VIRY.CZ

Poprosim o DDS http://forum.viry.cz/viewtopic.php?f=13&t=125171

V Google Chrome není se smajlíky problém

Teď log:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Ondra at 20:07:05 on 2013-12-13
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.304 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Launch Manager\LManager.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\PersistenceThread.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Overwolf\Overwolf.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\igfxext.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.daum.net/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=ao751h&r=0xph04101706l03c3wu45w48l15641
uSearchURL,(Default) = hxxp://search.daum.net/search?nil_profile=ie&ref_code=ms&q=%s
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Pomocník pro přihlášení ke službě Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ProductReg] c:\program files\acer\wr_popup\ProductReg.exe
uRun: [Overwolf] c:\program files\overwolf\Overwolf.exe -silent
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [PersistenceThread] c:\windows\system32\PersistenceThread.exe
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\ondra\nabdka~1\programy\posput~1\vezyob~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 213.46.172.36 192.168.0.1
TCP: Interfaces\{EA403CE8-4B73-4520-983C-7E62DC1DAF3A} : DHCPNameServer = 213.46.172.36 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igdlogin - igdlogin.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ondra\data aplikací\mozilla\firefox\profiles\pwhdinor.default\
FF - prefs.js: browser.search.selectedEngine - Centrum.cz classic
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/?utm_source=ch-toolbar&u ... paign=home
FF - prefs.js: keyword.URL - hxxp://search.centrum.cz/?charset=UTF-8&channel_id=ch-toolbar-ff,ch-toolbar-ff-searchbox,tb-classic&utm_source=ch-toolbar&utm_medium=ff-centrum-cz&utm_content=toolbar-searchbox&utm_campaign=classic&q=
FF - plugin: c:\documents and settings\ondra\data aplikacă\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\ondra\data aplikacă\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\ondra\data aplikacă\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\ondra\local settings\data aplikacă\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\ondra\local settings\data aplikacă\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 214696]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-8-28 18544]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-7-30 237568]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [2009-7-30 5096544]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2009-7-30 69120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-7-30 1684736]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-12-6 40776]
S3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files\overwolf\OverwolfUpdater.exe [2013-9-25 96184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-7-30 164864]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 756392]
.
=============== Created Last 30 ================
.
2013-12-12 14:03:09 7772552 ----a-w- c:\documents and settings\all users\data aplikací\microsoft\microsoft antimalware\definition updates\{80bf1710-af38-47f9-a0b0-a28ddb8d9b69}\mpengine.dll
2013-12-12 13:37:33 -------- d-sha-r- C:\cmdcons
2013-12-12 13:34:14 98816 ----a-w- c:\windows\sed.exe
2013-12-12 13:34:14 256000 ----a-w- c:\windows\PEV.exe
2013-12-12 13:34:14 208896 ----a-w- c:\windows\MBR.exe
2013-12-11 16:32:51 -------- d-----w- c:\program files\common files\Overwolf
2013-12-10 16:10:12 -------- d-----w- C:\FRST
2013-12-08 16:54:02 7772552 ----a-w- c:\documents and settings\all users\data aplikací\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-12-06 17:00:37 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-12-06 17:00:35 -------- d-----w- c:\documents and settings\ondra\data aplikací\Malwarebytes
2013-12-06 17:00:01 -------- d-----w- c:\documents and settings\all users\data aplikací\Malwarebytes
2013-12-06 16:59:51 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-06 16:59:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-06 16:34:25 -------- d-----w- C:\AdwCleaner
2013-12-06 16:16:20 -------- d-----w- c:\windows\ERUNT
2013-12-06 13:56:44 -------- d-----w- c:\program files\trend micro
2013-11-15 17:26:20 -------- d-----w- c:\documents and settings\all users\data aplikací\Overwolf
.
==================== Find3M ====================
.
2013-11-19 10:21:30 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-13 16:45:55 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-13 16:45:54 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-13 16:45:16 17813896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-10-13 11:42:08 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:12:07 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-13 07:12:07 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:12:06 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57:59 385024 ----a-w- c:\windows\system32\html.iec
2013-10-12 15:57:30 279552 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:13:11 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 11:00:01 606208 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:42:42 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-09-27 08:53:06 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 07:32:46 93654616 ----a-w- c:\program files\avast_free_antivirus_setup.exe
.
============= FINISH: 20:09:01,65 ===============

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

DDS::
uStart Page = hxxp://www.daum.net/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5w48l15641
uSearchURL,(Default) = hxxp://search.daum.net/search?nil_profi ... code=ms&q=%s
mRun: [SunJavaUpdateSched]
mRun: [Adobe ARM]

Firefox::
FF - ProfilePath - c:\documents and settings\ondra\data aplikací\mozilla\firefox\profiles\pwhdinor.default\
FF - prefs.js: browser.search.selectedEngine - Centrum.cz classic
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/?utm_source=ch-to ... paign=home
FF - prefs.js: keyword.URL - hxxp://search.centrum.cz/?charset=UTF-8 ... classic&q=

File::
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
c:\windows\Tasks\User_Feed_Synchronization-{9C6452F8-6F82-4E43-9676-8EAC8B6277A0}.job

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

ComboFix 13-12-13.01 - Ondra 14.12.2013 8:58.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.321 [GMT 1:00]
Spuštěný z: c:\documents and settings\Ondra\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Ondra\Plocha\CFscript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job"
"c:\windows\Tasks\User_Feed_Synchronization-{9C6452F8-6F82-4E43-9676-8EAC8B6277A0}.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-14 do 2013-12-14 )))))))))))))))))))))))))))))))
.
.
2013-12-14 08:17 . 2013-12-14 08:17 -------- d-----w- c:\windows\LastGood
2013-12-14 07:49 . 2013-12-14 07:49 40392 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{80BF1710-AF38-47F9-A0B0-A28DDB8D9B69}\MpKsl06d5c7ff.sys
2013-12-12 14:03 . 2013-11-08 01:15 7772552 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{80BF1710-AF38-47F9-A0B0-A28DDB8D9B69}\mpengine.dll
2013-12-11 16:32 . 2013-12-11 16:35 -------- d-----w- c:\program files\Common Files\Overwolf
2013-12-11 16:32 . 2013-12-11 16:32 -------- d-----w- c:\program files\Common Files\Skype
2013-12-10 16:10 . 2013-12-10 20:25 -------- d-----w- C:\FRST
2013-12-08 16:54 . 2013-11-08 01:15 7772552 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-06 17:00 . 2013-12-06 17:02 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-12-06 17:00 . 2013-12-06 17:00 -------- d-----w- c:\documents and settings\Ondra\Data aplikací\Malwarebytes
2013-12-06 17:00 . 2013-12-06 17:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-12-06 16:59 . 2013-12-06 17:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-06 16:59 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-06 16:34 . 2013-12-06 16:40 -------- d-----w- C:\AdwCleaner
2013-12-06 16:16 . 2013-12-06 16:16 -------- d-----w- c:\windows\ERUNT
2013-12-06 13:56 . 2013-12-06 13:57 -------- d-----w- c:\program files\trend micro
2013-12-06 13:56 . 2013-12-06 13:57 -------- d-----w- C:\rsit
2013-11-15 17:26 . 2013-11-15 17:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Overwolf
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-14 07:46 . 2012-08-28 13:47 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-14 07:46 . 2011-08-02 18:08 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 10:21 . 2013-08-13 14:15 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-13 11:42 . 2009-07-30 07:44 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:12 . 2009-07-30 07:43 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-13 07:12 . 2009-07-30 07:43 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:12 . 2009-07-30 07:43 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57 . 2009-07-30 07:43 385024 ----a-w- c:\windows\system32\html.iec
2013-10-12 15:57 . 2009-07-30 07:43 279552 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:13 . 2009-07-30 07:43 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 11:00 . 2009-07-30 07:43 606208 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:42 . 2008-05-05 05:25 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-09-27 08:53 . 2013-06-18 19:50 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 07:32 . 2012-08-28 07:30 93654616 ----a-w- c:\program files\avast_free_antivirus_setup.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2009-04-15 135168]
"Overwolf"="c:\program files\Overwolf\Overwolf.exe" [2013-12-09 35768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-20 817672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-01 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-01 354840]
"PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2009-05-01 92696]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-17 53248]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-27 1434920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Ondra\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-6-20 607584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin]
2009-04-28 03:44 65536 ----a-w- c:\windows\system32\igdlogin.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Acer\\Acer VCM\\VC.exe"=
"c:\\Documents and Settings\\Ondra\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\Mila Sopouskova\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.5.2010 12:05 691696]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [28.8.2012 14:36 18544]
R1 MpKsl06d5c7ff;MpKsl06d5c7ff;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{80BF1710-AF38-47F9-A0B0-A28DDB8D9B69}\MpKsl06d5c7ff.sys [14.12.2013 8:49 40392]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [30.7.2009 2:59 237568]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [30.7.2009 1:40 5096544]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [30.7.2009 1:46 1684736]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6.12.2013 18:00 40776]
S3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files\Overwolf\OverwolfUpdater.exe [25.9.2013 17:09 96184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [30.7.2009 1:32 164864]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-04 15:37 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-12-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 07:46]
.
2013-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 11:04]
.
2013-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 11:04]
.
2013-12-14 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 14:01]
.
2013-12-14 c:\windows\Tasks\User_Feed_Synchronization-{9C6452F8-6F82-4E43-9676-8EAC8B6277A0}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uSearchURL,(Default) = hxxp://search.daum.net/search?nil_profile=ie&ref_code=ms&q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 213.46.172.36 192.168.0.1
FF - ProfilePath - c:\documents and settings\Ondra\Data aplikací\Mozilla\Firefox\Profiles\pwhdinor.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-14 09:32
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1632)
c:\program files\Overwolf\OWExplorer-20125.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Celkový čas: 2013-12-14 09:39:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-12-14 08:39
ComboFix2.txt 2013-12-12 14:01
.
Před spuštěním: Volných bajtů: 115 646 738 432
Po spuštění: Volných bajtů: 116 298 211 328
.
- - End Of File - - BDAC83A40EBDDD3A64309A370E7CF126
5C616939100B85E558DA92B899A0FC36

Jak se chova PC??

PC se zrychlil, po tom co jsm ComboFix použil tak se mi cca každou miutu nepoužívání uspal, po restartu to už bylo v poho. Zítra ještě zkusím udělat MBAM sken, tak si počkej.

Ještě prosím o napsání postubu k odinstalaci centrum toolbaru. A nevíš jak se mi jen tak mohla nastait domovská stránka na msn.com?

PS: Nevadá ti když ti tykám? Jestli jo, tak s tím přestanu

Tykani mi nevadi, ale navody mam psane ve vykani

Centrum Toolbar - zkus pres Pridat\odebrat programy

msn.com, nooo netusim, nejde zmenit??

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

VIRY.CZ

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu