internet explorer NEJDE ZAPNOUT

Zpráva

ebola · #1 Příspěvek od **ebola** » 03 říj 2013 19:37

zdarvim -po kliknutí na EXPLORER se ukáže jen bílá obrazovka a po chvilce jen hláška ,že program přestal pracovat.na net se dostanu jen přes :spustit procházení se službou in private.po zadání adres vše funguje.po ukončení exploreru se do něj dostanu zas jen přes službu inprivate. udělal sem combofix zde je výsledek -pomůže někdo pleas

ComboFix 13-03-27.01 - jemin 03.10.2013 20:09:02.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.3070.2137 [GMT 2:00]
Spuštěný z: f:\downloads\antivir\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\programdata\1b7d5af6
c:\programdata\995d1850
c:\programdata\da6d39a3
c:\programdata\deadbeef
c:\programdata\lesegil.exe
c:\windows\host32.exe
c:\windows\system32\ntos.exe
c:\windows\system32\sdra64.exe
c:\windows\system32\twext.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_bulbashy
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-03 do 2013-10-03 )))))))))))))))))))))))))))))))
.
.
2013-10-03 18:16 . 2013-10-03 18:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-10-03 18:16 . 2013-10-03 18:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-10-03 18:16 . 2013-10-03 18:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-03 07:34 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{442AAD9B-54B1-46EB-A79C-7F43919DD3B7}\mpengine.dll
2013-10-02 16:00 . 2013-10-02 16:00 -------- d-----w- c:\users\jemin\AppData\Local\bitComposer
2013-10-02 06:09 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-25 16:46 . 2013-09-25 16:46 -------- d-----w- c:\users\jemin\AppData\Local\Urban Trial Freestyle
2013-09-25 16:03 . 2013-09-25 16:03 -------- d-----w- c:\program files\AGEIA Technologies
2013-09-25 15:49 . 2013-08-20 13:33 33568 ----a-w- c:\windows\system32\drivers\nvvad32v.sys
2013-09-25 15:49 . 2013-08-20 13:32 28448 ----a-w- c:\windows\system32\nvaudcap32v.dll
2013-09-25 12:41 . 2013-09-25 12:41 -------- d-----w- c:\users\jemin\AppData\Roaming\uuhdaaai
2013-09-20 18:42 . 2013-09-20 18:42 -------- d-----w- c:\users\jemin\AppData\Roaming\fltk.org
2013-09-20 18:42 . 2013-09-20 18:42 -------- d-----w- c:\programdata\fltk.org
2013-09-20 18:40 . 2013-09-20 18:40 -------- d-----w- C:\Machine for Pigs
2013-09-20 17:23 . 2013-09-20 17:23 -------- d-----w- c:\programdata\Aiseesoft Studio
2013-09-20 17:23 . 2013-09-20 17:23 -------- d-----w- c:\program files\Aiseesoft Studio
2013-09-20 08:28 . 2013-07-01 09:53 397312 ----a-w- c:\windows\system32\TubeFinder.exe
2013-09-20 08:28 . 2013-09-20 08:29 -------- d-----w- c:\users\jemin\AppData\Roaming\FreeFLVConverter
2013-09-20 08:28 . 2011-09-28 08:18 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
2013-09-20 08:28 . 2011-09-28 08:18 364544 ----a-w- c:\windows\system32\PropertyGrid.ocx
2013-09-20 08:28 . 2011-09-28 08:18 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2013-09-20 08:28 . 2011-09-28 08:18 24576 ----a-w- c:\windows\system32\ControlSubX.ocx
2013-09-20 08:28 . 2011-09-28 08:18 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2013-09-20 08:28 . 2011-09-28 08:18 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2013-09-20 08:28 . 2013-09-20 19:22 -------- d-----w- c:\program files\Free FLV Converter
2013-09-17 12:42 . 2013-09-17 12:45 -------- d-----w- c:\windows\system32\MRT
2013-09-17 12:39 . 2013-06-15 03:40 918528 ----a-w- c:\windows\system32\rdpcorets.dll
2013-09-17 12:39 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-09-16 14:03 . 2013-09-16 14:05 -------- d-----w- c:\users\jemin\AppData\Local\Arma 3
2013-09-16 14:03 . 2013-09-16 14:03 -------- d-----w- c:\programdata\Bohemia Interactive
2013-09-11 23:17 . 2013-09-11 23:17 571168 ----a-w- c:\windows\system32\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-03 15:38 . 2012-01-29 07:14 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-10-03 15:38 . 2012-09-24 15:24 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-10-03 15:38 . 2012-06-23 18:43 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-10-03 15:38 . 2011-03-17 19:48 214520 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-09-21 14:36 . 2012-04-10 16:12 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-21 14:36 . 2011-05-18 03:30 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-12 08:51 . 2013-04-05 12:49 2630304 ----a-w- c:\windows\system32\nvapi.dll
2013-09-12 08:51 . 2013-04-05 12:49 13628208 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-09-12 08:51 . 2013-04-05 12:49 12947360 ----a-w- c:\windows\system32\nvd3dum.dll
2013-09-12 08:51 . 2013-04-05 12:49 1222824 ----a-w- c:\windows\system32\nvumdshim.dll
2013-09-12 08:51 . 2012-01-02 21:20 53024 ----a-w- c:\windows\system32\OpenCL.dll
2013-09-12 06:28 . 2013-04-05 12:50 4265760 ----a-w- c:\windows\system32\nvcpl.dll
2013-09-12 06:28 . 2013-04-05 12:50 3006240 ----a-w- c:\windows\system32\nvsvc.dll
2013-09-12 06:28 . 2013-04-05 18:40 2555168 ----a-w- c:\windows\system32\nvsvcr.dll
2013-09-12 06:28 . 2013-04-05 12:50 662816 ----a-w- c:\windows\system32\nvvsvc.exe
2013-09-12 06:28 . 2013-04-05 12:50 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-09-12 06:28 . 2013-04-05 12:50 209184 ----a-w- c:\windows\system32\nvmctray.dll
2013-08-23 08:49 . 2013-08-23 08:49 697992 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ABFC2732-0F33-401F-9B2F-7E12188FCACA}\gapaengine.dll
2013-08-20 05:02 . 2013-08-20 05:02 84248 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2013-08-20 05:02 . 2013-08-20 05:02 182680 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2013-08-11 05:25 . 2011-02-13 20:43 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2013-07-30 15:28 . 2013-07-30 15:28 1487859 ----a-w- c:\windows\unins000.exe
2013-07-17 15:07 . 2012-10-24 12:48 698504 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-14 01:41 . 2013-07-18 15:41 893728 ----a-w- c:\windows\system32\nvdispgenco3232619.dll
2013-07-14 01:41 . 2013-07-18 15:41 1048864 ----a-w- c:\windows\system32\nvdispco3232619.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{4DB74D06-491C-440D-305E-012400990F3E}]
2010-11-20 12:24 73728 ----a-w- c:\windows\System32\cii.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Svátky a výročí"="c:\program files\OKsoftware\Svátky a výročí\Vyroci.exe" [2006-04-28 1019904]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2012-08-23 366576]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-07-25 20684656]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Facebook Update"="c:\users\jemin\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-07-16 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-06-11 10996368]
"GrooveMonitor"="f:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2012-09-07 2777296]
"SpywareTerminatorUpdater"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-04-03 3684488]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896]
.
c:\users\jemin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Vesmír na dlani.lnk - c:\program files\Noční obloha\vesmir.exe [2003-11-29 57344]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kaspersky Security Scan.lnk - c:\program files\Kaspersky Security Scan\KSS.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamePark klient 2.lnk
backup=c:\windows\pss\GamePark klient 2.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^jemin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Vesmír na dlani.lnk]
path=c:\users\jemin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Vesmír na dlani.lnk
backup=c:\windows\pss\Vesmír na dlani.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage]
2013-02-06 05:17 578560 ----a-w- f:\kies\KiesAirMessage.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2013-02-13 10:38 1509232 ----a-w- f:\kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 16:53 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 XDva401;XDva401;c:\windows\system32\XDva401.sys [x]
R3 XDva405;XDva405;c:\windows\system32\XDva405.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-10-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 14:36]
.
2013-10-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1988456262-1892088117-3691384259-1000Core.job
- c:\users\jemin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-16 09:23]
.
2013-10-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1988456262-1892088117-3691384259-1000UA.job
- c:\users\jemin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-16 09:23]
.
2013-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-21 19:13]
.
2013-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-21 19:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - f:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - f:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - f:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-InstallShield_{62952508-8C6F-4D31-9802-099FC67B41C3} - c:\program files\InstallShield Installation Information\{62952508-8C6F-4D31-9802-099FC67B41C3}\setup.exe
AddRemove-MaxPayne3cz - f:\program files\Black_Box\Max Payne 3\update.exe
AddRemove-{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF} - c:\program files\InstallShield Installation Information\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}\setup.exe
AddRemove-{A6356F2F-D3E1-4D83-9AA2-72871DD0C298} - c:\program files\InstallShield Installation Information\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}\setup.exe
AddRemove-{DE29F484-C1F2-4FFF-ACD8-1B729E3C638E} - c:\program files\InstallShield Installation Information\{DE29F484-C1F2-4FFF-ACD8-1B729E3C638E}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(6064)
c:\program files\SmartFTP Client 2.0\smarthook.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\rundll32.exe
d:\fraps\fraps.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\Noc:\program files\IncrediMail\Bin\ImApp.exe
c:\windows\system32\DllHost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2013-10-03 20:22:13 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-10-03 18:22
ComboFix2.txt 2013-03-27 19:53
ComboFix3.txt 2013-03-27 16:37
.
Před spuštěním: 2 617 638 912
Po spuštění: 2 458 857 472
.
- - End Of File - - F2628386CDC0348833AEFB459457C6AB

#2 Příspěvek od **Rudy** » 03 říj 2013 19:53

Zdravím!
Proč spouštíte ComboFix, utilitu určenou pouze profesinálům? Hodláte si nabořit systém, nebo některou aplikaci?

Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
c:\windows\System32\cii.dll
c:\windows\system32\XDva401.sys
c:\windows\system32\XDva405.sys

Folder::
c:\users\jemin\AppData\Local\Facebook\Update

File::
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1988456262-1892088117-3691384259-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1988456262-1892088117-3691384259-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{4DB74D06-491C-440D-305E-012400990F3E}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=-

Driver::
XDva401
XDva405

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

ebola · #3 Příspěvek od **ebola** » 03 říj 2013 20:40

po posledním restartu už explorer funguje,zde je log :

ComboFix 13-03-27.01 - jemin 03.10.2013 21:05:32.5.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.3070.2080 [GMT 2:00]
Spuštěný z: c:\users\jemin\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\jemin\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1988456262-1892088117-3691384259-1000Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1988456262-1892088117-3691384259-1000UA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
file zipped: c:\windows\System32\cii.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\jemin\AppData\Local\Facebook\Update
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdate.exe
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ar.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bg.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bn.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ca.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_cs.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_da.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_de.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_el.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en-GB.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es-419.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_et.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fa.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fi.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fil.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fr.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_gu.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hi.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hr.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hu.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_id.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_is.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_it.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_iw.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ja.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_kn.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ko.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lt.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lv.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ml.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_mr.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ms.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_nl.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_no.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_or.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pl.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-BR.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-PT.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ro.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ru.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sk.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sl.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sr.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sv.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ta.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_te.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_th.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_tr.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_uk.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ur.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_vi.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-CN.dll
c:\users\jemin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-TW.dll
c:\users\jemin\AppData\Local\Facebook\Update\FacebookUpdate.exe
c:\windows\host32.exe
c:\windows\System32\cii.dll
c:\windows\system32\ntos.exe
c:\windows\system32\sdra64.exe
c:\windows\system32\twext.exe
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1988456262-1892088117-3691384259-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1988456262-1892088117-3691384259-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
---- Předchozí spuštění -------
.
c:\programdata\1b7d5af6
c:\programdata\995d1850
c:\programdata\da6d39a3
c:\programdata\deadbeef
c:\programdata\lesegil.exe
c:\windows\host32.exe
c:\windows\system32\ntos.exe
c:\windows\system32\sdra64.exe
c:\windows\system32\twext.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_bulbashy
-------\Legacy_XDVA401
-------\Legacy_XDVA405
-------\Service_XDva401
-------\Service_XDva405
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-03 do 2013-10-03 )))))))))))))))))))))))))))))))
.
.
2013-10-03 19:12 . 2013-10-03 19:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-10-03 19:12 . 2013-10-03 19:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-10-03 19:12 . 2013-10-03 19:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-03 07:34 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{442AAD9B-54B1-46EB-A79C-7F43919DD3B7}\mpengine.dll
2013-10-02 16:00 . 2013-10-02 16:00 -------- d-----w- c:\users\jemin\AppData\Local\bitComposer
2013-10-02 06:09 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-25 16:46 . 2013-09-25 16:46 -------- d-----w- c:\users\jemin\AppData\Local\Urban Trial Freestyle
2013-09-25 16:03 . 2013-09-25 16:03 -------- d-----w- c:\program files\AGEIA Technologies
2013-09-25 15:49 . 2013-08-20 13:33 33568 ----a-w- c:\windows\system32\drivers\nvvad32v.sys
2013-09-25 15:49 . 2013-08-20 13:32 28448 ----a-w- c:\windows\system32\nvaudcap32v.dll
2013-09-25 12:41 . 2013-09-25 12:41 -------- d-----w- c:\users\jemin\AppData\Roaming\uuhdaaai
2013-09-20 18:42 . 2013-09-20 18:42 -------- d-----w- c:\users\jemin\AppData\Roaming\fltk.org
2013-09-20 18:42 . 2013-09-20 18:42 -------- d-----w- c:\programdata\fltk.org
2013-09-20 18:40 . 2013-09-20 18:40 -------- d-----w- C:\Machine for Pigs
2013-09-20 17:23 . 2013-09-20 17:23 -------- d-----w- c:\programdata\Aiseesoft Studio
2013-09-20 17:23 . 2013-09-20 17:23 -------- d-----w- c:\program files\Aiseesoft Studio
2013-09-20 08:28 . 2013-07-01 09:53 397312 ----a-w- c:\windows\system32\TubeFinder.exe
2013-09-20 08:28 . 2013-09-20 08:29 -------- d-----w- c:\users\jemin\AppData\Roaming\FreeFLVConverter
2013-09-20 08:28 . 2011-09-28 08:18 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
2013-09-20 08:28 . 2011-09-28 08:18 364544 ----a-w- c:\windows\system32\PropertyGrid.ocx
2013-09-20 08:28 . 2011-09-28 08:18 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2013-09-20 08:28 . 2011-09-28 08:18 24576 ----a-w- c:\windows\system32\ControlSubX.ocx
2013-09-20 08:28 . 2011-09-28 08:18 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2013-09-20 08:28 . 2011-09-28 08:18 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2013-09-20 08:28 . 2013-09-20 19:22 -------- d-----w- c:\program files\Free FLV Converter
2013-09-17 12:42 . 2013-09-17 12:45 -------- d-----w- c:\windows\system32\MRT
2013-09-17 12:39 . 2013-06-15 03:40 918528 ----a-w- c:\windows\system32\rdpcorets.dll
2013-09-17 12:39 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-09-16 14:03 . 2013-09-16 14:05 -------- d-----w- c:\users\jemin\AppData\Local\Arma 3
2013-09-16 14:03 . 2013-09-16 14:03 -------- d-----w- c:\programdata\Bohemia Interactive
2013-09-11 23:17 . 2013-09-11 23:17 571168 ----a-w- c:\windows\system32\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-03 15:38 . 2012-01-29 07:14 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-10-03 15:38 . 2012-09-24 15:24 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-10-03 15:38 . 2012-06-23 18:43 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-10-03 15:38 . 2011-03-17 19:48 214520 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-09-21 14:36 . 2012-04-10 16:12 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-21 14:36 . 2011-05-18 03:30 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-12 08:51 . 2013-04-05 12:49 2630304 ----a-w- c:\windows\system32\nvapi.dll
2013-09-12 08:51 . 2013-04-05 12:49 13628208 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-09-12 08:51 . 2013-04-05 12:49 12947360 ----a-w- c:\windows\system32\nvd3dum.dll
2013-09-12 08:51 . 2013-04-05 12:49 1222824 ----a-w- c:\windows\system32\nvumdshim.dll
2013-09-12 08:51 . 2012-01-02 21:20 53024 ----a-w- c:\windows\system32\OpenCL.dll
2013-09-12 06:28 . 2013-04-05 12:50 4265760 ----a-w- c:\windows\system32\nvcpl.dll
2013-09-12 06:28 . 2013-04-05 12:50 3006240 ----a-w- c:\windows\system32\nvsvc.dll
2013-09-12 06:28 . 2013-04-05 18:40 2555168 ----a-w- c:\windows\system32\nvsvcr.dll
2013-09-12 06:28 . 2013-04-05 12:50 662816 ----a-w- c:\windows\system32\nvvsvc.exe
2013-09-12 06:28 . 2013-04-05 12:50 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-09-12 06:28 . 2013-04-05 12:50 209184 ----a-w- c:\windows\system32\nvmctray.dll
2013-08-23 08:49 . 2013-08-23 08:49 697992 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ABFC2732-0F33-401F-9B2F-7E12188FCACA}\gapaengine.dll
2013-08-20 05:02 . 2013-08-20 05:02 84248 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2013-08-20 05:02 . 2013-08-20 05:02 182680 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2013-08-11 05:25 . 2011-02-13 20:43 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2013-07-30 15:28 . 2013-07-30 15:28 1487859 ----a-w- c:\windows\unins000.exe
2013-07-17 15:07 . 2012-10-24 12:48 698504 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-14 01:41 . 2013-07-18 15:41 893728 ----a-w- c:\windows\system32\nvdispgenco3232619.dll
2013-07-14 01:41 . 2013-07-18 15:41 1048864 ----a-w- c:\windows\system32\nvdispco3232619.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Svátky a výročí"="c:\program files\OKsoftware\Svátky a výročí\Vyroci.exe" [2006-04-28 1019904]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2012-08-23 366576]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-07-25 20684656]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-06-11 10996368]
"GrooveMonitor"="f:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2012-09-07 2777296]
"SpywareTerminatorUpdater"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-04-03 3684488]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896]
.
c:\users\jemin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Vesmír na dlani.lnk - c:\program files\Noční obloha\vesmir.exe [2003-11-29 57344]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kaspersky Security Scan.lnk - c:\program files\Kaspersky Security Scan\KSS.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamePark klient 2.lnk
backup=c:\windows\pss\GamePark klient 2.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^jemin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Vesmír na dlani.lnk]
path=c:\users\jemin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Vesmír na dlani.lnk
backup=c:\windows\pss\Vesmír na dlani.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage]
2013-02-06 05:17 578560 ----a-w- f:\kies\KiesAirMessage.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2013-02-13 10:38 1509232 ----a-w- f:\kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 16:53 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
R3 CFcatchme;CFcatchme;c:\users\jemin\AppData\Local\Temp\CFcatchme.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-10-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 14:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - f:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - f:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - f:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(1448)
c:\program files\SmartFTP Client 2.0\smarthook.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\sppsvc.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\OKsoftware\Svátky a výroc:\program files\IncrediMail\Bin\IncMail.exe
c:\program files\IncrediMail\Bin\ImApp.exe
c:\program files\Noc:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\DllHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2013-10-03 21:18:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-10-03 19:18
ComboFix2.txt 2013-03-27 19:53
ComboFix3.txt 2013-03-27 16:37
.
Před spuštěním: 2 541 260 800
Po spuštění: 2 460 016 640
.
- - End Of File - - DA37B887B4321DB1B18ECBEEE23FDAE1
Nahr nˇ probŘhlo ŁspŘçnŘ

#4 Příspěvek od **Rudy** » 03 říj 2013 20:52

Log je již OK.

ebola · #5 Příspěvek od **ebola** » 04 říj 2013 03:24

Proč spouštíte ComboFix, utilitu určenou pouze profesinálům? Hodláte si nabořit systém, nebo některou aplikaci?

sem si na(profesionála) chtěl zahrát

-díky za pomoc

#6 Příspěvek od **Rudy** » 04 říj 2013 18:20

ebola píše:Proč spouštíte ComboFix, utilitu určenou pouze profesinálům? Hodláte si nabořit systém, nebo některou aplikaci?

sem si na(profesionála) chtěl zahrát -díky za pomoc

Buďte rád, že se vám to nevymstilo. CF odinstalujte pomocí T-Cleaneru: http://vyosek.ic.cz/pro_usery/T-Cleaner.exe. Nemáte zač!

VIRY.CZ

internet explorer NEJDE ZAPNOUT

internet explorer NEJDE ZAPNOUT

Re: internet explorer NEJDE ZAPNOUT

Re: internet explorer NEJDE ZAPNOUT

Re: internet explorer NEJDE ZAPNOUT

Re: internet explorer NEJDE ZAPNOUT

Re: internet explorer NEJDE ZAPNOUT