prosim o kontrolu

[Márty84]

Tohle znate a pouzivate? C:\Program Files\Common Files\Tencent\QQPhoneManager


Vypnete antivir, at nebrani programu v praci.
Znovu spustte OTL
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]

:services
SkypeUpdate
AdobeFlashPlayerUpdateSvc
gusvc

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\WINDOWS\tasks\Adobe Flash Player Updater.job

:otl
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-842925246-1897051121-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
[25 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[93 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=-
"uTorrent"=-

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

[Kodlz]

ten program jsem kdysi zkousel...ale daval jsem ho odinstalovat.


All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Kaja
->Temp folder emptied: 478151780 bytes
->Temporary Internet Files folder emptied: 14515449 bytes
->FireFox cache emptied: 59198506 bytes
->Flash cache emptied: 7438 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 99923530 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1037358 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3261500743 bytes

Total Files Cleaned = 3 733,00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: Kaja
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point
========== SERVICES/DRIVERS ==========
Service SkypeUpdate stopped successfully!
Service SkypeUpdate deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Service gusvc stopped successfully!
Service gusvc deleted successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-842925246-1897051121-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP119F.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP130B.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP131C.tmp\PresentationCore.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP131C.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP157B.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP163E.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1659.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1C63.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1D09.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1D29.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1D47.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP223.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP24E.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP278.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP532.tmp\System.ServiceModel.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP532.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP604.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP66C.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6B4.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP790.tmp\mscorlib.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP790.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7B6.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP812.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP89B.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8B1.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPADE.tmp\System.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPADE.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE63.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF71.tmp folder deleted successfully.
C:\WINDOWS\Installer\MSI27.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2B8.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2BB.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2BC.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2BD.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2BF.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2B.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2C0.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2C1.tmp-\HD-Frontend-Native.dll deleted successfully.
C:\WINDOWS\Installer\MSI2C1.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2C2.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2C3.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2C4.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2C5.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2C6.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2C7.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2C8.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2CA.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2CF.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2D0.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2D1.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2D2.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2D3.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2D4.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2D5.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2D6.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2D7.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2D8.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2D9.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2DA.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2DB.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2DC.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2DD.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2DE.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2DF.tmp-\HD-ShortcutHandler.dll deleted successfully.
C:\WINDOWS\Installer\MSI2DF.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2E.tmp deleted successfully.
C:\WINDOWS\Installer\MSI2E0.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2E1.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2E2.tmp-\HD-ShortcutHandler.dll deleted successfully.
C:\WINDOWS\Installer\MSI2E2.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2E5.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2E7.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2E9.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2EA.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI2EB.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI32.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI34.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI35.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI36.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI37.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI38.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI47.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI48.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI49.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI4B.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI4C.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI6C.tmp deleted successfully.
C:\WINDOWS\Installer\MSI6D.tmp deleted successfully.
C:\WINDOWS\Installer\MSI6E.tmp deleted successfully.
C:\WINDOWS\Installer\MSI6F.tmp deleted successfully.
C:\WINDOWS\Installer\MSI70.tmp deleted successfully.
C:\WINDOWS\Installer\MSI7E.tmp deleted successfully.
C:\WINDOWS\Installer\MSIBC3.tmp deleted successfully.
C:\WINDOWS\Installer\MSIBC6.tmp deleted successfully.
C:\WINDOWS\Installer\MSIBC7.tmp deleted successfully.
C:\WINDOWS\Installer\MSIBCA.tmp deleted successfully.
C:\WINDOWS\Installer\MSIBCB.tmp deleted successfully.
C:\WINDOWS\Installer\MSIBCC.tmp deleted successfully.
C:\WINDOWS\Installer\MSIBCD.tmp deleted successfully.
C:\WINDOWS\Installer\MSIBD1.tmp deleted successfully.
C:\WINDOWS\Installer\MSIBD3.tmp deleted successfully.
C:\WINDOWS\Installer\MSIDF.tmp deleted successfully.
C:\WINDOWS\Installer\MSIE0.tmp deleted successfully.
C:\WINDOWS\Installer\MSIE1.tmp deleted successfully.
C:\WINDOWS\Installer\MSIE2.tmp deleted successfully.
C:\WINDOWS\Installer\MSIE3.tmp deleted successfully.
C:\WINDOWS\Installer\MSIE4.tmp deleted successfully.
C:\WINDOWS\Installer\MSIE5.tmp deleted successfully.
C:\WINDOWS\Installer\MSIE6.tmp deleted successfully.
C:\WINDOWS\Installer\MSIE7.tmp deleted successfully.
C:\WINDOWS\Installer\MSIE8.tmp deleted successfully.
C:\WINDOWS\Installer\MSIE9.tmp deleted successfully.
C:\WINDOWS\Installer\MSIEA.tmp deleted successfully.
C:\WINDOWS\Installer\MSIEB.tmp deleted successfully.
C:\WINDOWS\Installer\MSIEC.tmp deleted successfully.
C:\WINDOWS\Installer\MSIED.tmp deleted successfully.
C:\WINDOWS\Installer\MSIEE.tmp deleted successfully.
C:\WINDOWS\Installer\MSIEF.tmp deleted successfully.
C:\WINDOWS\Installer\MSIF0.tmp deleted successfully.
C:\WINDOWS\Installer\MSIF1.tmp deleted successfully.
C:\WINDOWS\Installer\MSIF2.tmp deleted successfully.
C:\WINDOWS\Installer\MSIF3.tmp deleted successfully.
C:\WINDOWS\Installer\MSIF4.tmp deleted successfully.
C:\WINDOWS\Installer\MSIF5.tmp deleted successfully.
C:\WINDOWS\Installer\MSIF6.tmp deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Skype deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent not found.

OTL by OldTimer - Version 3.2.69.0 log created on 05212014_205429

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Márty84]

T-Cleaner http://tharifas.sweb.cz/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.
Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.

Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustte
Kliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat

Stahnete Ccleaner http://www.piriform.com/ccleaner/download/slim a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!

Defragmentujte disk(y)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak je na tom pc.

[Kodlz]

defragmentaci a ccleaner uklid delavam i ja, takze nejake zrychleni neocekavam.
to potvrzovaci okno ve FaceBooku mi vyskakuje porad. nejspis to bude asi realna zadost o potvrzeni emailu, ikdyz nechapu duvod proc po zadani emailu to chce po me znovu i heslo. ale zatim staci dat vse zrusit.

[Márty84]

Jak casto to asi dela? Dela to ve vsech prohlizecich? Dela to i pri prihlaseni z jineho pc?

[Kodlz]

vyskoci mi to jen sem tam... a prvne se to objevilo asi 2mesice zpet. na jinych pc ani prohlizecich jsem to nezkousel, pouzivam hlavne FF...na mobilu mi zatim nic nevyzkocilo.

[Márty84]

Zkuste firefox preinstalovat (zalozky muzete zazalohujte pomoci mozbackup http://www.stahuj.centrum.cz/utility_a_ ... mozbackup/ )


Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte ComboFix.
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[Kodlz]

ComboFix 14-05-29.01 - Karel 29.05.2014 23:07:31.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2779 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kaja\Plocha\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-04-28 do 2014-05-29 )))))))))))))))))))))))))))))))
.
.
2014-05-29 20:58 . 2014-05-29 20:58 48392 ----a-w- c:\windows\system32\certsentry.dll
2014-05-25 15:56 . 2014-05-25 15:56 -------- d-----w- c:\program files\Common Files\Skype
2014-05-22 05:19 . 2014-05-22 05:20 -------- d-----w- c:\program files\Defraggler
2014-05-21 14:01 . 2014-05-21 14:01 -------- d-----w- c:\documents and settings\Kaja\Local Settings\Data aplikací\TomTom
2014-05-21 14:01 . 2014-05-21 14:01 -------- d-----w- c:\documents and settings\Kaja\Data aplikací\TomTom
2014-05-21 14:00 . 2014-05-21 14:00 -------- d-----w- c:\program files\TomTom HOME 2
2014-05-21 13:59 . 2014-05-21 13:59 -------- d-----w- c:\program files\TomTom International B.V
2014-05-21 13:47 . 2014-05-21 13:47 -------- d-----w- c:\documents and settings\Kaja\Local Settings\Data aplikací\Downloaded Installations
2014-05-20 12:54 . 2014-05-20 12:54 -------- d-----w- c:\documents and settings\Kaja\Data aplikací\Malwarebytes
2014-05-20 12:53 . 2014-05-20 12:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2014-05-18 07:26 . 2014-05-21 20:08 -------- d-----w- c:\program files\trend micro
2014-05-17 13:33 . 2014-05-17 13:37 -------- d-----w- c:\documents and settings\Kaja\Data aplikací\VSO
2014-05-17 13:33 . 2014-05-17 13:33 -------- d-----w- c:\program files\VSO
2014-05-17 12:33 . 2014-05-17 12:35 -------- d-----w- c:\documents and settings\Kaja\Local Settings\Data aplikací\Google
2014-05-17 12:32 . 2014-05-17 12:33 -------- d-----w- c:\program files\Google
2014-05-16 20:36 . 2014-04-17 20:37 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2014-05-16 20:36 . 2014-04-17 20:37 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys
2014-05-16 20:34 . 2014-05-16 20:34 -------- d-----w- c:\documents and settings\Kaja\.swt
2014-05-14 21:58 . 2014-05-14 21:58 -------- d-----w- c:\documents and settings\Kaja\Data aplikací\AdbDriverInstaller
2014-05-14 21:28 . 2014-05-14 21:28 -------- d-----w- c:\program files\ClockworkMod
2014-05-14 21:12 . 2014-05-14 21:12 -------- d-----w- c:\documents and settings\Kaja\Data aplikac?
2014-05-14 21:11 . 2014-05-14 21:11 -------- d-----w-encent c:\docume~1\Kaja\DATAAP~2
2014-05-14 21:11 . 2014-05-14 21:11 -------- d-----w-encent c:\docume~1\ALLUSE~1\DATAAP~2
2014-05-14 21:10 . 2014-05-19 19:38 -------- d-----w- c:\documents and settings\Kaja\Data aplikací\Tencent
2014-05-14 21:10 . 2014-05-14 21:11 -------- d-----w- c:\program files\Common Files\Tencent
2014-05-14 20:10 . 2014-05-14 20:10 13824 ----a-w- c:\windows\system32\drivers\USBDrv.sys
2014-05-13 08:28 . 2014-05-13 08:28 -------- d-----w- c:\documents and settings\Kaja\Data aplikací\Comodo
2014-05-05 10:38 . 2014-05-05 10:38 -------- d-----w- c:\documents and settings\Kaja\.android
2014-05-05 10:29 . 2008-11-07 16:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2014-05-04 19:39 . 2014-05-04 19:39 229208 ----a-w- c:\windows\system32\drivers\VMM.sys
2014-04-30 08:10 . 2014-05-04 16:48 -------- d-----w- c:\program files\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-14 21:58 . 2011-05-24 06:59 851176 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2014-05-14 17:35 . 2014-03-04 11:09 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 17:35 . 2014-03-04 11:09 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-29 17:23 . 2014-04-29 17:23 165232 ---ha-w- c:\documents and settings\Kaja\Data aplikací\Microsoft\Virtual PC\VPCKeyboard.dll
2014-04-17 20:37 . 2011-05-24 07:00 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-04-16 21:12 . 2013-09-24 09:54 104920 ----a-w- c:\windows\system32\drivers\inspect.sys
2014-04-16 21:12 . 2013-11-14 10:38 607448 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2014-04-16 21:12 . 2013-09-24 09:54 29912 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2014-04-16 21:12 . 2013-09-24 09:54 15704 ----a-w- c:\windows\system32\drivers\cmderd.sys
2014-04-10 03:58 . 2014-04-10 03:58 773968 ----a-w- c:\windows\system32\msvcr100.dll
2014-04-10 03:58 . 2014-04-10 03:58 421200 ----a-w- c:\windows\system32\msvcp100.dll
2014-04-10 03:58 . 2014-04-10 03:58 138056 ----a-w- c:\windows\system32\atl100.dll
2014-03-31 20:46 . 2014-03-31 20:46 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2014-03-31 20:46 . 2014-03-31 20:46 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-03-25 19:22 . 2013-11-14 10:38 36000 ----a-w- c:\windows\system32\cmdcsr.dll
2014-03-25 19:22 . 2013-09-24 09:53 363504 ----a-w- c:\windows\system32\guard32.dll
2014-03-25 19:22 . 2013-09-24 09:53 284888 ----a-w- c:\windows\system32\cmdvrt32.dll
2014-03-25 19:22 . 2013-09-24 09:53 40664 ----a-w- c:\windows\system32\cmdkbd32.dll
2014-03-15 10:17 . 2014-03-15 10:17 231760 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2014-03-11 20:07 . 2014-03-11 20:07 4550656 ----a-w- c:\windows\system32\GPhotos.scr
2014-03-11 19:34 . 2014-03-11 19:34 922112 ------w- c:\windows\system32\imapi2fs.dll
2014-03-11 19:34 . 2014-03-11 19:34 426496 ------w- c:\windows\system32\imapi2.dll
2014-03-01 12:26 . 2014-02-28 23:56 17488 ----a-w- c:\windows\etdrv.sys
2014-03-01 11:48 . 2014-02-28 23:40 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2014-03-01 11:48 . 2014-02-28 23:06 17488 ----a-w- c:\windows\gdrv.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2014-02-25 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-18 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{50F4150A-48B2-417A-BE4C-C83F580FB904}]
2014-03-05 09:24 139320 ----a-w- c:\program files\Common Files\Tencent\QQPhoneManager\2.0.201.3196\npQQPhoneManagerExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-05-08 21446272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2013-10-04 20145368]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2014-03-25 1225944]
"WD Spindown Utility"="c:\program files\Western Digital Technologies\Spindown\ExSpinDn.exe" [2004-08-09 278528]
"WD Button Manager"="WDBtnMgr.exe" [2014-02-26 364544]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Kaja\Nabídka Start\Programy\Po spuštění\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock Plus\ObjectDock.exe [2011-11-12 4152536]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
ImageBrowser EX Agent.lnk - c:\program files\Canon\ImageBrowser EX\MFManager.exe [2012-8-30 69120]
WD Backup Monitor.lnk - c:\program files\My Book\WD Backup\uBBMonitor.exe [2014-2-26 98304]
.
c:\documents and settings\Kaja\Nabídka Start\Programy\Po spuštění\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock Plus\ObjectDock.exe [2011-11-12 4152536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\TeamViewer\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\TeamViewer_Service.exe"=
"c:\\Program Files\\MyPhoneExplorer\\MyPhoneExplorer.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Arma 2\\arma2.exe"=
"c:\\Program Files\\Codemasters\\Operation Flashpoint\\ColdWarAssault.exe"=
"c:\\Program Files\\Common Files\\Tencent\\QQDownload\\125\\Tencentdl.exe"=
"c:\\Documents and Settings\\Kaja\\Data aplikací\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [24.9.2013 11:54 15704]
R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [14.11.2013 12:38 607448]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [24.9.2013 11:54 29912]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [21.5.2014 12:22 2135232]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [25.2.2014 17:21 239680]
R2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\TeamViewer_Service.exe [25.2.2014 16:29 4915040]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27.8.2013 15:57 93072]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [25.2.2014 16:47 32896]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [9.4.2014 21:52 103040]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25.2.2014 16:31 25088]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [25.2.2014 14:12 1691480]
S3 awUSB;awUSB;c:\windows\system32\drivers\USBDrv.sys [14.5.2014 22:10 13824]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\Comodo\COMODO Internet Security\cmdvirth.exe [24.9.2013 11:53 1663192]
S3 etdrv;etdrv;c:\windows\etdrv.sys [1.3.2014 1:56 17488]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [16.5.2014 22:36 12400]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [1.3.2014 1:06 160256]
S3 OSFMount;OSFMount;\??\c:\documents and settings\Kaja\Local Settings\Temp\Rar$EXa0.777\bin\OSFMount.sys --> c:\documents and settings\Kaja\Local Settings\Temp\Rar$EXa0.777\bin\OSFMount.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - DRAGONUPDATER
.
Obsah adresáře 'Naplánované úlohy'
.
2014-05-29 c:\windows\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-11-11 21:12]
.
2014-05-29 c:\windows\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-11-11 21:12]
.
2014-05-29 c:\windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-11-11 21:12]
.
2014-05-29 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-11-11 21:12]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 88.212.8.8 88.212.8.88
FF - ProfilePath - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\jldqgzeo.default\
FF - prefs.js: browser.startup.homepage - www.centrum.cz
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-29 23:18
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\System\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\System\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\MACHINE\Software\CLASSES\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\MACHINE\Software\CLASSES\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\System\VritualRoot\MACHINE\Software\CLASSES\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1660)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(1716)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
.
- - - - - - - > 'csrss.exe'(1612)
c:\windows\system32\cmdcsr.dll
.
Celkový čas: 2014-05-29 23:23:17
ComboFix-quarantined-files.txt 2014-05-29 21:23
.
Před spuštěním: Volných bajtů: 26 319 728 640
Po spuštění: Volných bajtů: 26 632 646 656
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 3335C858441DBB189BE750A2FEEAC882
413FC2A0C716421B3158746D63736515

[Márty84]

Najdete tento soubor c:\windows\system32\drivers\tcpip.sys a otestujte ho na virustotal a jotti http://forum.viry.cz/viewtopic.php?f=29&t=5846 Vysledky sem zkopirujte, nebo dejte odkaz.

[Kodlz]

virus total:

Kód: Vybrat vše

https://www.virustotal.com/cs/file/41f7af89da20be99b45ed8db714be0709547b93a2fc2421703eb288521122ec4/analysis/

jotti byl cisty.

[Márty84]

Na virustotalu nebyl testovan ten vas soubor. Musite tam dat Reanalyse.

Analysis date: 2014-03-06 21:50:35 UTC ( 2 měsíce, 3 týdny ago )

Normalne by vysledek z jedne stranky stacil, ale jelikoz tu nemam odkaz na jotti, nevim, jestli tam byl testovan ten vas, nebo to byl taky jen nejaky stary vysledek

[Kodlz]

Kód: Vybrat vše

https://www.virustotal.com/cs/file/41f7af89da20be99b45ed8db714be0709547b93a2fc2421703eb288521122ec4/analysis/1401478188/

Kód: Vybrat vše

http://virusscan.jotti.org/cs/scanresult/849af80fabeea53cc43720b8d2c51674230b5e11

[Márty84]

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

Folder::
c:\program files\Common Files\Tencent\QQPhoneManager

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{50F4150A-48B2-417A-BE4C-C83F580FB904}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"=-

RegLock::
[HKEY_LOCAL_MACHINE\software\COMODO\CIS\Installer\Sym_Cam\CIS]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cmdAgent\Mode\Configurations]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cmdAgent\Mode\Data]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cmdAgent\Mode\Options]
[HKEY_LOCAL_MACHINE\System\Software\COMODO\Cam]
[HKEY_LOCAL_MACHINE\System\Software\COMODO\Firewall Pro]
[HKEY_LOCAL_MACHINE\System\VritualRoot\MACHINE\Software\CLASSES\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
[HKEY_LOCAL_MACHINE\System\VritualRoot\MACHINE\Software\CLASSES\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\System\VritualRoot\MACHINE\Software\CLASSES\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[Kodlz]

ComboFix 14-05-29.01 - Karel 31.05.2014 21:03:55.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2758 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kaja\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Kaja\Plocha\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-04-28 do 2014-05-31 )))))))))))))))))))))))))))))))
.
.
2014-05-30 22:04 . 2014-05-30 22:04 -------- d-----r- C:\Sandbox
2014-05-30 22:01 . 2014-05-30 22:01 -------- d-----w- c:\program files\Sandboxie
2014-05-30 04:07 . 2014-05-30 04:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\COMODO
2014-05-29 20:58 . 2014-05-29 20:58 48392 ----a-w- c:\windows\system32\certsentry.dll
2014-05-25 15:56 . 2014-05-25 15:56 -------- d-----w- c:\program files\Common Files\Skype
2014-05-22 05:19 . 2014-05-22 05:20 -------- d-----w- c:\program files\Defraggler
2014-05-21 14:01 . 2014-05-21 14:01 -------- d-----w- c:\documents and settings\Kaja\Local Settings\Data aplikací\TomTom
2014-05-21 14:01 . 2014-05-21 14:01 -------- d-----w- c:\documents and settings\Kaja\Data aplikací\TomTom
2014-05-21 14:00 . 2014-05-21 14:00 -------- d-----w- c:\program files\TomTom HOME 2
2014-05-21 13:59 . 2014-05-21 13:59 -------- d-----w- c:\program files\TomTom International B.V
2014-05-21 13:47 . 2014-05-21 13:47 -------- d-----w- c:\documents and settings\Kaja\Local Settings\Data aplikací\Downloaded Installations
2014-05-20 12:54 . 2014-05-20 12:54 -------- d-----w- c:\documents and settings\Kaja\Data aplikací\Malwarebytes
2014-05-20 12:53 . 2014-05-20 12:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2014-05-18 07:26 . 2014-05-21 20:08 -------- d-----w- c:\program files\trend micro
2014-05-17 13:33 . 2014-05-17 13:37 -------- d-----w- c:\documents and settings\Kaja\Data aplikací\VSO
2014-05-17 13:33 . 2014-05-17 13:33 -------- d-----w- c:\program files\VSO
2014-05-17 12:33 . 2014-05-17 12:35 -------- d-----w- c:\documents and settings\Kaja\Local Settings\Data aplikací\Google
2014-05-17 12:32 . 2014-05-17 12:33 -------- d-----w- c:\program files\Google
2014-05-16 20:36 . 2014-04-17 20:37 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2014-05-16 20:36 . 2014-04-17 20:37 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys
2014-05-16 20:34 . 2014-05-16 20:34 -------- d-----w- c:\documents and settings\Kaja\.swt
2014-05-14 21:58 . 2014-05-14 21:58 -------- d-----w- c:\documents and settings\Kaja\Data aplikací\AdbDriverInstaller
2014-05-14 21:28 . 2014-05-14 21:28 -------- d-----w- c:\program files\ClockworkMod
2014-05-14 21:12 . 2014-05-14 21:12 -------- d-----w- c:\documents and settings\Kaja\Data aplikac?
2014-05-14 21:11 . 2014-05-14 21:11 -------- d-----w-encent c:\docume~1\Kaja\DATAAP~2
2014-05-14 21:11 . 2014-05-14 21:11 -------- d-----w-encent c:\docume~1\ALLUSE~1\DATAAP~2
2014-05-14 21:10 . 2014-05-19 19:38 -------- d-----w- c:\documents and settings\Kaja\Data aplikací\Tencent
2014-05-14 20:10 . 2014-05-14 20:10 13824 ----a-w- c:\windows\system32\drivers\USBDrv.sys
2014-05-13 08:28 . 2014-05-13 08:28 -------- d-----w- c:\documents and settings\Kaja\Data aplikací\Comodo
2014-05-05 10:38 . 2014-05-05 10:38 -------- d-----w- c:\documents and settings\Kaja\.android
2014-05-05 10:29 . 2008-11-07 16:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2014-05-04 19:39 . 2014-05-04 19:39 229208 ----a-w- c:\windows\system32\drivers\VMM.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-14 21:58 . 2011-05-24 06:59 851176 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2014-05-14 17:35 . 2014-03-04 11:09 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 17:35 . 2014-03-04 11:09 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-29 17:23 . 2014-04-29 17:23 165232 ---ha-w- c:\documents and settings\Kaja\Data aplikací\Microsoft\Virtual PC\VPCKeyboard.dll
2014-04-17 20:37 . 2011-05-24 07:00 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-04-16 21:12 . 2013-09-24 09:54 104920 ----a-w- c:\windows\system32\drivers\inspect.sys
2014-04-16 21:12 . 2013-11-14 10:38 607448 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2014-04-16 21:12 . 2013-09-24 09:54 29912 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2014-04-16 21:12 . 2013-09-24 09:54 15704 ----a-w- c:\windows\system32\drivers\cmderd.sys
2014-04-10 03:58 . 2014-04-10 03:58 773968 ----a-w- c:\windows\system32\msvcr100.dll
2014-04-10 03:58 . 2014-04-10 03:58 421200 ----a-w- c:\windows\system32\msvcp100.dll
2014-04-10 03:58 . 2014-04-10 03:58 138056 ----a-w- c:\windows\system32\atl100.dll
2014-03-31 20:46 . 2014-03-31 20:46 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2014-03-31 20:46 . 2014-03-31 20:46 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-03-25 19:22 . 2013-11-14 10:38 36000 ----a-w- c:\windows\system32\cmdcsr.dll
2014-03-25 19:22 . 2013-09-24 09:53 363504 ----a-w- c:\windows\system32\guard32.dll
2014-03-25 19:22 . 2013-09-24 09:53 284888 ----a-w- c:\windows\system32\cmdvrt32.dll
2014-03-25 19:22 . 2013-09-24 09:53 40664 ----a-w- c:\windows\system32\cmdkbd32.dll
2014-03-15 10:17 . 2014-03-15 10:17 231760 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2014-03-11 20:07 . 2014-03-11 20:07 4550656 ----a-w- c:\windows\system32\GPhotos.scr
2014-03-11 19:34 . 2014-03-11 19:34 922112 ------w- c:\windows\system32\imapi2fs.dll
2014-03-11 19:34 . 2014-03-11 19:34 426496 ------w- c:\windows\system32\imapi2.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2014-02-25 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-18 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2014-05-19 631816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2013-10-04 20145368]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2014-03-25 1225944]
"WD Spindown Utility"="c:\program files\Western Digital Technologies\Spindown\ExSpinDn.exe" [2004-08-09 278528]
"WD Button Manager"="WDBtnMgr.exe" [2014-02-26 364544]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Kaja\Nabídka Start\Programy\Po spuštění\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock Plus\ObjectDock.exe [2011-11-12 4152536]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
ImageBrowser EX Agent.lnk - c:\program files\Canon\ImageBrowser EX\MFManager.exe [2012-8-30 69120]
WD Backup Monitor.lnk - c:\program files\My Book\WD Backup\uBBMonitor.exe [2014-2-26 98304]
.
c:\documents and settings\Kaja\Nabídka Start\Programy\Po spuštění\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock Plus\ObjectDock.exe [2011-11-12 4152536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\TeamViewer\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\TeamViewer_Service.exe"=
"c:\\Program Files\\MyPhoneExplorer\\MyPhoneExplorer.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Arma 2\\arma2.exe"=
"c:\\Program Files\\Codemasters\\Operation Flashpoint\\ColdWarAssault.exe"=
"c:\\Program Files\\Common Files\\Tencent\\QQDownload\\125\\Tencentdl.exe"=
"c:\\Documents and Settings\\Kaja\\Data aplikací\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [24.9.2013 11:54 15704]
R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [14.11.2013 12:38 607448]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [24.9.2013 11:54 29912]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [21.5.2014 12:22 2135232]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [25.2.2014 17:21 239680]
R2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\TeamViewer_Service.exe [25.2.2014 16:29 4915040]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27.8.2013 15:57 93072]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [25.2.2014 16:47 32896]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [9.4.2014 21:52 103040]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25.2.2014 16:31 25088]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [25.2.2014 14:12 1691480]
S3 awUSB;awUSB;c:\windows\system32\drivers\USBDrv.sys [14.5.2014 22:10 13824]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\Comodo\COMODO Internet Security\cmdvirth.exe [24.9.2013 11:53 1663192]
S3 etdrv;etdrv;c:\windows\etdrv.sys [1.3.2014 1:56 17488]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [16.5.2014 22:36 12400]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [1.3.2014 1:06 160256]
S3 OSFMount;OSFMount;\??\c:\documents and settings\Kaja\Local Settings\Temp\Rar$EXa0.777\bin\OSFMount.sys --> c:\documents and settings\Kaja\Local Settings\Temp\Rar$EXa0.777\bin\OSFMount.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2014-05-31 c:\windows\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-11-11 21:12]
.
2014-05-31 c:\windows\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-11-11 21:12]
.
2014-05-31 c:\windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-11-11 21:12]
.
2014-05-31 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-11-11 21:12]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 88.212.8.8 88.212.8.88
FF - ProfilePath - c:\documents and settings\Kaja\Data aplikací\Mozilla\Firefox\Profiles\jldqgzeo.default\
FF - prefs.js: browser.startup.homepage - www.centrum.cz
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-31 21:18
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\System\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\System\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1664)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(1720)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
.
- - - - - - - > 'explorer.exe'(2984)
c:\windows\system32\guard32.dll
c:\program files\Stardock\ObjectDock Plus\DockShellHook.dll
c:\program files\LClock\LC.dll
c:\windows\system32\WSOCK32.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\WDBtnMgr.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Stardock\ObjectDock Plus\ObjectDockTray.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\windows\system32\wscntfy.exe
c:\program files\COMODO\COMODO Internet Security\cavwp.exe
c:\program files\COMODO\COMODO Internet Security\cis.exe
.
**************************************************************************
.
Celkový čas: 2014-05-31 21:23:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-05-31 19:23
ComboFix2.txt 2014-05-29 21:23
.
Před spuštěním: Volných bajtů: 27 665 424 384
Po spuštění: Volných bajtů: 27 669 778 432
.
- - End Of File - - 4A45BACEB36DB0099713CFA7BDA03C6E
413FC2A0C716421B3158746D63736515

[Márty84]

Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

T-Cleaner http://tharifas.sweb.cz/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Nastala nejaka zmena?