Trojan WIN32Generic!BT a asi i další breberky

[vyosek]

Nasledujici soubory otestujte na VirusTotalu https://www.virustotal.com/cs/

• C:\PhysicalMBR.bin
  C:\user.js
• Kliknete na Choose file
• Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
• Kliknete na Scan It
• Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
  
• Vysledek analyzy sem vlozte (jako odkaz)

[petr-kapr]

Zde jsou odkazy:

https://www.virustotal.com/file/54fbfa7 ... 335011814/

https://www.virustotal.com/file/f037a3c ... 335011968/

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  RegLock::
  [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
  
  Firefox::
  FF - ProfilePath - c:\users\mp\AppData\Roaming\Mozilla\Firefox\Profiles\rlcn1z7y.default\
  FF - prefs.js: browser.search.defaulturl -
  FF - prefs.js: browser.search.selectedEngine -
  pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);FF - user.js: extensions.funmoods_i.newTab - false
  FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=axl&q=
  FF - user.js: extensions.funmoods_i.id - e299c483000000000000e0cb4e4a290a
  FF - user.js: extensions.funmoods_i.instlDay - 15450
  FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
  FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
  FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1619:18
  FF - user.js: extensions.funmoods_i.prtnrId - funmoods
  FF - user.js: extensions.funmoods_i.prdct - funmoods
  FF - user.js: extensions.funmoods_i.aflt - axl
  FF - user.js: extensions.funmoods_i.smplGrp - none
  FF - user.js: extensions.funmoods_i.tlbrId - base
  FF - user.js: extensions.funmoods_i.instlRef -
  FF - user.js: extensions.funmoods_i.dfltLng -
  FF - user.js: extensions.funmoods_i.excTlbr - false
  
  Folder::
  c:\programdata\Spybot - Search & Destroy
  
  ClearJavaCache::
  
  AtJob::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[petr-kapr]

Log:

ComboFix 12-04-20.03 - mp 21.04.2012 19:01:14.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.4095.2507 [GMT 2:00]
Spuštěný z: c:\users\mp\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\mp\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Spybot - Search & Destroy
c:\programdata\Spybot - Search & Destroy\Logs\Resident.log
c:\programdata\Spybot - Search & Destroy\ProcCache.sbc
c:\windows\msxml4-KB973685-enu.LOG
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-21 do 2012-04-21 )))))))))))))))))))))))))))))))
.
.
2012-04-21 17:13 . 2012-04-21 17:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-21 09:57 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{553012F1-6595-491E-9629-C0F9ACA53210}\mpengine.dll
2012-04-21 09:54 . 2012-04-21 09:54 -------- d-----w- c:\programdata\Plugins
2012-04-20 17:37 . 2012-04-20 17:37 -------- d-----w- c:\program files (x86)\JRE
2012-04-20 17:24 . 2012-04-20 17:31 -------- d-----w- c:\programdata\PC Optimizer Pro
2012-04-20 17:19 . 2012-04-20 17:19 -------- d-----w- c:\users\mp\AppData\Local\WeatherBug
2012-04-20 17:19 . 2012-04-20 17:19 -------- d-----w- c:\users\mp\AppData\Roaming\WeatherBug
2012-04-20 17:19 . 2012-04-20 17:19 18944 ----a-r- c:\users\mp\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2012-04-20 17:18 . 2012-04-20 17:18 50 ----a-w- C:\user.js
2012-04-20 16:42 . 2012-04-20 16:42 -------- d-----w- C:\_OTL
2012-04-20 14:29 . 2012-04-20 14:28 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-20 14:29 . 2012-04-20 14:28 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-20 14:28 . 2012-04-20 14:28 -------- d-----w- c:\program files\Java
2012-04-20 14:28 . 2012-04-20 14:28 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-20 14:26 . 2012-04-20 14:26 637848 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-04-20 12:49 . 2012-04-20 13:32 512 ----a-w- C:\PhysicalMBR.bin
2012-04-20 11:24 . 2012-04-20 11:24 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-20 11:20 . 2012-04-20 11:24 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-20 10:58 . 2012-04-20 11:00 -------- d-----w- c:\program files (x86)\QuickTime
2012-04-20 10:58 . 2012-04-20 10:58 -------- d-----w- c:\programdata\Apple Computer
2012-04-20 10:57 . 2012-04-20 10:57 -------- d-----w- c:\programdata\Ask
2012-04-20 10:48 . 2012-04-20 10:48 -------- d-----w- c:\users\mp\AppData\Local\Secunia PSI
2012-04-20 09:58 . 2012-04-20 10:18 -------- d-----w- c:\program files\trend micro
2012-04-20 09:58 . 2012-04-20 09:59 -------- d-----w- C:\rsit
2012-04-20 07:18 . 2012-04-20 07:18 -------- d-----w- c:\windows\CheckSur
2012-04-18 05:27 . 2012-04-18 05:27 -------- d-----w- c:\users\mp\AppData\Roaming\Malwarebytes
2012-04-18 05:27 . 2012-04-18 05:27 -------- d-----w- c:\programdata\Malwarebytes
2012-04-16 18:41 . 2011-04-05 15:35 60504 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-16 18:41 . 2011-04-05 15:35 94296 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-16 18:40 . 2011-02-08 07:14 84568 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-16 18:40 . 2011-04-05 15:35 253528 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-16 18:36 . 2012-04-16 18:36 -------- d-----w- c:\users\mp\AppData\Local\adawarebp
2012-04-16 18:35 . 2012-04-16 18:35 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-04-14 20:08 . 2012-03-13 04:38 97208 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-04-14 09:19 . 2012-04-14 09:19 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-04-10 09:08 . 2012-04-12 20:08 -------- d-----w- c:\programdata\Microsoft Help
2012-04-09 07:08 . 2012-04-09 07:08 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-04-09 07:08 . 2012-04-09 07:08 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-08 19:57 . 2012-04-10 08:54 -------- d-----w- c:\users\mp\AppData\Local\Mozilla
2012-04-08 19:55 . 2012-04-08 19:55 -------- d-----w- c:\users\mp\AppData\Local\ATI
2012-04-08 19:55 . 2012-04-08 19:55 -------- d-----w- c:\programdata\ATI
2012-04-08 19:54 . 2012-04-08 19:54 -------- d-----w- c:\programdata\BlazeVideo
2012-04-08 19:54 . 2012-04-10 08:54 -------- d-----w- c:\users\mp\AppData\Local\VirtualStore
2012-04-06 11:27 . 2006-10-27 04:12 18744 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\MSInfo\OINFOS12.DLL
2012-04-06 11:27 . 2006-10-27 04:12 87352 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\MSInfo\OINFOP12.EXE
2012-04-06 11:27 . 2012-04-06 11:27 -------- d-----w- c:\program files (x86)\Youtube Downloader
2012-04-06 11:22 . 2012-04-06 11:22 -------- d-----w- c:\program files (x86)\Sierra
2012-04-06 11:22 . 2012-04-06 11:22 -------- d-----w- c:\program files (x86)\rajce
2012-04-06 11:21 . 2012-04-06 11:22 -------- d-----w- c:\program files (x86)\PSPad editor
2012-04-06 11:21 . 2012-04-06 11:21 -------- d-----w- c:\program files (x86)\ProgDVB
2012-04-06 11:21 . 2012-04-06 11:21 -------- d-----w- c:\program files (x86)\PDFCreator
2012-04-06 11:21 . 2012-04-06 11:21 -------- d-----w- c:\program files (x86)\MP3 Skype Recorder
2012-04-06 11:21 . 2012-04-06 11:21 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2012-04-06 11:21 . 2012-04-06 11:21 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-04-06 11:20 . 2012-04-20 14:26 -------- d-----w- c:\program files (x86)\Java
2012-04-06 11:19 . 2012-04-06 11:20 -------- d-----w- c:\program files (x86)\ICQ7.6
2012-04-06 11:17 . 2001-01-16 12:23 192512 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\VS Runtime\1060\CMDDEFUI.DLL
2012-04-06 11:07 . 2012-04-10 08:54 -------- d-----w- c:\users\mp\AppData\Local\Microsoft Games
2012-04-04 18:37 . 2012-04-04 18:37 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-03-25 07:32 . 2012-03-06 23:02 28504 ----a-w- c:\windows\system32\drivers\aswKbd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-21 13:41 . 2010-08-21 21:53 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-04-20 14:26 . 2010-06-23 15:20 567696 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-20 11:24 . 2011-05-16 17:39 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-06 23:15 . 2010-08-23 18:53 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2010-08-23 18:53 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-01-19 07:42 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-04-12 06:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2010-08-23 18:55 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-02-26 20:43 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01 . 2010-08-23 18:55 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2010-08-23 18:55 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2010-08-23 18:55 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 08:18 . 2010-06-23 14:50 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-07 09:02 . 2012-02-07 09:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-21_12.04.38 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-21 12:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-21 17:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-21 17:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-21 12:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-21 12:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-21 17:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-25 15:00 . 2012-04-21 17:16 65192 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-21 17:16 52298 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-13 09:18 . 2012-04-21 17:16 14480 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-879712419-658512947-2250940320-1001_UserData.bin
+ 2010-05-05 05:20 . 2012-04-21 13:42 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-05 05:20 . 2012-04-21 09:52 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-05 05:20 . 2012-04-21 13:42 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-05 05:20 . 2012-04-21 09:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-21 09:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-21 13:42 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-23 13:56 . 2012-04-21 13:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-23 13:56 . 2012-04-21 09:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-23 13:56 . 2012-04-21 09:52 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-23 13:56 . 2012-04-21 13:43 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-06-23 13:56 . 2012-04-21 09:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-23 13:56 . 2012-04-21 13:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-04 13:46 . 2012-04-21 09:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-04 13:46 . 2012-04-21 13:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-04 13:46 . 2012-04-21 09:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-04 13:46 . 2012-04-21 13:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-21 12:02 . 2012-04-21 12:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-21 17:14 . 2012-04-21 17:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-21 17:14 . 2012-04-21 17:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-21 12:02 . 2012-04-21 12:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-06-24 09:29 . 2012-04-21 17:14 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-06-24 09:29 . 2012-04-21 12:03 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-04-21 09:52 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-04-21 13:42 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-04-21 12:02 450436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-21 17:13 450436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-15 20:44 . 2012-04-21 17:13 2243860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-879712419-658512947-2250940320-1001-12288.dat
- 2011-05-15 20:44 . 2012-04-21 12:02 2243860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-879712419-658512947-2250940320-1001-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BlazeServoTool"="c:\program files (x86)\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe" [2010-03-06 286720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-10-02 98304]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-17 2245120]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]
"Print2PDF Print Monitor"="c:\program files (x86)\Software602\Print2PDF\Print2PDF.exe" [2011-10-04 220992]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - d:\program files (x86)\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2012-03-06 134920]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R2 vtigercrm504;vtigercrm504;c:\program files (x86)\vtigercrm5\apache\bin\Apache.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 253088]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 602XML Updater;602Updater;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [2009-09-15 44312]
S2 Secunia PSI Agent;Secunia PSI Agent;d:\program files (x86)\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;d:\program files (x86)\PSI\sua.exe [2011-10-14 399416]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\Drivers\IT9135BDA.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EeeStorageBackup"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-11-26 1732608]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-06-12 619392]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 10.2.0.200 212.65.193.157
FF - ProfilePath - c:\users\mp\AppData\Roaming\Mozilla\Firefox\Profiles\rlcn1z7y.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);FF - user.js: extensions.funmoods_i.newTab - false
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files\ASUS\Net4Switch\Net4Switch.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
.
**************************************************************************
.
Celkový čas: 2012-04-21 19:24:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-21 17:24
ComboFix2.txt 2012-04-21 12:13
.
Před spuštěním: Volných bajtů: 76 323 106 816
Po spuštění: Volných bajtů: 75 895 345 152
.
- - End Of File - - 7E654B17AE90EC7747F3532F05DF0E0F

[vyosek]

Jak se chova nas pacient

[petr-kapr]

Win se spustil bez problému, Win Update pořád nechce zaktualizaovat soubory a jinak vše jede jako dřív.

[vyosek]

Jaky je problem s aktualizacemi

[petr-kapr]

Tyhle nejde nainstalovat. Viz přiložení print screen

[vyosek]

A jakou to hodi chybu?

[petr-kapr]

Je to chyba 643. Aktualizace 1, 3, 4 (pořadí podle print scr.) se zdají nainstalované, ale po restartu nejsou taky nainstalované. Dál taky se mně win při spouštění jakéhokoliv programu ptá, jestli chci povolit, aby program provedl změny v pc. Mám to nastavené na úroveň doporučenou Win.

[vyosek]

Vypnutí UAC

Pomocí nabídky Start spusťte Ovládací panely, otevřete Uživatelské účty a klepněte na odkaz Změnit nastavení nástroje Řízení uživatelských účtů.

Nové nastavení UAC má podobu táhla se čtyřmi polohami. Nejvyšší zabezpečení znamená, že vás systém bude vždy upozorňovat při instalaci a změnách ve Windows, a to i při těch, které provedete sami. Druhá pozice je výchozí nastavení, kdy vás UAC upozorní jen na změny prováděné některými programy - nikoli vámi samotnými.

Třetí pozice je prakticky stejná, pouze zde zamezíte přepínání na tzv. Secure Desktop, Zabezpečenou plochu. Jinými slovy vypnete nepříjemné stmívání, které u některých grafických karet nutí monitor probliknout. A konečně nejnižší pozicí táhla lze UAC úplně vypnout.

S aktualizacemi se zkuste obratit na technickou podporu microsoftu - mate na ni pravo, jelikoz mate produkt zakoupen

[petr-kapr]

Díky za rady. Teď se mi stalo, že se najednou vypnula obrazovka. PC jsem pak musel na tvrdo vypnout a asi 3x se mi vůbec nespustil Win. Nemůže to taky být nějakám virem?

[vyosek]

Nehuci nejak moc vetraky, zkontrolujte i vetraci pruduchy jestli nejsou zaneseny prachem

[petr-kapr]

No to často hučí. Díky moc zkusím to.

[vyosek]

Tak tam bych asi hledal chybku...