Windows hlásily vyplý antivir (nebyl, byl zaplý) preventivka

[altrok]

Diky za upozorneni, hned jim to reportnu. Jeste tam pust ComboFix.



Ulozte na plochu rkill.exe, ukoncete vsechny aplikace a spustte - kdyby ho havet blokovala, pouzijte alternativni odkaz

• http://download.bleepingcomputer.com/grinler/rkill.exe
• http://download.bleepingcomputer.com/grinler/rkill.com
• obsah logu vytvoreneho take na plose (rkill.txt) zaslete v pristi odpovedi
• nerestartujte ted pocitac jinak prijdete o ucinek rkillu

POZOR - TATO UTILITA MA VELKOU SCHOPNOST MAZAT - NESPOUSTEJTE JI BEZ DOPORUCENI RADCE
Ulozte na plochu ComboFix.exe - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete antiviry a vsechny real-time ochrany
• spustte ComboFix jako spravce (lepe pod uctem s administratorskym opravnenim)
• s licencnimi podminkami souhlaste - Ano
• pokud je nabidnuta instalace konzoly pro zotaveni, souhlaste
• v prubehu skenovani nechte PC v klidu - nic nespoustejte a do okna CombFixu neklikejte
• vysledek skenu naleznete v C:\ComboFix.txt, jehoz obsah mi zkopirujte do pristi odpovedi.

[tuvok07]

Combík něco mazal, no Ale tipuju to spíš na zbytky po nákaze.

ComboFix 15-03-09.01 - xx 09.03.2015 8:42.1.4 - x86
Spuštěný z: c:\users\xx\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\drivers\etc\lmhosts
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-02-09 do 2015-03-09 )))))))))))))))))))))))))))))))
.
.
2015-03-09 07:53 . 2015-03-09 07:56 -------- d-----w- c:\users\xx\AppData\Local\temp
2015-03-09 07:53 . 2015-03-09 07:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-03-09 07:53 . 2015-03-09 07:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-08 16:25 . 2015-03-08 16:41 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-03-05 15:48 . 2015-03-05 18:24 -------- d-----w- C:\FRST
2015-03-03 07:59 . 2015-01-29 09:49 9041640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{41C8D81D-3B59-49E2-855A-0889B7E82103}\mpengine.dll
2015-02-25 19:23 . 2015-01-09 02:48 76800 ----a-w- c:\windows\system32\wdi.dll
2015-02-25 19:23 . 2015-01-09 02:48 635904 ----a-w- c:\windows\system32\perftrack.dll
2015-02-25 19:23 . 2015-01-09 02:48 27136 ----a-w- c:\windows\system32\powertracker.dll
2015-02-12 09:04 . 2015-01-23 03:43 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-12 09:04 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\system32\jscript9.dll
2015-02-11 11:56 . 2015-01-10 06:27 248832 ----a-w- c:\windows\system32\schannel.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-08 16:25 . 2014-08-08 10:09 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-08 16:24 . 2014-08-08 10:08 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-04 19:55 . 2014-04-13 15:22 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-04 19:55 . 2014-04-13 15:22 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-01-22 22:21 . 2014-08-04 20:24 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-01-09 16:17 . 2015-01-09 16:08 112136 ----a-w- c:\windows\system32\drivers\klflt.sys
2014-12-22 23:50 . 2010-10-01 11:22 249488 ------w- c:\windows\system32\MpSigStub.exe
2014-12-19 02:43 . 2015-01-14 09:18 164864 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:34 . 2015-01-14 09:18 116224 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-14 09:18 46592 ----a-w- c:\windows\system32\TSWbPrxy.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\HydraVision\HydraDM.exe" [2010-02-02 385024]
"Spotify Web Helper"="c:\users\xx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2015-01-16 1676344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-25 8129056]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" [2013-12-06 747264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-09 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 gupdate1caeab72b9785e1;Služba Google Update (gupdate1caeab72b9785e1);c:\program files\Google\Update\GoogleUpdate.exe [2014-10-20 107912]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-01-12 102912]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-01 1343400]
S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys [2014-04-10 34400]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2014-02-25 25696]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys [2013-04-12 14432]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2014-03-25 45024]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2014-03-26 145888]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-08-09 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-08-09 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-10-18 116608]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-12-06 209408]
S2 AVP15.0.0;Služba Kaspersky Anti-Virus 15.0.0;c:\program files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [2014-04-20 233552]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-09-24 77312]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys [2015-01-09 112136]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2014-03-28 24672]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2013-08-08 25696]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-20 08:40 1084744 ----a-w- c:\program files\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-03-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-13 19:55]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Přidat do součásti Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\lynva8w7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(8836)
c:\program files\ATI Technologies\HydraVision\HydraDMH.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\program files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2015-03-09 09:01:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-03-09 08:01
.
Před spuštěním: Volných bajtů: 65 675 702 272
Po spuštění: Volných bajtů: 65 904 455 680
.
- - End Of File - - 4C995732F8F4AF2F44AEA6F6FD16873E
A36C5E4F47E84449FF07ED3517B43A31

[altrok]

Presne tak - jen zbytky, takze jeste uklidime.

• Prejmenuj ComboFix na Uninstall a spust jako spravce
• ComboFix se odinstaluje.

• Stahni a spust DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
• Oznac jen moznost "Remove disinfection tools"
• klikni na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

[tuvok07]

Delfixe mi zblajznul Kašperský
Udělám to tedy až ho budu moct zase vypnout

[tuvok07]

Tak Kašpera chtěl vypnout i Combofix tak sjeto obé
# DelFix v10.9 - Logfile created 09/03/2015 at 11:40:45
# Updated 27/02/2015 by Xplode
# Username : xx - XX-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\RSIT
Deleted : C:\FRST
Deleted : C:\Users\xx\Desktop\mbar
Deleted : C:\ComboFix.txt
Deleted : C:\Users\xx\Desktop\Addition.txt
Deleted : C:\Users\xx\Desktop\Fixlog.txt
Deleted : C:\Users\xx\Desktop\FRST.exe
Deleted : C:\Users\xx\Desktop\FRST.txt
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKCU\console_combofixbackup
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys

########## - EOF - ##########

[altrok]

OK, tim padem mame uklizeno a z me strany je to vse

[tuvok07]

Z mé taky, myslím, že můžeš
Mbar smáznu ručně, mám tu MBAM.
Ty widgety neřeším, osobně mám dojem, že za to může antibanner Kašpera, zkusím vypnout a restartovat.

[altrok]

Dobra tedy, zamykam.