EA54732680B876166B4
413FC2A0C716421B3158746D63736515

[SPI]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:22:00, on 1.2.2014
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Mobogenie\DaemonProcess.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mobogenie\MgAssist.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Spike\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Spike\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Spike\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MgAssist Service (MgAssistService) - Unknown owner - C:\Program Files\Mobogenie\MgAssist.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe

--
End of file - 5416 bytes

[SPI]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:22:00, on 1.2.2014
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Mobogenie\DaemonProcess.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mobogenie\MgAssist.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Spike\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Spike\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Spike\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MgAssist Service (MgAssistService) - Unknown owner - C:\Program Files\Mobogenie\MgAssist.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe

--
End of file - 5416 bytes

[SPI]

https://www.virustotal.com/cs/file/eeae ... 391265201/

[jaro3]

Odinstaluj Seznam.cz listicka

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)


Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

Driver::
esgiguard


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Doinstaluj si SP3!

[SPI]

ComboFix 14-01-29.01 - Spike 03.02.2014 12:13:01.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1394 [GMT 1:00]
Spuštěný z: c:\documents and settings\Spike\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Spike\Plocha\CFScript.txt
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ESGIGUARD
-------\Service_esgiguard
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-03 do 2014-02-03 )))))))))))))))))))))))))))))))
.
.
2014-01-31 14:22 . 2014-01-31 14:22 -------- d-----w- c:\documents and settings\Spike\Data aplikací\AVG2014
2014-01-31 14:21 . 2014-01-31 14:21 -------- d-----w- C:\$AVG
2014-01-31 14:18 . 2014-01-31 14:22 -------- d-----w- c:\documents and settings\Spike\Local Settings\Data aplikací\Avg2014
2014-01-30 21:15 . 2014-01-30 21:15 -------- d-----w- c:\windows\ERUNT
2014-01-30 15:49 . 2014-01-30 20:58 -------- d-----w- C:\AdwCleaner
2014-01-30 15:36 . 2014-01-30 15:36 388096 ----a-r- c:\documents and settings\Spike\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-01-30 15:36 . 2014-01-30 15:36 -------- d-----w- c:\program files\Trend Micro
2014-01-30 14:26 . 2014-01-30 14:26 -------- d-----w- c:\program files\Loaris
2014-01-30 14:26 . 2014-01-30 14:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Loaris
2014-01-29 15:39 . 2014-01-29 15:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\GridinSoft
2014-01-29 15:21 . 2014-01-29 15:21 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-01-29 14:33 . 2014-01-29 14:33 -------- d--h--w- c:\windows\system32\GroupPolicy
2014-01-29 14:33 . 2014-01-29 14:33 -------- d-----w- c:\program files\MediaPlayerV1
2014-01-10 14:33 . 2014-01-30 20:47 -------- d-----w- c:\program files\VideoPlayerV3
2014-01-05 18:57 . 2014-01-05 18:57 -------- d-----w- c:\documents and settings\Spike\Data aplikací\Malwarebytes
2014-01-05 18:56 . 2014-01-05 18:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-01-05 18:56 . 2014-01-05 18:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2014-01-05 18:56 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-05 18:17 . 2014-01-05 18:17 -------- d-----w- c:\program files\Enigma Software Group
2014-01-05 18:17 . 2014-01-05 18:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-01 00:27 . 2011-07-01 21:44 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-12-01 00:27 . 2011-07-01 21:44 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-11-30 02:43 . 2013-11-30 02:43 22328 ----a-w- c:\documents and settings\Spike\Data aplikací\PnkBstrK.sys
2013-11-30 02:43 . 2013-11-30 02:43 22328 ----a-w- c:\documents and settings\Spike\Data aplikací\PnkBstrK.sys
2013-11-30 02:43 . 2013-11-30 02:43 22328 ----a-w- c:\documents and settings\Spike\Data aplikací\PnkBstrK.sys
2013-11-30 02:43 . 2013-11-30 02:43 22328 ----a-w- c:\documents and settings\Spike\Data aplikací\PnkBstrK.sys
2013-11-30 02:43 . 2013-11-30 02:43 682280 ----a-w- c:\windows\system32\pbsvc.exe
2013-11-30 02:43 . 2011-07-01 21:44 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-11-10 16:36 . 2012-09-04 11:44 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-11-05 20:50 . 2013-11-05 20:50 120600 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2004-08-18 12:00 . B44F68274AB7B8A54E9AD74AFF0EFAAC . 806912 . . [2001.12.4414.258] . . c:\windows\NiwradSoft Shell Pack\Backup\comres.dll
[-] 2004-08-18 12:00 . 0811E66E2C2D8CC151DCB10F3BF39106 . 1508864 . . [2001.12.4414.258] . . c:\windows\system32\comres.dll
[-] 2004-08-18 12:00 . 0811E66E2C2D8CC151DCB10F3BF39106 . 1508864 . . [2001.12.4414.258] . . c:\windows\system32\dllcache\comres.dll
.
[7] 2004-08-18 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2004-08-18 . 96112B362A1F419384CE57E5D92C6267 . 541696 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2004-08-18 . 96112B362A1F419384CE57E5D92C6267 . 541696 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe
.
[7] 2004-08-18 . E9F9CD3C7F2E56505A0AC166580120E3 . 111104 . . [5.4.3790.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\wuauclt.exe
[-] 2004-08-18 . 2A7DE1DDA6445D19C66E4D5510DD5430 . 115712 . . [5.4.3790.2180] . . c:\windows\system32\wuauclt.exe
[-] 2004-08-18 . 2A7DE1DDA6445D19C66E4D5510DD5430 . 115712 . . [5.4.3790.2180] . . c:\windows\system32\dllcache\wuauclt.exe
.
[7] 2004-08-18 . 876C658C44F2BF4AF050E5534A9F066F . 611328 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2004-08-18 . D1C758D6B44D3E7CD32822B6D59611C9 . 636928 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2004-08-18 . D1C758D6B44D3E7CD32822B6D59611C9 . 636928 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2004-08-18 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\InstallTemp\44859\comctl32.dll
[7] 2004-08-18 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2004-08-18 . F76B3003366A205E05AFC0D034C7D3E9 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[7] 2004-08-18 . EF74351C9098210CC9C1A3679DB62041 . 3003392 . . [6.00.2900.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2004-08-18 . BA6D78A56067ECC121B45B2736F97903 . 3331584 . . [6.00.2900.2180] . . c:\windows\system32\mshtml.dll
[-] 2004-08-18 . BA6D78A56067ECC121B45B2736F97903 . 3331584 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\mshtml.dll
.
[7] 2004-08-18 . 1B4CCC59980DA34E75F20E42B283B027 . 577024 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2004-08-18 . CA2BE87B92496E69BC62EFD69F6084B1 . 577024 . . [5.1.2600.2180] . . c:\windows\system32\user32.dll
[-] 2004-08-18 . CA2BE87B92496E69BC62EFD69F6084B1 . 577024 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\user32.dll
.
[7] 2004-08-18 . 50D263E3454E8357D13BB598129185AD . 657408 . . [6.00.2900.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2004-08-18 . C63D825FA2DD977470185B0481201E29 . 767488 . . [6.00.2900.2180] . . c:\windows\system32\wininet.dll
[-] 2004-08-18 . C63D825FA2DD977470185B0481201E29 . 767488 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\wininet.dll
.
[-] 2004-08-18 . 10F4E152AF64AF03AD48BC75AE814679 . 1539584 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[7] 2004-08-18 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2004-08-18 . 10F4E152AF64AF03AD48BC75AE814679 . 1539584 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2004-08-18 . F9E96DBD817BD1E4F0824D42EC2E5476 . 277504 . . [5.1.2600.2180] . . c:\windows\regedit.exe
[7] 2004-08-18 . CB5A91928D94224E7E30EE277B45E8A3 . 147968 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\regedit.exe
[-] 2004-08-18 . F9E96DBD817BD1E4F0824D42EC2E5476 . 277504 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regedit.exe
.
[7] 2004-08-18 . 7FE54C063DDA8EF226846510852E6B1B . 1281024 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\ole32.dll
[-] 2004-08-18 . AF7DA2DFF2A3DF82682E99B135F4AD90 . 1306112 . . [5.1.2600.2180] . . c:\windows\system32\ole32.dll
[-] 2004-08-18 . AF7DA2DFF2A3DF82682E99B135F4AD90 . 1306112 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ole32.dll
.
[7] 2004-08-18 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2004-08-18 . 82B0ED1EE0F3552290749FB80C074835 . 40448 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-18 . 82B0ED1EE0F3552290749FB80C074835 . 40448 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe
.
[7] 2004-08-18 . FAABA83BE47C5B15F620FAA53267A9B8 . 345088 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\hnetcfg.dll
[-] 2004-08-18 . 9AF19443BF37A8B20EB994198ACAB945 . 369152 . . [5.1.2600.2180] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-18 . 9AF19443BF37A8B20EB994198ACAB945 . 369152 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\hnetcfg.dll
.
[7] 2004-08-18 . 7715EDDD01EDFEF9EF335D29C6DFE212 . 2017280 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2004-08-18 . A685C800061DB16981B58387DD2FBA4D . 2178560 . . [5.1.2600.2180] . . c:\windows\system32\ntkrnlpa.exe
.
[7] 2004-08-18 . 63E527C26AC3059EAD766C6C11746D07 . 93184 . . [6.00.2900.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\IEXPLORE.EXE
[-] 2004-08-18 . F4DB1A37131E852B2069615B9534BAC3 . 102912 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\iexplore.exe
.
[7] 2004-08-18 . 84FEF6BE553ACC66729F5D4113F53310 . 2150400 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2004-08-18 . 43DDBCD1F560AE90AB4DDF0E845A4541 . 2311680 . . [5.1.2600.2180] . . c:\windows\system32\ntoskrnl.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2011-05-25 2301752]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
"mobilegeni daemon"="c:\program files\Mobogenie\DaemonProcess.exe" [2014-01-27 775872]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-11-07 4956176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 40448]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-18 12:00 40448 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-11-10 09:17 3514176 ----a-w- d:\daemon\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-06-05 06:39 33628160 ----a-r- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-17 14:58 1667584 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NiwradSoft Welcome]
2010-07-04 04:14 243442 ----a-w- c:\windows\NiwradSoft Shell Pack\Tools\NS Welcome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-09-02 11:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Six Engine]
2009-06-24 21:24 5782528 ----a-w- c:\program files\ASUS\EPU-4 Engine\FourEngine.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
2013-01-07 11:03 446648 ----a-w- c:\program files\Sony\Sony PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-06-25 17:05 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2014-01-07 21:00 1815464 ----a-w- d:\csanthology\Steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\hry\\Counter-Strike Source\\hl2.exe"=
"d:\\hry\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\CSAnthology\\SteamApps\\goodluck705\\counter-strike\\hl.exe"=
"d:\\hry\\Porsche 2000 Unleashed\\Porsche.exe"=
"d:\\hry\\Far Cry 2\\bin\\farcry2.exe"=
"d:\\hry\\World_of_Tanks\\WorldOfTanks.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\hry\\Heroes IV\\heroes4c.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\hry\\World_of_Tanks\\WOTLauncher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\CSAnthology\\SteamApps\\common\\Half-Life\\hl.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [24.10.2013 22:28 147768]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [31.10.2013 22:30 222520]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [10.9.2013 0:43 27448]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [5.11.2013 21:50 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [4.11.2013 21:57 209176]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [17.9.2013 0:57 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [31.10.2013 23:00 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [1.8.2013 16:08 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [4.9.2012 12:44 37664]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [14.12.2011 22:49 239168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [11.11.2013 22:02 3478544]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [24.9.2013 1:33 348008]
R2 MgAssistService;MgAssist Service;c:\program files\Mobogenie\MgAssist.exe [10.1.2014 9:03 63168]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [7.12.2012 17:27 167424]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [9.10.2013 9:58 3275136]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [5.2.2011 22:44 1374464]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [17.7.2013 9:22 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [7.12.2012 17:27 21248]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [26.4.2012 9:26 155320]
.
Obsah adresáře 'Naplánované úlohy'
.
2014-01-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://go.microsoft.com
mStart Page = about:blank
TCP: DhcpNameServer = 10.0.0.138
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-03 12:17
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
mobilegeni daemon = c:\program files\Mobogenie\DaemonProcess.exe?????????????????????????????????????????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll
c:\windows\system32\COMRes.dll
.
- - - - - - - > 'lsass.exe'(944)
c:\windows\system32\setupapi.dll
c:\windows\system32\psbase.dll
.
- - - - - - - > 'explorer.exe'(3252)
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\System32\snmp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2014-02-03 12:18:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-02-03 11:18
ComboFix2.txt 2014-02-01 14:15
ComboFix3.txt 2014-01-31 20:35
.
Před spuštěním: Volných bajtů: 10 404 249 600
Po spuštění: Volných bajtů: 10 548 224 000
.
- - End Of File - - 5342B07339A3D73B285CE761630984AF
413FC2A0C716421B3158746D63736515

[SPI]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:21:44, on 3.2.2014
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Mobogenie\DaemonProcess.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mobogenie\MgAssist.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MgAssist Service (MgAssistService) - Unknown owner - C:\Program Files\Mobogenie\MgAssist.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe

--
End of file - 4824 bytes

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\ntkrnlpa.exe
c:\windows\system32\ntoskrnl.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/


Co problémy?

[SPI]

ntkrnpla.exe

https://www.virustotal.com/cs/file/c648 ... 391467724/

[SPI]

ntoskrnl.exe

https://www.virustotal.com/cs/file/478f ... 391467974/