Kontrola logu

[funkymusic]

Po kratší odmlce jsem zase tu, zde je log:¨

SystemLook 30.07.11 by jpshortstuff
Log created at 22:27 on 04/04/2002 by Uzivatel
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== dir ==========

C:\ProgramData - Parameters: "(none)"

---Files---
Ament.ini --a---- 57 bytes [13:19 13/09/2012] [13:19 13/09/2012]
dsgsdgdsgdsgw.bat --a---- 69 bytes [17:03 21/01/2013] [17:03 21/01/2013]
dsgsdgdsgdsgw.reg --a---- 159 bytes [17:03 21/01/2013] [17:03 21/01/2013]
mjw3q.reg --a---- 151 bytes [14:51 02/04/2002] [14:51 02/04/2002]
SMRResults311.dat --a---- 4848270 bytes [15:53 22/01/2013] [15:54 22/01/2013]
tof7ri.dat --a---- 0 bytes [14:51 02/04/2002] [14:51 02/04/2002]

---Folders---
Adobe d------ [21:17 24/05/2012]
Apple d------ [21:52 24/05/2012]
Apple Computer d------ [21:53 24/05/2012]
Application Data d--hs-- [05:08 14/07/2009]
Data aplikací d--hs-- [20:18 24/05/2012]
Desktop d--hs-- [05:08 14/07/2009]
DOBRÁ KAVÁRNA d------ [10:03 28/03/2002]
Documents d--hs-- [05:08 14/07/2009]
Dokumenty d--hs-- [20:18 24/05/2012]
Electronic Arts d------ [16:29 24/01/2013]
ESET d------ [21:34 24/05/2012]
Favorites d--hs-- [05:08 14/07/2009]
Funny Bear Studio d------ [18:12 17/01/2013]
HP d------ [13:19 13/09/2012]
HP Photo Creations d------ [13:20 13/09/2012]
Media Center Programs d------ [17:37 23/08/2012]
Meridian93 d------ [12:15 05/10/2012]
Microsoft d---s-- [03:20 14/07/2009]
Microsoft Help d------ [21:41 24/05/2012]
Nabídka Start d--hs-- [20:18 24/05/2012]
Nero d------ [22:17 24/05/2012]
Norton d------ [19:02 17/11/2012]
NortonInstaller d------ [19:02 17/11/2012]
NVIDIA d------ [22:33 24/05/2012]
NVIDIA Corporation d------ [20:24 24/05/2012]
Oblíbené položky d--hs-- [20:18 24/05/2012]
Plocha d--hs-- [20:18 24/05/2012]
Skype d------ [20:15 20/08/2012]
Start Menu d--hs-- [05:08 14/07/2009]
Sun d------ [22:31 24/05/2012]
Symantec d------ [19:02 17/11/2012]
Templates d--hs-- [05:08 14/07/2009]
Visan d------ [23:50 01/01/2013]
Úžasná tajemství mistra Leonarda d------ [09:46 13/08/2012]
Šablony d--hs-- [20:18 24/05/2012]

-= EOF =-

[funkymusic]

Zdravím moderátory, nemohl by na to někdo kouknou,že bychom trochu popojeli. Děkuju moc.

[vyosek]

Omlouvam se, mel jsem cely den pracovni

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222

• Provedte aktualizaci
• Provedte uplny sken - nic nemazte
• MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

[funkymusic]

To je v poho, diky, tu je log:

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.70.0.1100
www.malwarebytes.org

Verze: v2013.04.06.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Uzivatel :: PC [administrátor]

Ochrana: Povolena

6.4.2002 10:09:58
MBAM-log-2002-04-06 (12-20-05).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 369280
Uplynulý čas: 45 minut, 29 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 3
C:\Users\Uzivatel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\376f7310-3c6a8ed6 (Trojan.FakeMS) -> Nebyla provedena žádná instrukce.
C:\ProgramData\dsgsdgdsgdsgw.bat (Exploit.Drop.GSA) -> Nebyla provedena žádná instrukce.
C:\ProgramData\dsgsdgdsgdsgw.reg (Exploit.Drop.GSA) -> Nebyla provedena žádná instrukce.

(konec)

[vyosek]

Nalezy MBAMu smazte, objevi se log, ten rad uvidim

[funkymusic]

tady to je:

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.70.0.1100
www.malwarebytes.org

Verze: v2013.04.06.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Uzivatel :: PC [administrátor]

Ochrana: Povolena

6.4.2002 10:09:58
mbam-log-2002-04-06 (10-09-58).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 369280
Uplynulý čas: 45 minut, 29 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 3
C:\Users\Uzivatel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\376f7310-3c6a8ed6 (Trojan.FakeMS) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\dsgsdgdsgdsgw.bat (Exploit.Drop.GSA) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\dsgsdgdsgdsgw.reg (Exploit.Drop.GSA) -> Přesun do karantény a smazání se zdařilo.

(konec)

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Facebook Update"=-
  "EA Core"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  "Adobe ARM"=-
  "BCSSync"=-
  "QuickTime Task"=-
  "NBAgent"=-
  "SunJavaUpdateSched"=-
  "Microsoft Default Manager"=-
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  File::
  C:\Windows\tasks\Adobe Flash Player Updater.job
  C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2762024776-2949698204-71201383-1001Core.job
  C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2762024776-2949698204-71201383-1001UA.job
  C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
  C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
  C:\Windows\tasks\HP Photo Creations Communicator.job
  C:\Windows\tasks\Norton Security Scan for Uzivatel.job
  
  Collect::
  c:\ProgramData\mjw3q.js
  C:\ProgramData\tof7ri.dat
  C:\ProgramData\mjw3q.bat
  C:\ProgramData\rundll32.exe
  c:\ProgramData\q3wjm.dat
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[funkymusic]

ComboFix 13-04-02.01 - Uzivatel 07.04.2002 11:11:53.3.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4095.2675 [GMT 2:00]
Spuštěný z: c:\users\Uzivatel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Uzivatel\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\tasks\Adobe Flash Player Updater.job"
"c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2762024776-2949698204-71201383-1001Core.job"
"c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2762024776-2949698204-71201383-1001UA.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\HP Photo Creations Communicator.job"
"c:\windows\tasks\Norton Security Scan for Uzivatel.job"
.
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2002-03-07 do 2002-04-07 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-30 04:45 . 2013-01-09 11:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-16 08:38 . 2012-11-28 13:42 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 13:42 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 13:42 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-05-24 20:49 . 2012-05-24 20:49 203776 ----a-w- c:\windows\SysWow64\webcheck.dll
2012-05-24 20:49 . 2012-05-24 20:49 249344 ----a-w- c:\windows\system32\webcheck.dll
2010-11-21 09:27 . 2010-11-21 09:27 2560 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\qwavedrv.sys.mui
2010-11-21 09:27 . 2010-11-21 09:27 2560 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\scfilter.sys.mui
2010-11-21 09:27 . 2010-11-21 09:27 5632 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\ndiscap.sys.mui
2010-11-21 09:27 . 2010-11-21 09:27 50176 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\tcpip.sys.mui
2010-11-21 09:26 . 2010-11-21 09:26 27136 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\bfe.dll.mui
2010-11-21 09:26 . 2010-11-21 09:26 15360 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\pacer.sys.mui
2010-11-21 03:25 . 2010-11-21 03:25 301568 ----a-w- c:\windows\SysWow64\srchadmin.dll
2010-11-21 03:25 . 2010-11-21 03:25 340992 ----a-w- c:\windows\system32\srchadmin.dll
2010-11-21 03:24 . 2010-11-21 03:24 777728 ----a-w- c:\windows\system32\autochk.exe
2010-11-21 03:24 . 2010-11-21 03:24 2175488 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-11-21 03:23 . 2010-11-21 03:23 668160 ----a-w- c:\windows\SysWow64\autochk.exe
2009-07-14 01:40 . 2009-07-13 23:32 52736 ----a-w- c:\windows\apppatch\AppPatch64\apihex64.dll
2009-07-14 01:40 . 2009-07-13 23:40 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2009-07-14 01:40 . 2009-07-13 23:40 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2009-07-14 01:39 . 2009-07-13 23:31 51712 ----a-w- c:\windows\system32\sdchange.exe
2009-07-14 01:16 . 2009-07-13 23:29 13312 ----a-w- c:\windows\SysWow64\TSChannel.dll
2009-07-14 01:15 . 2009-07-13 21:03 409600 ----a-w- c:\windows\SysWow64\msexch40.dll
2009-07-14 01:14 . 2009-07-13 23:20 41984 ----a-w- c:\windows\apppatch\apihex86.dll
2009-07-14 01:14 . 2009-07-13 23:27 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2009-07-14 01:14 . 2009-07-13 23:26 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2009-07-14 01:03 . 2009-07-13 23:26 2560 ----a-w- c:\windows\apppatch\AcRes.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
.
c:\users\Uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Sledovat výstrahy inkoustu - HP Photosmart 5510 series.lnk - c:\windows\system32\RunDll32.exe [2009-7-14 45568]
Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-24 1255736]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [2009-06-10 51712]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2002-03-28 21:32 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2002-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 11:46]
.
2013-02-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2762024776-2949698204-71201383-1001Core.job
- c:\users\Uzivatel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-19 17:07]
.
2013-02-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2762024776-2949698204-71201383-1001UA.job
- c:\users\Uzivatel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-19 17:07]
.
2002-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-12 17:48]
.
2002-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-12 17:48]
.
2013-02-06 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-01-01 23:50]
.
2013-02-06 c:\windows\Tasks\Norton Security Scan for Uzivatel.job
- c:\progra~2\NORTON~2\Engine\372~1.5\Nss.exe [2012-11-17 09:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Celkový čas: 2002-04-07 11:40:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2002-04-07 09:40
ComboFix2.txt 2002-04-03 22:13
.
Před spuštěním: 1 486 741 504
Po spuštění: 2 195 353 600
.
- - End Of File - - 5C0FACA95F5A5A3E7C83CA9E4F3A7F55
Nahr nˇ probŘhlo ŁspŘçnŘ

[funkymusic]

Zdravim, můžu poprosit někoho z kolegů, vyosek se mi měkde zapomněl.

Díky moc

[vyosek]

Zdravim

Vyosek mel pracovni a studijni povinnosti

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  :files
  C:\Windows\tasks\Adobe Flash Player Updater.job
  C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2762024776-2949698204-71201383-1001Core.job
  C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2762024776-2949698204-71201383-1001UA.job
  C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
  C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
  C:\Windows\tasks\HP Photo Creations Communicator.job
  C:\Windows\tasks\Norton Security Scan for Uzivatel.job
  c:\ProgramData\mjw3q.js
  C:\ProgramData\tof7ri.dat
  C:\ProgramData\mjw3q.bat
  C:\ProgramData\rundll32.exe
  c:\ProgramData\q3wjm.dat
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  [EMPTYJAVA]

• Nasledne kliknete na Opravit
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[funkymusic]

Zdravim dekuji, ze jste zase tu, doufam, ze se Vam dařilo. Zde je log:

All processes killed
========== FILES ==========
C:\Windows\tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2762024776-2949698204-71201383-1001Core.job moved successfully.
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2762024776-2949698204-71201383-1001UA.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\tasks\HP Photo Creations Communicator.job moved successfully.
C:\Windows\tasks\Norton Security Scan for Uzivatel.job moved successfully.
File\Folder c:\ProgramData\mjw3q.js not found.
C:\ProgramData\tof7ri.dat moved successfully.
File\Folder C:\ProgramData\mjw3q.bat not found.
File\Folder C:\ProgramData\rundll32.exe not found.
File\Folder c:\ProgramData\q3wjm.dat not found.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Uzivatel
->Temp folder emptied: 68634 bytes
->Temporary Internet Files folder emptied: 8678757 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 27081001 bytes
->Flash cache emptied: 4995 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5326 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50507 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 34,00 mb


[EMPTYFLASH]

User: All Users

User: AppData

User: Default

User: Default User

User: Public

User: UpdatusUser

User: Uzivatel
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: Default User

User: Public

User: UpdatusUser

User: Uzivatel
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04082002_174102

Files\Folders moved on Reboot...
C:\Users\Uzivatel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Uzivatel\AppData\Local\Temp\REG3217.tmp moved successfully.
File\Folder C:\Users\Uzivatel\AppData\Local\Temp\~DF391A1ED9D48A2A2D.TMP not found!
File\Folder C:\Users\Uzivatel\AppData\Local\Temp\~DF66A5EB0CD3FF07FA.TMP not found!
File\Folder C:\Users\Uzivatel\AppData\Local\Temp\~DF70661A0A798A842B.TMP not found!
File\Folder C:\Users\Uzivatel\AppData\Local\Temp\~DFB0772DE90286DE8A.TMP not found!
C:\Users\Uzivatel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Uzivatel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
C:\Users\Uzivatel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\085ND3EE\afr[1].htm moved successfully.
C:\Users\Uzivatel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\085ND3EE\viewtopic[1].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[vyosek]

Zadarilo, jak se chova PC

[funkymusic]

Nezdá se, že by byl nějaký problém, vše snad funguje korektně.

[funkymusic]

Ješte jeden problemek, je plnej HD, nevim čím. Nemužu to najít.

[vyosek]

Zkuste pouzit TreeSize Profi http://www.slunecnice.cz/sw/treesize-professional/ cestina zde http://cestiny.idnes.cz/software/treesi ... are_bw.idn