Neznámý uživatelský účet

Zpráva

iduss20 · #61 Příspěvek od **iduss20** » 18 kvě 2013 09:50

rmdir /s /q "C:\Users\Jituška\AppData\Local\Google\Chrome\User Data\Default\Extensions\iibmmjhgclhlahmjniokmhleigemjpbh"
del /f /q "C:\Windows\DeleteOnReboot.bat">nul 2>&1

#62 Příspěvek od **stell** » 18 kvě 2013 09:55

najdi a zmaz.
c:\windows\DeleteOnReboot.bat

Najdi a zmaz
C:\Users\Jituška\AppData\Local\Google\Chrome\User Data\Default\Extensions\iibmmjhgclhlahmjniokmhleigemjpbh

http://download.bleepingcomputer.com/farbar/FSS.exe
Ulozte nejlepe na Plochu
U vsech polozek udelejte zatrzitko (tim je oznacite pro skenovani)
Kliknete na Scan
Po dokonceni skenu se objevi log FSS.txt ten sem vlozte

iduss20 · #63 Příspěvek od **iduss20** » 18 kvě 2013 10:03

DeleteOnReboot jsem smazala, ale nemohu najít --> AppData\Local\Google\Chrome\User Data\Default\Extensions\iibmmjhgclhlahmjniokmhleigemjpbh
http://iduss20.rajce.idnes.cz/nastenka#5.jpg

#64 Příspěvek od **stell** » 18 kvě 2013 10:05

musis zapnut zobrazovanie skrytych suborov a zloziek

#65 Příspěvek od **stell** » 18 kvě 2013 10:09

alebo vytvor subor zmazat.bat
Otvorte Notepad (Poznámkový blok) a skopírujte do neho text.

Kód: Vybrat vše

@echo off
rd /s /q "C:\Users\Jituška\AppData\Local\Google\Chrome\User Data\Default\Extensions\iibmmjhgclhlahmjniokmhleigemjpbh"
del %0

b:)Potom klikneme na záložku Súbor v menu Uložiť ako..
c:)Ako je Názov súboru, tak do toho riadku napíšeme:zmazat.bat
d:)Typ súboru tak tam vyberiete všetky súbory
e:)A uložíme ho na plochu.
f:) a spustíme,(Vista ,win7 pravý klik a spustiť ako správca)

iduss20 · #66 Příspěvek od **iduss20** » 18 kvě 2013 10:13

Dostala jsem se až do složky Extensions - ale nevidím to tam --> http://iduss20.rajce.idnes.cz/nastenka#6.jpg

#67 Příspěvek od **stell** » 18 kvě 2013 10:14

Sprav to takto
a potom spust service scaner, log vloz sem.

stell píše:alebo vytvor subor zmazat.bat
Otvorte Notepad (Poznámkový blok) a skopírujte do neho text.
Kód: Vybrat vše
@echo off
rd /s /q "C:\Users\Jituška\AppData\Local\Google\Chrome\User Data\Default\Extensions\iibmmjhgclhlahmjniokmhleigemjpbh"
del %0
b:)Potom klikneme na záložku Súbor v menu Uložiť ako..
c:)Ako je Názov súboru, tak do toho riadku napíšeme:zmazat.bat
d:)Typ súboru tak tam vyberiete všetky súbory
e:)A uložíme ho na plochu.
f:) a spustíme,(Vista ,win7 pravý klik a spustiť ako správca)

iduss20 · #68 Příspěvek od **iduss20** » 18 kvě 2013 10:18

Tady je log:

Farbar Service Scanner Version: 14-04-2013
Ran by Administrator (administrator) on 18-05-2013 at 11:17:17
Running from "C:\Users\Administrator\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

#69 Příspěvek od **stell** » 18 kvě 2013 10:25

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý text:

Kód: Vybrat vše

KILLALL::
ClearJavaCache::

Potom klik na Subor -> Uložiť ako.. .-> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *]všetky súbory
A ulož ho na plochu> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :

Po skonceni skenu vlož log .

iduss20 · #70 Příspěvek od **iduss20** » 18 kvě 2013 10:31

Jdu se na to vrhnout, a nevím jestli to s tím nějak souvisí, ale tohle mi teď ohlásil ESET --> http://iduss20.rajce.idnes.cz/nastenka#7.jpg

iduss20 · #71 Příspěvek od **iduss20** » 18 kvě 2013 10:36

Hlásí mi to tohle:

http://iduss20.rajce.idnes.cz/nastenka#88.jpg

#72 Příspěvek od **stell** » 18 kvě 2013 10:43

ma byt takto
CFScript.txt
Takze vytvor novy textovy subor.

iduss20 · #73 Příspěvek od **iduss20** » 18 kvě 2013 11:04

Tady je log (a cca za půl hodiny musím pryč a vrátím se až k večeru)

ComboFix 13-05-16.02 - Administrator 18.05.2013 11:49:42.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3003.1483 [GMT 2:00]
Spuštěný z: c:\users\Administrator\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Administrator\Desktop\CFScript.txt
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-18 do 2013-05-18 )))))))))))))))))))))))))))))))
.
.
2013-05-18 09:57 . 2013-05-18 09:57 -------- d-----w- c:\users\Jituška\AppData\Local\temp
2013-05-18 09:57 . 2013-05-18 09:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-18 07:11 . 2013-05-18 07:12 -------- d-----w- c:\users\Administrator
2013-05-17 20:56 . 2013-05-17 20:56 -------- d-----w- c:\programdata\Malwarebytes
2013-05-17 17:00 . 2013-05-17 17:00 -------- d-----w- c:\windows\ERUNT
2013-05-17 17:00 . 2013-05-17 17:00 -------- d-----w- C:\JRT
2013-05-17 15:49 . 2013-05-17 15:49 -------- d-----w- C:\_OTL
2013-05-17 06:16 . 2013-05-13 06:37 9460464 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0AF58590-D4DB-4F0B-9E4E-A0CB738E4960}\mpengine.dll
2013-05-16 20:52 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll
2013-05-16 20:52 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-16 20:52 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-05-16 05:42 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-16 05:42 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 05:42 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-16 05:41 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-16 05:41 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-16 05:41 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-16 05:41 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-16 05:41 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-16 05:41 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-16 05:41 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-16 05:41 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-16 05:41 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-04-28 09:44 . 2013-04-28 09:45 -------- d-----w- c:\users\Jana
2013-04-27 13:20 . 2012-02-03 06:00 545 ----a-w- c:\windows\UC.PIF
2013-04-27 13:20 . 2012-02-03 06:00 545 ----a-w- c:\windows\RAR.PIF
2013-04-27 13:20 . 2012-02-03 06:00 545 ----a-w- c:\windows\PKZIP.PIF
2013-04-27 13:20 . 2012-02-03 06:00 545 ----a-w- c:\windows\PKUNZIP.PIF
2013-04-27 13:20 . 2012-02-03 06:00 545 ----a-w- c:\windows\LHA.PIF
2013-04-27 13:20 . 2012-02-03 06:00 545 ----a-w- c:\windows\ARJ.PIF
2013-04-27 13:20 . 2013-04-27 13:20 -------- d-----w- c:\users\Jituška\AppData\Roaming\GHISLER
2013-04-25 06:05 . 2013-04-25 06:05 -------- d-----w- c:\users\Jituška\AppData\Roaming\ESET
2013-04-25 06:05 . 2013-04-25 06:05 -------- d-----w- c:\users\Jituška\AppData\Local\ESET
2013-04-25 06:03 . 2013-04-25 06:03 -------- d-----w- c:\program files\ESET
2013-04-25 05:55 . 2013-04-25 05:55 -------- d-s---w- c:\windows\SysWow64\Microsoft
2013-04-24 08:06 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-21 18:33 . 2013-05-02 00:06 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-21 18:08 . 2013-03-06 22:32 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-04-21 18:08 . 2013-04-21 18:08 -------- d-----w- c:\program files\AVAST Software
2013-04-21 18:06 . 2013-04-25 05:58 -------- d-----w- c:\programdata\AVAST Software
2013-04-21 09:41 . 2013-04-21 09:41 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-21 09:40 . 2013-04-04 03:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-18 15:15 . 2013-04-18 15:16 -------- d-----w- c:\users\Jituška\AppData\Roaming\Origin
2013-04-18 15:15 . 2013-04-18 15:15 -------- d-----w- c:\program files (x86)\Origin Games
2013-04-18 15:15 . 2013-04-18 15:15 -------- d-----w- c:\users\Jituška\AppData\Local\Origin
2013-04-18 15:14 . 2013-04-18 15:15 -------- d-----w- c:\program files (x86)\Origin
2013-04-18 15:06 . 2013-04-18 15:15 -------- d-----w- c:\programdata\Origin
2013-04-18 15:04 . 2013-04-18 15:06 -------- d-----w- c:\programdata\Electronic Arts
2013-04-18 14:55 . 2013-04-18 15:06 -------- d-----w- c:\program files (x86)\Electronic Arts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 20:58 . 2013-03-03 22:05 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-14 18:44 . 2013-03-19 13:53 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 18:44 . 2013-03-19 13:53 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-01 17:39 . 2010-06-24 10:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-13 05:49 . 2013-05-16 05:42 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 05:42 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 05:42 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 05:42 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 05:42 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 05:42 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\SysWow64\GPhotos.scr
2013-03-19 06:04 . 2013-04-10 08:09 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 08:09 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 08:09 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 08:09 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 08:09 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 08:09 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-11 17:13 . 2013-03-11 17:13 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-03-08 17:04 . 2013-02-26 16:20 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-08 17:04 . 2010-08-14 22:20 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-03 11:26 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-03-03 11:26 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-02-21 21:59 . 2013-02-21 21:59 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-02-21 21:59 . 2013-02-21 21:59 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-02-21 21:59 . 2013-02-21 21:59 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-02-21 21:59 . 2013-02-21 21:59 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-02-21 21:59 . 2013-02-21 21:59 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2013-02-21 21:59 . 2013-02-21 21:59 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-02-21 21:59 . 2013-02-21 21:59 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-02-21 21:59 . 2013-02-21 21:59 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-02-21 21:59 . 2013-02-21 21:59 367104 ----a-w- c:\windows\SysWow64\html.iec
2013-02-21 21:59 . 2013-02-21 21:59 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-02-21 21:59 . 2013-02-21 21:59 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2013-02-21 21:59 . 2013-02-21 21:59 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-02-21 21:59 . 2013-02-21 21:59 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-02-21 21:59 . 2013-02-21 21:59 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2013-02-21 21:59 . 2013-02-21 21:59 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2013-02-21 21:59 . 2013-02-21 21:59 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-02-21 21:59 . 2013-02-21 21:59 65024 ----a-w- c:\windows\system32\pngfilt.dll
2013-02-21 21:59 . 2013-02-21 21:59 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-02-21 21:59 . 2013-02-21 21:59 49664 ----a-w- c:\windows\system32\imgutil.dll
2013-02-21 21:59 . 2013-02-21 21:59 267776 ----a-w- c:\windows\system32\ieaksie.dll
2013-02-21 21:59 . 2013-02-21 21:59 222208 ----a-w- c:\windows\system32\msls31.dll
2013-02-21 21:59 . 2013-02-21 21:59 197120 ----a-w- c:\windows\system32\msrating.dll
2013-02-21 21:59 . 2013-02-21 21:59 163840 ----a-w- c:\windows\system32\ieakui.dll
2013-02-21 21:59 . 2013-02-21 21:59 149504 ----a-w- c:\windows\system32\occache.dll
2013-02-21 21:59 . 2013-02-21 21:59 145920 ----a-w- c:\windows\system32\iepeers.dll
2013-02-21 21:59 . 2013-02-21 21:59 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-02-21 21:59 . 2013-02-21 21:59 12288 ----a-w- c:\windows\system32\mshta.exe
2013-02-21 21:59 . 2013-02-21 21:59 114176 ----a-w- c:\windows\system32\admparse.dll
2013-02-21 21:59 . 2013-02-21 21:59 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2013-02-21 21:59 . 2013-02-21 21:59 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-02-21 21:59 . 2013-02-21 21:59 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2013-02-21 21:59 . 2013-02-21 21:59 85504 ----a-w- c:\windows\system32\iesetup.dll
2013-02-21 21:59 . 2013-02-21 21:59 82432 ----a-w- c:\windows\system32\icardie.dll
2013-02-21 21:59 . 2013-02-21 21:59 76800 ----a-w- c:\windows\system32\tdc.ocx
2013-02-21 21:59 . 2013-02-21 21:59 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2013-02-21 21:59 . 2013-02-21 21:59 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-02-21 21:59 . 2013-02-21 21:59 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2013-02-21 21:59 . 2013-02-21 21:59 448512 ----a-w- c:\windows\system32\html.iec
2013-02-21 21:59 . 2013-02-21 21:59 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2013-02-21 21:59 . 2013-02-21 21:59 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-02-21 21:59 . 2013-02-21 21:59 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-02-21 21:59 . 2013-02-21 21:59 30720 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-21 21:59 . 2013-02-21 21:59 282112 ----a-w- c:\windows\system32\dxtrans.dll
2013-02-21 21:59 . 2013-02-21 21:59 249344 ----a-w- c:\windows\system32\webcheck.dll
2013-02-21 21:59 . 2013-02-21 21:59 160256 ----a-w- c:\windows\system32\ieakeng.dll
2013-02-21 21:59 . 2013-02-21 21:59 111616 ----a-w- c:\windows\system32\iesysprep.dll
2013-02-21 21:59 . 2013-02-21 21:59 103936 ----a-w- c:\windows\system32\inseng.dll
2013-02-21 21:59 . 2013-02-21 21:59 165888 ----a-w- c:\windows\system32\iexpress.exe
2013-02-21 21:59 . 2013-02-21 21:59 160256 ----a-w- c:\windows\system32\wextract.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe" [2010-02-09 1712184]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-07-02 602680]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-06-02 61112]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-02 946352]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Jituška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Sledovat výstrahy inkoustu - HP Deskjet 2050 J510 series.lnk - c:\windows\system32\RunDll32.exe [2009-7-14 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\programy moje\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 btmaudio;Motorola Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2010-05-20 42496]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [2010-04-09 52736]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-02-21 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2013-02-14 58416]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-03-11 283200]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-02-14 213416]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-01-10 150616]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2013-01-10 59440]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2010-05-20 677128]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2013-03-21 1341664]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-07-02 27192]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-04-19 315392]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-06-29 4181256]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-05-20 1096968]
S3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [2010-06-29 3232768]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-08-16 1028096]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-06-23 931168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 08:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 08:58 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-19 18:44]
.
2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-20 18:48]
.
2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-20 18:48]
.
2013-04-19 c:\windows\Tasks\HPCeeScheduleForJituška.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-05-26 6245408]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-06-10 24783624]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 410648]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 6330568]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.bing.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.bing.com
mStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
TCP: DhcpNameServer = 192.168.1.1 213.46.172.36 213.46.172.37
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-314801186-1437938027-1381154866-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-314801186-1437938027-1381154866-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-314801186-1437938027-1381154866-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-314801186-1437938027-1381154866-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-314801186-1437938027-1381154866-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files\Motorola\Bluetooth\btplayerctrl.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Celkový čas: 2013-05-18 12:03:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-05-18 10:03
ComboFix2.txt 2013-05-17 17:30
.
Před spuštěním: Volných bajtů: 138 197 446 656
Po spuštění: Volných bajtů: 138 126 573 568
.
- - End Of File - - B8CA6D7C55274CFE734FEB49B9AABA68

#74 Příspěvek od **stell** » 18 kvě 2013 11:25

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do nehocelý text

Kód: Vybrat vše

KILLALL::
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Quick Launch"=-
"Norton Online Backup"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"HP Software Update"=-
"SunJavaUpdateSched"=-
RegLock::
[HKEY_USERS\S-1-5-21-314801186-1437938027-1381154866-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
[HKEY_USERS\S-1-5-21-314801186-1437938027-1381154866-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
[HKEY_USERS\S-1-5-21-314801186-1437938027-1381154866-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
[HKEY_USERS\S-1-5-21-314801186-1437938027-1381154866-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
[HKEY_USERS\S-1-5-21-314801186-1437938027-1381154866-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

Potom klik na Subor -> Uložiť ako.. .-> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *]všetky súbory
A ulož ho na plochu> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :

Po skonceni skenu vlož log .

iduss20 · #75 Příspěvek od **iduss20** » 18 kvě 2013 19:53

Dobrý večer, já Vám děkuji za čas, který jste tomuto problému věnoval. Ale já už asi pro jistotu notebook zapínat nebudu a v pondělí s ním skočím k nějakému odborníkovi, protože já jsem, co se týče počítačů, úplný laik.
Takže Vám ještě jednou děkuji za Vaši pomoc.
Jinak se chci zeptat, zda máte nějaké podezření na to, co by to mohlo způsobovat, abych to mohla popřípadě říct tomu člověku, kterému notebook svěřím.

VIRY.CZ

Neznámý uživatelský účet

Re: Neznámý uživatelský účet

Re: Neznámý uživatelský účet

Re: Neznámý uživatelský účet

Re: Neznámý uživatelský účet

Re: Neznámý uživatelský účet

Re: Neznámý uživatelský účet

Re: Neznámý uživatelský účet

Re: Neznámý uživatelský účet

Re: Neznámý uživatelský účet

Re: Neznámý uživatelský účet

Re: Neznámý uživatelský účet

Re: Neznámý uživatelský účet

Re: Neznámý uživatelský účet

Re: Neznámý uživatelský účet

Re: Neznámý uživatelský účet