Prosím o kontrolu DĚKUJI

[Rudy]

Problém je v tom, že název účtu má diakritiku, kterou skript nepřečte (c:\novß slo×ka). Jiný návrh: Restartujte do nouz. režimu, do účtu administrator a tam by to mělo jít spustit z plochy, tedy standardně. Uložte jak ComboFix.exe, tak CFScript.txt na plochu a proveďte spuštění standardním způsobem:

[PredyP]

Je to divné s tím účtem správce, když se ten notebook zapne tak se žádný účet nevybírá rovnou se to přihlásí. Aby tam nebyl ještě někde nějaký šmejd zavrtaný

[Rudy]

V nouz. režimu, byste měl mít možnost výběru minimálně ze 2 účtů.

[PredyP]

ComboFix 11-12-10.01 - Zdeňka 10.12.2011 10:56:52.5.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.2038.1579 [GMT 1:00]
Spuštěný z: c:\users\Zde˛ka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Zde˛ka\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-10 do 2011-12-10 )))))))))))))))))))))))))))))))
.
.
2011-12-10 10:04 . 2011-12-10 10:04 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{860F9706-F54A-49FA-A3C9-2E49BBE6CC97}\offreg.dll
2011-12-10 10:02 . 2011-12-10 10:06 -------- d-----w- c:\users\Zdeňka\AppData\Local\temp
2011-12-10 10:02 . 2011-12-10 10:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-10 10:02 . 2011-12-10 10:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-09 14:57 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{860F9706-F54A-49FA-A3C9-2E49BBE6CC97}\mpengine.dll
2011-12-07 20:57 . 2011-12-07 21:02 -------- d-----w- C:\USB
2011-12-03 11:27 . 2011-12-03 11:28 -------- d-----w- C:\rsit
2011-12-03 11:26 . 2011-12-03 11:26 781383 ----a-w- C:\RSIT.exe
2011-12-03 11:11 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-03 11:11 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-03 11:11 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-03 11:11 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-03 11:11 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-03 11:11 . 2011-11-28 17:52 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-12-03 11:10 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-03 11:10 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-03 11:10 . 2011-12-03 11:10 -------- d-----w- c:\program files\AVAST Software
2011-12-02 18:09 . 2011-12-02 18:09 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-02 18:06 . 2011-12-10 09:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-02 18:06 . 2011-12-02 18:06 -------- d-----w- c:\users\Zdeňka\AppData\Roaming\SUPERAntiSpyware.com
2011-12-02 18:05 . 2011-12-02 18:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-11-29 21:18 . 2011-11-29 21:18 -------- d-----w- C:\temp
2011-11-15 02:13 . 2011-11-15 02:13 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-14 16:50 . 2011-05-26 04:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-30 20:43 . 2011-10-30 20:43 161792 ----a-w- c:\windows\system32\msls31.dll
2011-10-30 20:43 . 2011-10-30 20:43 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-10-30 20:43 . 2011-10-30 20:43 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-10-30 20:43 . 2011-10-30 20:43 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-10-30 20:43 . 2011-10-30 20:43 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-10-30 20:43 . 2011-10-30 20:43 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-10-30 20:43 . 2011-10-30 20:43 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-10-30 20:43 . 2011-10-30 20:43 367104 ----a-w- c:\windows\system32\html.iec
2011-10-30 20:43 . 2011-10-30 20:43 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-10-30 20:43 . 2011-10-30 20:43 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-10-30 20:43 . 2011-10-30 20:43 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-30 20:43 . 2011-10-30 20:43 152064 ----a-w- c:\windows\system32\wextract.exe
2011-10-30 20:43 . 2011-10-30 20:43 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-10-30 20:43 . 2011-10-30 20:43 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-10-30 20:43 . 2011-10-30 20:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-30 20:43 . 2011-10-30 20:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-10-30 20:43 . 2011-10-30 20:43 11776 ----a-w- c:\windows\system32\mshta.exe
2011-10-30 20:43 . 2011-10-30 20:43 101888 ----a-w- c:\windows\system32\admparse.dll
2011-10-30 20:43 . 2011-10-30 20:43 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-10-30 20:43 . 2011-10-30 20:43 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-10-30 20:43 . 2011-10-30 20:43 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-10-30 12:47 . 2011-10-30 11:13 133208 ----a-w- c:\windows\system32\drivers\15624656.sys
2011-10-27 19:09 . 2011-10-27 19:09 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-10-07 16:47 . 2011-10-07 16:47 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-10-07 16:47 . 2011-10-07 16:47 488208 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 16:47 . 2011-10-07 16:47 38616 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 16:47 . 2011-10-07 16:47 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-07 16:47 . 2011-10-07 16:47 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-07 16:47 . 2011-10-07 16:47 300200 ----a-w- c:\windows\system32\guard32.dll
2011-09-20 21:02 . 2011-11-09 20:14 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-15 02:13 . 2011-10-29 19:18 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 4853760]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-07 858632]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 2497352]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
.
c:\users\Zdeňka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
_uninst_15624656.lnk - c:\users\Zdeňka\AppData\Local\temp\_uninst_15624656.bat [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-7-1 795936]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-4-27 535336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-12-02 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-12-02 19:00 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Zdeňka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk]
path=c:\users\Zdeňka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMTDeviceService]
2009-01-21 15:11 184320 ----a-w- c:\program files\AMT Media Manager\AMTDeviceService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTCentre]
2008-05-13 15:33 483328 ----a-w- c:\genius\ioCentre4D\gBTMouseTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO]
2011-05-26 03:43 208184 ----a-w- c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConMet]
2011-10-29 19:45 4045824 ----a-w- c:\program files\ConMet\ConMet.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPA]
2011-05-26 03:43 182584 ----a-w- c:\program files\COMODO\COMODO GeekBuddy\VALA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-01-02 23:55 521776 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-03 13:44 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 15:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2008-11-17 14:11 1805552 ----a-w- c:\program files\SUPERAntiSpyware\f03a7cb0-a92f-448f-81bd-952f33884137.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"WarReg_PopUp"=c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
"eRecoveryService"=
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-17 136176]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 gBTMouUsb;BT Mouse Device Drv;c:\windows\system32\DRIVERS\gBTMouUsb.sys [2006-12-05 9856]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-17 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2011-12-02 12872]
R3 WisINT15;WisINT15;c:\elements\1stboot\WisINT15.SYS [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 15624656;15624656;c:\windows\system32\DRIVERS\15624656.sys [2011-10-30 133208]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-10-07 488208]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-10-07 38616]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-12-02 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-12-02 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-12-02 116608]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-05-26 154424]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-17 15:54]
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-17 15:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{70F9BBA8-6A00-4B8F-8AAB-BAA0437BC842}: NameServer = 192.168.1.1,156.154.70.22
TCP: Interfaces\{866D0CF4-2766-4EB5-B90E-4D856CCFE35C}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Zdeňka\AppData\Roaming\Mozilla\Firefox\Profiles\wocu24ya.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory:
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(724)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(1660)
c:\windows\system32\guard32.dll
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2011-12-10 11:18:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-12-10 10:17
.
Před spuštěním: Volných bajtů: 34 247 303 168
Po spuštění: Volných bajtů: 32 075 964 416
.
- - End Of File - - 1CC1BDE6AE9E39EF45A83AD9F4997255

[Rudy]

Zkusíme to jinak. Tohle: c:\users\Zde˛ka... prostě skript není schopen přečíst. Stáhněte a spusťte Avenger: http://www.viry.cz/forum/viewtopic.php?f=11&t=19832 tímto skriptem:

Files to delete:
c:\windows\system32\DRIVERS\15624656.sys

Drivers to delete:
15624656

[PredyP]

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\system32\DRIVERS\15624656.sys" deleted successfully.
Driver "15624656" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[Rudy]

OK, smazáno. Nyní by již měl být log čistý.

[PredyP]

mám zpustit ještě combofix??

[Rudy]

Můžete, ale předpokládám, že tam již nic nenajdeme.

[PredyP]

ComboFix 11-12-10.01 - Zdeňka 10.12.2011 12:50:22.5.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.2038.948 [GMT 1:00]
Spuštěný z: c:\users\Zde˛ka\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-10 do 2011-12-10 )))))))))))))))))))))))))))))))
.
.
2011-12-10 12:08 . 2011-12-10 12:09 -------- d-----w- c:\users\Zdeňka\AppData\Local\temp
2011-12-10 12:08 . 2011-12-10 12:08 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-10 12:08 . 2011-12-10 12:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-10 11:10 . 2011-12-10 11:10 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{860F9706-F54A-49FA-A3C9-2E49BBE6CC97}\offreg.dll
2011-12-09 14:57 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{860F9706-F54A-49FA-A3C9-2E49BBE6CC97}\mpengine.dll
2011-12-07 20:57 . 2011-12-07 21:02 -------- d-----w- C:\USB
2011-12-03 11:27 . 2011-12-03 11:28 -------- d-----w- C:\rsit
2011-12-03 11:26 . 2011-12-03 11:26 781383 ----a-w- C:\RSIT.exe
2011-12-03 11:11 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-03 11:11 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-03 11:11 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-03 11:11 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-03 11:11 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-03 11:11 . 2011-11-28 17:52 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-12-03 11:10 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-03 11:10 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-03 11:10 . 2011-12-03 11:10 -------- d-----w- c:\program files\AVAST Software
2011-12-02 18:09 . 2011-12-02 18:09 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-02 18:06 . 2011-12-10 11:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-02 18:06 . 2011-12-02 18:06 -------- d-----w- c:\users\Zdeňka\AppData\Roaming\SUPERAntiSpyware.com
2011-12-02 18:05 . 2011-12-02 18:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-11-29 21:18 . 2011-11-29 21:18 -------- d-----w- C:\temp
2011-11-15 02:13 . 2011-11-15 02:13 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-14 16:50 . 2011-05-26 04:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-30 20:43 . 2011-10-30 20:43 161792 ----a-w- c:\windows\system32\msls31.dll
2011-10-30 20:43 . 2011-10-30 20:43 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-10-30 20:43 . 2011-10-30 20:43 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-10-30 20:43 . 2011-10-30 20:43 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-10-30 20:43 . 2011-10-30 20:43 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-10-30 20:43 . 2011-10-30 20:43 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-10-30 20:43 . 2011-10-30 20:43 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-10-30 20:43 . 2011-10-30 20:43 367104 ----a-w- c:\windows\system32\html.iec
2011-10-30 20:43 . 2011-10-30 20:43 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-10-30 20:43 . 2011-10-30 20:43 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-10-30 20:43 . 2011-10-30 20:43 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-30 20:43 . 2011-10-30 20:43 152064 ----a-w- c:\windows\system32\wextract.exe
2011-10-30 20:43 . 2011-10-30 20:43 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-10-30 20:43 . 2011-10-30 20:43 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-10-30 20:43 . 2011-10-30 20:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-30 20:43 . 2011-10-30 20:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-10-30 20:43 . 2011-10-30 20:43 11776 ----a-w- c:\windows\system32\mshta.exe
2011-10-30 20:43 . 2011-10-30 20:43 101888 ----a-w- c:\windows\system32\admparse.dll
2011-10-30 20:43 . 2011-10-30 20:43 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-10-30 20:43 . 2011-10-30 20:43 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-10-30 20:43 . 2011-10-30 20:43 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-10-27 19:09 . 2011-10-27 19:09 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-10-07 16:47 . 2011-10-07 16:47 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-10-07 16:47 . 2011-10-07 16:47 488208 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 16:47 . 2011-10-07 16:47 38616 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 16:47 . 2011-10-07 16:47 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-07 16:47 . 2011-10-07 16:47 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-07 16:47 . 2011-10-07 16:47 300200 ----a-w- c:\windows\system32\guard32.dll
2011-09-20 21:02 . 2011-11-09 20:14 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-15 02:13 . 2011-10-29 19:18 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 4853760]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-07 858632]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 2497352]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
.
c:\users\Zdeňka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
_uninst_15624656.lnk - c:\users\Zdeňka\AppData\Local\temp\_uninst_15624656.bat [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-7-1 795936]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-4-27 535336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-12-02 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-12-02 19:00 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Zdeňka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk]
path=c:\users\Zdeňka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMTDeviceService]
2009-01-21 15:11 184320 ----a-w- c:\program files\AMT Media Manager\AMTDeviceService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTCentre]
2008-05-13 15:33 483328 ----a-w- c:\genius\ioCentre4D\gBTMouseTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO]
2011-05-26 03:43 208184 ----a-w- c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConMet]
2011-10-29 19:45 4045824 ----a-w- c:\program files\ConMet\ConMet.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPA]
2011-05-26 03:43 182584 ----a-w- c:\program files\COMODO\COMODO GeekBuddy\VALA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-01-02 23:55 521776 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-03 13:44 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 15:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2008-11-17 14:11 1805552 ----a-w- c:\program files\SUPERAntiSpyware\f03a7cb0-a92f-448f-81bd-952f33884137.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"WarReg_PopUp"=c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
"eRecoveryService"=
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-17 136176]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 gBTMouUsb;BT Mouse Device Drv;c:\windows\system32\DRIVERS\gBTMouUsb.sys [2006-12-05 9856]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-17 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2011-12-02 12872]
R3 WisINT15;WisINT15;c:\elements\1stboot\WisINT15.SYS [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-10-07 488208]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-10-07 38616]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-12-02 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-12-02 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-12-02 116608]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-05-26 154424]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-17 15:54]
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-17 15:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{70F9BBA8-6A00-4B8F-8AAB-BAA0437BC842}: NameServer = 192.168.1.1,156.154.70.22
TCP: Interfaces\{866D0CF4-2766-4EB5-B90E-4D856CCFE35C}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Zdeňka\AppData\Roaming\Mozilla\Firefox\Profiles\wocu24ya.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-10 13:09
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(3140)
c:\windows\system32\guard32.dll
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\program files\ThinkPad\Bluetooth Software\btmmhook.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
c:\windows\system32\stobject.dll
.
Celkový čas: 2011-12-10 13:15:46
ComboFix-quarantined-files.txt 2011-12-10 12:15
ComboFix2.txt 2011-12-10 10:18
.
Před spuštěním: Volných bajtů: 31 886 487 552
Po spuštění: Volných bajtů: 32 277 098 496
.
- - End Of File - - 0DAE55AF40B919E933D9BC9BE4685698

[Rudy]

Log vypadá OK.

[PredyP]

Tak moc děkuji za pomoc

[Rudy]

Rádo se stalo!

[PredyP]

nejde mi odinstalovat combofix zadávám ComboFix /Uninstall

[Rudy]

Zkuste použít T-Cleaner: http://www.uloz.to/1075769/t-cleaner-exe .