Facebook vir

[Rudy]

Podívejte, jak jste uložil CFScript. Soubor se musí jmenovat CFScript.txt. Jiný název,příp. dvojitá přípona, hází chyby. Omlouvám se, že mi to nějak vypadlo z textu.

[Chick]

ComboFix 14-07-08.01 - Tomáš 26.07.2014 9:30.3.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3067.2173 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\windows\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp\coc.crx
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-06-26 do 2014-07-26 )))))))))))))))))))))))))))))))
.
.
2014-07-08 10:36 . 2014-07-08 10:36 -------- d-----w- C:\rsit
2014-07-06 20:05 . 2014-07-06 20:06 -------- d-----w- c:\users\Tomáš\AppData\Local\{B1A4A444-4F5B-4289-897B-53FCC1B5899C}
2014-07-06 13:32 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-06 12:12 . 2014-07-08 10:36 -------- d-----w- c:\program files\trend micro
2014-07-06 10:02 . 2011-12-30 15:02 21848 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2014-07-05 12:33 . 2014-07-05 12:33 -------- d-----w- c:\users\Tomáš\AppData\Local\{28A8CD59-D972-488F-B0B8-03EA9FF5DB34}
2014-07-03 21:57 . 2014-07-03 21:57 -------- d-----w- c:\programdata\notracks.com
2014-07-03 21:48 . 2014-05-23 07:30 388416 ----a-w- c:\windows\system32\EasyRedirect.dll
2014-07-03 12:02 . 2014-07-03 12:02 -------- d-----w- c:\program files\MediaMonkey
2014-07-03 11:46 . 2014-07-03 11:46 -------- d-----w- c:\program files\Ffmpeg For Audacity
2014-07-03 11:42 . 2014-07-03 11:46 -------- d-----w- c:\program files\Lame For Audacity
2014-07-03 11:05 . 2014-07-05 02:29 -------- d-----w- c:\users\Tomáš\AppData\Roaming\Audacity
2014-07-03 11:04 . 2014-07-03 11:04 -------- d-----w- c:\program files\Audacity
2014-07-03 10:48 . 2014-07-03 10:48 -------- d-----w- c:\users\Tomáš\AppData\Roaming\EAC
2014-07-03 10:48 . 2014-07-03 10:48 -------- d-----w- c:\users\Tomáš\AppData\Roaming\AccurateRip
2014-07-03 10:16 . 2014-07-03 10:16 -------- d-----w- c:\users\Tomáš\AppData\Roaming\Unity
2014-07-03 10:03 . 2014-07-03 10:03 -------- d-----w- c:\users\Tomáš\AppData\Local\Unity
2014-07-03 00:07 . 2014-07-03 00:07 -------- d-----w- c:\users\Tomáš\AppData\Local\Slick Savings
2014-07-03 00:07 . 2014-07-03 00:07 -------- d-----w- c:\program files\Application Updater
2014-07-03 00:07 . 2014-07-03 00:07 -------- d-----w- c:\program files\Common Files\Spigot
2014-07-02 23:56 . 2014-07-03 00:07 -------- d-----w- c:\windows\system32\C2MP
2014-07-02 23:51 . 2014-07-03 03:48 -------- d-----w- c:\users\Tomáš\AppData\Roaming\Media Player Classic
2014-07-02 23:46 . 2014-07-02 23:46 -------- d-----w- c:\program files\Xvid CZ
2014-07-02 23:44 . 2014-07-02 23:44 -------- d-----w- c:\programdata\Apple Computer
2014-07-02 23:44 . 2006-09-01 14:14 65536 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-07-02 23:44 . 2006-09-01 14:14 49152 ----a-w- c:\windows\system32\QuickTime.qts
2014-07-02 23:40 . 2014-07-02 23:40 -------- d-----w- c:\users\Tomáš\AppData\Local\{09BF8C52-CA29-4DB6-9136-C9A7B5CE875F}
2014-07-01 18:04 . 2014-07-01 18:04 -------- d-----w- c:\users\Tomáš\AppData\Local\Skype
2014-07-01 18:03 . 2014-07-01 18:03 -------- d-----w- c:\program files\Common Files\Skype
2014-07-01 18:03 . 2014-07-07 19:32 -------- d-----r- c:\program files\Skype
2014-07-01 18:02 . 2014-07-01 18:03 -------- d-----w- c:\programdata\Skype
2014-06-30 14:21 . 2014-06-30 14:21 -------- d-----w- c:\users\Tomáš\AppData\Local\{88106948-2282-4CBA-93D2-F383412E019A}
2014-06-29 20:30 . 2014-06-29 20:30 -------- d-----w- c:\users\Tomáš\AppData\Local\{3D2FEF9A-C7BB-4AC4-91FE-494822D4BA1E}
2014-06-27 23:13 . 2014-06-27 23:14 -------- d-----w- c:\users\Tomáš\AppData\Local\{102EF3DD-1B82-40D3-8B9A-76E3451C009E}
2014-06-27 12:09 . 2014-06-27 12:09 -------- d-----w- c:\users\Tomáš\AppData\Local\{460C00E7-9175-4D2B-B976-39D9E55E6C8A}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-26 06:14 . 2014-06-26 06:13 1463328 ----a-w- C:\SystemCheck_enGB.exe
2014-06-04 14:10 . 2014-06-02 22:41 139032 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2014-06-04 14:10 . 2014-06-03 07:49 290184 ----a-w- c:\windows\system32\PnkBstrB.xtr
2014-06-04 14:10 . 2014-06-02 22:40 290184 ----a-w- c:\windows\system32\PnkBstrB.exe
2014-06-04 14:09 . 2014-06-02 22:40 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2014-06-03 07:54 . 2014-06-02 22:40 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2014-06-02 22:41 . 2014-06-02 22:41 138056 ----a-w- c:\users\Tomáš\AppData\Roaming\PnkBstrK.sys
2014-06-02 22:41 . 2014-06-02 22:41 138056 ----a-w- c:\users\Tomáš\AppData\Roaming\PnkBstrK.sys
2014-05-18 20:18 . 2014-05-18 20:18 45400 ----a-w- c:\windows\system32\DiscHandler.exe
2014-05-13 15:02 . 2014-05-13 15:02 3916288 ----a-w- c:\windows\system32\ffmpeg.dll
2014-05-13 15:01 . 2014-05-13 15:01 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2014-05-13 15:01 . 2014-05-13 15:01 3502592 ----a-w- c:\windows\system32\ffdshow.ax
2014-05-13 15:01 . 2014-05-13 15:01 271360 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2014-05-13 15:00 . 2014-05-13 15:00 99840 ----a-w- c:\windows\system32\ff_wmv9.dll
2014-05-13 15:00 . 2014-05-13 15:00 157184 ----a-w- c:\windows\system32\ff_unrar.dll
2014-05-13 15:00 . 2014-05-13 15:00 211968 ----a-w- c:\windows\system32\ff_libdts.dll
2014-05-13 15:00 . 2014-05-13 15:00 1525760 ----a-w- c:\windows\system32\ff_samplerate.dll
2014-05-13 15:00 . 2014-05-13 15:00 147456 ----a-w- c:\windows\system32\ff_libmad.dll
2014-05-13 15:00 . 2014-05-13 15:00 114688 ----a-w- c:\windows\system32\ff_liba52.dll
2014-05-13 15:00 . 2014-05-13 15:00 136704 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2014-05-01 15:56 . 2014-05-01 15:56 368888 ----a-w- c:\windows\system32\cdxareader.ax
2014-04-30 01:19 . 2014-04-30 01:19 86016 ----a-w- c:\windows\system32\iesysprep.dll
2014-04-30 01:19 . 2014-04-30 01:19 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-04-30 01:19 . 2014-04-30 01:19 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-04-30 01:19 . 2014-04-30 01:19 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-04-30 01:19 . 2014-04-30 01:19 645120 ----a-w- c:\windows\system32\jsIntl.dll
2014-04-30 01:19 . 2014-04-30 01:19 62464 ----a-w- c:\windows\system32\tdc.ocx
2014-04-30 01:19 . 2014-04-30 01:19 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-04-30 01:19 . 2014-04-30 01:19 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-04-30 01:19 . 2014-04-30 01:19 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-04-30 01:19 . 2014-04-30 01:19 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-04-30 01:19 . 2014-04-30 01:19 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-04-30 01:19 . 2014-04-30 01:19 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-04-30 01:19 . 2014-04-30 01:19 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-04-30 01:19 . 2014-04-30 01:19 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-04-30 01:19 . 2014-04-30 01:19 36352 ----a-w- c:\windows\system32\imgutil.dll
2014-04-30 01:19 . 2014-04-30 01:19 337408 ----a-w- c:\windows\system32\html.iec
2014-04-30 01:19 . 2014-04-30 01:19 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-04-30 01:19 . 2014-04-30 01:19 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-04-30 01:19 . 2014-04-30 01:19 24576 ----a-w- c:\windows\system32\licmgr10.dll
2014-04-30 01:19 . 2014-04-30 01:19 1967104 ----a-w- c:\windows\system32\inetcpl.cpl
2014-04-30 01:19 . 2014-04-30 01:19 194048 ----a-w- c:\windows\system32\elshyph.dll
2014-04-30 01:19 . 2014-04-30 01:19 182272 ----a-w- c:\windows\system32\msls31.dll
2014-04-30 01:19 . 2014-04-30 01:19 1789440 ----a-w- c:\windows\system32\wininet.dll
2014-04-30 01:19 . 2014-04-30 01:19 151552 ----a-w- c:\windows\system32\iexpress.exe
2014-04-30 01:19 . 2014-04-30 01:19 139264 ----a-w- c:\windows\system32\wextract.exe
2014-04-30 01:19 . 2014-04-30 01:19 13312 ----a-w- c:\windows\system32\mshta.exe
2014-04-30 01:19 . 2014-04-30 01:19 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-04-30 01:19 . 2014-04-30 01:19 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-04-30 01:19 . 2014-04-30 01:19 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-04-30 01:19 . 2014-04-30 01:19 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-04-30 01:18 . 2014-04-30 01:18 640512 ----a-w- c:\windows\system32\advapi32.dll
2014-04-30 01:18 . 2014-04-30 01:18 619520 ----a-w- c:\windows\system32\tdh.dll
2014-04-30 01:18 . 2014-04-30 01:18 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2014-04-30 01:18 . 2014-04-30 01:18 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2014-04-30 01:18 . 2014-04-30 01:18 1289096 ----a-w- c:\windows\system32\ntdll.dll
2014-04-30 01:17 . 2014-04-30 01:17 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-04-30 01:17 . 2014-04-30 01:17 231424 ----a-w- c:\windows\system32\mswsock.dll
2014-04-30 01:17 . 2014-04-30 01:17 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-04-30 01:16 . 2014-04-30 01:16 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-04-30 01:16 . 2014-04-30 01:16 906240 ----a-w- c:\windows\system32\FntCache.dll
2014-04-30 01:16 . 2014-04-30 01:16 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2014-04-30 01:16 . 2014-04-30 01:16 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-04-30 01:16 . 2014-04-30 01:16 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-04-30 01:16 . 2014-04-30 01:16 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2014-04-30 01:16 . 2014-04-30 01:16 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-04-30 01:16 . 2014-04-30 01:16 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-04-30 01:16 . 2014-04-30 01:16 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-04-30 01:16 . 2014-04-30 01:16 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-04-30 01:16 . 2014-04-30 01:16 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-04-30 01:16 . 2014-04-30 01:16 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-04-30 01:16 . 2014-04-30 01:16 293376 ----a-w- c:\windows\system32\dxgi.dll
2014-04-30 01:16 . 2014-04-30 01:16 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-04-30 01:16 . 2014-04-30 01:16 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-04-30 01:16 . 2014-04-30 01:16 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-04-30 01:16 . 2014-04-30 01:16 220160 ----a-w- c:\windows\system32\d3d10core.dll
2014-04-30 01:16 . 2014-04-30 01:16 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-04-30 01:16 . 2014-04-30 01:16 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2014-04-30 01:16 . 2014-04-30 01:16 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2014-04-30 01:16 . 2014-04-30 01:16 1247744 ----a-w- c:\windows\system32\DWrite.dll
2014-04-30 01:16 . 2014-04-30 01:16 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-04-30 01:16 . 2014-04-30 01:16 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2014-04-30 01:16 . 2014-04-30 01:16 1080832 ----a-w- c:\windows\system32\d3d10.dll
2014-04-30 01:16 . 2014-04-30 01:16 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-04-30 01:16 . 2014-04-30 01:16 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2014-04-30 01:15 . 2014-04-30 01:15 1505280 ----a-w- c:\windows\system32\d3d11.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-22 13:51 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
"BitTorrent"="c:\users\Tomáš\AppData\Roaming\BitTorrent\BitTorrent.exe" [2014-05-23 1639760]
"{6B84E528-9705-4D36-9C97-97B8E23DAB75}"="D:\LeagueofLegends_EUNE_Installer_04_21_14.exe" [2014-05-13 35411496]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2014-01-22 4858968]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"CanonQuickMenu"="c:\program files\Canon\Quick Menu\CNQMMAIN.EXE" [2012-04-03 1273448]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-04-26 280576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodecPackUpdateChecker.lnk - c:\windows\System32\C2MP\UpdateChecker.exe [2014-5-18 48712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service; [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-04-30 108032]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2014-04-26 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-04-17 243128]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-29 497496]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2014-06-16 807800]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-01-22 66336]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys [2012-10-18 971752]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\DRIVERS\nuvotoncir.sys [2009-08-31 44544]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-18 17:17 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(608)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\IObit\Advanced SystemCare 5\AutoSweep.exe
c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2014-07-26 09:52:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-07-26 07:52
ComboFix2.txt 2014-07-10 05:34
.
Před spuštěním: 4 596 432 896
Po spuštění: 4 552 097 792
.
- - End Of File - - 758C7EA69C80DFBC605FF924BF1DCE73
A36C5E4F47E84449FF07ED3517B43A31

[Chick]

Btw vir přetrvává ..

[Rudy]

OK. CF odinstalujte pomocí T-Cleaneru: http://vyosek.tym.cz/pro_usery/T-Cleaner.exe . Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php MBAM a dejte log. Předem nic nemažte.

[Chick]

Log :


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 28.7.2014
Scan Time: 21:38:26
Logfile: Log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.28.06
Rootkit Database: v2014.07.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: TomA!A!

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 310212
Time Elapsed: 38 min, 52 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.Spigot.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Application Updater, , [d016e8bc86f5dc5afaf835552bd606fa],
PUP.Optional.Spigot.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\mhkaekfpcppmmioggniknbnbdbcigpkk, , [776fb4f0bfbc64d2af5a558a51b1b848],
Trojan.Agent.CR, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\godimpbmfohihoaikgfknnnmlncabkkp, , [16d08123b6c5fd396a5fb519887a47b9],
PUP.Optional.Spigot.A, HKU\S-1-5-21-3923160396-3041073526-3501625183-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Settings, , [d313f2b2f289e0562ad950dcb84c26da],

Registry Values: 4
PUP.Optional.Spigot.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE, 1, , [d016e8bc86f5dc5afaf835552bd606fa]
PUP.Optional.Spigot.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES\COMMON FILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE, 1, , [18ceecb8d4a7f343172fbff51ee426da]
PUP.Optional.Spigot.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES\COMMON FILES\SPIGOT\SEARCH SETTINGS\{58D2A791-6199-482F-A9AA-9B725EC61362}.XPI, 1, , [18ceecb8d4a7f343172fbff51ee426da]
PUP.Optional.Spigot.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES\COMMON FILES\SPIGOT\GC\EXTHELPER.EXE, 1, , [ba2c2e76c4b73afc5789e5d7f40ed828]

Registry Data: 0
(No malicious items detected)

Folders: 15
PUP.Optional.OpenCandy, C:\Users\TomA!A!\AppData\Roaming\OpenCandy, , [c323574d86f586b00485c8e1b15107f9],
PUP.Optional.OpenCandy, C:\Users\TomA!A!\AppData\Roaming\OpenCandy\508B40C7ADB94B2E9C5F671AA2004366, , [c323574d86f586b00485c8e1b15107f9],
PUP.Optional.OpenCandy, C:\Users\TomA!A!\AppData\Roaming\OpenCandy\98E50D87571943C3BB0E65868A6E72EA, , [c323574d86f586b00485c8e1b15107f9],
PUP.Optional.OpenCandy, C:\Users\TomA!A!\AppData\Roaming\OpenCandy\EBD5BF2615134144A11C9BB6EADF1F3E, , [c323574d86f586b00485c8e1b15107f9],
PUP.Optional.SlickSavings.A, C:\Users\TomA!A!\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk, , [dc0a02a2bdbec4723500c3eb54aedc24],
PUP.Optional.SlickSavings.A, C:\Users\TomA!A!\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0, , [dc0a02a2bdbec4723500c3eb54aedc24],
PUP.Optional.SlickSavings.A, C:\Users\TomA!A!\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\icons, , [dc0a02a2bdbec4723500c3eb54aedc24],
PUP.Optional.SlickSavings.A, C:\Users\TomA!A!\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\scripts, , [dc0a02a2bdbec4723500c3eb54aedc24],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings, , [18ceecb8d4a7f343172fbff51ee426da],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\Lang, , [18ceecb8d4a7f343172fbff51ee426da],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\Res, , [18ceecb8d4a7f343172fbff51ee426da],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\GC, , [ba2c2e76c4b73afc5789e5d7f40ed828],
PUP.Optional.Spigot.A, C:\Users\TomA!A!\AppData\LocalLow\Search Settings, , [994de3c1d5a63ef8cd07467b6b97e21e],
PUP.Optional.Spigot.A, C:\Users\TomA!A!\AppData\LocalLow\Search Settings\res, , [994de3c1d5a63ef8cd07467b6b97e21e],
PUP.Optional.Spigot.A, C:\Users\TomA!A!\AppData\LocalLow\Search Settings\temp, , [994de3c1d5a63ef8cd07467b6b97e21e],

Files: 41
PUP.Optional.Spigot.A, C:\Program Files\Application Updater\ApplicationUpdater.exe, , [d016e8bc86f5dc5afaf835552bd606fa],
PUP.Optional.OpenCandy.A, C:\Users\TomA!A!\AppData\Roaming\OpenCandy\EBD5BF2615134144A11C9BB6EADF1F3E\dlm.exe, , [f1f58e16502bef47f358a583847d08f8],
PUP.Optional.Bitcoin, C:\Windows\System32\acumncxodur.exe, , [c620efb55427191dd4fddecabf4243bd],
PUP.BitCoinMiner, C:\Windows\System32\lcpmncxodur.exe, , [8c5ad4d0d3a8290d4cabeb2b27dafa06],
PUP.Optional.InstallCore.A, C:\Users\TomA!A!\Downloads\razorlame115a.zip - CHIP Downloader.exe, , [489e2084285385b13424067f09fba55b],
PUP.Optional.Spigot.A, C:\Windows\Installer\5e962fc.msi, , [499dfba91863f64007ec54365ea315eb],
Malware.Trace, C:\Windows\inf\ntvdm.inf, , [7076257f80fb55e182845eaff311d42c],
PUP.Optional.OpenCandy, C:\Users\TomA!A!\AppData\Roaming\OpenCandy\508B40C7ADB94B2E9C5F671AA2004366\chrometest3.html, , [c323574d86f586b00485c8e1b15107f9],
PUP.Optional.OpenCandy, C:\Users\TomA!A!\AppData\Roaming\OpenCandy\98E50D87571943C3BB0E65868A6E72EA\avg_tuht_stf_cs_2014_206_CZ.exe, , [c323574d86f586b00485c8e1b15107f9],
PUP.Optional.OpenCandy, C:\Users\TomA!A!\AppData\Roaming\OpenCandy\EBD5BF2615134144A11C9BB6EADF1F3E\6866.ico, , [c323574d86f586b00485c8e1b15107f9],
PUP.Optional.OpenCandy, C:\Users\TomA!A!\AppData\Roaming\OpenCandy\EBD5BF2615134144A11C9BB6EADF1F3E\AVG-TuneUp-CZ-CZ_p3v0.exe, , [c323574d86f586b00485c8e1b15107f9],
PUP.Optional.SlickSavings.A, C:\Users\TomA!A!\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\background.html, , [dc0a02a2bdbec4723500c3eb54aedc24],
PUP.Optional.SlickSavings.A, C:\Users\TomA!A!\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\config.json, , [dc0a02a2bdbec4723500c3eb54aedc24],
PUP.Optional.SlickSavings.A, C:\Users\TomA!A!\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\manifest.json, , [dc0a02a2bdbec4723500c3eb54aedc24],
PUP.Optional.SlickSavings.A, C:\Users\TomA!A!\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\icons\ss-128.png, , [dc0a02a2bdbec4723500c3eb54aedc24],
PUP.Optional.SlickSavings.A, C:\Users\TomA!A!\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\icons\ss-48.png, , [dc0a02a2bdbec4723500c3eb54aedc24],
PUP.Optional.SlickSavings.A, C:\Users\TomA!A!\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\scripts\background.js, , [dc0a02a2bdbec4723500c3eb54aedc24],
PUP.Optional.SlickSavings.A, C:\Users\TomA!A!\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\scripts\loader_1036.js, , [dc0a02a2bdbec4723500c3eb54aedc24],
PUP.Optional.SlickSavings.A, C:\Users\TomA!A!\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\scripts\utils.js, , [dc0a02a2bdbec4723500c3eb54aedc24],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\baidu_ff.xml, , [18ceecb8d4a7f343172fbff51ee426da],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\baidu_ie.xml, , [18ceecb8d4a7f343172fbff51ee426da],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\config.ini, , [18ceecb8d4a7f343172fbff51ee426da],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\searchcom_ff.xml, , [18ceecb8d4a7f343172fbff51ee426da],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\searchcom_ie.xml, , [18ceecb8d4a7f343172fbff51ee426da],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe, , [18ceecb8d4a7f343172fbff51ee426da],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings64.exe, , [18ceecb8d4a7f343172fbff51ee426da],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\wth184.dll, , [18ceecb8d4a7f343172fbff51ee426da],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\wthx184.dll, , [18ceecb8d4a7f343172fbff51ee426da],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\yahoo_ff.xml, , [18ceecb8d4a7f343172fbff51ee426da],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\yahoo_ie.xml, , [18ceecb8d4a7f343172fbff51ee426da],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\yandextr_ff.xml, , [18ceecb8d4a7f343172fbff51ee426da],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\yandextr_ie.xml, , [18ceecb8d4a7f343172fbff51ee426da],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\yandex_ff.xml, , [18ceecb8d4a7f343172fbff51ee426da],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\yandex_ie.xml, , [18ceecb8d4a7f343172fbff51ee426da],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi, , [18ceecb8d4a7f343172fbff51ee426da],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1031.ini, , [18ceecb8d4a7f343172fbff51ee426da],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1033.ini, , [18ceecb8d4a7f343172fbff51ee426da],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1034.ini, , [18ceecb8d4a7f343172fbff51ee426da],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1036.ini, , [18ceecb8d4a7f343172fbff51ee426da],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1040.ini, , [18ceecb8d4a7f343172fbff51ee426da],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\GC\exthelper.exe, , [ba2c2e76c4b73afc5789e5d7f40ed828],

Physical Sectors: 0
(No malicious items detected)


(end)


A ještě se chci zeptat co u těch detekovaných malware mám dát za možnost díky

[Rudy]

Vše, co MBAM nalezl, smažte.

[Chick]

To je to Quarantine ?

[Rudy]

Ano.

[Chick]

Všechny sem odstranil .. Ale obávám se že vir přetrvává ..

[Rudy]

Podle čeho tak soudíte?