JS/Kryptik.I trojský kůň

[Johny]

Zdravím.

Eset mi poslední dobou často velmi často zobrazuje hlášení přiložené na obrázku. Vir se vždy jen uloží do karantény, to je celé. Pomůžete mi prosím, co s tím udělat? Předem děkuji.

Zde přikládám log z HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:48, on 20.4.2014
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ASUS Xonar D1 Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8655 bytes

[Rudy]

Zdravím!
Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

[Johny]

Díky za ochotu.

ComboFix 14-04-20.01 - Johnny 20.04.2014 19:33:41.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4095.2925 [GMT 2:00]
Spuštěný z: c:\users\Johnny\Desktop\ComboFix.exe
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personální firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Johnny\Documents\~WRL2233.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-20 do 2014-04-20 )))))))))))))))))))))))))))))))
.
.
2014-04-20 17:44 . 2014-04-20 17:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-19 19:34 . 2014-04-14 18:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-18 14:11 . 2014-04-20 16:53 -------- d-----w- c:\program files\HJT
2014-04-18 10:28 . 2014-04-18 10:28 -------- d-----w- c:\users\Johnny\AppData\Roaming\ASUS
2014-04-18 10:28 . 2011-05-12 15:13 465408 ------w- c:\windows\system32\cmasiopx.dll
2014-04-18 10:28 . 2011-05-12 15:13 303104 ------w- c:\windows\SysWow64\cmasiop.dll
2014-04-18 10:28 . 2011-05-12 15:05 8769536 ------w- c:\windows\SysWow64\CmiCnfgp.dll
2014-04-18 10:28 . 2011-04-19 12:56 143360 ------w- c:\windows\SysWow64\VmixP8.dll
2014-04-18 10:28 . 2008-07-23 16:59 389120 ------w- c:\windows\system32\CmiCnfgP.cpl
2014-04-18 10:28 . 2007-12-13 15:12 122880 ------w- c:\windows\SysWow64\Cm_Oal.dll
2014-04-18 10:28 . 2007-12-13 15:12 122880 ------w- c:\windows\system32\Cm_Oal.dll
2014-04-18 10:28 . 2006-09-13 08:21 200704 ------w- c:\windows\SysWow64\Cmpaoxy.dll
2014-04-18 10:27 . 2014-04-18 10:28 -------- d-----w- c:\program files\ASUS Xonar D1 Audio
2014-04-18 10:27 . 2011-02-24 14:52 805376 ------w- c:\windows\system32\Cmeauoxy.exe
2014-04-18 10:26 . 2011-03-10 13:44 2725376 ----a-w- c:\windows\system32\drivers\cmudaxp.sys
2014-04-18 10:26 . 2007-04-19 13:12 32768 ----a-w- c:\windows\system32\cmudaxp.dll
2014-04-18 10:26 . 2004-04-14 09:28 315392 ----a-w- c:\windows\system\CmiFltr.dll
2014-04-18 07:53 . 2014-04-17 03:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1980F96F-064A-4921-B0A6-3C4430255FB0}\mpengine.dll
2014-04-13 18:52 . 2014-04-13 18:52 -------- d-----w- c:\users\Johnny\AppData\Local\Diagnostics
2014-04-11 16:31 . 2014-04-11 16:31 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2014-04-09 12:19 . 2014-03-31 01:16 23134208 ----a-w- c:\windows\system32\mshtml.dll
2014-04-09 12:19 . 2014-03-31 01:13 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-04-09 12:19 . 2014-03-31 00:13 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-04-09 12:13 . 2014-01-24 02:40 1684416 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-07 13:30 . 2014-04-07 13:30 -------- d-----w- c:\program files\Nuforce Inc
2014-04-01 15:22 . 2014-04-01 15:22 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-04-01 14:17 . 2014-04-01 14:17 -------- d-----w- c:\programdata\GridinSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-18 10:28 . 2014-03-09 21:34 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2014-04-18 10:28 . 2014-03-09 21:34 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2014-04-18 10:28 . 2014-03-09 21:34 111616 ----a-w- c:\windows\system32\OpenAL32.dll
2014-04-18 10:28 . 2014-03-09 21:34 102400 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2014-04-13 07:56 . 2014-03-08 09:05 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-13 07:56 . 2014-03-08 09:05 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-09 13:18 . 2014-03-18 20:09 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-31 07:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-08 22:44 . 2014-03-08 22:44 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-03-08 22:44 . 2014-03-08 22:44 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-03-08 22:44 . 2014-03-08 22:44 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-03-08 22:44 . 2014-03-08 22:44 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-03-08 22:44 . 2014-03-08 22:44 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-08 22:44 . 2014-03-08 22:44 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-03-08 22:44 . 2014-03-08 22:44 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-03-08 22:44 . 2014-03-08 22:44 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-03-08 22:44 . 2014-03-08 22:44 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-03-08 22:44 . 2014-03-08 22:44 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-03-08 22:44 . 2014-03-08 22:44 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-03-08 22:44 . 2014-03-08 22:44 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-03-08 22:44 . 2014-03-08 22:44 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-03-08 22:44 . 2014-03-08 22:44 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-03-08 22:44 . 2014-03-08 22:44 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-03-08 22:44 . 2014-03-08 22:44 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-03-08 22:44 . 2014-03-08 22:44 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-03-08 22:44 . 2014-03-08 22:44 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-03-08 22:44 . 2014-03-08 22:44 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-03-08 22:44 . 2014-03-08 22:44 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-03-08 22:44 . 2014-03-08 22:44 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-03-08 22:44 . 2014-03-08 22:44 247808 ----a-w- c:\windows\system32\msls31.dll
2014-03-08 22:44 . 2014-03-08 22:44 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-03-08 22:44 . 2014-03-08 22:44 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-03-08 22:44 . 2014-03-08 22:44 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-03-08 22:44 . 2014-03-08 22:44 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-03-08 22:44 . 2014-03-08 22:44 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-03-08 22:44 . 2014-03-08 22:44 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-03-08 22:44 . 2014-03-08 22:44 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-03-08 22:44 . 2014-03-08 22:44 413696 ----a-w- c:\windows\system32\html.iec
2014-03-08 22:44 . 2014-03-08 22:44 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-08 22:44 . 2014-03-08 22:44 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-03-08 22:44 . 2014-03-08 22:44 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-03-08 22:44 . 2014-03-08 22:44 81408 ----a-w- c:\windows\system32\icardie.dll
2014-03-08 22:44 . 2014-03-08 22:44 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-03-08 22:44 . 2014-03-08 22:44 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-03-08 22:44 . 2014-03-08 22:44 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-08 22:44 . 2014-03-08 22:44 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2014-03-08 22:44 . 2014-03-08 22:44 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-03-08 22:44 . 2014-03-08 22:44 235520 ----a-w- c:\windows\system32\url.dll
2014-03-08 22:44 . 2014-03-08 22:44 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-03-08 22:44 . 2014-03-08 22:44 101376 ----a-w- c:\windows\system32\inseng.dll
2014-03-08 22:44 . 2014-03-08 22:44 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-03-08 22:44 . 2014-03-08 22:44 143872 ----a-w- c:\windows\system32\wextract.exe
2014-03-08 22:44 . 2014-03-08 22:44 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-03-08 22:44 . 2014-03-08 22:44 147968 ----a-w- c:\windows\system32\occache.dll
2014-03-08 22:44 . 2014-03-08 22:44 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-03-08 22:44 . 2014-03-08 22:44 774144 ----a-w- c:\windows\system32\jscript.dll
2014-03-08 22:44 . 2014-03-08 22:44 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-03-08 22:44 . 2014-03-08 22:44 13824 ----a-w- c:\windows\system32\mshta.exe
2014-03-08 22:44 . 2014-03-08 22:44 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-03-04 10:39 . 2014-04-09 12:14 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-01 05:16 . 2014-03-12 15:55 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-01 04:58 . 2014-03-12 15:55 2765824 ----a-w- c:\windows\system32\iertutil.dll
2014-03-01 04:52 . 2014-03-12 15:55 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-03-01 04:51 . 2014-03-12 15:55 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-01 04:42 . 2014-03-12 15:55 53760 ----a-w- c:\windows\system32\jsproxy.dll
2014-03-01 04:40 . 2014-03-12 15:55 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-03-01 04:37 . 2014-03-12 15:55 574976 ----a-w- c:\windows\system32\ieui.dll
2014-03-01 04:33 . 2014-03-12 15:55 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-01 04:33 . 2014-03-12 15:55 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-01 04:32 . 2014-03-12 15:55 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-01 04:23 . 2014-03-12 15:55 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 04:17 . 2014-03-12 15:55 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-01 04:02 . 2014-03-12 15:55 195584 ----a-w- c:\windows\system32\msrating.dll
2014-03-01 03:54 . 2014-03-12 15:55 5768704 ----a-w- c:\windows\system32\jscript9.dll
2014-03-01 03:52 . 2014-03-12 15:55 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-03-01 03:51 . 2014-03-12 15:55 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:42 . 2014-03-12 15:55 627200 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-01 03:38 . 2014-03-12 15:55 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-03-01 03:37 . 2014-03-12 15:55 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-03-01 03:35 . 2014-03-12 15:55 2041856 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-01 03:18 . 2014-03-12 15:55 13051904 ----a-w- c:\windows\system32\ieframe.dll
2014-03-01 03:14 . 2014-03-12 15:55 4244480 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-01 03:10 . 2014-03-12 15:55 2334208 ----a-w- c:\windows\system32\wininet.dll
2014-03-01 03:00 . 2014-03-12 15:55 1964032 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-03-01 02:38 . 2014-03-12 15:55 1393664 ----a-w- c:\windows\system32\urlmon.dll
2014-03-01 02:32 . 2014-03-12 15:55 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-01 02:25 . 2014-03-12 15:55 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2014-02-08 18:34 . 2014-03-08 09:20 61216 ----a-w- c:\windows\system32\OpenCL.dll
2014-02-08 18:34 . 2014-03-08 09:20 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-02-08 18:34 . 2014-03-08 09:18 947296 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-02-08 18:34 . 2014-03-08 09:18 832424 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-02-08 18:34 . 2014-03-08 09:18 18257576 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-02-08 18:34 . 2014-03-08 09:18 15740232 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-02-08 18:34 . 2014-03-08 09:18 11589272 ----a-w- c:\windows\system32\nvopencl.dll
2014-02-08 18:34 . 2014-03-08 09:18 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-02-08 18:34 . 2014-03-08 09:18 31432480 ----a-w- c:\windows\system32\nvoglv64.dll
2014-02-08 18:34 . 2014-03-08 09:18 892192 ----a-w- c:\windows\system32\NvIFR64.dll
2014-02-08 18:34 . 2014-03-08 09:18 875296 ----a-w- c:\windows\system32\NvFBC64.dll
2014-02-08 18:34 . 2014-03-08 09:18 863520 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-02-08 18:34 . 2014-03-08 09:18 844576 ----a-w- c:\windows\SysWow64\NvFBC.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-03-12 18:13 1728216 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-03-12 18:13 1728216 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-03-12 18:13 1728216 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
2;2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 cmudaxp;ASUS Xonar D1 Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-08 07:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-03-12 18:10 2333400 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-03-12 18:10 2333400 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-03-12 18:10 2333400 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-02-05 1179576]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5618456]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\yepuir93.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-04-20 20:02:14
ComboFix-quarantined-files.txt 2014-04-20 18:02
.
Před spuštěním: Volných bajtů: 413 637 189 632
Po spuštění: Volných bajtů: 413 475 471 360
.
- - End Of File - - 005B12B68A04B64CF1F56B7BD832BB22
A36C5E4F47E84449FF07ED3517B43A31

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte.CF se spustí a vykoná příkazy ze skriptu.

[Johny]

Tak hotovo. Eset však hlášení s virem zobrazuje stále. Ještě mě napadlo přeinstalovat Firefox? Protože se to zobrazuje jen při procházení internetu v něm.


ComboFix 14-04-20.01 - Johnny 20.04.2014 21:43:06.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4095.2647 [GMT 2:00]
Spuštěný z: c:\users\Johnny\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Johnny\Desktop\CFScript.txt
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personální firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-20 do 2014-04-20 )))))))))))))))))))))))))))))))
.
.
2014-04-19 19:34 . 2014-04-14 18:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-18 14:11 . 2014-04-20 16:53 -------- d-----w- c:\program files\HJT
2014-04-18 10:28 . 2014-04-18 10:28 -------- d-----w- c:\users\Johnny\AppData\Roaming\ASUS
2014-04-18 10:28 . 2011-05-12 15:13 465408 ------w- c:\windows\system32\cmasiopx.dll
2014-04-18 10:28 . 2011-05-12 15:13 303104 ------w- c:\windows\SysWow64\cmasiop.dll
2014-04-18 10:28 . 2011-05-12 15:05 8769536 ------w- c:\windows\SysWow64\CmiCnfgp.dll
2014-04-18 10:28 . 2011-04-19 12:56 143360 ------w- c:\windows\SysWow64\VmixP8.dll
2014-04-18 10:28 . 2008-07-23 16:59 389120 ------w- c:\windows\system32\CmiCnfgP.cpl
2014-04-18 10:28 . 2007-12-13 15:12 122880 ------w- c:\windows\SysWow64\Cm_Oal.dll
2014-04-18 10:28 . 2007-12-13 15:12 122880 ------w- c:\windows\system32\Cm_Oal.dll
2014-04-18 10:28 . 2006-09-13 08:21 200704 ------w- c:\windows\SysWow64\Cmpaoxy.dll
2014-04-18 10:27 . 2014-04-18 10:28 -------- d-----w- c:\program files\ASUS Xonar D1 Audio
2014-04-18 10:27 . 2011-02-24 14:52 805376 ------w- c:\windows\system32\Cmeauoxy.exe
2014-04-18 10:26 . 2011-03-10 13:44 2725376 ----a-w- c:\windows\system32\drivers\cmudaxp.sys
2014-04-18 10:26 . 2007-04-19 13:12 32768 ----a-w- c:\windows\system32\cmudaxp.dll
2014-04-18 10:26 . 2004-04-14 09:28 315392 ----a-w- c:\windows\system\CmiFltr.dll
2014-04-18 07:53 . 2014-04-17 03:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1980F96F-064A-4921-B0A6-3C4430255FB0}\mpengine.dll
2014-04-13 18:52 . 2014-04-13 18:52 -------- d-----w- c:\users\Johnny\AppData\Local\Diagnostics
2014-04-11 16:31 . 2014-04-11 16:31 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2014-04-09 12:19 . 2014-03-31 01:16 23134208 ----a-w- c:\windows\system32\mshtml.dll
2014-04-09 12:19 . 2014-03-31 01:13 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-04-09 12:19 . 2014-03-31 00:13 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-04-09 12:13 . 2014-01-24 02:40 1684416 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-07 13:30 . 2014-04-07 13:30 -------- d-----w- c:\program files\Nuforce Inc
2014-04-01 15:22 . 2014-04-01 15:22 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-04-01 14:17 . 2014-04-01 14:17 -------- d-----w- c:\programdata\GridinSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-18 10:28 . 2014-03-09 21:34 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2014-04-18 10:28 . 2014-03-09 21:34 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2014-04-18 10:28 . 2014-03-09 21:34 111616 ----a-w- c:\windows\system32\OpenAL32.dll
2014-04-18 10:28 . 2014-03-09 21:34 102400 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2014-04-13 07:56 . 2014-03-08 09:05 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-13 07:56 . 2014-03-08 09:05 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-09 13:18 . 2014-03-18 20:09 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-31 07:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-08 22:44 . 2014-03-08 22:44 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-03-08 22:44 . 2014-03-08 22:44 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-03-08 22:44 . 2014-03-08 22:44 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-03-08 22:44 . 2014-03-08 22:44 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-03-08 22:44 . 2014-03-08 22:44 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-08 22:44 . 2014-03-08 22:44 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-03-08 22:44 . 2014-03-08 22:44 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-03-08 22:44 . 2014-03-08 22:44 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-03-08 22:44 . 2014-03-08 22:44 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-03-08 22:44 . 2014-03-08 22:44 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-03-08 22:44 . 2014-03-08 22:44 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-03-08 22:44 . 2014-03-08 22:44 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-03-08 22:44 . 2014-03-08 22:44 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-03-08 22:44 . 2014-03-08 22:44 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-03-08 22:44 . 2014-03-08 22:44 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-03-08 22:44 . 2014-03-08 22:44 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-03-08 22:44 . 2014-03-08 22:44 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-03-08 22:44 . 2014-03-08 22:44 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-03-08 22:44 . 2014-03-08 22:44 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-03-08 22:44 . 2014-03-08 22:44 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-03-08 22:44 . 2014-03-08 22:44 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-03-08 22:44 . 2014-03-08 22:44 247808 ----a-w- c:\windows\system32\msls31.dll
2014-03-08 22:44 . 2014-03-08 22:44 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-03-08 22:44 . 2014-03-08 22:44 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-03-08 22:44 . 2014-03-08 22:44 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-03-08 22:44 . 2014-03-08 22:44 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-03-08 22:44 . 2014-03-08 22:44 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-03-08 22:44 . 2014-03-08 22:44 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-03-08 22:44 . 2014-03-08 22:44 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-03-08 22:44 . 2014-03-08 22:44 413696 ----a-w- c:\windows\system32\html.iec
2014-03-08 22:44 . 2014-03-08 22:44 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-08 22:44 . 2014-03-08 22:44 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-03-08 22:44 . 2014-03-08 22:44 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-03-08 22:44 . 2014-03-08 22:44 81408 ----a-w- c:\windows\system32\icardie.dll
2014-03-08 22:44 . 2014-03-08 22:44 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-03-08 22:44 . 2014-03-08 22:44 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-03-08 22:44 . 2014-03-08 22:44 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-08 22:44 . 2014-03-08 22:44 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2014-03-08 22:44 . 2014-03-08 22:44 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-03-08 22:44 . 2014-03-08 22:44 235520 ----a-w- c:\windows\system32\url.dll
2014-03-08 22:44 . 2014-03-08 22:44 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-03-08 22:44 . 2014-03-08 22:44 101376 ----a-w- c:\windows\system32\inseng.dll
2014-03-08 22:44 . 2014-03-08 22:44 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-03-08 22:44 . 2014-03-08 22:44 143872 ----a-w- c:\windows\system32\wextract.exe
2014-03-08 22:44 . 2014-03-08 22:44 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-03-08 22:44 . 2014-03-08 22:44 147968 ----a-w- c:\windows\system32\occache.dll
2014-03-08 22:44 . 2014-03-08 22:44 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-03-08 22:44 . 2014-03-08 22:44 774144 ----a-w- c:\windows\system32\jscript.dll
2014-03-08 22:44 . 2014-03-08 22:44 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-03-08 22:44 . 2014-03-08 22:44 13824 ----a-w- c:\windows\system32\mshta.exe
2014-03-08 22:44 . 2014-03-08 22:44 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-03-04 10:39 . 2014-04-09 12:14 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-01 05:16 . 2014-03-12 15:55 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-01 04:58 . 2014-03-12 15:55 2765824 ----a-w- c:\windows\system32\iertutil.dll
2014-03-01 04:52 . 2014-03-12 15:55 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-03-01 04:51 . 2014-03-12 15:55 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-01 04:42 . 2014-03-12 15:55 53760 ----a-w- c:\windows\system32\jsproxy.dll
2014-03-01 04:40 . 2014-03-12 15:55 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-03-01 04:37 . 2014-03-12 15:55 574976 ----a-w- c:\windows\system32\ieui.dll
2014-03-01 04:33 . 2014-03-12 15:55 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-01 04:33 . 2014-03-12 15:55 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-01 04:32 . 2014-03-12 15:55 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-01 04:23 . 2014-03-12 15:55 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 04:17 . 2014-03-12 15:55 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-01 04:02 . 2014-03-12 15:55 195584 ----a-w- c:\windows\system32\msrating.dll
2014-03-01 03:54 . 2014-03-12 15:55 5768704 ----a-w- c:\windows\system32\jscript9.dll
2014-03-01 03:52 . 2014-03-12 15:55 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-03-01 03:51 . 2014-03-12 15:55 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:42 . 2014-03-12 15:55 627200 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-01 03:38 . 2014-03-12 15:55 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-03-01 03:37 . 2014-03-12 15:55 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-03-01 03:35 . 2014-03-12 15:55 2041856 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-01 03:18 . 2014-03-12 15:55 13051904 ----a-w- c:\windows\system32\ieframe.dll
2014-03-01 03:14 . 2014-03-12 15:55 4244480 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-01 03:10 . 2014-03-12 15:55 2334208 ----a-w- c:\windows\system32\wininet.dll
2014-03-01 03:00 . 2014-03-12 15:55 1964032 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-03-01 02:38 . 2014-03-12 15:55 1393664 ----a-w- c:\windows\system32\urlmon.dll
2014-03-01 02:32 . 2014-03-12 15:55 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-01 02:25 . 2014-03-12 15:55 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2014-02-08 18:34 . 2014-03-08 09:20 61216 ----a-w- c:\windows\system32\OpenCL.dll
2014-02-08 18:34 . 2014-03-08 09:20 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-02-08 18:34 . 2014-03-08 09:18 947296 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-02-08 18:34 . 2014-03-08 09:18 832424 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-02-08 18:34 . 2014-03-08 09:18 18257576 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-02-08 18:34 . 2014-03-08 09:18 15740232 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-02-08 18:34 . 2014-03-08 09:18 11589272 ----a-w- c:\windows\system32\nvopencl.dll
2014-02-08 18:34 . 2014-03-08 09:18 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-02-08 18:34 . 2014-03-08 09:18 31432480 ----a-w- c:\windows\system32\nvoglv64.dll
2014-02-08 18:34 . 2014-03-08 09:18 892192 ----a-w- c:\windows\system32\NvIFR64.dll
2014-02-08 18:34 . 2014-03-08 09:18 875296 ----a-w- c:\windows\system32\NvFBC64.dll
2014-02-08 18:34 . 2014-03-08 09:18 863520 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-02-08 18:34 . 2014-03-08 09:18 844576 ----a-w- c:\windows\SysWow64\NvFBC.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-03-12 18:13 1728216 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-03-12 18:13 1728216 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-03-12 18:13 1728216 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
2;2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 cmudaxp;ASUS Xonar D1 Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-08 07:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-03-12 18:10 2333400 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-03-12 18:10 2333400 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-03-12 18:10 2333400 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-02-05 1179576]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5618456]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\yepuir93.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.seznam.cz/
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\ASUS Xonar D1 Audio\Customapp\ASUSAUDIOCENTER.EXE
.
**************************************************************************
.
Celkový čas: 2014-04-20 22:15:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-04-20 20:15
ComboFix2.txt 2014-04-20 18:02
.
Před spuštěním: Volných bajtů: 413 469 671 424
Po spuštění: Volných bajtů: 413 177 495 552
.
- - End Of File - - B0EC499538C6B17F45F2CE68E0F88892
A36C5E4F47E84449FF07ED3517B43A31

[Rudy]

Smazáno. CF odinstalujte pomocí T-Cleaneru: http://vyosek.tym.cz/pro_usery/T-Cleaner.exe . Nastala nějaká změna?

[Johny]

V předchozím postu jsem psal, že vše provedeno, ale Eset hlášení s virem zobrazuje stále. Ještě mě napadlo přeinstalovat Firefox? Protože se to zobrazuje jen při procházení internetu v něm.

[Rudy]

FF zazálohujte pomocí MozBackup: http://www.stahuj.centrum.cz/utility_a_ ... mozbackup/ . Pak FF odinstalujte vč. jeho profilu. Stáhněte novou instalačku, nainstalujte a zpět ze zálohy nakopírujte pouze záložky.

[Johny]

Tak to vypadá, že to prozatím pomohlo, díky moc tedy.

[Rudy]

Nemáte zač!