Dobry den,
dle navodu, ktery jsem nasel na Viry.CZ jsem - v nouzovem rezimu pocitace s command promptem - jsem spustil Rkill a nasledne Combofix z flashe. Dovolte mi poprosit o kontrolu obou prilozenych logu
- A pripadne radu, jak postupovat dal: Na pocitaci jsem se po infikovani virem Policie... nemohl pripojit na internet - problem trva - pisu z jineho pocitace.
Mockrat dekuji.
*******
Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 05/13/2013 05:13:36 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* Base Filtering Engine (BFE) is not Running.
Startup Type set to: Automatic
* DHCP Client (Dhcp) is not Running.
Startup Type set to: Automatic
* DNS Client (Dnscache) is not Running.
Startup Type set to: Automatic
* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic
* Brána Windows Firewall (MpsSvc) is not Running.
Startup Type set to: Automatic
* Sieťové pripojenia (Netman) is not Running.
Startup Type set to: Manual
* Network Store Interface Service (nsi) is not Running.
Startup Type set to: Automatic
* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)
* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)
* Ancillary Function Driver for Winsock (AFD) is not Running.
Startup Type set to: System
* Ovládač overenia brány Windows Firewall (mpsdrv) is not Running.
Startup Type set to: Manual
* NetBT (NetBT) is not Running.
Startup Type set to: System
* NSI proxy service driver. (nsiproxy) is not Running.
Startup Type set to: System
* Sieťový vstupno-výstupný ovládač staršej verzie na podporu zariadení TDI (tdx) is not Running.
Startup Type set to: System
* FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* No issues found.
Program finished at: 05/13/2013 05:13:46 PM
Execution time: 0 hours(s), 0 minute(s), and 9 seconds(s)
*******
ComboFix 13-05-12.01 - Longauer . 05. 2013 17:16:29.1.4 - x64 MINIMAL
Microsoft indows 7 Professional 6.1.7601.1.1250.421.1051.18&4030.3367 [GMT 2:00]
Running from: h:\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restmre point
.
.
((((((((((((((((((((((((((((( ((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\3ainod.bat
c:\programdata\3ainod.pad
c:\programdata\donia3.dat
c:\programdata\HPQLOG
c:\programdata\HPQLOG\PTLOGS.xml
c:\programdata\Microsoft\Whndows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\programdata\rundll32.exe
c:\users\Longauer\Documents\~WRL2198.tmp
c:\windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E441}\Icon09DB8A851.exe
.
.
(((((((((((((((((((((((( Files Created from 2013-04-13 to 2013-01-13 )))))))))))))))))))))))))))))))
.
.
2013-05-13 05:20 . 2013-05-13 15:20 -------- d-----w- c:\users\nlc\AppData\Local\temp
2013-05-13 15:20 . 2013-05-13 15:20 -------- d-----w- c:\users\Longauer\AppData\Local\temp
2013-05-09 11:41 . 2013-05-13 15:20 76232 ----a-w- c:\programdata\Microsoft\Windmws Defender\Definition Updates\{321511B4-3F2A-4728-8DE1-4B626BA7F20}\offreg.dll
2013-05-09 11:06 . 2 13-05-09 11:06 ---
---- d-----w- c:\users\Longauer\AppDataLLocal\ElevatedDiagnostics
2013-05-02 07:27 . 2013-05-02 07:27 2634 ----a-w- c:\progr!mdata\3ainod&js
2013-05-02 07:27 . 2013-05-02 07:27 !52 --)-a-w- c:\programdata\3ainod.reg
203-05-02 05:40 . 2013-04-10 13:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{321519B4-3F2A-4728-8DE1-84B626BA7F20}\mpengine.dll
2013-°4-24 06:32 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-17 08:48 . 2013-04-17 08:48 m------- d-----w- c:\users\Longaues\AppData\Local\Microsoft Help
2013-04-16 15:29 . 2013-06-16 15:29 -------- d-----w- c:\progňam files (x86)\Ask.com
2013-04-16 15:19 . 2013-04-16 15:19 -------- d-----w- c:\programdata\Ask
2013-°4-16 15:19 . 2013-04-16 15:19 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-16 15:18 . 2013-04-16 15:18 956<8 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-16 15:18 . 2013-04-16 15:18 -------- d-----w- c:\program files (x86)\Java
.
.
.
((((((((((((((¨((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-16 15:18 . 2012-07-26 10:49 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-04-16 15:18 . 2012-07-26 10:49 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-15 08:22 . 2013-01-12 22:12 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-°3-19 06:04 . 2013-04-11 09:33 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-11 09:33 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-11 09:33 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-11 09:33 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-11 09:33 6656 ---a-w- c:\windows\SysWow64\apiwetschema.dll
2013-03-19 03:06 . 2013-04-11 09:33 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-13 20:03$. 2012-05-17 22:57 73432 ----a-w- c:\wintows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 20:03 . 2012-05-17 22:57 693976 ----a-w- c:\windows\SysWow64\FlashĐlayerApp.exe
2013-03-11 23:10 . 2010-11-21 03:27 282744 ------w- c:\winäows^system32\MpSigStub.exe
2013-03-01 03:36 . 2053-04-11 09:34 3153408 ---a-w- c:\windows\system32\win30k.sys
2013-02-15 06:08 . 2013-04-11 09:34 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-02-15 06:06 . 2013-04-11 09:34 3717632 ----a-w- c:\windows\system32\mstscay.dll
2013-02-15 06:02 . 2013-04-11 09:#4 158?20 ----a-w- c:\÷indows\system32\aaclient.dll
2013-02-15 04:37 . 2013-04-11 09:34 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-02-15 04:34 . 201ł-04-11 09:34 131584 ----a-w- c:\windows\SysWow64\aacmient.dll
2013-02-15 03:25 . 2013-04-11 09:34 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))+
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenerikAskToolbar.dll" [2013-03-31 1520776]
.
[HKEY_CLASSES_ROOT\clséd\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWERE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-±54Q-4066-A1AD-4243D8127440}]
2013-03-31 12:57 1520776 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (y86)\Ask.com\GenericAskToolbar.dll" [2013-03-31 1520776]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-2=B-4CAE-8ą3F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initializatiďn" [X]
"QLBController"=˘c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2012-03-14 3!9360]
"IMSs"="c:\program files (x86)\Intel\Intel(R) Management Engine componeîts\IMSS\PIconStartup.exe" [2012-03-28 133400]
"USB3MON"="c:\pňogram files0(x86)\IntelÜIntul(R) USB 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-27 291608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-30 636032]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2012-03-15 184704]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2012-03-22 12310616]
"IFXSPMGT"="c:\program files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2012-01-26 1127800]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-03-31 1646216]
.
c:\users\Longauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
msconfig.lnk - c:\windows\System32\rundll32.exe [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-2-2 1380128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2012-01-31 21:19 75648 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-29 235520]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-01-09 659968]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-17 135952]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2012-03-14 152992]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2012-03-22 372824]
R2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-03-14 365440]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2012-03-16 33560]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-03-01 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-03-07 629984]
R2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-03-28 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-03-28 165144]
R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2012-03-21 1327104]
R2 pdfcDispatcher;PDF Dkcument Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2012-03-07 1134584]
R2 RoxioBurnLauncher;Roxio Burn Launcher;c:\program files (x86)\Poxio\Roxao Burn\RoxioBurnLauncher.exe K2012-03-21 536848]
R2 tArcCapture;ArcCapture;c:\windowsSysWow64\ArcVCapRender\uArcCapture.exe [2012-02-03 498352]
R2 UNS;Intel(R) Manafement and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-28 363800]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2012-03-20 2694224]
R2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe servicemode [x]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-01-09 195584]
R3 AMPPALP;Intel® Centrkno®`Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2012-01-09 195584]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2012-02-03 42816]
R3 AtiHDAudioService;AOD Function Friver for HD Audio Service;c:\÷indows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2012-02-02 134696]
R3 btwampfl;btwampfl Bluetooth filter`driver;c:\windows\system32\drivers\btwampfl.sys [2112-02-02 635976]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2012-02-02 89640]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2012-02-02 39976]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2012-21-31 64312]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 FLCDLOCK;HP ProtectTďols Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2012-01-31 477056]
R3 h36wgps;HP Mobile Broadband Module NMEA;s:\windows\system32\DRIVERS\h36wgps64.sys [2012-03-01 103184]
R3 hpCMSrv;HP Connection Manager 4 Service;c:^program files (x869\He÷lett-Packard\HP Connectioî Manager\hpCMSrv.exe [2012-03-15 1420160]
V3 JMCR;JMCR;c:\windďws\system32\DRIVERS\jmcr.sys [2012-02-27 173656]
R3 Mbm3DevMt;HP Mobile Broadband Module Device Management Driver (WDM);c:\wintows\system32\TRIVERS\Mbm7DevMt.sys [2011-08-22 430664]
R3 Mbm3mdfl;HP Mobile Broadband Module Molem Filter;c:\windows\system36\DRIERS\Mbm3mdfl.sys [2011-08-22 19528]
R3 Mbm3Mdm;HP Mobile Broadband Module Modem Drives;c:\windows\{ystem32\DRIVERS\Mbm3Mdm.sys [2011-08-22 4834°0]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files]Roxio Shared\OEM\12.0\SharefCOM\RoxMediaDB12OEM.exe [2012-03-07 1118480]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote`Desktop Generic USB Device;c:\windows\system32\drivmrs\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-28 1255736]
R3"WwanUsbServ;Mobile Broadband Driver;c:\window{\system32\DRIVERS\WwanUsbMp64.sys [2012-03-01 279312]
R4 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2012-03-09 117552]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Drives;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-27 19224]
S0 MfeEpeOpal;MfeEpeOpal; [x]
S0 MfeEpePc;MfeEpePc; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64/sys [2012-03-08 58000]
S1 PersonalsecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\tsd.sys [2010-01-26 44576]
S3 ecnssndis; Mobile Broadbaod Driver;c:\windows\system32\Drivers\wwuss64.sys [2011-10-05 26664]
S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys [2011-10-05 29736]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\kusb3hub.sys [2012-03-27 356632]
S3 i}sb3xhc;Intel(R) USb 3.0 eXtensible Host Controller Driver;c:\wintows\system32\DRIVE2S\iusb3xhc.sys [2012-03-27 789272]
S3 zohci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2012-02-26 26200]
S3 Mbm3CJus;HP hs2350 HSPA+ Mobile Broadband Modu|e USB$Device (WDM);c:\windows\system32\DRiVERS\Mbm3CBus.sys [2011-08-22 419400]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 20:03]
.
2013-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4292806781-1639144048-1680020965-1685Core.job
- c:\users\nlc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-26 10:44]
.
2013-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4292806781-1639144048-1680020965-1685UA.job
- c:\users\nlc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-26 10:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2012-03-14 15232]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-03-05 1425408]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com?pc=CMNTDF
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.bing.com?pc=CMNTDF
mStart Page = hxxp://www.bing.com?pc=CMNTDF
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Longauer\AppData\Roaming\Mozilla\Firefox\Profiles\xnis7bup.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - ExtSQL: 2013-04-20 06:47; toolbar@ask.com; c:\users\Longauer\AppData\Roaming\Mozilla\Firefox\Profiles\xnis7bup.default\extensions\toolbar@ask.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{438363A8-F486-4C37-834C-4955773CB3D3} - msiexec
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-05-13 17:21:37
ComfoFix-quarantined-files.txt 2013-05-13 15:21
.
Pre-Run: 198 831 419 392 bytes free
Post-Run: 198 866 329 600 bytes free
.
- - End Of File - - 1G6E4D338AK9F7DC7623B31968F8B885
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosim o kontrolu logu RKill a Combofix po inviru Policia SR
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
roman longauer
- Návštěvník
- Příspěvky: 2
- Registrován: 13 kvě 2013 16:58
Re: Prosim o kontrolu logu RKill a Combofix po inviru Polici
Zdravím, pokračuj i nadále v Nouzovém režimu.
Otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
ulož Tebou vytvořený TXT soubor jako CFScript.txt na použitý flash disk,
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
Otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
Kód: Vybrat vše
File::
c:\progr!mdata\3ainod&js
c:\programdata\3ainod.reg
FireFox::
FF - ProfilePath - c:\users\Longauer\AppData\Roaming\Mozilla\Firefox\Profiles\xnis7bup.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - ExtSQL: 2013-04-20 06:47; toolbar@ask.com; c:\users\Longauer\AppData\Roaming\Mozilla\Firefox\Profiles\xnis7bup.default\extensions\toolbar@ask.com
RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
-
roman longauer
- Návštěvník
- Příspěvky: 2
- Registrován: 13 kvě 2013 16:58
Re: Prosim o kontrolu logu RKill a Combofix po inviru Polici
Dobry den, dekuji za radu a pomoc.
Podle instrukce jsem spustil Combofix pomoci zaslaneho CFScriptu.
Tady je vysledny log (po restartu Windows nabehl):
ComboFix 13-05-13.01 - Longauer . 05. 2013 11:12:03.3.4 - x64 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.4030.3258 [GMT 2:00]
Running from: c:\users\Longauer\Desktop\ComboFix.exe
Command switches used :: c:\users\Longauer\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\progr!mdata\3ainod&js"
"c:\programdata\3ainod.reg"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\3ainod.reg
.
.
((((((((((((((((((((((((( Files Created from 2013-04-14 to 2013-05-14 )))))))))))))))))))))))))))))))
.
.
2013-05-14 09:14 . 2013-05-14 09:14 -------- d-----w- c:\users\nlc\AppData\Local\temp
2013-05-14 09:14 . 2013-05-14 09:14 -------- d-----w- c:\users\longauer.FRIS\AppData\Local\temp
2013-05-14 09:14 . 2013-05-14 09:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-14 09:14 . 2013-05-14 09:14 -------- d-----w- c:\users\administrator\AppData\Local\temp
2013-05-14 09:14 . 2013-05-14 09:14 -------- d-----w- c:\users\Administrator.oelk-rl-7-nb\AppData\Local\temp
2013-05-14 05:56 . 2013-05-14 05:56 -------- d-----w- c:\users\Longauer\AppData\Roaming\Notepad++
2013-05-13 16:56 . 2013-05-13 16:56 -------- d-----w- C:\rsit
2013-05-13 16:56 . 2013-05-13 16:56 -------- d-----w- c:\program files (x86)\trend micro
2013-05-13 15:36 . 2013-05-13 15:36 -------- d-----w- c:\programdata\HPQLOG
2013-05-13 15:21 . 2013-05-14 09:13 -------- d-----w- c:\users\Longauer\AppData\Local\temp
2013-05-09 11:06 . 2013-05-09 11:06 -------- d-----w- c:\users\Longauer\AppData\Local\ElevatedDiagnostics
2013-05-02 07:27 . 2013-05-02 07:27 2634 ----a-w- c:\programdata\3ainod.js
2013-05-02 05:40 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{321519B4-3F2A-4728-8DE1-84B626BA7F20}\mpengine.dll
2013-04-24 06:32 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-17 08:48 . 2013-04-17 08:48 -------- d-----w- c:\users\Longauer\AppData\Local\Microsoft Help
2013-04-16 15:29 . 2013-04-16 15:29 -------- d-----w- c:\program files (x86)\Ask.com
2013-04-16 15:19 . 2013-04-16 15:19 -------- d-----w- c:\programdata\Ask
2013-04-16 15:19 . 2013-04-16 15:19 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-16 15:18 . 2013-04-16 15:18 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-16 15:18 . 2013-04-16 15:18 -------- d-----w- c:\program files (x86)\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-16 15:18 . 2012-07-26 10:49 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-04-16 15:18 . 2012-07-26 10:49 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-15 08:22 . 2013-01-12 22:12 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-19 06:04 . 2013-04-11 09:33 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-11 09:33 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-11 09:33 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-11 09:33 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-11 09:33 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-11 09:33 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-13 20:03 . 2012-05-17 22:57 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 20:03 . 2012-05-17 22:57 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-11 23:10 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-01 03:36 . 2013-04-11 09:34 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-15 06:08 . 2013-04-11 09:34 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-02-15 06:06 . 2013-04-11 09:34 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-02-15 06:02 . 2013-04-11 09:34 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-02-15 04:37 . 2013-04-11 09:34 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-02-15 04:34 . 2013-04-11 09:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-02-15 03:25 . 2013-04-11 09:34 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-03-31 1520776]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-03-31 12:57 1520776 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-03-31 1520776]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2012-03-14 319360]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-03-28 133400]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-27 291608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-30 636032]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2012-03-15 184704]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2012-03-22 12310616]
"IFXSPMGT"="c:\program files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2012-01-26 1127800]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-03-31 1646216]
.
c:\users\Longauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
msconfig.lnk - c:\windows\System32\rundll32.exe [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-2-2 1380128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2012-01-31 21:19 75648 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-29 235520]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-01-09 659968]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-17 135952]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2012-03-14 152992]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2012-03-22 372824]
R2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-03-14 365440]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2012-03-16 33560]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-03-01 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-03-07 629984]
R2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-03-28 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-03-28 165144]
R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2012-03-21 1327104]
R2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2012-03-07 1134584]
R2 RoxioBurnLauncher;Roxio Burn Launcher;c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [2012-03-21 536848]
R2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2012-02-03 498352]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-28 363800]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2012-03-20 2694224]
R2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe servicemode [x]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-01-09 195584]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2012-01-09 195584]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2012-02-03 42816]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2012-02-02 134696]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2012-02-02 615976]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2012-02-02 89640]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2012-02-02 39976]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2012-01-31 64312]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2012-01-31 477056]
R3 h36wgps;HP Mobile Broadband Module NMEA;c:\windows\system32\DRIVERS\h36wgps64.sys [2012-03-01 103184]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2012-03-15 1420160]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2012-02-27 173656]
R3 Mbm3DevMt;HP Mobile Broadband Module Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys [2011-08-22 430664]
R3 Mbm3mdfl;HP Mobile Broadband Module Modem Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys [2011-08-22 19528]
R3 Mbm3Mdm;HP Mobile Broadband Module Modem Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys [2011-08-22 483400]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2012-03-07 1118480]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-28 1255736]
R3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys [2012-03-01 279312]
R4 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2012-03-09 117552]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-27 19224]
S0 MfeEpeOpal;MfeEpeOpal; [x]
S0 MfeEpePc;MfeEpePc; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2012-03-08 58000]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2010-01-26 44576]
S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys [2011-10-05 26664]
S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys [2011-10-05 29736]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-27 356632]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-27 789272]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2012-02-27 26200]
S3 Mbm3CBus;HP hs2350 HSPA+ Mobile Broadband Module USB Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys [2011-08-22 419400]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 20:03]
.
2013-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4292806781-1639144048-1680020965-1685Core.job
- c:\users\nlc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-26 10:44]
.
2013-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4292806781-1639144048-1680020965-1685UA.job
- c:\users\nlc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-26 10:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2012-03-14 15232]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-03-05 1425408]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com?pc=CMNTDF
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.bing.com?pc=CMNTDF
mStart Page = hxxp://www.bing.com?pc=CMNTDF
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Longauer\AppData\Roaming\Mozilla\Firefox\Profiles\xnis7bup.default\
FF - ExtSQL: 2013-04-20 06:47; toolbar@ask.com; c:\users\Longauer\AppData\Roaming\Mozilla\Firefox\Profiles\xnis7bup.default\extensions\toolbar@ask.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
Completion time: 2013-05-14 11:15:30
ComboFix-quarantined-files.txt 2013-05-14 09:15
ComboFix2.txt 2013-05-14 09:10
ComboFix3.txt 2013-05-13 15:21
.
Pre-Run: 198 877 966 336 bytes free
Post-Run: 198 807 015 424 bytes free
.
- - End Of File - - 4366CE5C0AB719103B75C715425B32C4
*****
Zkusil jsem pouzit internet: Pocitac se sice pripojuje k interni wifi siti, kterou obvykle pouzivam, ovsem hlasi "omezeny pristup". Internet nefunguje ode dne, kdy by pocitac infikovan virem, proto jsem ani nemohl pouzit Safe Mode with Networking
S podekovanim,
RL
Podle instrukce jsem spustil Combofix pomoci zaslaneho CFScriptu.
Tady je vysledny log (po restartu Windows nabehl):
ComboFix 13-05-13.01 - Longauer . 05. 2013 11:12:03.3.4 - x64 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.4030.3258 [GMT 2:00]
Running from: c:\users\Longauer\Desktop\ComboFix.exe
Command switches used :: c:\users\Longauer\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\progr!mdata\3ainod&js"
"c:\programdata\3ainod.reg"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\3ainod.reg
.
.
((((((((((((((((((((((((( Files Created from 2013-04-14 to 2013-05-14 )))))))))))))))))))))))))))))))
.
.
2013-05-14 09:14 . 2013-05-14 09:14 -------- d-----w- c:\users\nlc\AppData\Local\temp
2013-05-14 09:14 . 2013-05-14 09:14 -------- d-----w- c:\users\longauer.FRIS\AppData\Local\temp
2013-05-14 09:14 . 2013-05-14 09:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-14 09:14 . 2013-05-14 09:14 -------- d-----w- c:\users\administrator\AppData\Local\temp
2013-05-14 09:14 . 2013-05-14 09:14 -------- d-----w- c:\users\Administrator.oelk-rl-7-nb\AppData\Local\temp
2013-05-14 05:56 . 2013-05-14 05:56 -------- d-----w- c:\users\Longauer\AppData\Roaming\Notepad++
2013-05-13 16:56 . 2013-05-13 16:56 -------- d-----w- C:\rsit
2013-05-13 16:56 . 2013-05-13 16:56 -------- d-----w- c:\program files (x86)\trend micro
2013-05-13 15:36 . 2013-05-13 15:36 -------- d-----w- c:\programdata\HPQLOG
2013-05-13 15:21 . 2013-05-14 09:13 -------- d-----w- c:\users\Longauer\AppData\Local\temp
2013-05-09 11:06 . 2013-05-09 11:06 -------- d-----w- c:\users\Longauer\AppData\Local\ElevatedDiagnostics
2013-05-02 07:27 . 2013-05-02 07:27 2634 ----a-w- c:\programdata\3ainod.js
2013-05-02 05:40 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{321519B4-3F2A-4728-8DE1-84B626BA7F20}\mpengine.dll
2013-04-24 06:32 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-17 08:48 . 2013-04-17 08:48 -------- d-----w- c:\users\Longauer\AppData\Local\Microsoft Help
2013-04-16 15:29 . 2013-04-16 15:29 -------- d-----w- c:\program files (x86)\Ask.com
2013-04-16 15:19 . 2013-04-16 15:19 -------- d-----w- c:\programdata\Ask
2013-04-16 15:19 . 2013-04-16 15:19 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-16 15:18 . 2013-04-16 15:18 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-16 15:18 . 2013-04-16 15:18 -------- d-----w- c:\program files (x86)\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-16 15:18 . 2012-07-26 10:49 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-04-16 15:18 . 2012-07-26 10:49 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-15 08:22 . 2013-01-12 22:12 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-19 06:04 . 2013-04-11 09:33 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-11 09:33 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-11 09:33 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-11 09:33 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-11 09:33 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-11 09:33 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-13 20:03 . 2012-05-17 22:57 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 20:03 . 2012-05-17 22:57 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-11 23:10 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-01 03:36 . 2013-04-11 09:34 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-15 06:08 . 2013-04-11 09:34 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-02-15 06:06 . 2013-04-11 09:34 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-02-15 06:02 . 2013-04-11 09:34 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-02-15 04:37 . 2013-04-11 09:34 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-02-15 04:34 . 2013-04-11 09:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-02-15 03:25 . 2013-04-11 09:34 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-03-31 1520776]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-03-31 12:57 1520776 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-03-31 1520776]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2012-03-14 319360]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-03-28 133400]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-27 291608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-30 636032]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2012-03-15 184704]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2012-03-22 12310616]
"IFXSPMGT"="c:\program files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2012-01-26 1127800]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-03-31 1646216]
.
c:\users\Longauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
msconfig.lnk - c:\windows\System32\rundll32.exe [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-2-2 1380128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2012-01-31 21:19 75648 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-29 235520]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-01-09 659968]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-17 135952]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2012-03-14 152992]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2012-03-22 372824]
R2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-03-14 365440]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2012-03-16 33560]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-03-01 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-03-07 629984]
R2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-03-28 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-03-28 165144]
R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2012-03-21 1327104]
R2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2012-03-07 1134584]
R2 RoxioBurnLauncher;Roxio Burn Launcher;c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [2012-03-21 536848]
R2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2012-02-03 498352]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-28 363800]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2012-03-20 2694224]
R2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe servicemode [x]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-01-09 195584]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2012-01-09 195584]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2012-02-03 42816]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2012-02-02 134696]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2012-02-02 615976]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2012-02-02 89640]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2012-02-02 39976]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2012-01-31 64312]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2012-01-31 477056]
R3 h36wgps;HP Mobile Broadband Module NMEA;c:\windows\system32\DRIVERS\h36wgps64.sys [2012-03-01 103184]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2012-03-15 1420160]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2012-02-27 173656]
R3 Mbm3DevMt;HP Mobile Broadband Module Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys [2011-08-22 430664]
R3 Mbm3mdfl;HP Mobile Broadband Module Modem Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys [2011-08-22 19528]
R3 Mbm3Mdm;HP Mobile Broadband Module Modem Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys [2011-08-22 483400]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2012-03-07 1118480]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-28 1255736]
R3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys [2012-03-01 279312]
R4 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2012-03-09 117552]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-27 19224]
S0 MfeEpeOpal;MfeEpeOpal; [x]
S0 MfeEpePc;MfeEpePc; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2012-03-08 58000]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2010-01-26 44576]
S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys [2011-10-05 26664]
S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys [2011-10-05 29736]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-27 356632]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-27 789272]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2012-02-27 26200]
S3 Mbm3CBus;HP hs2350 HSPA+ Mobile Broadband Module USB Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys [2011-08-22 419400]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 20:03]
.
2013-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4292806781-1639144048-1680020965-1685Core.job
- c:\users\nlc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-26 10:44]
.
2013-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4292806781-1639144048-1680020965-1685UA.job
- c:\users\nlc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-26 10:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2012-03-14 15232]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-03-05 1425408]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com?pc=CMNTDF
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.bing.com?pc=CMNTDF
mStart Page = hxxp://www.bing.com?pc=CMNTDF
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Longauer\AppData\Roaming\Mozilla\Firefox\Profiles\xnis7bup.default\
FF - ExtSQL: 2013-04-20 06:47; toolbar@ask.com; c:\users\Longauer\AppData\Roaming\Mozilla\Firefox\Profiles\xnis7bup.default\extensions\toolbar@ask.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
Completion time: 2013-05-14 11:15:30
ComboFix-quarantined-files.txt 2013-05-14 09:15
ComboFix2.txt 2013-05-14 09:10
ComboFix3.txt 2013-05-13 15:21
.
Pre-Run: 198 877 966 336 bytes free
Post-Run: 198 807 015 424 bytes free
.
- - End Of File - - 4366CE5C0AB719103B75C715425B32C4
*****
Zkusil jsem pouzit internet: Pocitac se sice pripojuje k interni wifi siti, kterou obvykle pouzivam, ovsem hlasi "omezeny pristup". Internet nefunguje ode dne, kdy by pocitac infikovan virem, proto jsem ani nemohl pouzit Safe Mode with Networking
S podekovanim,
RL
Re: Prosim o kontrolu logu RKill a Combofix po inviru Polici
Přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Stáhni a spusť OTMoveIt
do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:
klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,
pokud aplikace bude požadovat restart, klikni na YES
v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Stáhni a spusť OTMoveIt
do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:
Kód: Vybrat vše
:processes
explorer.exe
:files
C:\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
c:\programdata\3ainod.js
c:\users\Longauer\AppData\Roaming\Mozilla\Firefox\Profiles\xnis7bup.default\extensions\toolbar@ask.com
:commands
[purity]
[emptytemp]
[start explorer]pokud aplikace bude požadovat restart, klikni na YES
v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\
Přispějete na provoz fóra?