Kontrola logu

[ketez67]

Omlouvám se pokud zde tento log nepatří.

ComboFix 13-09-22.01 - Pater 22.09.2013 19:35:47.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8053.5641 [GMT 2:00]
Spuštěný z: c:\users\Pater\Desktop\ComboFix.exe
AV: Doctor Web Anti-Virus *Disabled/Updated* {A8C161B2-600A-42FD-97E0-4C12952A9FEC}
FW: Dr.Web Firewall *Enabled* {54FD2F0C-F7E9-625E-7F1B-B80A587561A3}
SP: Doctor Web Anti-Virus *Disabled/Updated* {13A08056-4630-4D73-AD50-7760EEADD551}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Pater\AppData\Local\assembly\tmp
c:\users\Pater\chrome.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\image.jpg
c:\windows\TEMP\jna8131776503028649748.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-22 do 2013-09-22 )))))))))))))))))))))))))))))))
.
.
2013-09-22 17:53 . 2013-09-22 17:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-09-11 04:45 . 2013-07-31 13:09 96768 ----a-w- c:\windows\system32\mshtmled.dll
2013-09-11 04:24 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-09-08 11:43 . 2013-09-08 11:43 -------- d-----w- C:\perflogs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-11 04:46 . 2010-11-12 23:23 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-02 01:48 . 2013-09-11 04:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-14 16:36 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 16:36 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 18:02 . 2013-07-19 18:02 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-19 18:02 . 2012-07-11 12:46 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-19 18:02 . 2010-12-25 17:18 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-19 01:58 . 2013-08-14 16:36 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-14 16:36 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-14 16:36 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-14 16:36 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-14 16:36 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-14 16:36 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-14 16:36 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-14 16:36 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-14 16:36 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-14 16:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-14 16:36 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-14 16:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-14 16:36 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-16 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SpIDerMail"="c:\program files (x86)\DrWeb\spiderml.exe" [2011-08-17 1591024]
"Dr.Web Firewall"="c:\program files (x86)\DrWeb\frwl_notify.exe" [2011-06-08 3822856]
"SpIDerAgent"="c:\program files (x86)\DrWeb\SpIDerAgent.exe" [2011-11-24 1476920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys;c:\windows\SYSNATIVE\DRIVERS\seehcri.sys [x]
R3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\Drivers\spyemrg_access.sys;c:\windows\SYSNATIVE\Drivers\spyemrg_access.sys [x]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\Drivers\spyemrg_guard.sys;c:\windows\SYSNATIVE\Drivers\spyemrg_guard.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 tmhidusb;Thrustmaster HID USB Driver;c:\windows\system32\DRIVERS\tmhidusb.sys;c:\windows\SYSNATIVE\DRIVERS\tmhidusb.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys;c:\windows\SYSNATIVE\drivers\dwprot.sys [x]
S0 SpiderG3;DrWeb file system scanner;c:\windows\system32\drivers\spiderg3.sys;c:\windows\SYSNATIVE\drivers\spiderg3.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 DRWEBAF;DrWEB Firewall Application Filter;c:\windows\system32\drivers\drwebaf.sys;c:\windows\SYSNATIVE\drivers\drwebaf.sys [x]
S1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys;c:\windows\SYSNATIVE\Drivers\spyemrg.sys [x]
S2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:\program files (x86)\Common Files\Doctor Web\Scanning Engine\dwengine.exe;c:\program files (x86)\Common Files\Doctor Web\Scanning Engine\dwengine.exe [x]
S2 DrWebFwSvc;Dr.Web Firewall Service;c:\program files (x86)\DrWeb\frwl_svc.exe;c:\program files (x86)\DrWeb\frwl_svc.exe [x]
S2 PS3 Media Server;PS3 Media Server;c:\program files (x86)\PS3 Media Server\win32\service\wrapper.exe;c:\program files (x86)\PS3 Media Server\win32\service\wrapper.exe [x]
S2 tmInstall;Thrustmaster Device Driver Installer;c:\program files\Thrustmaster\T500 RS Racing wheel\drivers\amd64\tmInstall.EXE;c:\program files\Thrustmaster\T500 RS Racing wheel\drivers\amd64\tmInstall.EXE [x]
S3 bbcap;bb_capture_driver;c:\windows\system32\DRIVERS\bbcap.sys;c:\windows\SYSNATIVE\DRIVERS\bbcap.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 DrWebPF;DrWeb Packet Filter Driver;c:\windows\system32\DRIVERS\DrWebPF.sys;c:\windows\SYSNATIVE\DRIVERS\DrWebPF.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-05 c:\windows\Tasks\Dr.Web Daily scan.job
- c:\program files (x86)\DrWeb\drweb32w.exe [2011-07-12 09:04]
.
2013-09-22 c:\windows\Tasks\Dr.Web Update.job
- c:\program files (x86)\DrWeb\DrWebUpW.exe [2011-06-27 09:43]
.
2013-09-22 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-03-08 10:28]
.
2013-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-19 07:47]
.
2013-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-19 07:47]
.
2013-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4213455190-1121324071-2762663974-1000Core.job
- c:\users\Pater\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-27 06:11]
.
2013-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4213455190-1121324071-2762663974-1000UA.job
- c:\users\Pater\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-27 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = 127.0.0.1
IE: + Offline &Explorer: Download the link - file://c:\program files (x86)\Offline Explorer\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://c:\program files (x86)\Offline Explorer\Add_AllO.htm
IE: Download All by ASUS Download - c:\program files (x86)\ASUS\RT-N16 Wireless Router Utilities\ASDownloadAll.htm
IE: Download using ASUS Download - c:\program files (x86)\ASUS\RT-N16 Wireless Router Utilities\ASDownload.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
LSP: c:\program files (x86)\DrWeb\drwebsp.dll
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Pater\AppData\Roaming\Mozilla\Firefox\Profiles\mrkx3zot.default\
FF - ExtSQL: !HIDDEN! 2011-07-13 13:56; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-1771865536.www.idoklad.cz - c:\program files (x86)\Microsoft Silverlight\4.0.60310.0\Silverlight.Configuration.exe
AddRemove-2298590302.www.microsoft.com - c:\program files (x86)\Microsoft Silverlight\4.0.60310.0\Silverlight.Configuration.exe
.
.
"ImagePath"="system32\drivers\dwprot.sys"
"Name"="ImagePath"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ED27F17A-65D3-59BB-C227-2061B01D39AE}*]
"maooenhihhfbpeaebomnmafilc"=hex:6f,61,6c,6d,66,6a,70,6b,69,6e,63,6a,66,61,67,
6c,63,61,67,63,6f,6e,65,66,68,6c,66,66,65,63,00,00
"abpopmpgchhplpilikilhpmbgbokhcfbkg"=hex:69,61,65,6f,6b,69,67,64,6b,66,66,61,
6f,65,6a,66,64,70,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="DCC2885B1D784C745984E13C63D57664B6F44391B696D6D43EB3DE1581C1171D66E99F61D4F6DD2DAA41B4D5C6572498EDB3AD4761B610EBF72CA1FC1FA5EFD6F56BEA85FDBEB62313C773511AD113019F3D8DAB5CD20C1CC744FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CBA7FD869164D6794A6A0AC4980AC79333C366C9A23FE34FCE727BD2E66FAC0FC18279F3479608FFD77D6CE099135A15B64468E004768035A4E64DA5FB66E8207233EA09E3028F9E1401011FCFE1D21D90922FD653A01F71D7904CA24238EBB2E5000E7EA20AE6BD9CFF16025B774E06B02EA001BA7DDF63E161AF46903753E9949921C4368B54859665CC68745BFF4EFC6CF1C25236963AFF6CB03D08F13E2655A33AB860ECC77CBE8BD90E09355F63F779820BD23DE28D1945663306B2601A2F2B2424777DCE50C5F1D4CA074630223D39F9DCF834FB3FC0909481098C47954A5F4544BF39E026DF8934F691FE7B858C3D16A7C009FF5FB13462730FD5B2FF12CF0198D32A3BFB2844EB193AAB6BE1250B31E193D09E58E16863B7F67A40769E1B40C3DC64C1716F70DCEAA16F73C7626D917ACBF18FB6618D281A584346D1945DFEBBBABD183C3EB27C6ED4227DD9E196FF6F373ACB62B45CC3DFA6970D055FCA6BA21BA3C05DD9D067E50731556199E322161A6FC17776B26738D8B10A2E5CED14236356B9EF8ECA59E7A55E357E7CFF33F170A90A35B7DA7EE9D4724D98827BD0C7B4013D89EE09612C7F38C1C026B9C3F6EB64566D814ABBE22DB8C716B9659662164383EC99F808946C0DADFCE53A4D1F3254B6B686721B345ED80E8B3CFA9668F8C385FEE771B78BA116DE2AF8C9B6CE834A6C472588C63E10388C1F8AB4761DF8B3FCEEF5AB3989D9E3AEAF3C123C7C0263288586904290C080383C6A6DEF36192D0A5A75B2C64988686C063C172E0A52298D06DC03324094BA0B71DDE30FC973DC47E62B4F91D8C4AEFAF37FBD1F97231DBBAF5AA58345001E8ED71198E9E3785457AE0C2A5478C4F650A1D082297B744D0E72F15490191C034B8AA3E63C1AB4D50BA58054CA9DFDE2BA23820D382BAAA9FFEC791EAF4AD05312EA458AA8F92D83968722321D18128D8D39DA06D47F31CC4A7635AB93D3AACE1E8309875F840CF27AFCC64E68EA2395978D78D0AB88FB3929097C7C44B80FC1B89905267303A3F153FF536F7F42589EC73E48B566BED6E2C6BEF592FD6FD9C872FFDFDB8AC3B17504BF4A8C05CA1F2A828B66396B7A4B08AEE6CB2315A6396A384A5B735A8B1ABFD0C4271C4E16331F2FEB2859FBBFABEFAD2FD999312985AC231A53D3D24BF3692BBCB691765E9E708643402DCD86E449ED58E79B80235BC8964137546E2BB525A"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Celkový čas: 2013-09-22 20:00:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-09-22 18:00
.
Před spuštěním: Volných bajtů: 127 887 958 016
Po spuštění: Volných bajtů: 127 512 272 896
.
- - End Of File - - CAC3C1E39AE4B9B626E39B6613934182
A36C5E4F47E84449FF07ED3517B43A31

[vyosek]

Zdravim

A tentokrat to dokoncite nebo jako minule

Nejste tu poprve, abyste vedel, ze CF se jen tak nepouziva...

Ke ComboFixu, ktery jste pouzil, tak na zaklade licence a pravidel fora ptam, umite s nim pracovat (spusteni, rozlusteni logu, napsani skriptu)?

Licencni podminky ComboFixu hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"


Nebezpeci CFka

• Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
• Maze stopy po haveti, takze v logu z RSIT neni nic videt
• Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
• CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
• CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

[ketez67]

Děkuji za poučné rady.
Omlouvám se za to, že jsem použil Combo Fix bez vašeho požehnání, ale už se bohužel stalo. Když jsem se učil pomocí batu upravovat registry k obrazu svému tak se mi stalo jen jednou,že jsem zpátky systém nenakopl. Hold kdo nic nedělá nic nepokazí. Vy určitě také nelouskáte log v obýváku za pomocí kuchařky. Takže kdybych věděl podle čeho si jej můžu sám zkontrolovat tak bych tady neprudil.

[vyosek]

Ja louskam log podle oficialniho navodu pro radce, ktery je autorem vsak velmi dobre strezen.

Trvate na antiviru od Dr.Webu?

Je s PC nejaky problem?

[ketez67]

Dobrý den

Děkuji za odpověď, kterou jsem už nečekal.
Licenci Dr.Web mám zakoupenou na tři roky a zatím jsem plně spokojen. Moc neprudí a důležité informace dá zřetelně najevo.
PC je nebo spíš bylo a doufám, že i je v pořádku.
Zabrousil jsem na vaše stránky při online kontrole podezřelého souboru který našel Malwarebytes.
Jeho nález se mi zdál podivný a taky byl protože při online kontrole jej označil jako škodnou pouze MB a ještě jeden program.
Takže když už jsem byl na stránkách viry.cz tak jsem se začetl a taky se dostal k článku jak použít KbFix a taky ho použil a log šoupl na prevenční kontrolu.

[vyosek]

ComboFix se nepouziva jen tak na prevencni kontrolu, je to dosti agresivni nastroj a ve vsech clancich s nim spojenych (aspon oficialnich) se pise, ze se pouziva pouze na doporuceni

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Poprosim o DDS http://forum.viry.cz/viewtopic.php?f=30&t=125172

[ketez67]

Zde jsou logy.
A koukám že tam asi nějakí potvora je.


# AdwCleaner v3.005 - Report created 24/09/2013 at 13:18:03
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Pater - DEMON
# Running from : C:\Users\Pater\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\driver-soft
Folder Deleted : C:\Program Files (x86)\Media Finder
Folder Deleted : C:\Users\Pater\AppData\Local\apn
Folder Deleted : C:\Users\Pater\AppData\Local\Ilivid
Folder Deleted : C:\Users\Pater\AppData\Local\PackageAware

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pdf-xchange-viewer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pdf-xchange-viewer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v10.0.2 (en-US)

[ File : C:\Users\Pater\AppData\Roaming\Mozilla\Firefox\Profiles\mrkx3zot.default\prefs.js ]

Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

-\\ Google Chrome v

[ File : C:\Users\Pater\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4764 octets] - [24/09/2013 13:12:52]
AdwCleaner[S0].txt - [4573 octets] - [24/09/2013 13:18:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4633 octets] ##########

[ketez67]

A ještě DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: BrowserJavaVersion: 10.25.2
Run by Pater at 13:25:28 on 2013-09-24
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8053.6198 [GMT 2:00]
.
AV: Doctor Web Anti-Virus *Enabled/Updated* {A8C161B2-600A-42FD-97E0-4C12952A9FEC}
SP: Doctor Web Anti-Virus *Enabled/Updated* {13A08056-4630-4D73-AD50-7760EEADD551}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Dr.Web Firewall *Enabled* {54FD2F0C-F7E9-625E-7F1B-B80A587561A3}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Doctor Web\Scanning Engine\dwengine.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\DrWeb\frwl_svc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Thrustmaster\T500 RS Racing wheel\drivers\amd64\tmInstall.EXE
C:\Program Files (x86)\PS3 Media Server\jre64\bin\java.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\DrWeb\spiderml.exe
C:\Program Files (x86)\DrWeb\frwl_notify.exe
C:\Program Files (x86)\DrWeb\spideragent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Doctor Web\Scanning Engine\dwengine.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Users\Pater\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pater\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pater\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pater\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.seznam.cz/
mWindow Title = Microsoft Internet Explorer
uProxyOverride = 127.0.0.1
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [SpIDerMail] "C:\Program Files (x86)\DrWeb\spiderml.exe" -autorun
mRun: [Dr.Web Firewall] "C:\Program Files (x86)\DrWeb\frwl_notify.exe"
mRun: [SpIDerAgent] "C:\Program Files (x86)\DrWeb\SpIDerAgent.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: + Offline &Explorer: Download the link - C:\Program Files (x86)\Offline Explorer\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - C:\Program Files (x86)\Offline Explorer\Add_AllO.htm
IE: Download All by ASUS Download - C:\Program Files (x86)\ASUS\RT-N16 Wireless Router Utilities\ASDownloadAll.htm
IE: Download using ASUS Download - C:\Program Files (x86)\ASUS\RT-N16 Wireless Router Utilities\ASDownload.htm
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
LSP: C:\Program Files (x86)\DrWeb\drwebsp.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A37091F0-A99F-4A09-BA3A-BB2F5E105983} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B47A7B3E-41CA-4ACE-B0B0-11915288CD8F} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B47A7B3E-41CA-4ACE-B0B0-11915288CD8F}\14355535 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B47A7B3E-41CA-4ACE-B0B0-11915288CD8F}\2456C6B696E6F5E413F575962756C6563737F5430344036334 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{B47A7B3E-41CA-4ACE-B0B0-11915288CD8F}\24C65746F667963656E65647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B47A7B3E-41CA-4ACE-B0B0-11915288CD8F}\4505D2C494E4B4F554874756E6465627F5234444343414 : DHCPNameServer = 192.168.0.254
TCP: Interfaces\{B47A7B3E-41CA-4ACE-B0B0-11915288CD8F}\A5C4554595 : DHCPNameServer = 10.102.4.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
x64-mWindow Title = Okno do Světa
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Pater\AppData\Roaming\Mozilla\Firefox\Profiles\mrkx3zot.default\
FF - ExtSQL: !HIDDEN! 2011-07-13 13:56; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 DwProt;DrWeb Protection;C:\Windows\System32\drivers\dwprot.sys [2012-3-5 221440]
R0 SpiderG3;DrWeb file system scanner;C:\Windows\System32\drivers\spiderg3.sys [2012-3-5 223960]
R1 DRWEBAF;DrWEB Firewall Application Filter;C:\Windows\System32\drivers\drwebaf.sys [2012-3-5 124408]
R1 SpyEmrg;Spy Emergency Driver;C:\Windows\System32\drivers\spyemrg.sys [2011-3-11 15416]
R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);C:\Program Files (x86)\Common Files\Doctor Web\Scanning Engine\dwengine.exe [2011-9-16 1898920]
R2 DrWebFwSvc;Dr.Web Firewall Service;C:\Program Files (x86)\DrWeb\frwl_svc.exe [2012-3-5 3657608]
R2 PS3 Media Server;PS3 Media Server;C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe [2012-11-27 384280]
R2 tmInstall;Thrustmaster Device Driver Installer;C:\Program Files\Thrustmaster\T500 RS Racing wheel\drivers\amd64\tmInstall.exe [2013-6-16 28160]
R3 bbcap;bb_capture_driver;C:\Windows\System32\drivers\bbcap.sys [2011-2-4 4608]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2010-11-13 615976]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-6-16 39976]
R3 DrWebPF;DrWeb Packet Filter Driver;C:\Windows\System32\drivers\DrWebPF.sys [2012-3-5 102904]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-10 158720]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-4-28 402720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2010-1-5 1847296]
S3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\System32\drivers\btwdpan.sys [2011-10-30 89640]
S3 cpuz134;cpuz134;C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2011-8-4 21480]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-6-4 103448]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720]
S3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\System32\drivers\PcaSp60.sys [2012-1-3 38912]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2010-11-13 31800]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-6-16 244224]
S3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\System32\drivers\seehcri.sys [2010-11-13 34032]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;C:\Windows\System32\drivers\spyemrg_access.sys [2011-3-11 22584]
S3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;C:\Windows\System32\drivers\spyemrg_guard.sys [2011-3-11 16952]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-6-4 203672]
S3 StorSvc;Služba úložiště;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 tmhidusb;Thrustmaster HID USB Driver;C:\Windows\System32\drivers\tmhidusb.sys [2013-6-16 127792]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-9 59392]
S3 WatAdminSvc;Služba Technologie aktivace Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-13 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\PSPad.exe="C:\Program Files (x86)\PSPad editor\PSPad.exe" "%1" [UserChoice]
FileExt: .ini: Applications\PSPad.exe="C:\Program Files (x86)\PSPad editor\PSPad.exe" "%1" [UserChoice]
FileExt: .js: Applications\PSPad.exe="C:\Program Files (x86)\PSPad editor\PSPad.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-09-24 11:12:49 -------- d-----w- C:\AdwCleaner
2013-09-22 17:56:29 -------- d-----w- C:\.cache
2013-09-22 17:55:09 -------- d-sh--w- C:\$RECYCLE.BIN
2013-09-22 17:34:24 98816 ----a-w- C:\Windows\sed.exe
2013-09-22 17:34:24 256000 ----a-w- C:\Windows\PEV.exe
2013-09-22 17:34:24 208896 ----a-w- C:\Windows\MBR.exe
2013-09-11 04:24:11 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-09-08 11:43:04 -------- d-----w- C:\perflogs
.
==================== Find3M ====================
.
2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-31 13:29:19 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-31 13:19:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-07-31 13:18:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-07-31 13:14:29 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-07-31 13:13:07 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-07-31 13:08:44 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-31 10:00:20 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-31 09:52:44 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-31 09:52:34 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-07-31 09:48:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-07-31 09:48:09 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-07-31 09:45:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 18:02:52 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-19 18:02:51 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-07-19 18:02:51 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 13:26:10,86 ===============

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  File::
  c:\windows\Tasks\GlaryInitialize.job
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4213455190-1121324071-2762663974-1000Core.job
  c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4213455190-1121324071-2762663974-1000UA.job
  
  DDS::
  uProxyOverride = 127.0.0.1
  uRun: [swg]
  mRun: [SunJavaUpdateSched]
  
  RegNul::
  [HKEY_USERS\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ED27F17A-65D3-59BB-C227-2061B01D39AE}*]
  [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
  
  RegLock::
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[ketez67]

Tady vkládám log.
Systém naběhl bez problému ale zmizel Dr.Web. Takže jsem bez ochrany.

ComboFix 13-09-24.02 - Pater 25.09.2013 15:55:07.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8053.6172 [GMT 2:00]
Spuštěný z: c:\users\Pater\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Pater\Desktop\CFScript.txt
AV: Doctor Web Anti-Virus *Disabled/Updated* {A8C161B2-600A-42FD-97E0-4C12952A9FEC}
FW: Dr.Web Firewall *Enabled* {54FD2F0C-F7E9-625E-7F1B-B80A587561A3}
SP: Doctor Web Anti-Virus *Disabled/Updated* {13A08056-4630-4D73-AD50-7760EEADD551}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\GlaryInitialize.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4213455190-1121324071-2762663974-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4213455190-1121324071-2762663974-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Pater\AppData\Local\assembly\tmp
c:\windows\Tasks\GlaryInitialize.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4213455190-1121324071-2762663974-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4213455190-1121324071-2762663974-1000UA.job
c:\windows\TEMP\jna418231030637804328.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-25 do 2013-09-25 )))))))))))))))))))))))))))))))
.
.
2013-09-25 14:12 . 2013-09-25 14:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-09-25 14:12 . 2013-09-25 14:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-25 14:12 . 2013-09-25 14:12 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-09-24 11:12 . 2013-09-24 11:18 -------- d-----w- C:\AdwCleaner
2013-09-22 17:56 . 2013-09-22 17:56 -------- d-----w- C:\.cache
2013-09-11 04:24 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-09-08 11:43 . 2013-09-08 11:43 -------- d-----w- C:\perflogs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-11 04:46 . 2010-11-12 23:23 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-02 01:48 . 2013-09-11 04:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-14 16:36 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 16:36 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 18:02 . 2013-07-19 18:02 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-19 18:02 . 2012-07-11 12:46 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-19 18:02 . 2010-12-25 17:18 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-19 01:58 . 2013-08-14 16:36 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-14 16:36 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-14 16:36 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-14 16:36 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-14 16:36 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-14 16:36 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-14 16:36 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-14 16:36 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-14 16:36 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-14 16:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-14 16:36 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-14 16:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-14 16:36 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SpIDerMail"="c:\program files (x86)\DrWeb\spiderml.exe" [2011-08-17 1591024]
"Dr.Web Firewall"="c:\program files (x86)\DrWeb\frwl_notify.exe" [2011-06-08 3822856]
"SpIDerAgent"="c:\program files (x86)\DrWeb\SpIDerAgent.exe" [2011-11-24 1476920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys;c:\windows\SYSNATIVE\DRIVERS\seehcri.sys [x]
R3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\Drivers\spyemrg_access.sys;c:\windows\SYSNATIVE\Drivers\spyemrg_access.sys [x]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\Drivers\spyemrg_guard.sys;c:\windows\SYSNATIVE\Drivers\spyemrg_guard.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 tmhidusb;Thrustmaster HID USB Driver;c:\windows\system32\DRIVERS\tmhidusb.sys;c:\windows\SYSNATIVE\DRIVERS\tmhidusb.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys;c:\windows\SYSNATIVE\drivers\dwprot.sys [x]
S0 SpiderG3;DrWeb file system scanner;c:\windows\system32\drivers\spiderg3.sys;c:\windows\SYSNATIVE\drivers\spiderg3.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 DRWEBAF;DrWEB Firewall Application Filter;c:\windows\system32\drivers\drwebaf.sys;c:\windows\SYSNATIVE\drivers\drwebaf.sys [x]
S1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys;c:\windows\SYSNATIVE\Drivers\spyemrg.sys [x]
S2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:\program files (x86)\Common Files\Doctor Web\Scanning Engine\dwengine.exe;c:\program files (x86)\Common Files\Doctor Web\Scanning Engine\dwengine.exe [x]
S2 DrWebFwSvc;Dr.Web Firewall Service;c:\program files (x86)\DrWeb\frwl_svc.exe;c:\program files (x86)\DrWeb\frwl_svc.exe [x]
S2 PS3 Media Server;PS3 Media Server;c:\program files (x86)\PS3 Media Server\win32\service\wrapper.exe;c:\program files (x86)\PS3 Media Server\win32\service\wrapper.exe [x]
S2 tmInstall;Thrustmaster Device Driver Installer;c:\program files\Thrustmaster\T500 RS Racing wheel\drivers\amd64\tmInstall.EXE;c:\program files\Thrustmaster\T500 RS Racing wheel\drivers\amd64\tmInstall.EXE [x]
S3 bbcap;bb_capture_driver;c:\windows\system32\DRIVERS\bbcap.sys;c:\windows\SYSNATIVE\DRIVERS\bbcap.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 DrWebPF;DrWeb Packet Filter Driver;c:\windows\system32\DRIVERS\DrWebPF.sys;c:\windows\SYSNATIVE\DRIVERS\DrWebPF.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-05 c:\windows\Tasks\Dr.Web Daily scan.job
- c:\program files (x86)\DrWeb\drweb32w.exe [2011-07-12 09:04]
.
2013-09-25 c:\windows\Tasks\Dr.Web Update.job
- c:\program files (x86)\DrWeb\DrWebUpW.exe [2011-06-27 09:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = 127.0.0.1
IE: + Offline &Explorer: Download the link - file://c:\program files (x86)\Offline Explorer\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://c:\program files (x86)\Offline Explorer\Add_AllO.htm
IE: Download All by ASUS Download - c:\program files (x86)\ASUS\RT-N16 Wireless Router Utilities\ASDownloadAll.htm
IE: Download using ASUS Download - c:\program files (x86)\ASUS\RT-N16 Wireless Router Utilities\ASDownload.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
LSP: c:\program files (x86)\DrWeb\drwebsp.dll
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Pater\AppData\Roaming\Mozilla\Firefox\Profiles\mrkx3zot.default\
FF - ExtSQL: !HIDDEN! 2011-07-13 13:56; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Driver Genius Professional Edition_is1 - c:\program files (x86)\Driver-Soft\DriverGenius\unins000.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
"ImagePath"="system32\drivers\dwprot.sys"
"Name"="ImagePath"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ED27F17A-65D3-59BB-C227-2061B01D39AE}*]
"maooenhihhfbpeaebomnmafilc"=hex:6f,61,6c,6d,66,6a,70,6b,69,6e,63,6a,66,61,67,
6c,63,61,67,63,6f,6e,65,66,68,6c,66,66,65,63,00,00
"abpopmpgchhplpilikilhpmbgbokhcfbkg"=hex:69,61,65,6f,6b,69,67,64,6b,66,66,61,
6f,65,6a,66,64,70,00,00
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="DCC2885B1D784C745984E13C63D57664B6F44391B696D6D43EB3DE1581C1171D66E99F61D4F6DD2DAA41B4D5C6572498EDB3AD4761B610EBF72CA1FC1FA5EFD6F56BEA85FDBEB62313C773511AD113019F3D8DAB5CD20C1CC744FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CBA7FD869164D6794A6A0AC4980AC79333C366C9A23FE34FCE727BD2E66FAC0FC18279F3479608FFD77D6CE099135A15B64468E004768035A4E64DA5FB66E8207233EA09E3028F9E1401011FCFE1D21D90922FD653A01F71D7904CA24238EBB2E5000E7EA20AE6BD9CFF16025B774E06B02EA001BA7DDF63E161AF46903753E9949921C4368B54859665CC68745BFF4EFC6CF1C25236963AFF6CB03D08F13E2655A33AB860ECC77CBE8BD90E09355F63F779820BD23DE28D1945663306B2601A2F2B2424777DCE50C5F1D4CA074630223D39F9DCF834FB3FC0909481098C47954A5F4544BF39E026DF8934F691FE7B858C3D16A7C009FF5FB13462730FD5B2FF12CF0198D32A3BFB2844EB193AAB6BE1250B31E193D09E58E16863B7F67A40769E1B40C3DC64C1716F70DCEAA16F73C7626D917ACBF18FB6618D281A584346D1945DFEBBBABD183C3EB27C6ED4227DD9E196FF6F373ACB62B45CC3DFA6970D055FCA6BA21BA3C05DD9D067E50731556199E322161A6FC17776B26738D8B10A2E5CED14236356B9EF8ECA59E7A55E357E7CFF33F170A90A35B7DA7EE9D4724D98827BD0C7B4013D89EE09612C7F38C1C026B9C3F6EB64566D814ABBE22DB8C716B9659662164383EC99F808946C0DADFCE53A4D1F3254B6B686721B345ED80E8B3CFA9668F8C385FEE771B78BA116DE2AF8C9B6CE834A6C472588C63E10388C1F8AB4761DF8B3FCEEF5AB3989D9E3AEAF3C123C7C0263288586904290C080383C6A6DEF36192D0A5A75B2C64988686C063C172E0A52298D06DC03324094BA0B71DDE30FC973DC47E62B4F91D8C4AEFAF37FBD1F97231DBBAF5AA58345001E8ED71198E9E3785457AE0C2A5478C4F650A1D082297B744D0E72F15490191C034B8AA3E63C1AB4D50BA58054CA9DFDE2BA23820D382BAAA9FFEC791EAF4AD05312EA458AA8F92D83968722321D18128D8D39DA06D47F31CC4A7635AB93D3AACE1E8309875F840CF27AFCC64E68EA2395978D78D0AB88FB3929097C7C44B80FC1B89905267303A3F153FF536F7F42589EC73E48B566BED6E2C6BEF592FD6FD9C872FFDFDB8AC3B17504BF4A8C05CA1F2A828B66396B7A4B08AEE6CB2315A6396A384A5B735A8B1ABFD0C4271C4E16331F2FEB2859FBBFABEFAD2FD999312985AC231A53D3D24BF3692BBCB691765E9E708643402DCD86E449ED58E79B80235BC8964137546E2BB525A"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Celkový čas: 2013-09-25 16:18:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-09-25 14:18
ComboFix2.txt 2013-09-22 18:00
.
Před spuštěním: Volných bajtů: 126 677 094 400
Po spuštění: Volných bajtů: 126 587 129 856
.
- - End Of File - - 22E7B7F131295D5B9495AFC5AF3FCD69
A36C5E4F47E84449FF07ED3517B43A31

[vyosek]

Dr.Web se vsude v logu hlasi jako aktivni

Stahnete SecurityCheck http://screen317.spywareinfoforum.org/SecurityCheck.exe

• Ulozte nejlepe na Plochu
• Spustte tradicne dvouklikem a postupujte dle pokynu utility
• Po dokonceni skenu se vytvori a otevre log, ten mi sem vlozte

[ketez67]

Tak DrWeb bude asi funkční, protože vyskočilo okno s aktualizací.
Co ale postrádám tak to, že byl ve skrytých ikonách plochy. Tady jsem viděl jaká ochrana běží a taky se zde dal nastavovat.


Results of screen317's Security Check version 0.99.73
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Doctor Web Anti-Virus
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java(TM) 6 Update 31
Java 7 Update 25
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox 10.0.2 Firefox out of Date!
Mozilla Thunderbird (17.0.8)
Google Chrome 17.0.963.56
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

[vyosek]

Me se takto obcas Avast tez schova

Smarjaaa, aktualizujte Firefox, vzdy uz je verez 23

Tak jeste uklidime

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

[ketez67]

Rád bych věděl, co jsme odstraňovali za problém a jak se případně dalším podobným problémům vyhnout.
Také bych Vám rád poděkoval za ochotu problém semnou řešit.

[vyosek]

Bylo tam hodne reklaminiho nezadouciho SW, chce to cist co se instaluje jako doprovod - vice zde http://www.viry.cz/pozor-na-to-co-vsech ... -pocitace/


Nemate zac, rad jsem pomohl Zase nekdy

A na zaklade Pravidla o zamykani temat