Prosím o kontrolu logu

[vyosek]

Za dump dekuji, predam kolegovi Tigzymu k dalsimu vyvoji RogueKilleru pac jej oznacil jako neznamy

Pokud nemate, tak presunte Combofix primo na disk c:\

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  RegLock::
  [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
  [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  [HKEY_USERS\S-1-5-21-2030197824-1302184150-4129359813-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
  [HKEY_USERS\S-1-5-21-2030197824-1302184150-4129359813-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
  
  DDS::
  uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
  uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2801948
  
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "combofix"=-
  
  ClearJavaCache::
  
  AtJob::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt tez na disk c:\
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[oofiner22]

tady to je ale nevim jestli je to ono kdyz tak prosim napiste udelam to jeste jednou



ComboFix 12-02-01.01 - Markétka 01.02.2012 18:01:31.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2933.1370 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-01 do 2012-02-01 )))))))))))))))))))))))))))))))
.
.
2012-02-01 17:12 . 2012-02-01 17:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-01 16:23 . 2012-02-01 16:30 -------- d-----w- c:\program files (x86)\Dizionario Garzanti Italiano 2006
2012-01-31 17:53 . 2012-01-31 17:53 -------- d-----w- c:\users\Markétka\AppData\Local\NCH_EN
2012-01-31 17:43 . 2012-01-31 17:44 -------- d-----w- c:\program files (x86)\trend micro
2012-01-31 17:43 . 2012-01-31 17:44 -------- d-----w- C:\rsit
2012-01-31 11:35 . 2012-01-31 11:35 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{586C34D6-AC8C-41C8-A33D-FEB400BD0D12}\offreg.dll
2012-01-31 10:55 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{586C34D6-AC8C-41C8-A33D-FEB400BD0D12}\mpengine.dll
2012-01-25 19:09 . 2005-06-02 16:15 86016 ----a-w- c:\windows\SysWow64\recorder.ax
2012-01-25 19:09 . 2002-05-23 17:40 110080 ----a-w- c:\windows\SysWow64\recorder.DLL
2012-01-25 19:09 . 2012-01-25 19:09 -------- d-----w- c:\program files (x86)\SoundRecorder
2012-01-25 18:26 . 2012-01-25 18:26 61 ----a-w- c:\windows\SysWow64\SYSVCPDRV.SYS
2012-01-25 18:24 . 2012-01-25 18:24 -------- d-----w- c:\program files (x86)\Blaze Audio
2012-01-25 17:58 . 2012-01-25 17:58 -------- d-----w- c:\program files (x86)\Conduit
2012-01-25 17:58 . 2012-01-25 17:58 -------- d-----w- c:\users\Markétka\AppData\Local\Conduit
2012-01-25 17:58 . 2012-01-25 17:58 -------- d-----w- c:\program files (x86)\NCH_EN
2012-01-25 17:57 . 2012-01-25 19:06 -------- d-----w- c:\users\Markétka\AppData\Roaming\NCH Software
2012-01-25 17:51 . 2012-01-25 17:53 -------- d-----w- c:\users\Markétka\AppData\Roaming\TotalRecorder
2012-01-25 17:51 . 2012-01-25 17:51 -------- d-----w- c:\program files (x86)\HighCriteria
2012-01-25 17:51 . 2010-10-14 09:05 122960 ----a-w- c:\windows\system32\drivers\TotRec8.sys
2012-01-13 19:54 . 2012-01-13 19:54 -------- d-----w- c:\users\Markétka\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-01-11 19:15 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 19:15 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 19:15 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 19:15 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 19:15 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 19:15 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-11 19:15 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 19:15 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-08 23:09 . 2012-01-08 23:09 -------- d-----w- c:\users\Markétka\AppData\Local\{4B293021-D5C9-49D2-B9B0-093F9B31B1E9}
2012-01-08 23:09 . 2012-01-08 23:09 -------- d-----w- c:\users\Markétka\AppData\Local\{472E325F-7355-4A2F-8BA2-AC9BE1E55EE3}
2012-01-04 09:28 . 2012-01-04 09:28 -------- d-----w- c:\program files (x86)\Common Files\Lingea Shared
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-07 09:39 . 2010-06-06 08:29 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-11-25 07:46 . 2011-11-25 07:46 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-24 04:52 . 2011-12-14 09:09 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-22 10:32 . 2011-11-22 10:32 0 ----a-w- c:\windows\SysWow64\REN892C.tmp
2011-11-22 10:32 . 2011-11-22 10:32 0 ----a-w- c:\windows\SysWow64\REN891C.tmp
2011-11-22 10:32 . 2011-11-22 10:32 0 ----a-w- c:\windows\SysWow64\REN891B.tmp
2011-11-17 06:35 . 2012-01-13 17:36 340992 ----a-w- c:\windows\system32\schannel.dll
2011-11-17 05:34 . 2012-01-13 17:36 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2011-11-05 05:41 . 2011-12-14 09:10 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 05:32 . 2011-12-14 09:09 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-14 09:10 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-05 04:26 . 2011-12-14 09:09 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-05 03:32 . 2011-12-14 09:09 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 02:48 . 2011-12-14 09:09 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2010-06-06 08:49 . 2010-06-06 08:49 2437088 ------w- c:\program files (x86)\80uj05us.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-01_15.56.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-02-01 17:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-01 15:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-01 15:55 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-01 17:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-01 15:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-01 17:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-16 14:43 . 2012-02-01 17:16 54914 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-01 17:16 39368 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-05-26 10:03 . 2012-02-01 17:16 12928 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2030197824-1302184150-4129359813-1003_UserData.bin
- 2010-06-06 08:18 . 2012-01-25 19:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-06 08:18 . 2012-02-01 15:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-06 08:18 . 2012-01-25 19:02 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-06 08:18 . 2012-02-01 15:58 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-06 08:18 . 2012-02-01 15:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-06 08:18 . 2012-01-25 19:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-29 15:51 . 2012-02-01 15:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-29 15:51 . 2012-02-01 17:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-29 15:51 . 2012-02-01 15:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-29 15:51 . 2012-02-01 17:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-01 17:14 . 2012-02-01 17:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-01 15:55 . 2012-02-01 15:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-01 17:14 . 2012-02-01 17:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-01 15:55 . 2012-02-01 15:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-06-06 08:58 . 2012-02-01 17:14 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-06-06 08:58 . 2012-02-01 15:55 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 02:36 . 2012-02-01 16:22 616242 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-01-31 18:26 616242 c:\windows\system32\perfh009.dat
- 2010-04-16 15:17 . 2012-01-31 18:26 631526 c:\windows\system32\perfh005.dat
+ 2010-04-16 15:17 . 2012-02-01 16:22 631526 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2012-02-01 16:22 106622 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-01-31 18:26 106622 c:\windows\system32\perfc009.dat
- 2010-04-16 15:17 . 2012-01-31 18:26 122148 c:\windows\system32\perfc005.dat
+ 2010-04-16 15:17 . 2012-02-01 16:22 122148 c:\windows\system32\perfc005.dat
+ 2009-07-14 05:01 . 2012-02-01 17:13 523636 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-02-01 15:53 523636 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-15 02:25 . 2012-02-01 17:13 1362184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "c:\program files (x86)\NCH_EN\prxtbNCH_.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c1e}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\NCH_EN\prxtbNCH_.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "c:\program files (x86)\NCH_EN\prxtbNCH_.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-05-26 15147400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-05-10 1553256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-05-10 83304]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2010-07-22 814344]
S2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files (x86)\T-Mobile\Web'n'walk Manager\ameisvc.exe [2010-06-03 122096]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-03-31 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-04-20 50536]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-04-20 74088]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 MSRSService;MSRS Recording System;c:\program files (x86)\NCH Swift Sound\MSRS\msrs.exe [2011-02-25 745476]
S2 nlscc;Nalpeiron X64 Service;c:\windows\system32\nlsInterface.exe [x]
S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-05-10 148840]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 ScrybeUpdater;Aktualizátor aplikace Scrybe;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
S2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 114024]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NETw5s64;Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-01 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-07-17 06:26]
.
2012-01-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:06]
.
2012-02-01 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2009-12-11 380776]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-13 36864]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-08-26 5879608]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-31 2840352]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-29 11049576]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-04-20 62312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-29 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-29 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-29 417304]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Point&&Go - c:\program files (x86)\Common Files\Expert System\PGPlatform\PGPlatform.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
TCP: DhcpNameServer = 192.168.77.1
TCP: Interfaces\{9DD382FC-98A5-4E25-8013-0C3B38A70DEB}: NameServer = 151.99.125.2,151.99.0.100
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\windows\SysWOW64\astsrv.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\Drivers\WTSRV.EXE
c:\windows\SysWOW64\WTClient.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
c:\windows\SysWOW64\rundll32.exe
c:\progra~2\ThinkPad\UTILIT~1\SCHTASK.exe
c:\program files (x86)\Skype\Plugin Manager\skypePM.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
.
**************************************************************************
.
Celkový čas: 2012-02-01 18:36:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-01 17:36
ComboFix2.txt 2012-02-01 16:16
.
Před spuštěním: Volných bajtů: 107 994 656 768
Po spuštění: Volných bajtů: 107 678 588 928
.
- - End Of File - - 70A6E79DA8BA14FA12B42B46406E56E7

[vyosek]

Je to OK

Jak se chova PC

[oofiner22]

zatím to vypada dobre, pokud je to vše děkuji moc za pomoc

[vyosek]

Tak jeste uklidime

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

[oofiner22]

jestě jednou díky

[vyosek]

Nemate zac, rad jsem pomohl Zase nekdy