problem s aktualnymi oknami, samovolne zap/vyp okien

[barakuda969]

Prosim o kontrolu log-u z ComboFix-u. dakujem

ComboFix 13-12-20.01 - Kral . 12. 2013 9:55.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1033.18.3070.1964 [GMT 3:00]
Running from: e:\users\Kral\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\programdata\savensharre
e:\programdata\SearchNewTab
e:\programdata\SearchNewTab\data\SearchNewTab.dat
e:\programdata\SearchNewTab\dZ.dat
e:\programdata\SearchNewTab\dZ.dll
e:\programdata\SearchNewTab\dZ.tlb
e:\programdata\SearchNewTab\rSa.dat
e:\programdata\SearchNewTab\rSa.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ddsxeiservice
-------\Service_ddsxeiservice
.
.
((((((((((((((((((((((((( Files Created from 2013-11-21 to 2013-12-21 )))))))))))))))))))))))))))))))
.
.
2013-12-21 07:18 . 2013-12-21 07:18 -------- d-----w- e:\users\UpdatusUser\AppData\Local\temp
2013-12-21 07:18 . 2013-12-21 07:18 -------- d-----w- e:\users\Default\AppData\Local\temp
2013-12-21 06:50 . 2013-12-21 06:50 40392 ----a-w- e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE8D7978-9B04-49B6-91E4-37E5AF214DFE}\MpKsl366cd9a4.sys
2013-12-21 06:23 . 2013-12-04 02:57 7760024 ----a-w- e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE8D7978-9B04-49B6-91E4-37E5AF214DFE}\mpengine.dll
2013-12-19 20:51 . 2013-12-19 21:26 -------- d-----w- e:\users\Kral\AppData\Roaming\inFlow Inventory
2013-12-19 14:14 . 2013-12-19 14:17 -------- d-----w- e:\program files\Microsoft SQL Server
2013-12-19 14:12 . 2013-12-19 14:12 -------- d-----w- e:\program files\Business Objects
2013-12-19 14:06 . 2013-12-20 18:20 -------- d-----w- e:\programdata\inFlow Inventory
2013-12-19 14:06 . 2013-12-19 21:12 -------- d-----w- e:\program files\inFlow Inventory
2013-12-19 13:38 . 2013-12-04 02:57 7760024 ----a-w- e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-19 10:35 . 2002-08-28 23:41 323072 ----a-w- e:\windows\system32\temp.002
2013-12-19 10:35 . 2002-08-28 23:40 74810 ----a-w- e:\windows\system32\temp.001
2013-12-19 10:35 . 1998-07-16 19:40 424960 ----a-w- e:\windows\system32\C4dll.dll
2013-12-19 10:35 . 1999-05-06 20:00 204296 ----a-w- e:\windows\system32\Richtx32.ocx
2013-12-19 10:35 . 1999-03-29 12:21 258840 ----a-w- e:\windows\system32\SSLstBar.ocx
2013-12-19 10:35 . 1998-05-06 20:00 174352 ----a-w- e:\windows\system32\temp.000
2013-12-19 10:35 . 2001-03-13 10:49 140288 ----a-w- e:\windows\system32\COMDLG32.OCX
2013-12-19 10:35 . 1998-04-23 20:00 368912 ----a-w- e:\windows\system32\vbar332.dll
2013-12-15 11:15 . 2013-12-15 11:15 -------- d-sh--w- e:\windows\system32\AI_RecycleBin
2013-12-10 14:59 . 2013-12-10 14:59 -------- d-----w- E:\Launch Manager
2013-12-10 14:57 . 2006-11-02 18:29 21264 ----a-w- e:\windows\system32\drivers\DKbFltr.sys
2013-12-10 14:57 . 2007-12-03 12:11 207368 ----a-w- e:\windows\UNINST32.EXE
2013-12-10 14:42 . 2013-12-10 14:42 125 ----a-w- e:\windows\xUninstall.bat
2013-12-10 14:41 . 2013-12-10 14:42 -------- d-----w- e:\windows\JMCR_DIR
2013-12-10 14:40 . 2008-05-07 15:47 85136 ----a-w- e:\windows\system32\drivers\jmcr.sys
2013-12-10 06:49 . 2007-09-27 12:00 69632 ----a-w- e:\windows\system32\CNAB4SMK.DLL
2013-12-10 06:49 . 2007-09-27 12:00 135168 ----a-w- e:\windows\system32\CNAB4EMU.DLL
2013-12-10 06:49 . 2007-01-11 09:26 63112 ----a-w- e:\windows\system32\CNAB4RPK.EXE
2013-12-10 06:49 . 2007-01-10 12:00 28672 ----a-w- e:\windows\system32\CNAB4PTU.DLL
2013-12-10 06:49 . 2007-01-10 12:00 28672 ----a-w- e:\windows\system32\CNAB4LMK.DLL
2013-12-07 20:35 . 2013-12-07 20:53 -------- d-----w- E:\PROGRAMY
2013-12-07 20:35 . 2013-12-07 20:56 -------- d-----w- E:\FILMY
2013-12-07 20:31 . 2013-12-07 21:03 -------- d-----w- E:\GAMES
2013-12-07 05:11 . 2013-10-19 06:43 719224 ------w- e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A555ECE0-D5B0-4A08-A9BE-0DBC7B5C2F6D}\gapaengine.dll
2013-12-04 07:18 . 2013-12-04 07:18 -------- d-----w- e:\program files\LogMeIn Hamachi
2013-12-03 10:15 . 2013-12-03 10:15 -------- d-----w- e:\users\Kral\AppData\Local\HP
2013-12-03 09:21 . 2013-12-03 09:21 -------- d-----w- e:\programdata\JAGUAR
2013-12-02 13:53 . 2013-12-02 13:53 -------- d-----w- e:\users\Kral\AppData\Roaming\gd.sos.McPixel
2013-12-02 09:57 . 2013-12-02 10:00 -------- d-----w- e:\windows\WindowsMobile
2013-12-01 10:09 . 2013-12-13 20:18 -------- d-----w- e:\users\Kral\AppData\Local\NFS Underground 2
2013-11-27 08:30 . 2013-11-27 08:30 -------- d-----w- e:\users\Kral\AppData\Roaming\Hewlett-Packard Company
2013-11-27 08:29 . 2010-08-24 10:34 19624 ------w- e:\windows\system32\hppfaxprintermon5.dll
2013-11-27 08:29 . 2010-08-24 10:34 15144 ------w- e:\windows\system32\hppfaxprintermonui5.dll
2013-11-27 08:29 . 2013-11-27 08:29 608 --sha-w- e:\windows\system32\winzvprt5.sys
2013-11-27 08:28 . 2013-11-27 08:28 -------- d-----w- e:\program files\Hewlett-Packard
2013-11-27 08:28 . 2013-12-04 09:21 -------- d-----w- e:\users\Kral\AppData\Roaming\HpUpdate
2013-11-27 07:52 . 2013-11-27 08:30 -------- d-----w- e:\program files\HP
2013-11-27 07:47 . 2010-08-25 16:47 21528 ----a-w- e:\windows\system32\drivers\hppcfaxio.sys
2013-11-27 07:47 . 2010-08-25 16:47 59928 ----a-w- e:\windows\system32\hppcfaxcompio.dll
2013-11-27 07:47 . 2010-08-23 22:45 755256 ----a-w- e:\windows\system32\hpxp1410.dll
2013-11-27 07:47 . 2010-08-23 22:45 751160 ----a-w- e:\windows\system32\hpptsp08.dll
2013-11-27 07:47 . 2010-08-23 22:45 187960 ----a-w- e:\windows\system32\hppscancoins32.dll
2013-11-27 07:47 . 2010-08-25 16:47 188416 ----a-w- e:\windows\system32\hpmldmfax01.dll
2013-11-27 07:47 . 2010-10-13 18:16 238080 ----a-w- e:\windows\system32\hpbcoins32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 10:21 . 2009-10-14 09:58 230048 ------w- e:\windows\system32\MpSigStub.exe
2013-10-19 06:43 . 2013-04-23 20:47 719224 ------w- e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-13 11:44 . 2013-10-13 11:44 499712 ----a-w- e:\windows\system32\msvcp71.dll
2013-10-13 11:44 . 2013-10-13 11:44 348160 ----a-w- e:\windows\system32\msvcr71.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mobile Partner"="e:\program files\MobileWiFi\MobileWiFi" [X]
"Sidebar"="e:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="e:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 1037608]
"GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-12 6265376]
"MSC"="e:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
"TkBellExe"="e:\program files\Real\RealPlayer\update\realsched.exe" [2013-10-13 295512]
"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HP Software Update"="e:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"HP LaserJet Professional CM1410 Series Fax"="e:\program files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe" [2010-08-24 2459192]
"ToolboxFX"="e:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-10-25 58936]
"Windows Mobile Device Center"="e:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"LogMeIn Hamachi Ui"="e:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-29 3806544]
"LManager"="e:\launch~1\LManager.exe" [2008-03-13 805384]
.
e:\users\Kral\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - e:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
e:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP2900 Status Window.lnk - e:\windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE [2013-12-10 50848]
Canon LBP3000 Status Window.lnk - e:\windows\System32\spool\drivers\w32x86\3\CNAB3LAK.EXE [2013-11-2 60640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\E:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=e:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=e:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-04-17 15:19 3671872 ----a-w- e:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-11-29 09:18 116648 ----atw- e:\users\Kral\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2013-11-29 13:20 3806544 ----a-w- e:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="e:\users\Kral\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe"
.
R1 gmjebzuu;gmjebzuu;e:\windows\system32\drivers\gmjebzuu.sys [x]
R1 ihbqxmdh;ihbqxmdh;e:\windows\system32\drivers\ihbqxmdh.sys [x]
R1 ipmryocg;ipmryocg;e:\windows\system32\drivers\ipmryocg.sys [x]
R1 ivztkjfo;ivztkjfo;e:\windows\system32\drivers\ivztkjfo.sys [x]
R1 kffflnbr;kffflnbr;e:\windows\system32\drivers\kffflnbr.sys [x]
R2 HP LaserJet Service;HP LaserJet Service;e:\program files\HP\HPLaserJetService\HPLaserJetService.exe [2010-10-25 145920]
R2 SkypeUpdate;Skype Updater;e:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 btwl2cap;Bluetooth L2CAP Service;e:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;e:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
R3 ew_usbenumfilter;huawei_CompositeFilter;e:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 11136]
R3 GGSAFERDriver;GGSAFER Driver;e:\program files\Garena Plus\Room\safedrv.sys [x]
R3 HPFXBULKLEDM;HPFXBULKLEDM;e:\windows\system32\drivers\hppcbulkio.sys [2010-10-03 20504]
R3 HPFXFAX;HPFXFAX;e:\windows\system32\drivers\hppcfaxio.sys [2010-08-25 21528]
R3 huawei_cdcacm;huawei_cdcacm;e:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-03-07 95616]
R3 huawei_cdcecm;huawei_cdcecm;e:\windows\system32\DRIVERS\ew_jucdcecm.sys [2012-03-07 67584]
R3 huawei_ext_ctrl;huawei_ext_ctrl;e:\windows\system32\DRIVERS\ew_juextctrl.sys [2011-11-24 27520]
R3 NisDrv;Microsoft Network Inspection System;e:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-18 107392]
R3 NisSrv;Microsoft Network Inspection;e:\program files\Microsoft Security Client\NisSrv.exe [2013-06-20 295376]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;e:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;e:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;e:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;e:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;e:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;e:\windows\system32\Wat\WatAdminSvc.exe [2012-06-29 1343400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-04 242240]
S1 MpKsl366cd9a4;MpKsl366cd9a4;e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE8D7978-9B04-49B6-91E4-37E5AF214DFE}\MpKsl366cd9a4.sys [2013-12-21 40392]
S2 ABBYY.Licensing.PDFTransformer.Classic.4.0;ABBYY PDF Transformer+ - Licensing Service;e:\program files\ABBYY PDF Transformer+\NetworkLicenseServer.exe [2013-07-12 821560]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;e:\program files\LogMeIn Hamachi\hamachi-2.exe [2013-11-29 1664336]
S2 HWDeviceService.exe;HWDeviceService.exe;e:\programdata\DatacardService\HWDeviceService.exe [2011-03-14 271712]
S2 MSSQL$INFLOWSQL;SQL Server (INFLOWSQL);e:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-25 29263712]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;e:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-03-05 39056]
S2 Skype C2C Service;Skype C2C Service;e:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]
S3 DynCal;Dynamic Calibration Service;e:\windows\system32\drivers\Dyncal.sys [2007-11-07 12928]
S3 huawei_enumerator;huawei_enumerator;e:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-11-24 76544]
S3 JMCR;JMCR;e:\windows\system32\DRIVERS\jmcr.sys [2008-05-07 85136]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;e:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-21 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- e:\program files\Google\Update\GoogleUpdate.exe [2013-01-09 19:18]
.
2013-12-21 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- e:\program files\Google\Update\GoogleUpdate.exe [2013-01-09 19:18]
.
2013-12-21 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682967640-456850482-2582518924-1000Core.job
- e:\users\Kral\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-29 09:18]
.
2013-12-21 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682967640-456850482-2582518924-1000UA.job
- e:\users\Kral\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-29 09:18]
.
2013-12-21 e:\windows\Tasks\ReclaimerUpdateFiles_Kral.job
- e:\users\Kral\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-27 05:21]
.
2013-12-21 e:\windows\Tasks\ReclaimerUpdateXML_Kral.job
- e:\users\Kral\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-27 05:21]
.
2013-12-21 e:\windows\Tasks\RNUpgradeHelperLogonPrompt_Kral.job
- e:\users\Kral\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-27 05:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.gametop.com/?utm_source=MarioForever&utm_medium=start
mStart Page = hxxp://websearch.oversearch.info/?pid=1387&r=2013/09/23&hid=13247912752665281530&lg=EN&cc=SK&unqvl=36
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - e:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - e:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{1B6BA6B2-32C9-7932-50B9-C6E5B95D9B01} - e:\programdata\SearchNewTab\dZ.dll
Toolbar-10 - (no file)
MSConfigStartUp-Facebook Update - e:\users\Kral\AppData\Local\Facebook\Update\FacebookUpdate.exe
AddRemove-Age of Mythology 1.0 - e:\program files\Microsoft Games\Age of Mythology\UNINSTAL.EXE
AddRemove-Counter-Strike 1.6 v32 - e:\counter-strike\Uninstal.exe
AddRemove-DungeonSiege2 - e:\program files\Microsoft Games\Dungeon Siege 2\UNINSTAL.EXE
AddRemove-Eurobattle.net1.26 - e:\warcraft iii frozen throne esk\uninstall.exe
AddRemove-F.E.A.R. 3_is1 - e:\f.e.a.r. 3\unins000.exe
AddRemove-Mario Forever_is1 - e:\mario forever\unins000.exe
AddRemove-Open Transport Tycoon Deluxe 0.7.1 - e:\ottd\Uninstal.exe
AddRemove-Perspective - e:\perspective\uninst.exe
AddRemove-Postal 2_is1 - e:\portal 2\unins000.exe
AddRemove-Uplay - e:\program files\Ubisoft\Ubisoft Game Launcher\Uninstall.exe
AddRemove-Warcraft III eSK 1.26.0.6401 - e:\warcraft iii frozen throne esk\Uninstall.exe
AddRemove-{13D87B39-2A3B-4675-A0D9-B8B01EA2F8E3}_is1 - e:\nef to jpg\unins000.exe
AddRemove-{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1 - e:\euro truck simulator 2\unins000.exe
AddRemove-{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1 - e:\world_of_tanks\unins000.exe
AddRemove-{ADE91A13-434D-4229-00BC-182BAD607303} - e:\need for speed most wanted\EAUninstall.exe
AddRemove-{C670DCAE-E392-AA32-6F42-143C7FC4BDFD} - e:\programdata\SearchNewTab\rSa.exe
AddRemove-{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31} - e:\full tilt poker\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(6060)
e:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
e:\windows\system32\nvvsvc.exe
e:\program files\Microsoft Security Client\MsMpEng.exe
e:\program files\NVIDIA Corporation\Display\nvxdsync.exe
e:\windows\system32\nvvsvc.exe
e:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
e:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
e:\windows\system32\CNAB3RPK.EXE
e:\windows\system32\CNAB4RPK.EXE
e:\windows\system32\conhost.exe
e:\windows\system32\taskhost.exe
e:\program files\NVIDIA Corporation\Display\nvtray.exe
e:\programdata\DatacardService\DCSHelper.exe
e:\windows\RtHDVCpl.exe
e:\program files\Synaptics\SynTP\SynTPHelper.exe
e:\users\Kral\AppData\Local\Temp\RtkBtMnt.exe
e:\launch manager\LManager.exe
e:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe
e:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
e:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
e:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe
e:\program files\Windows Media Player\wmpnetwk.exe
e:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
e:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2013-12-21 10:27:26 - machine was rebooted
ComboFix-quarantined-files.txt 2013-12-21 07:27
.
Pre-Run: 100 956 680 192 bytes free
Post-Run: 100 705 927 168 bytes free
.
- - End Of File - - 8359BD883156D86BF1A8CC2D499A3C3A
A36C5E4F47E84449FF07ED3517B43A31

[Rudy]

Zdravím!
Proč spouštíte ComboFix, utilitu určenou pouze odborníkům? Hodláte si nabořit systém, nebo některou aplikaci?

Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
e:\windows\system32\drivers\gmjebzuu.sys
e:\windows\system32\drivers\ihbqxmdh.sys
e:\windows\system32\drivers\ipmryocg.sys
e:\windows\system32\drivers\ivztkjfo.sys
e:\windows\system32\drivers\kffflnbr.sys

File::
e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682967640-456850482-2582518924-1000Core.job
e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682967640-456850482-2582518924-1000UA.job

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"=-

Driver::
gmjebzuu
ihbqxmdh
ipmryocg
kffflnbr

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[barakuda969]

Ou to som nevedel, nasiel som to ako odpoved na taky isty problem na tomto fore len som potom potreboval pozriet log

[barakuda969]

A dakujem

[Rudy]

Vzhledem k tomu, že nález je poměrně závažný (několik rootkitů), potřeboval bych vidět log po tomto druhém skenu. Zatím není zač!

[barakuda969]

Co to znamena rootkit? v tomto som dost laik. Urcite ho sem postnem.

[Rudy]

http://cs.wikipedia.org/wiki/Rootkit . Ještě dodám, že se někdy chová dost nevyzpytatelně a někdy je problém ho odhalit. Jde mi o to, aby bylo všechno smazáno.

[barakuda969]

ComboFix 13-12-20.01 - Kral . 12. 2013 14:08:23.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1033.18.3070.1993 [GMT 3:00]
Running from: e:\users\Kral\Desktop\ComboFix.exe
Command switches used :: e:\users\Kral\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"e:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"e:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682967640-456850482-2582518924-1000Core.job"
"e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682967640-456850482-2582518924-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gmjebzuu
-------\Service_ihbqxmdh
-------\Service_ipmryocg
-------\Service_kffflnbr
.
.
((((((((((((((((((((((((( Files Created from 2013-11-21 to 2013-12-21 )))))))))))))))))))))))))))))))
.
.
2013-12-21 11:15 . 2013-12-21 11:15 -------- d-----w- e:\users\UpdatusUser\AppData\Local\temp
2013-12-21 11:15 . 2013-12-21 11:15 -------- d-----w- e:\users\Default\AppData\Local\temp
2013-12-21 11:15 . 2013-12-21 11:15 -------- d-----w- e:\users\Administrator\AppData\Local\temp
2013-12-21 08:19 . 2013-12-04 02:57 7760024 ----a-w- e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE900F26-A97E-4CAF-814A-29737B90541F}\mpengine.dll
2013-12-19 20:51 . 2013-12-19 21:26 -------- d-----w- e:\users\Kral\AppData\Roaming\inFlow Inventory
2013-12-19 14:14 . 2013-12-19 14:17 -------- d-----w- e:\program files\Microsoft SQL Server
2013-12-19 14:12 . 2013-12-19 14:12 -------- d-----w- e:\program files\Business Objects
2013-12-19 14:06 . 2013-12-21 10:14 -------- d-----w- e:\programdata\inFlow Inventory
2013-12-19 14:06 . 2013-12-19 21:12 -------- d-----w- e:\program files\inFlow Inventory
2013-12-19 13:38 . 2013-12-04 02:57 7760024 ----a-w- e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-19 10:35 . 1998-07-16 19:40 424960 ----a-w- e:\windows\system32\C4dll.dll
2013-12-19 10:35 . 2001-03-13 10:49 140288 ----a-w- e:\windows\system32\COMDLG32.OCX
2013-12-15 11:15 . 2013-12-15 11:15 -------- d-sh--w- e:\windows\system32\AI_RecycleBin
2013-12-10 14:59 . 2013-12-10 14:59 -------- d-----w- E:\Launch Manager
2013-12-10 14:57 . 2006-11-02 18:29 21264 ----a-w- e:\windows\system32\drivers\DKbFltr.sys
2013-12-10 14:57 . 2007-12-03 12:11 207368 ----a-w- e:\windows\UNINST32.EXE
2013-12-10 14:42 . 2013-12-10 14:42 125 ----a-w- e:\windows\xUninstall.bat
2013-12-10 14:41 . 2013-12-10 14:42 -------- d-----w- e:\windows\JMCR_DIR
2013-12-10 14:40 . 2008-05-07 15:47 85136 ----a-w- e:\windows\system32\drivers\jmcr.sys
2013-12-10 06:49 . 2007-09-27 12:00 69632 ----a-w- e:\windows\system32\CNAB4SMK.DLL
2013-12-10 06:49 . 2007-09-27 12:00 135168 ----a-w- e:\windows\system32\CNAB4EMU.DLL
2013-12-10 06:49 . 2007-01-11 09:26 63112 ----a-w- e:\windows\system32\CNAB4RPK.EXE
2013-12-10 06:49 . 2007-01-10 12:00 28672 ----a-w- e:\windows\system32\CNAB4PTU.DLL
2013-12-10 06:49 . 2007-01-10 12:00 28672 ----a-w- e:\windows\system32\CNAB4LMK.DLL
2013-12-07 20:35 . 2013-12-07 20:53 -------- d-----w- E:\PROGRAMY
2013-12-07 20:35 . 2013-12-07 20:56 -------- d-----w- E:\FILMY
2013-12-07 20:31 . 2013-12-07 21:03 -------- d-----w- E:\GAMES
2013-12-07 05:11 . 2013-10-19 06:43 719224 ------w- e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A555ECE0-D5B0-4A08-A9BE-0DBC7B5C2F6D}\gapaengine.dll
2013-12-04 07:18 . 2013-12-04 07:18 -------- d-----w- e:\program files\LogMeIn Hamachi
2013-12-03 10:15 . 2013-12-03 10:15 -------- d-----w- e:\users\Kral\AppData\Local\HP
2013-12-03 09:21 . 2013-12-03 09:21 -------- d-----w- e:\programdata\JAGUAR
2013-12-02 13:53 . 2013-12-02 13:53 -------- d-----w- e:\users\Kral\AppData\Roaming\gd.sos.McPixel
2013-12-02 09:57 . 2013-12-02 10:00 -------- d-----w- e:\windows\WindowsMobile
2013-12-01 10:09 . 2013-12-13 20:18 -------- d-----w- e:\users\Kral\AppData\Local\NFS Underground 2
2013-11-27 08:30 . 2013-11-27 08:30 -------- d-----w- e:\users\Kral\AppData\Roaming\Hewlett-Packard Company
2013-11-27 08:29 . 2010-08-24 10:34 19624 ------w- e:\windows\system32\hppfaxprintermon5.dll
2013-11-27 08:29 . 2010-08-24 10:34 15144 ------w- e:\windows\system32\hppfaxprintermonui5.dll
2013-11-27 08:28 . 2013-11-27 08:28 -------- d-----w- e:\program files\Hewlett-Packard
2013-11-27 08:28 . 2013-12-04 09:21 -------- d-----w- e:\users\Kral\AppData\Roaming\HpUpdate
2013-11-27 07:52 . 2013-11-27 08:30 -------- d-----w- e:\program files\HP
2013-11-27 07:47 . 2010-08-25 16:47 21528 ----a-w- e:\windows\system32\drivers\hppcfaxio.sys
2013-11-27 07:47 . 2010-08-25 16:47 59928 ----a-w- e:\windows\system32\hppcfaxcompio.dll
2013-11-27 07:47 . 2010-08-23 22:45 755256 ----a-w- e:\windows\system32\hpxp1410.dll
2013-11-27 07:47 . 2010-08-23 22:45 751160 ----a-w- e:\windows\system32\hpptsp08.dll
2013-11-27 07:47 . 2010-08-23 22:45 187960 ----a-w- e:\windows\system32\hppscancoins32.dll
2013-11-27 07:47 . 2010-08-25 16:47 188416 ----a-w- e:\windows\system32\hpmldmfax01.dll
2013-11-27 07:47 . 2010-10-13 18:16 238080 ----a-w- e:\windows\system32\hpbcoins32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 10:21 . 2009-10-14 09:58 230048 ------w- e:\windows\system32\MpSigStub.exe
2013-10-19 06:43 . 2013-04-23 20:47 719224 ------w- e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-13 11:44 . 2013-10-13 11:44 499712 ----a-w- e:\windows\system32\msvcp71.dll
2013-10-13 11:44 . 2013-10-13 11:44 348160 ----a-w- e:\windows\system32\msvcr71.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mobile Partner"="e:\program files\MobileWiFi\MobileWiFi" [X]
"Sidebar"="e:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="e:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 1037608]
"GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-12 6265376]
"MSC"="e:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
"TkBellExe"="e:\program files\Real\RealPlayer\update\realsched.exe" [2013-10-13 295512]
"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HP Software Update"="e:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"HP LaserJet Professional CM1410 Series Fax"="e:\program files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe" [2010-08-24 2459192]
"ToolboxFX"="e:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-10-25 58936]
"Windows Mobile Device Center"="e:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"LogMeIn Hamachi Ui"="e:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-29 3806544]
"LManager"="e:\launch~1\LManager.exe" [2008-03-13 805384]
.
e:\users\Kral\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - e:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
e:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP2900 Status Window.lnk - e:\windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE [2013-12-10 50848]
Canon LBP3000 Status Window.lnk - e:\windows\System32\spool\drivers\w32x86\3\CNAB3LAK.EXE [2013-11-2 60640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\E:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=e:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=e:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-04-17 15:19 3671872 ----a-w- e:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-11-29 09:18 116648 ----atw- e:\users\Kral\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2013-11-29 13:20 3806544 ----a-w- e:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="e:\users\Kral\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R1 ivztkjfo;ivztkjfo;e:\windows\system32\drivers\ivztkjfo.sys [x]
R1 MpKsl366cd9a4;MpKsl366cd9a4;e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE8D7978-9B04-49B6-91E4-37E5AF214DFE}\MpKsl366cd9a4.sys [x]
R2 HP LaserJet Service;HP LaserJet Service;e:\program files\HP\HPLaserJetService\HPLaserJetService.exe [2010-10-25 145920]
R2 SkypeUpdate;Skype Updater;e:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 btwl2cap;Bluetooth L2CAP Service;e:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;e:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
R3 ew_usbenumfilter;huawei_CompositeFilter;e:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 11136]
R3 GGSAFERDriver;GGSAFER Driver;e:\program files\Garena Plus\Room\safedrv.sys [x]
R3 HPFXBULKLEDM;HPFXBULKLEDM;e:\windows\system32\drivers\hppcbulkio.sys [2010-10-03 20504]
R3 HPFXFAX;HPFXFAX;e:\windows\system32\drivers\hppcfaxio.sys [2010-08-25 21528]
R3 huawei_cdcacm;huawei_cdcacm;e:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-03-07 95616]
R3 huawei_cdcecm;huawei_cdcecm;e:\windows\system32\DRIVERS\ew_jucdcecm.sys [2012-03-07 67584]
R3 huawei_ext_ctrl;huawei_ext_ctrl;e:\windows\system32\DRIVERS\ew_juextctrl.sys [2011-11-24 27520]
R3 NisDrv;Microsoft Network Inspection System;e:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-18 107392]
R3 NisSrv;Microsoft Network Inspection;e:\program files\Microsoft Security Client\NisSrv.exe [2013-06-20 295376]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;e:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;e:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;e:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;e:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;e:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;e:\windows\system32\Wat\WatAdminSvc.exe [2012-06-29 1343400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-04 242240]
S2 ABBYY.Licensing.PDFTransformer.Classic.4.0;ABBYY PDF Transformer+ - Licensing Service;e:\program files\ABBYY PDF Transformer+\NetworkLicenseServer.exe [2013-07-12 821560]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;e:\program files\LogMeIn Hamachi\hamachi-2.exe [2013-11-29 1664336]
S2 HWDeviceService.exe;HWDeviceService.exe;e:\programdata\DatacardService\HWDeviceService.exe [2011-03-14 271712]
S2 MSSQL$INFLOWSQL;SQL Server (INFLOWSQL);e:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-25 29263712]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;e:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-03-05 39056]
S2 Skype C2C Service;Skype C2C Service;e:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]
S3 DynCal;Dynamic Calibration Service;e:\windows\system32\drivers\Dyncal.sys [2007-11-07 12928]
S3 huawei_enumerator;huawei_enumerator;e:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-11-24 76544]
S3 JMCR;JMCR;e:\windows\system32\DRIVERS\jmcr.sys [2008-05-07 85136]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;e:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-21 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- e:\program files\Google\Update\GoogleUpdate.exe [2013-01-09 19:18]
.
2013-12-21 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- e:\program files\Google\Update\GoogleUpdate.exe [2013-01-09 19:18]
.
2013-12-21 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682967640-456850482-2582518924-1000Core.job
- e:\users\Kral\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-29 09:18]
.
2013-12-21 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682967640-456850482-2582518924-1000UA.job
- e:\users\Kral\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-29 09:18]
.
2013-12-21 e:\windows\Tasks\ReclaimerUpdateFiles_Kral.job
- e:\users\Kral\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-27 05:21]
.
2013-12-21 e:\windows\Tasks\ReclaimerUpdateXML_Kral.job
- e:\users\Kral\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-27 05:21]
.
2013-12-21 e:\windows\Tasks\RNUpgradeHelperLogonPrompt_Kral.job
- e:\users\Kral\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-27 05:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.gametop.com/?utm_source=MarioForever&utm_medium=start
mStart Page = hxxp://websearch.oversearch.info/?pid=1387&r=2013/09/23&hid=13247912752665281530&lg=EN&cc=SK&unqvl=36
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - e:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - e:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5724)
e:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
e:\windows\system32\nvvsvc.exe
e:\program files\Microsoft Security Client\MsMpEng.exe
e:\program files\NVIDIA Corporation\Display\nvxdsync.exe
e:\windows\system32\nvvsvc.exe
e:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
e:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
e:\windows\system32\CNAB3RPK.EXE
e:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
e:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
e:\windows\system32\CNAB4RPK.EXE
e:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe
e:\windows\system32\taskhost.exe
e:\windows\system32\conhost.exe
e:\program files\NVIDIA Corporation\Display\nvtray.exe
e:\windows\RtHDVCpl.exe
e:\program files\Synaptics\SynTP\SynTPHelper.exe
e:\users\Kral\AppData\Local\Temp\RtkBtMnt.exe
e:\launch manager\LManager.exe
e:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe
e:\program files\Windows Media Player\wmpnetwk.exe
e:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
e:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2013-12-21 14:24:17 - machine was rebooted
ComboFix-quarantined-files.txt 2013-12-21 11:24
ComboFix2.txt 2013-12-21 07:27
.
Pre-Run: 100 491 452 416 bytes free
Post-Run: 100 430 671 872 bytes free
.
- - End Of File - - 6981510A363CDAB33E349FF81DD020A0
A36C5E4F47E84449FF07ED3517B43A31

[barakuda969]

toto je novz readout. Problem s oknami stale pretrvava :/

[Rudy]

Ještě se něco ulázalo. Celou akci zopakujeme tímto skriptem:

KillAll::

Collect::
e:\windows\system32\drivers\ivztkjfo.sys

Driver::
ivztkjfo
Skype C2C Service

[barakuda969]

ComboFix 13-12-20.01 - Kral . 12. 2013 14:38:49.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1033.18.3070.2115 [GMT 3:00]
Running from: e:\users\Kral\Desktop\ComboFix.exe
Command switches used :: e:\users\Kral\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ivztkjfo
-------\Service_Skype C2C Service
.
.
((((((((((((((((((((((((( Files Created from 2013-11-21 to 2013-12-21 )))))))))))))))))))))))))))))))
.
.
2013-12-21 11:45 . 2013-12-21 11:45 -------- d-----w- e:\users\UpdatusUser\AppData\Local\temp
2013-12-21 11:45 . 2013-12-21 11:45 -------- d-----w- e:\users\Default\AppData\Local\temp
2013-12-21 11:45 . 2013-12-21 11:45 -------- d-----w- e:\users\Administrator\AppData\Local\temp
2013-12-21 11:34 . 2013-12-21 11:34 62576 ----a-w- e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B8D5D0E-CE9C-40C0-9F50-1ADCE5222B40}\offreg.dll
2013-12-21 11:34 . 2013-12-21 11:34 40392 ----a-w- e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B8D5D0E-CE9C-40C0-9F50-1ADCE5222B40}\MpKsl0894bd86.sys
2013-12-21 11:26 . 2013-12-04 02:57 7760024 ----a-w- e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B8D5D0E-CE9C-40C0-9F50-1ADCE5222B40}\mpengine.dll
2013-12-19 20:51 . 2013-12-19 21:26 -------- d-----w- e:\users\Kral\AppData\Roaming\inFlow Inventory
2013-12-19 14:14 . 2013-12-19 14:17 -------- d-----w- e:\program files\Microsoft SQL Server
2013-12-19 14:12 . 2013-12-19 14:12 -------- d-----w- e:\program files\Business Objects
2013-12-19 14:06 . 2013-12-21 10:14 -------- d-----w- e:\programdata\inFlow Inventory
2013-12-19 14:06 . 2013-12-19 21:12 -------- d-----w- e:\program files\inFlow Inventory
2013-12-19 13:38 . 2013-12-04 02:57 7760024 ----a-w- e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-19 10:35 . 2002-08-28 23:41 323072 ----a-w- e:\windows\system32\temp.002
2013-12-19 10:35 . 2002-08-28 23:40 74810 ----a-w- e:\windows\system32\temp.001
2013-12-19 10:35 . 1998-07-16 19:40 424960 ----a-w- e:\windows\system32\C4dll.dll
2013-12-19 10:35 . 1999-05-06 20:00 204296 ----a-w- e:\windows\system32\Richtx32.ocx
2013-12-19 10:35 . 1999-03-29 12:21 258840 ----a-w- e:\windows\system32\SSLstBar.ocx
2013-12-19 10:35 . 1998-05-06 20:00 174352 ----a-w- e:\windows\system32\temp.000
2013-12-19 10:35 . 2001-03-13 10:49 140288 ----a-w- e:\windows\system32\COMDLG32.OCX
2013-12-19 10:35 . 1998-04-23 20:00 368912 ----a-w- e:\windows\system32\vbar332.dll
2013-12-15 11:15 . 2013-12-15 11:15 -------- d-sh--w- e:\windows\system32\AI_RecycleBin
2013-12-10 14:59 . 2013-12-10 14:59 -------- d-----w- E:\Launch Manager
2013-12-10 14:57 . 2006-11-02 18:29 21264 ----a-w- e:\windows\system32\drivers\DKbFltr.sys
2013-12-10 14:57 . 2007-12-03 12:11 207368 ----a-w- e:\windows\UNINST32.EXE
2013-12-10 14:42 . 2013-12-10 14:42 125 ----a-w- e:\windows\xUninstall.bat
2013-12-10 14:41 . 2013-12-10 14:42 -------- d-----w- e:\windows\JMCR_DIR
2013-12-10 14:40 . 2008-05-07 15:47 85136 ----a-w- e:\windows\system32\drivers\jmcr.sys
2013-12-10 06:49 . 2007-09-27 12:00 69632 ----a-w- e:\windows\system32\CNAB4SMK.DLL
2013-12-10 06:49 . 2007-09-27 12:00 135168 ----a-w- e:\windows\system32\CNAB4EMU.DLL
2013-12-10 06:49 . 2007-01-11 09:26 63112 ----a-w- e:\windows\system32\CNAB4RPK.EXE
2013-12-10 06:49 . 2007-01-10 12:00 28672 ----a-w- e:\windows\system32\CNAB4PTU.DLL
2013-12-10 06:49 . 2007-01-10 12:00 28672 ----a-w- e:\windows\system32\CNAB4LMK.DLL
2013-12-07 20:35 . 2013-12-07 20:53 -------- d-----w- E:\PROGRAMY
2013-12-07 20:35 . 2013-12-07 20:56 -------- d-----w- E:\FILMY
2013-12-07 20:31 . 2013-12-07 21:03 -------- d-----w- E:\GAMES
2013-12-07 05:11 . 2013-10-19 06:43 719224 ------w- e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A555ECE0-D5B0-4A08-A9BE-0DBC7B5C2F6D}\gapaengine.dll
2013-12-04 07:18 . 2013-12-04 07:18 -------- d-----w- e:\program files\LogMeIn Hamachi
2013-12-03 10:15 . 2013-12-03 10:15 -------- d-----w- e:\users\Kral\AppData\Local\HP
2013-12-03 09:21 . 2013-12-03 09:21 -------- d-----w- e:\programdata\JAGUAR
2013-12-02 13:53 . 2013-12-02 13:53 -------- d-----w- e:\users\Kral\AppData\Roaming\gd.sos.McPixel
2013-12-02 09:57 . 2013-12-02 10:00 -------- d-----w- e:\windows\WindowsMobile
2013-12-01 10:09 . 2013-12-13 20:18 -------- d-----w- e:\users\Kral\AppData\Local\NFS Underground 2
2013-11-27 08:30 . 2013-11-27 08:30 -------- d-----w- e:\users\Kral\AppData\Roaming\Hewlett-Packard Company
2013-11-27 08:29 . 2010-08-24 10:34 19624 ------w- e:\windows\system32\hppfaxprintermon5.dll
2013-11-27 08:29 . 2010-08-24 10:34 15144 ------w- e:\windows\system32\hppfaxprintermonui5.dll
2013-11-27 08:29 . 2013-11-27 08:29 608 --sha-w- e:\windows\system32\winzvprt5.sys
2013-11-27 08:28 . 2013-11-27 08:28 -------- d-----w- e:\program files\Hewlett-Packard
2013-11-27 08:28 . 2013-12-04 09:21 -------- d-----w- e:\users\Kral\AppData\Roaming\HpUpdate
2013-11-27 07:52 . 2013-11-27 08:30 -------- d-----w- e:\program files\HP
2013-11-27 07:47 . 2010-08-25 16:47 21528 ----a-w- e:\windows\system32\drivers\hppcfaxio.sys
2013-11-27 07:47 . 2010-08-25 16:47 59928 ----a-w- e:\windows\system32\hppcfaxcompio.dll
2013-11-27 07:47 . 2010-08-23 22:45 755256 ----a-w- e:\windows\system32\hpxp1410.dll
2013-11-27 07:47 . 2010-08-23 22:45 751160 ----a-w- e:\windows\system32\hpptsp08.dll
2013-11-27 07:47 . 2010-08-23 22:45 187960 ----a-w- e:\windows\system32\hppscancoins32.dll
2013-11-27 07:47 . 2010-08-25 16:47 188416 ----a-w- e:\windows\system32\hpmldmfax01.dll
2013-11-27 07:47 . 2010-10-13 18:16 238080 ----a-w- e:\windows\system32\hpbcoins32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 10:21 . 2009-10-14 09:58 230048 ------w- e:\windows\system32\MpSigStub.exe
2013-10-19 06:43 . 2013-04-23 20:47 719224 ------w- e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-13 11:44 . 2013-10-13 11:44 499712 ----a-w- e:\windows\system32\msvcp71.dll
2013-10-13 11:44 . 2013-10-13 11:44 348160 ----a-w- e:\windows\system32\msvcr71.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mobile Partner"="e:\program files\MobileWiFi\MobileWiFi" [X]
"Sidebar"="e:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="e:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 1037608]
"GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-12 6265376]
"MSC"="e:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
"TkBellExe"="e:\program files\Real\RealPlayer\update\realsched.exe" [2013-10-13 295512]
"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HP Software Update"="e:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"HP LaserJet Professional CM1410 Series Fax"="e:\program files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe" [2010-08-24 2459192]
"ToolboxFX"="e:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-10-25 58936]
"Windows Mobile Device Center"="e:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"LogMeIn Hamachi Ui"="e:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-29 3806544]
"LManager"="e:\launch~1\LManager.exe" [2008-03-13 805384]
.
e:\users\Kral\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - e:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
e:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP2900 Status Window.lnk - e:\windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE [2013-12-10 50848]
Canon LBP3000 Status Window.lnk - e:\windows\System32\spool\drivers\w32x86\3\CNAB3LAK.EXE [2013-11-2 60640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\E:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=e:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=e:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-04-17 15:19 3671872 ----a-w- e:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-11-29 09:18 116648 ----atw- e:\users\Kral\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2013-11-29 13:20 3806544 ----a-w- e:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="e:\users\Kral\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 HP LaserJet Service;HP LaserJet Service;e:\program files\HP\HPLaserJetService\HPLaserJetService.exe [2010-10-25 145920]
R2 SkypeUpdate;Skype Updater;e:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 btwl2cap;Bluetooth L2CAP Service;e:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;e:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
R3 ew_usbenumfilter;huawei_CompositeFilter;e:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 11136]
R3 GGSAFERDriver;GGSAFER Driver;e:\program files\Garena Plus\Room\safedrv.sys [x]
R3 HPFXBULKLEDM;HPFXBULKLEDM;e:\windows\system32\drivers\hppcbulkio.sys [2010-10-03 20504]
R3 HPFXFAX;HPFXFAX;e:\windows\system32\drivers\hppcfaxio.sys [2010-08-25 21528]
R3 huawei_cdcacm;huawei_cdcacm;e:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-03-07 95616]
R3 huawei_cdcecm;huawei_cdcecm;e:\windows\system32\DRIVERS\ew_jucdcecm.sys [2012-03-07 67584]
R3 huawei_ext_ctrl;huawei_ext_ctrl;e:\windows\system32\DRIVERS\ew_juextctrl.sys [2011-11-24 27520]
R3 NisDrv;Microsoft Network Inspection System;e:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-18 107392]
R3 NisSrv;Microsoft Network Inspection;e:\program files\Microsoft Security Client\NisSrv.exe [2013-06-20 295376]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;e:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;e:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;e:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;e:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;e:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;e:\windows\system32\Wat\WatAdminSvc.exe [2012-06-29 1343400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-04 242240]
S1 MpKsl0894bd86;MpKsl0894bd86;e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B8D5D0E-CE9C-40C0-9F50-1ADCE5222B40}\MpKsl0894bd86.sys [2013-12-21 40392]
S2 ABBYY.Licensing.PDFTransformer.Classic.4.0;ABBYY PDF Transformer+ - Licensing Service;e:\program files\ABBYY PDF Transformer+\NetworkLicenseServer.exe [2013-07-12 821560]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;e:\program files\LogMeIn Hamachi\hamachi-2.exe [2013-11-29 1664336]
S2 HWDeviceService.exe;HWDeviceService.exe;e:\programdata\DatacardService\HWDeviceService.exe [2011-03-14 271712]
S2 MSSQL$INFLOWSQL;SQL Server (INFLOWSQL);e:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-25 29263712]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;e:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-03-05 39056]
S3 DynCal;Dynamic Calibration Service;e:\windows\system32\drivers\Dyncal.sys [2007-11-07 12928]
S3 huawei_enumerator;huawei_enumerator;e:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-11-24 76544]
S3 JMCR;JMCR;e:\windows\system32\DRIVERS\jmcr.sys [2008-05-07 85136]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;e:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-21 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- e:\program files\Google\Update\GoogleUpdate.exe [2013-01-09 19:18]
.
2013-12-21 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- e:\program files\Google\Update\GoogleUpdate.exe [2013-01-09 19:18]
.
2013-12-21 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682967640-456850482-2582518924-1000Core.job
- e:\users\Kral\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-29 09:18]
.
2013-12-21 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682967640-456850482-2582518924-1000UA.job
- e:\users\Kral\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-29 09:18]
.
2013-12-21 e:\windows\Tasks\ReclaimerUpdateFiles_Kral.job
- e:\users\Kral\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-27 05:21]
.
2013-12-21 e:\windows\Tasks\ReclaimerUpdateXML_Kral.job
- e:\users\Kral\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-27 05:21]
.
2013-12-21 e:\windows\Tasks\RNUpgradeHelperLogonPrompt_Kral.job
- e:\users\Kral\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-27 05:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.gametop.com/?utm_source=MarioForever&utm_medium=start
mStart Page = hxxp://websearch.oversearch.info/?pid=1387&r=2013/09/23&hid=13247912752665281530&lg=EN&cc=SK&unqvl=36
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - e:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - e:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3900)
e:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
e:\windows\system32\nvvsvc.exe
e:\program files\Microsoft Security Client\MsMpEng.exe
e:\program files\NVIDIA Corporation\Display\nvxdsync.exe
e:\windows\system32\nvvsvc.exe
e:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
e:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
e:\windows\system32\taskhost.exe
e:\windows\system32\CNAB3RPK.EXE
e:\windows\system32\CNAB4RPK.EXE
e:\windows\system32\conhost.exe
e:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
e:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
e:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe
e:\program files\NVIDIA Corporation\Display\nvtray.exe
e:\windows\RtHDVCpl.exe
e:\users\Kral\AppData\Local\Temp\RtkBtMnt.exe
e:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe
e:\launch manager\LManager.exe
e:\program files\Synaptics\SynTP\SynTPHelper.exe
e:\program files\Windows Media Player\wmpnetwk.exe
e:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
e:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2013-12-21 14:52:58 - machine was rebooted
ComboFix-quarantined-files.txt 2013-12-21 11:52
ComboFix2.txt 2013-12-21 11:24
ComboFix3.txt 2013-12-21 07:27
.
Pre-Run: 100 520 411 136 bytes free
Post-Run: 100 455 718 912 bytes free
.
- - End Of File - - 3BB79F2720B053F757AC9EA15328A78A
A36C5E4F47E84449FF07ED3517B43A31

[barakuda969]

Ako to vyzera?

[Rudy]

Log je již OK. Nastala nějaká změna?

[barakuda969]

Naviem co vsetko by som si mal vsimat. Okna zatial vyzeraju v poriadku.

[Rudy]

Tak to jsem rád!