Windows Script Host

[tesy.dominik6]

ComboFix 12-12-02.01 - Dominik 04.12.2012 0:27.2.8 - x64
Spuštěný z: c:\users\Dominik\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Dominik\Desktop\CFScript.txt
* Rezidentní štít AV je zapnutý
.
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-03 do 2012-12-03 )))))))))))))))))))))))))))))))
.
.
2012-12-03 23:29 . 2012-12-03 23:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-03 23:29 . 2012-12-03 23:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-02 15:06 . 2012-12-02 15:06 -------- d-----w- c:\program files (x86)\FinalWire
2012-12-02 14:09 . 2012-12-02 15:03 -------- d-----w- c:\program files (x86)\SpeedFan
2012-12-01 23:56 . 2012-12-01 23:56 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-12-01 23:56 . 2012-12-01 23:56 -------- d-----r- c:\program files (x86)\Skype
2012-12-01 23:36 . 2012-12-01 23:36 -------- d-----w- c:\program files\ESET
2012-12-01 23:01 . 2012-12-01 23:03 -------- d-----w- C:\rsit
2012-12-01 23:01 . 2012-12-01 23:03 -------- d-----w- c:\program files\trend micro
2012-12-01 21:37 . 2012-12-01 21:37 -------- dc----w- c:\users\Dominik\AppData\Local\MigWiz
2012-12-01 08:58 . 2012-12-01 08:58 -------- d-----w- c:\users\Dominik\AppData\Local\PunkBuster
2012-11-30 23:34 . 2012-11-30 23:40 -------- d-----w- c:\users\Dominik\AppData\Roaming\FreeFixer
2012-11-30 23:34 . 2012-11-30 23:34 -------- d-----w- c:\users\Dominik\AppData\Local\FreeFixer
2012-11-30 23:34 . 2012-12-01 18:31 -------- d-----w- c:\program files\FreeFixer
2012-11-30 23:09 . 2012-11-30 23:09 -------- d-----w- c:\program files (x86)\DLLSuite
2012-11-30 17:24 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{66FC60C2-709E-4926-AF1E-C52B5CB0422D}\mpengine.dll
2012-11-24 17:43 . 2012-11-24 17:43 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-11-24 17:42 . 2012-11-24 17:42 -------- d-----w- c:\windows\PCHEALTH
2012-11-24 17:40 . 2012-11-24 17:40 -------- d-----w- c:\program files\Microsoft Office
2012-11-24 17:40 . 2012-11-24 17:40 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-11-24 17:39 . 2012-11-24 17:39 -------- d-----r- C:\MSOCache
2012-11-24 16:52 . 2012-11-24 16:52 -------- d-----w- c:\users\Dominik\AppData\Local\Microsoft Help
2012-11-24 16:52 . 2012-11-24 17:44 -------- d-----w- c:\programdata\Microsoft Help
2012-11-16 11:49 . 2012-11-16 11:49 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-30 22:51 . 2012-10-13 13:17 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-05 17:51 . 2012-10-02 14:57 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-05 17:51 . 2012-10-02 14:57 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-13 18:52 . 2012-10-13 18:52 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-10-13 18:03 . 2012-10-13 18:03 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-10-13 15:37 . 2012-10-13 15:37 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-10 18:55 . 2012-10-10 18:55 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-10 18:54 . 2012-10-10 18:55 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-10 18:54 . 2012-10-10 18:55 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-10 18:33 . 2012-10-10 17:31 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-10 18:33 . 2012-10-10 17:31 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-08 09:42 . 2012-10-08 09:42 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-10-08 09:42 . 2012-10-08 09:42 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-08 09:42 . 2012-10-08 09:42 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-08 09:42 . 2012-10-08 09:42 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-08 09:42 . 2012-10-08 09:42 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-08 09:42 . 2012-10-08 09:42 313704 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2012-10-08 09:42 . 2012-10-08 09:42 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-08 09:42 . 2012-10-08 09:42 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-08 09:42 . 2012-08-29 07:42 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-10-08 09:42 . 2012-10-08 09:42 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-08 09:42 . 2012-10-08 09:42 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-08 09:42 . 2012-10-08 09:42 30056 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
2012-10-08 09:42 . 2012-10-08 09:42 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-08 09:42 . 2012-10-08 09:42 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-08 09:42 . 2012-10-08 09:42 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-08 09:42 . 2012-08-29 07:42 247144 ----a-w- c:\windows\system32\nvinitx.dll
2012-10-08 09:42 . 2012-10-08 09:42 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-08 09:42 . 2012-10-08 09:42 364904 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2012-10-08 09:42 . 2012-10-08 09:42 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-08 09:42 . 2012-10-08 09:42 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-08 09:42 . 2012-10-08 09:42 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-08 09:42 . 2012-10-08 09:42 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-08 09:42 . 2012-08-29 07:42 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-10-08 09:42 . 2012-10-08 09:42 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-08 09:42 . 2012-08-29 07:42 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-08 09:42 . 2012-10-08 09:42 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-08 09:42 . 2012-10-08 09:42 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-08 09:42 . 2012-08-29 07:42 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-08 07:21 . 2012-10-08 07:21 149592 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2012-10-08 07:21 . 2012-10-08 07:21 138744 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2012-10-08 07:21 . 2012-10-08 07:21 211344 ----a-w- c:\windows\system32\drivers\eamonm.sys
2012-10-02 19:51 . 2012-08-29 07:43 3536817 ----a-w- c:\windows\system32\nvcoproc.bin
2012-10-02 19:51 . 2012-08-29 07:43 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2012-08-29 07:43 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2012-08-29 07:43 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2012-08-29 07:43 866664 ----a-w- c:\windows\system32\nv3dappshext.dll
2012-10-02 19:50 . 2012-08-29 07:43 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2012-08-29 07:43 55144 ----a-w- c:\windows\system32\nv3dappshextr.dll
2012-10-02 19:50 . 2012-08-29 07:43 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2012-08-29 07:43 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:50 . 2012-08-29 07:43 440168 ----a-w- c:\windows\SysWow64\oemdspif.dll
2012-10-02 17:36 . 2010-06-24 18:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-14 19:19 . 2012-10-13 13:00 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-13 13:00 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{008f6853-9cb4-41c5-a950-39d55e5e06ba}]
c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712}]
c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-21 291648]
"LockKey"="c:\program files (x86)\LockKey\LockKey.exe" [2011-08-26 337776]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2012-01-26 4351712]
"Intelligent Touchpad"="c:\program files\Lenovo\Intelligent Touchpad\TouchZone.exe" [2011-12-08 291272]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-29 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-29 228448]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-08-29 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\Lenovo\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-05 659968]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-12-05 135952]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dvdmmg;dvdmmg;c:\windows\system32\drivers\dvdmmg.sys [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]
R2 NSDSvc;Fast boot service of lenovo;c:\windows\System32\NSDSvc.exe [2011-12-24 120160]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-28 363800]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-12-05 195584]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2012-02-02 134696]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2012-02-02 615976]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2012-02-02 39976]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2012-01-27 34200]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-08 273168]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 HybridDisk;HybridDisk;c:\windows\System32\DRIVERS\HybridDiskX64.sys [2010-03-03 38496]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-05-21 19264]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2012-08-29 39008]
S0 NSD;NSD;c:\windows\system32\drivers\nsd.sys [2011-12-24 24160]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-08 30056]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-13 283200]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-10-08 211344]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-10-08 149592]
S1 hybridcfile;hybridcfile;c:\windows\system32\DRIVERS\HybridCFileX64.sys [2010-03-03 13920]
S1 Nsdfltr;Nsdfltr;c:\windows\system32\drivers\Nsdfltr.sys [2011-12-22 59488]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-11-14 1329304]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-10-08 138744]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-28 161560]
S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2012-06-21 216072]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE [2012-06-21 69640]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-08 594704]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2012-08-29 30816]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-12-05 195584]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-01-29 31088]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-26 52320]
S3 hswpan;WPAN Driver;c:\windows\system32\DRIVERS\hswpan.sys [2012-01-27 109056]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-05-21 357184]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-05-21 789824]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2012-01-27 25496]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-08-25 173656]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2012-03-02 104048]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-26 46176]
S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys [2011-09-06 8208488]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-08-29 08:08 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-06-07 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-06-07 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-06-07 440128]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SynLenovoGestureMgr"="c:\program files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-27 12343400]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 1156712]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-08-29 789856]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-08-29 8079408]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-08-29 6202416]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-26 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-26 2004584]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-11-14 6325424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files\Lenovo\Nsd\startupSupport.exe
c:\program files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\RunDll32.exe
.
**************************************************************************
.
Celkový čas: 2012-12-04 00:33:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-03 23:33
ComboFix2.txt 2012-12-03 18:37
.
Před spuštěním: Volných bajtů: 763 018 731 520
Po spuštění: Volných bajtů: 762 690 023 424
.
- - End Of File - - CB783D5BFCDC2716E3B2369598D1124B

[vyosek]

Fajn, jak se chova PC

[tesy.dominik6]

Promin ja se mrknu az dorazim domu okolo pul druhe ale včera po tom restartu combofixu se tam ta chyba nezobrazila ale ani me nenapadlo že to zkusim vypnout a zapnot normálně. Myslel jsem že to neni vše ale zkusim až dorazim domu.
Každopádně hodně děkuju.

[vyosek]

OK, PC testnete a napiste...ja tu budu az nekdy navecer...

[tesy.dominik6]

Ta chyba při startu windowsu nevyskakuje ale když najedu do té složky s tou cestou C:\ProgramData\Skype\color.vbs a poklikám na ten soubor color.vbs tak mi to tam vyskočí.

[vyosek]

Start - spustit - napsat cmd - OK - spusti se prikazovy radek - tam napiste regsvr32 vbscript.dll - enter

Napiste co PC

[tesy.dominik6]

píše že se zdařilo ale furt když poklikám na ten soubor tak furt nebyl nalezen.

[vyosek]

Stahnete SytemLook http://jpshortstuff.247fixes.com/SystemLook.exe a ulozte jej na plochu

• Do okna vlozte skript nize

• Kód: Vybrat vše

  :reg
  HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings /sub

• Kliknete na Look
• Tlacitko Look se zmeni na Scanning a zsedne
• Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
• Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte

[tesy.dominik6]

SystemLook 30.07.11 by jpshortstuff
Log created at 17:37 on 04/12/2012 by Dominik
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== reg ==========

[HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings]
"Timeout"= 0x0000000001 (1)
"DisplayLogo"= 0x0000000000 (0)
"Enabled"= 0x0000000001 (1)


-= EOF =-

[vyosek]

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  :reg
  [HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings]
  "Enabled"=dword:00000001
  
  :files
  regsvr32 vbscript.dll /c
  
  :commands
  [EMPTYTEMP]
  

• Nasledne kliknete na Opravit
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[tesy.dominik6]

All processes killed
========== REGISTRY ==========
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\\"Enabled"|dword:00000001 /E : value set successfully!
========== FILES ==========
< regsvr32 vbscript.dll /c >
C:\Users\Dominik\Desktop\cmd.bat deleted successfully.
C:\Users\Dominik\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dominik
->Temp folder emptied: 87265 bytes
->Temporary Internet Files folder emptied: 34867460 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 395916608 bytes
->Flash cache emptied: 3092 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1257324 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50507 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 759 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 412,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12042012_174626

Files\Folders moved on Reboot...
C:\Users\Dominik\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[vyosek]

Jak to vypada? OTL udelalo co melo

[tesy.dominik6]

No jak jsem psal předtim žádná chyba se neobjeví sama odsebe jenom když v tom umístění C:\ProgramData\Skype\ poklikám na ten soubor color.vbs tak ta chyba vyskočí.

[vyosek]

Zkuste skype preinstalovat, ale nastaveni pro vbs by mela byt v poradku

[tesy.dominik6]

No hned jak jsem skype odinstaloval tak vyskočilo to samý ale v
Windows Script Host
Skriptovací stroj VBScript pro skript
C:\ProgramData\Microsoft\Windows\OFFICEICON\color.vbs nebyl nalezen