VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

do počítače se mi nainstalovaly pochybné programy

https://forum.viry.cz:443/viewtopic.php?t=139237

Stránka 2 z 3

Re: do počítače se mi nainstalovaly pochybné programy

Napsal: 20 črc 2014 20:12
od Rudy
Všechno, co je v tomto skriptu: http://forum.viry.cz/viewtopic.php?f=13 ... 7#p1334532 bylo smazáno. Pokud tam zbyly nějaké adresáře po těch šmejdech, klidně je smažte.

Re: do počítače se mi nainstalovaly pochybné programy

Napsal: 20 črc 2014 20:53
od zorttan
tak sem to zkoušel ale nejde to :( piše to že program je program spuštěn v jinem programu konkretne services.exe

Re: do počítače se mi nainstalovaly pochybné programy

Napsal: 20 črc 2014 20:57
od Rudy
Zkusíme ještě log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

Re: do počítače se mi nainstalovaly pochybné programy

Napsal: 20 črc 2014 21:33
od zorttan
ok hned zítra ráno to zkusím momentálně nejsem u nakaženého počítače :) ale rozhodně děkuji za váš čas

Re: do počítače se mi nainstalovaly pochybné programy

Napsal: 20 črc 2014 21:37
od Rudy
Rádo se stalo! :)

Re: do počítače se mi nainstalovaly pochybné programy

Napsal: 21 črc 2014 09:46
od zorttan
tak jsem to udělal jak jste mi napsal a zde je report:


ComboFix 14-07-20.02 - Lenovo 21.07.2014 10:03:17.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2518.1401 [GMT 2:00]
Spuštěný z: c:\users\Lenovo\Desktop\ComboFix.exe
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Cache
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\73a6ec784f301a5e.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_globalUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-06-21 do 2014-07-21 )))))))))))))))))))))))))))))))
.
.
2014-07-21 08:09 . 2014-07-21 08:12 -------- d-----w- c:\users\Lenovo\AppData\Local\temp
2014-07-20 17:38 . 2014-07-20 17:38 -------- d-----w- C:\_OTM
2014-07-20 16:31 . 2014-07-20 17:41 -------- d-----w- c:\program files\trend micro
2014-07-20 16:31 . 2014-07-20 16:32 -------- d-----w- C:\rsit
2014-07-20 09:30 . 2014-07-20 11:14 -------- d-----w- C:\FRST
2014-07-20 08:23 . 2014-07-20 08:23 -------- d-----w- C:\Intel
2014-07-19 15:20 . 2014-07-19 15:20 -------- d-----w- c:\programdata\Innovative Solutions
2014-07-19 15:20 . 2014-07-19 15:20 -------- d-----w- c:\users\Lenovo\AppData\Local\Innovative Solutions
2014-07-19 15:20 . 2014-07-19 15:20 -------- d-----w- c:\program files\Common Files\Innovative Solutions
2014-07-19 15:20 . 2014-07-20 12:16 -------- d-----w- c:\program files\Innovative Solutions
2014-07-19 09:53 . 2014-07-19 09:53 -------- d-----w- c:\users\Lenovo\AppData\Local\globalUpdate
2014-07-19 09:53 . 2014-07-19 09:53 -------- d-----w- c:\program files\globalUpdate
2014-07-19 09:52 . 2014-07-20 19:55 -------- d-----w- c:\program files\YouTube Accelerator
2014-07-19 09:51 . 2014-07-19 09:51 -------- d-----w- c:\users\Lenovo\AppData\Local\Installer
2014-07-19 09:51 . 2014-07-19 09:51 -------- d-----w- c:\users\Lenovo\AppData\Local\CrashRpt
2014-07-19 09:50 . 2014-07-19 13:45 -------- d-----w- c:\users\Lenovo\AppData\Roaming\Seznam.cz
2014-07-19 09:45 . 2014-07-14 10:26 36152 ----a-w- c:\windows\system32\TURegOpt.exe
2014-07-19 09:45 . 2014-07-14 10:26 25400 ----a-w- c:\windows\system32\authuitu.dll
2014-07-16 15:16 . 2013-11-01 09:12 810496 ----a-w- c:\windows\system32\xvidcore.dll
2014-07-16 15:16 . 2013-11-01 09:12 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2014-07-16 15:16 . 2013-11-01 09:12 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2014-07-14 16:48 . 2003-03-19 09:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2014-07-14 16:48 . 1997-03-25 03:02 229888 ----a-w- c:\windows\system32\bc520rtl.dll
2014-07-14 16:48 . 2003-02-21 16:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2014-07-13 17:16 . 2014-07-13 17:16 -------- d-----w- c:\programdata\Conexant
2014-07-13 17:16 . 2014-07-13 17:16 -------- d-----w- c:\users\Lenovo\AppData\Local\Conexant
2014-07-13 17:11 . 2009-11-24 12:36 22408 ----a-w- c:\windows\system32\drivers\camboxdrv.sys
2014-07-13 17:11 . 2007-05-03 16:56 152560 ----a-w- c:\windows\system32\VXBox.dll
2014-07-13 16:05 . 2014-06-18 01:52 868864 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-07-13 16:05 . 2014-06-18 01:52 399360 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-07-13 16:05 . 2014-06-18 01:52 348672 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll
2014-07-13 16:05 . 2014-06-18 00:52 2350080 ----a-w- c:\windows\system32\win32k.sys
2014-07-13 16:05 . 2014-06-18 01:52 104448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2014-07-13 16:05 . 2014-06-18 01:51 181760 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TabTip.exe
2014-07-13 16:05 . 2014-06-18 01:51 646144 ----a-w- c:\windows\system32\osk.exe
2014-07-13 16:05 . 2014-06-18 01:50 544768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipRes.dll
2014-07-13 16:04 . 2014-05-30 06:36 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-07-13 16:03 . 2014-06-05 14:26 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-10 19:44 . 2014-06-06 09:44 509440 ----a-w- c:\windows\system32\qedit.dll
2014-07-06 09:43 . 2014-05-08 09:06 2742784 ----a-w- c:\windows\system32\rdpcorets.dll
2014-07-06 09:43 . 2014-05-08 09:06 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-07-06 09:15 . 2014-07-06 09:15 -------- d-sh--w- c:\users\Lenovo\AppData\Local\icsxml
2014-07-06 09:15 . 2014-07-06 09:15 -------- d-----w- c:\users\Lenovo\AppData\Roaming\Letasoft
2014-07-06 09:15 . 2014-07-06 09:15 -------- d-----w- c:\program files\Letasoft Sound Booster
2014-07-04 07:28 . 2014-07-04 07:28 -------- d-----w- c:\users\Lenovo\AppData\Roaming\AVG
2014-07-04 07:28 . 2014-07-04 07:28 -------- d-----w- c:\users\Lenovo\AppData\Local\AVG
2014-07-04 07:23 . 2014-07-20 12:40 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-07-04 07:23 . 2014-07-20 12:15 -------- d-----w- c:\programdata\AVG
2014-07-04 07:16 . 2013-09-25 01:57 792576 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-07-04 07:16 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2014-07-04 07:16 . 2014-05-02 02:35 96768 ----a-w- c:\windows\system32\drivers\UMDF\WUDFUsbccidDriver.dll
2014-07-04 07:15 . 2014-06-08 08:48 391680 ----a-w- c:\windows\system32\aepdu.dll
2014-07-04 07:15 . 2014-06-08 08:43 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-07-03 20:47 . 2014-07-16 14:55 -------- d-----w- c:\program files\LiveJasmin.com
2014-07-03 13:26 . 2014-07-03 13:26 -------- d-----w- c:\users\Lenovo\AppData\Roaming\Unity
2014-07-03 11:29 . 2014-07-03 11:29 -------- d-----w- c:\users\Lenovo\AppData\Local\Unity
2014-07-01 20:07 . 2014-07-01 20:07 -------- d-----w- c:\users\Lenovo\AppData\Local\Logitech® Webcam Software
2014-07-01 20:03 . 2014-07-01 20:03 -------- d-----w- c:\programdata\LogiShrd
2014-07-01 20:03 . 2014-07-01 20:03 -------- d-----w- c:\users\Lenovo\AppData\Roaming\Leadertech
2014-07-01 20:03 . 2014-07-01 20:03 53248 ----a-r- c:\users\Lenovo\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2014-07-01 20:01 . 2014-07-01 20:04 -------- d-----w- c:\program files\Common Files\LogiShrd
2014-07-01 20:01 . 2014-07-01 20:03 -------- d-----w- c:\program files\Logitech
2014-07-01 15:54 . 2014-07-20 20:03 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-01 15:54 . 2014-07-20 20:03 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-01 15:54 . 2014-07-01 15:54 -------- d-----w- c:\windows\system32\Macromed
2014-07-01 15:52 . 2014-07-01 15:52 -------- d-sh--w- c:\users\Lenovo\AppData\Local\EmieUserList
2014-07-01 15:52 . 2014-07-01 15:52 -------- d-sh--w- c:\users\Lenovo\AppData\Local\EmieSiteList
2014-07-01 14:48 . 2014-04-05 02:25 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-07-01 14:48 . 2014-04-05 02:24 187840 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-07-01 14:48 . 2014-03-26 14:27 1389056 ----a-w- c:\windows\system32\msxml6.dll
2014-07-01 14:48 . 2014-03-26 14:27 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-07-01 14:48 . 2014-03-26 14:25 2048 ----a-w- c:\windows\system32\msxml6r.dll
2014-07-01 14:48 . 2014-03-26 14:25 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-07-01 14:45 . 2014-04-25 02:06 626688 ----a-w- c:\windows\system32\usp10.dll
2014-07-01 13:49 . 2014-07-01 13:49 -------- d-----w- c:\users\Lenovo\AppData\Roaming\Skyrim - Legendary Edition
2014-07-01 13:48 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2014-07-01 13:48 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2014-07-01 13:48 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2014-07-01 13:48 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2014-07-01 13:48 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2014-07-01 13:48 . 2007-04-04 16:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2014-07-01 12:55 . 2014-07-01 12:55 -------- d-----w- c:\users\Lenovo\AppData\Local\Skyrim
2014-07-01 12:06 . 2014-07-01 12:06 -------- d-----w- c:\program files\R.G. Mechanics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-17 14:22 . 2014-06-17 14:22 188696 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-06-17 14:21 . 2014-06-17 14:21 197400 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-06-17 14:18 . 2014-06-17 14:18 241944 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-06-17 14:17 . 2014-06-17 14:17 147736 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-06-17 14:06 . 2014-06-17 14:06 199960 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-06-17 14:06 . 2014-06-17 14:06 121624 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-06-17 14:06 . 2014-06-17 14:06 98584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2014-06-17 14:06 . 2014-06-17 14:06 27416 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-06-17 14:06 . 2014-06-17 14:06 21272 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2013-06-14 5020456]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"RotateImage"="c:\program files\RotateImage\RCIMGDIR.exe" [2008-10-30 31744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 171288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 172824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-05-04 98304]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PIconStartup.exe" [2010-02-04 111640]
"MobileBroadband"="c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2012-03-20 69632]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-12 204136]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-06-17 5179408]
.
c:\users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ql-printer.lnk - c:\program files\tisknulevne\ql-printer\QL-Printer.exe [2014-4-17 1454080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2012-08-24 127072]
R2 SPBIUpd;ShopperPro Update;c:\program files\Common Files\ShopperPro\spbiu.exe [x]
R2 SPDRIVER_1.37.0.199;SPDRIVER_1.37.0.199;c:\program files\ShopperPro\JSDriver\1.37.0.199\jsdrv.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2013-06-14 280640]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-03-16 102784]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-03-16 11136]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files\globalUpdate\Update\GoogleUpdate.exe [2014-07-19 68608]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-03-16 89856]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2012-03-16 26624]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2012-03-16 193536]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-06-18 108032]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2013-06-14 1664808]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 scvad_simple;SplitCam Virtual Microphone (WDM);c:\windows\system32\drivers\SplitCamAudio.sys [2013-11-01 18944]
R3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 SPBIUpdd;ShopperPro UpdateD;c:\program files\Common Files\ShopperPro\spbiw.sys [x]
R3 splitcam_hd_driver;SplitCam Virtual Video Driver;c:\windows\system32\DRIVERS\splitcam_hd_driver.sys [2013-12-16 36984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-10-15 1343400]
R4 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-04-25 5024576]
R4 VmbService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2012-03-20 8704]
R4 YouTubeAcceleratorService;YouTubeAcceleratorService;c:\progra~1\YOUTUB~1\YouTubeAcceleratorService.exe [2014-07-19 1510248]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2014-06-17 147736]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2014-06-17 241944]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2014-06-17 27416]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2013-06-14 25416]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2014-06-17 121624]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2014-06-17 199960]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2014-06-17 21272]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-06-17 188696]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2014-06-17 197400]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-05-04 176128]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [2014-06-27 3241488]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [2014-06-17 289328]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2013-05-23 116216]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2012-12-04 125504]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2010-02-04 2058776]
S3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\RCUVCMNP.sys [2009-10-23 187776]
S3 e1yexpress;Ovladač gigabitových síťových připojení Intel(R);c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-03-16 73984]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2011-10-13 9037312]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2009-05-11 88832]
S3 NETw5s32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 Power Manager DBC Service;Power Manager Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2013-06-14 1668904]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2013-05-29 38768]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-17 22:26 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-01 20:03]
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://start.alawarhry.cz/?pid=17087
LSP: c:\program files\YouTube Accelerator\ytalsp.dll
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{013CD172-B340-4B4F-A38F-EED50107BF7E}: NameServer = 217.77.165.81 217.77.161.131
TCP: Interfaces\{B0DD6A44-2750-4DC0-B393-BBC189367765}: NameServer = 217.77.165.81 217.77.161.131
TCP: Interfaces\{C5B57B3B-D24E-4A12-BD7C-B212454CCB39}: NameServer = 217.77.165.81 217.77.161.131
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG2014\avgrsx.exe
c:\program files\AVG\AVG2014\avgcsrvx.exe
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\LENOVO\HOTKEY\shtctky.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\AVG\AVG2014\avgnsx.exe
c:\program files\AVG\AVG2014\avgemcx.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe
c:\windows\system32\igfxext.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
c:\program files\Intel\AMT\LMS.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2014-07-21 10:15:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-07-21 08:15
.
Před spuštěním: Volných bajtů: 81 615 122 432
Po spuštění: Volných bajtů: 81 159 487 488
.
- - End Of File - - 8F4AFE0F6FC26D9D639347742D3B52E1
A36C5E4F47E84449FF07ED3517B43A31

Re: do počítače se mi nainstalovaly pochybné programy

Napsal: 21 črc 2014 09:58
od zorttan
Akorát teda jsem teď prohlížel počítač a pořád to tam je :( a pořád to nejde odstranit furt to píše že program je spuštěn v jiném programu

Re: do počítače se mi nainstalovaly pochybné programy

Napsal: 21 črc 2014 17:29
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::
Uložten na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Jak se "to" jmenuje?

Re: do počítače se mi nainstalovaly pochybné programy

Napsal: 21 črc 2014 18:31
od zorttan
pri pokusu o přesunutí do koše je konktretně napsano : Soubor je používán
Akci nelze dokončit, protože soubor je otevřen v programu services.exe
a děla to při pokusu o odstranění souboru ytalsp.dll

Re: do počítače se mi nainstalovaly pochybné programy

Napsal: 21 črc 2014 18:53
od zorttan
tak jsem to udělal podle toho návodu a zde je report:


ComboFix 14-07-21.01 - Lenovo 21.07.2014 19:36:47.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2518.1708 [GMT 2:00]
Spuštěný z: c:\users\Lenovo\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Lenovo\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-06-21 do 2014-07-21 )))))))))))))))))))))))))))))))
.
.
2014-07-21 17:43 . 2014-07-21 17:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-21 08:09 . 2014-07-21 17:47 -------- d-----w- c:\users\Lenovo\AppData\Local\temp
2014-07-20 17:38 . 2014-07-20 17:38 -------- d-----w- C:\_OTM
2014-07-20 16:31 . 2014-07-20 17:41 -------- d-----w- c:\program files\trend micro
2014-07-20 16:31 . 2014-07-20 16:32 -------- d-----w- C:\rsit
2014-07-20 09:30 . 2014-07-20 11:14 -------- d-----w- C:\FRST
2014-07-20 08:23 . 2014-07-20 08:23 -------- d-----w- C:\Intel
2014-07-19 15:20 . 2014-07-19 15:20 -------- d-----w- c:\programdata\Innovative Solutions
2014-07-19 15:20 . 2014-07-19 15:20 -------- d-----w- c:\users\Lenovo\AppData\Local\Innovative Solutions
2014-07-19 15:20 . 2014-07-19 15:20 -------- d-----w- c:\program files\Common Files\Innovative Solutions
2014-07-19 15:20 . 2014-07-20 12:16 -------- d-----w- c:\program files\Innovative Solutions
2014-07-19 09:53 . 2014-07-19 09:53 -------- d-----w- c:\users\Lenovo\AppData\Local\globalUpdate
2014-07-19 09:53 . 2014-07-19 09:53 -------- d-----w- c:\program files\globalUpdate
2014-07-19 09:52 . 2014-07-21 09:00 -------- d-----w- c:\program files\YouTube Accelerator
2014-07-19 09:51 . 2014-07-19 09:51 -------- d-----w- c:\users\Lenovo\AppData\Local\Installer
2014-07-19 09:51 . 2014-07-19 09:51 -------- d-----w- c:\users\Lenovo\AppData\Local\CrashRpt
2014-07-19 09:50 . 2014-07-19 13:45 -------- d-----w- c:\users\Lenovo\AppData\Roaming\Seznam.cz
2014-07-19 09:45 . 2014-07-14 10:26 36152 ----a-w- c:\windows\system32\TURegOpt.exe
2014-07-19 09:45 . 2014-07-14 10:26 25400 ----a-w- c:\windows\system32\authuitu.dll
2014-07-16 15:16 . 2013-11-01 09:12 810496 ----a-w- c:\windows\system32\xvidcore.dll
2014-07-16 15:16 . 2013-11-01 09:12 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2014-07-16 15:16 . 2013-11-01 09:12 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2014-07-14 16:48 . 2003-03-19 09:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2014-07-14 16:48 . 1997-03-25 03:02 229888 ----a-w- c:\windows\system32\bc520rtl.dll
2014-07-14 16:48 . 2003-02-21 16:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2014-07-13 17:16 . 2014-07-13 17:16 -------- d-----w- c:\programdata\Conexant
2014-07-13 17:16 . 2014-07-13 17:16 -------- d-----w- c:\users\Lenovo\AppData\Local\Conexant
2014-07-13 17:11 . 2009-11-24 12:36 22408 ----a-w- c:\windows\system32\drivers\camboxdrv.sys
2014-07-13 17:11 . 2007-05-03 16:56 152560 ----a-w- c:\windows\system32\VXBox.dll
2014-07-13 16:05 . 2014-06-18 01:52 868864 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-07-13 16:05 . 2014-06-18 01:52 399360 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-07-13 16:05 . 2014-06-18 01:52 348672 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll
2014-07-13 16:05 . 2014-06-18 00:52 2350080 ----a-w- c:\windows\system32\win32k.sys
2014-07-13 16:05 . 2014-06-18 01:52 104448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2014-07-13 16:05 . 2014-06-18 01:51 181760 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TabTip.exe
2014-07-13 16:05 . 2014-06-18 01:51 646144 ----a-w- c:\windows\system32\osk.exe
2014-07-13 16:05 . 2014-06-18 01:50 544768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipRes.dll
2014-07-13 16:04 . 2014-05-30 06:36 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-07-13 16:03 . 2014-06-05 14:26 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-10 19:44 . 2014-06-06 09:44 509440 ----a-w- c:\windows\system32\qedit.dll
2014-07-06 09:43 . 2014-05-08 09:06 2742784 ----a-w- c:\windows\system32\rdpcorets.dll
2014-07-06 09:43 . 2014-05-08 09:06 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-07-06 09:15 . 2014-07-06 09:15 -------- d-sh--w- c:\users\Lenovo\AppData\Local\icsxml
2014-07-06 09:15 . 2014-07-06 09:15 -------- d-----w- c:\users\Lenovo\AppData\Roaming\Letasoft
2014-07-06 09:15 . 2014-07-06 09:15 -------- d-----w- c:\program files\Letasoft Sound Booster
2014-07-04 07:28 . 2014-07-04 07:28 -------- d-----w- c:\users\Lenovo\AppData\Roaming\AVG
2014-07-04 07:28 . 2014-07-04 07:28 -------- d-----w- c:\users\Lenovo\AppData\Local\AVG
2014-07-04 07:23 . 2014-07-20 12:40 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-07-04 07:23 . 2014-07-20 12:15 -------- d-----w- c:\programdata\AVG
2014-07-04 07:16 . 2013-09-25 01:57 792576 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-07-04 07:16 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2014-07-04 07:16 . 2014-05-02 02:35 96768 ----a-w- c:\windows\system32\drivers\UMDF\WUDFUsbccidDriver.dll
2014-07-04 07:15 . 2014-06-08 08:48 391680 ----a-w- c:\windows\system32\aepdu.dll
2014-07-04 07:15 . 2014-06-08 08:43 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-07-03 20:47 . 2014-07-16 14:55 -------- d-----w- c:\program files\LiveJasmin.com
2014-07-03 13:26 . 2014-07-03 13:26 -------- d-----w- c:\users\Lenovo\AppData\Roaming\Unity
2014-07-03 11:29 . 2014-07-03 11:29 -------- d-----w- c:\users\Lenovo\AppData\Local\Unity
2014-07-01 20:07 . 2014-07-01 20:07 -------- d-----w- c:\users\Lenovo\AppData\Local\Logitech® Webcam Software
2014-07-01 20:03 . 2014-07-01 20:03 -------- d-----w- c:\programdata\LogiShrd
2014-07-01 20:03 . 2014-07-01 20:03 -------- d-----w- c:\users\Lenovo\AppData\Roaming\Leadertech
2014-07-01 20:03 . 2014-07-01 20:03 53248 ----a-r- c:\users\Lenovo\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2014-07-01 20:01 . 2014-07-01 20:04 -------- d-----w- c:\program files\Common Files\LogiShrd
2014-07-01 20:01 . 2014-07-01 20:03 -------- d-----w- c:\program files\Logitech
2014-07-01 15:54 . 2014-07-20 20:03 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-01 15:54 . 2014-07-20 20:03 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-01 15:54 . 2014-07-01 15:54 -------- d-----w- c:\windows\system32\Macromed
2014-07-01 15:52 . 2014-07-01 15:52 -------- d-sh--w- c:\users\Lenovo\AppData\Local\EmieUserList
2014-07-01 15:52 . 2014-07-01 15:52 -------- d-sh--w- c:\users\Lenovo\AppData\Local\EmieSiteList
2014-07-01 14:48 . 2014-04-05 02:25 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-07-01 14:48 . 2014-04-05 02:24 187840 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-07-01 14:48 . 2014-03-26 14:27 1389056 ----a-w- c:\windows\system32\msxml6.dll
2014-07-01 14:48 . 2014-03-26 14:27 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-07-01 14:48 . 2014-03-26 14:25 2048 ----a-w- c:\windows\system32\msxml6r.dll
2014-07-01 14:48 . 2014-03-26 14:25 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-07-01 14:45 . 2014-04-25 02:06 626688 ----a-w- c:\windows\system32\usp10.dll
2014-07-01 13:49 . 2014-07-01 13:49 -------- d-----w- c:\users\Lenovo\AppData\Roaming\Skyrim - Legendary Edition
2014-07-01 13:48 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2014-07-01 13:48 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2014-07-01 13:48 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2014-07-01 13:48 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2014-07-01 13:48 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2014-07-01 13:48 . 2007-04-04 16:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2014-07-01 12:55 . 2014-07-01 12:55 -------- d-----w- c:\users\Lenovo\AppData\Local\Skyrim
2014-07-01 12:06 . 2014-07-01 12:06 -------- d-----w- c:\program files\R.G. Mechanics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-17 14:22 . 2014-06-17 14:22 188696 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-06-17 14:21 . 2014-06-17 14:21 197400 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-06-17 14:18 . 2014-06-17 14:18 241944 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-06-17 14:17 . 2014-06-17 14:17 147736 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-06-17 14:06 . 2014-06-17 14:06 199960 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-06-17 14:06 . 2014-06-17 14:06 121624 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-06-17 14:06 . 2014-06-17 14:06 98584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2014-06-17 14:06 . 2014-06-17 14:06 27416 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-06-17 14:06 . 2014-06-17 14:06 21272 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2013-06-14 5020456]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"RotateImage"="c:\program files\RotateImage\RCIMGDIR.exe" [2008-10-30 31744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 171288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 172824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-05-04 98304]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PIconStartup.exe" [2010-02-04 111640]
"MobileBroadband"="c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2012-03-20 69632]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-12 204136]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-06-17 5179408]
.
c:\users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ql-printer.lnk - c:\program files\tisknulevne\ql-printer\QL-Printer.exe [2014-4-17 1454080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2012-08-24 127072]
R2 SPBIUpd;ShopperPro Update;c:\program files\Common Files\ShopperPro\spbiu.exe [x]
R2 SPDRIVER_1.37.0.199;SPDRIVER_1.37.0.199;c:\program files\ShopperPro\JSDriver\1.37.0.199\jsdrv.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2013-06-14 280640]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-03-16 102784]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-03-16 11136]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files\globalUpdate\Update\GoogleUpdate.exe [2014-07-19 68608]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-03-16 89856]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2012-03-16 26624]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2012-03-16 193536]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-06-18 108032]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2013-06-14 1664808]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 scvad_simple;SplitCam Virtual Microphone (WDM);c:\windows\system32\drivers\SplitCamAudio.sys [2013-11-01 18944]
R3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 SPBIUpdd;ShopperPro UpdateD;c:\program files\Common Files\ShopperPro\spbiw.sys [x]
R3 splitcam_hd_driver;SplitCam Virtual Video Driver;c:\windows\system32\DRIVERS\splitcam_hd_driver.sys [2013-12-16 36984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-10-15 1343400]
R4 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-04-25 5024576]
R4 VmbService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2012-03-20 8704]
R4 YouTubeAcceleratorService;YouTubeAcceleratorService;c:\progra~1\YOUTUB~1\YouTubeAcceleratorService.exe [2014-07-19 1510248]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2014-06-17 147736]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2014-06-17 241944]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2014-06-17 27416]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2013-06-14 25416]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2014-06-17 121624]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2014-06-17 199960]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2014-06-17 21272]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-06-17 188696]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2014-06-17 197400]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-05-04 176128]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [2014-06-27 3241488]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [2014-06-17 289328]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2013-05-23 116216]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2012-12-04 125504]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2010-02-04 2058776]
S3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\RCUVCMNP.sys [2009-10-23 187776]
S3 e1yexpress;Ovladač gigabitových síťových připojení Intel(R);c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-03-16 73984]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2011-10-13 9037312]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2009-05-11 88832]
S3 NETw5s32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 Power Manager DBC Service;Power Manager Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2013-06-14 1668904]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2013-05-29 38768]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-17 22:26 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-01 20:03]
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://start.alawarhry.cz/?pid=17087
LSP: c:\program files\YouTube Accelerator\ytalsp.dll
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{013CD172-B340-4B4F-A38F-EED50107BF7E}: NameServer = 217.77.165.81 217.77.161.131
TCP: Interfaces\{B0DD6A44-2750-4DC0-B393-BBC189367765}: NameServer = 217.77.165.81 217.77.161.131
TCP: Interfaces\{C5B57B3B-D24E-4A12-BD7C-B212454CCB39}: NameServer = 217.77.165.81 217.77.161.131
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG2014\avgrsx.exe
c:\program files\AVG\AVG2014\avgcsrvx.exe
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\LENOVO\HOTKEY\shtctky.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\AVG\AVG2014\avgnsx.exe
c:\program files\AVG\AVG2014\avgemcx.exe
c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
c:\program files\Intel\AMT\LMS.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2014-07-21 19:51:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-07-21 17:51
ComboFix2.txt 2014-07-21 08:15
.
Před spuštěním: Volných bajtů: 80 209 534 976
Po spuštění: Volných bajtů: 80 182 558 720
.
- - End Of File - - 0BFD387B6EDB6CC91A0980A5520916BD
A36C5E4F47E84449FF07ED3517B43A31

Re: do počítače se mi nainstalovaly pochybné programy

Napsal: 21 črc 2014 19:18
od Rudy
Spusťte CF ještě jednou tímto skriptem:
KillAll::

Folder::
C:\Program Files\YouTube Accelerator

Reboot::
Předpokládám, že v tomto adresáři je ytalsp.dll umístěn.

Re: do počítače se mi nainstalovaly pochybné programy

Napsal: 21 črc 2014 19:24
od zorttan
to mam zase vložit do do poznamkoviho bloku ???

Re: do počítače se mi nainstalovaly pochybné programy

Napsal: 21 črc 2014 19:25
od Rudy
Stejný postup jako v předchozím případě.

Re: do počítače se mi nainstalovaly pochybné programy

Napsal: 21 črc 2014 19:44
od zorttan
super je to pryč mockrát děkuji
tady je ten posledni report



ComboFix 14-07-21.01 - Lenovo 21.07.2014 20:29:22.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2518.1537 [GMT 2:00]
Spuštěný z: c:\users\Lenovo\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Lenovo\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\YouTube Accelerator
c:\program files\YouTube Accelerator\engine.dll
c:\program files\YouTube Accelerator\helper.dll
c:\program files\YouTube Accelerator\ipc.dll
c:\program files\YouTube Accelerator\xmldb.dll
c:\program files\YouTube Accelerator\YouTubeAcceleratorService.exe
c:\program files\YouTube Accelerator\ytalsp.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-06-21 do 2014-07-21 )))))))))))))))))))))))))))))))
.
.
2014-07-21 18:35 . 2014-07-21 18:37 -------- d-----w- c:\users\Lenovo\AppData\Local\temp
2014-07-21 18:35 . 2014-07-21 18:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-20 17:38 . 2014-07-20 17:38 -------- d-----w- C:\_OTM
2014-07-20 16:31 . 2014-07-20 17:41 -------- d-----w- c:\program files\trend micro
2014-07-20 16:31 . 2014-07-20 16:32 -------- d-----w- C:\rsit
2014-07-20 09:30 . 2014-07-20 11:14 -------- d-----w- C:\FRST
2014-07-20 08:23 . 2014-07-20 08:23 -------- d-----w- C:\Intel
2014-07-19 15:20 . 2014-07-19 15:20 -------- d-----w- c:\programdata\Innovative Solutions
2014-07-19 15:20 . 2014-07-19 15:20 -------- d-----w- c:\users\Lenovo\AppData\Local\Innovative Solutions
2014-07-19 15:20 . 2014-07-19 15:20 -------- d-----w- c:\program files\Common Files\Innovative Solutions
2014-07-19 15:20 . 2014-07-20 12:16 -------- d-----w- c:\program files\Innovative Solutions
2014-07-19 09:53 . 2014-07-19 09:53 -------- d-----w- c:\users\Lenovo\AppData\Local\globalUpdate
2014-07-19 09:53 . 2014-07-19 09:53 -------- d-----w- c:\program files\globalUpdate
2014-07-19 09:51 . 2014-07-19 09:51 -------- d-----w- c:\users\Lenovo\AppData\Local\Installer
2014-07-19 09:51 . 2014-07-19 09:51 -------- d-----w- c:\users\Lenovo\AppData\Local\CrashRpt
2014-07-19 09:50 . 2014-07-19 13:45 -------- d-----w- c:\users\Lenovo\AppData\Roaming\Seznam.cz
2014-07-19 09:45 . 2014-07-14 10:26 36152 ----a-w- c:\windows\system32\TURegOpt.exe
2014-07-19 09:45 . 2014-07-14 10:26 25400 ----a-w- c:\windows\system32\authuitu.dll
2014-07-16 15:16 . 2013-11-01 09:12 810496 ----a-w- c:\windows\system32\xvidcore.dll
2014-07-16 15:16 . 2013-11-01 09:12 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2014-07-16 15:16 . 2013-11-01 09:12 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2014-07-14 16:48 . 2003-03-19 09:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2014-07-14 16:48 . 1997-03-25 03:02 229888 ----a-w- c:\windows\system32\bc520rtl.dll
2014-07-14 16:48 . 2003-02-21 16:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2014-07-13 17:16 . 2014-07-13 17:16 -------- d-----w- c:\programdata\Conexant
2014-07-13 17:16 . 2014-07-13 17:16 -------- d-----w- c:\users\Lenovo\AppData\Local\Conexant
2014-07-13 17:11 . 2009-11-24 12:36 22408 ----a-w- c:\windows\system32\drivers\camboxdrv.sys
2014-07-13 17:11 . 2007-05-03 16:56 152560 ----a-w- c:\windows\system32\VXBox.dll
2014-07-13 16:05 . 2014-06-18 01:52 868864 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-07-13 16:05 . 2014-06-18 01:52 399360 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-07-13 16:05 . 2014-06-18 01:52 348672 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll
2014-07-13 16:05 . 2014-06-18 00:52 2350080 ----a-w- c:\windows\system32\win32k.sys
2014-07-13 16:05 . 2014-06-18 01:52 104448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2014-07-13 16:05 . 2014-06-18 01:51 181760 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TabTip.exe
2014-07-13 16:05 . 2014-06-18 01:51 646144 ----a-w- c:\windows\system32\osk.exe
2014-07-13 16:05 . 2014-06-18 01:50 544768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipRes.dll
2014-07-13 16:04 . 2014-05-30 06:36 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-07-13 16:03 . 2014-06-05 14:26 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-10 19:44 . 2014-06-06 09:44 509440 ----a-w- c:\windows\system32\qedit.dll
2014-07-06 09:43 . 2014-05-08 09:06 2742784 ----a-w- c:\windows\system32\rdpcorets.dll
2014-07-06 09:43 . 2014-05-08 09:06 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-07-06 09:15 . 2014-07-06 09:15 -------- d-sh--w- c:\users\Lenovo\AppData\Local\icsxml
2014-07-06 09:15 . 2014-07-06 09:15 -------- d-----w- c:\users\Lenovo\AppData\Roaming\Letasoft
2014-07-06 09:15 . 2014-07-06 09:15 -------- d-----w- c:\program files\Letasoft Sound Booster
2014-07-04 07:28 . 2014-07-04 07:28 -------- d-----w- c:\users\Lenovo\AppData\Roaming\AVG
2014-07-04 07:28 . 2014-07-04 07:28 -------- d-----w- c:\users\Lenovo\AppData\Local\AVG
2014-07-04 07:23 . 2014-07-20 12:40 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-07-04 07:23 . 2014-07-20 12:15 -------- d-----w- c:\programdata\AVG
2014-07-04 07:16 . 2013-09-25 01:57 792576 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-07-04 07:16 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2014-07-04 07:16 . 2014-05-02 02:35 96768 ----a-w- c:\windows\system32\drivers\UMDF\WUDFUsbccidDriver.dll
2014-07-04 07:15 . 2014-06-08 08:48 391680 ----a-w- c:\windows\system32\aepdu.dll
2014-07-04 07:15 . 2014-06-08 08:43 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-07-03 20:47 . 2014-07-16 14:55 -------- d-----w- c:\program files\LiveJasmin.com
2014-07-03 13:26 . 2014-07-03 13:26 -------- d-----w- c:\users\Lenovo\AppData\Roaming\Unity
2014-07-03 11:29 . 2014-07-03 11:29 -------- d-----w- c:\users\Lenovo\AppData\Local\Unity
2014-07-01 20:07 . 2014-07-01 20:07 -------- d-----w- c:\users\Lenovo\AppData\Local\Logitech® Webcam Software
2014-07-01 20:03 . 2014-07-01 20:03 -------- d-----w- c:\programdata\LogiShrd
2014-07-01 20:03 . 2014-07-01 20:03 -------- d-----w- c:\users\Lenovo\AppData\Roaming\Leadertech
2014-07-01 20:03 . 2014-07-01 20:03 53248 ----a-r- c:\users\Lenovo\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2014-07-01 20:01 . 2014-07-01 20:04 -------- d-----w- c:\program files\Common Files\LogiShrd
2014-07-01 20:01 . 2014-07-01 20:03 -------- d-----w- c:\program files\Logitech
2014-07-01 15:54 . 2014-07-20 20:03 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-01 15:54 . 2014-07-20 20:03 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-01 15:54 . 2014-07-01 15:54 -------- d-----w- c:\windows\system32\Macromed
2014-07-01 15:52 . 2014-07-01 15:52 -------- d-sh--w- c:\users\Lenovo\AppData\Local\EmieUserList
2014-07-01 15:52 . 2014-07-01 15:52 -------- d-sh--w- c:\users\Lenovo\AppData\Local\EmieSiteList
2014-07-01 14:48 . 2014-04-05 02:25 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-07-01 14:48 . 2014-04-05 02:24 187840 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-07-01 14:48 . 2014-03-26 14:27 1389056 ----a-w- c:\windows\system32\msxml6.dll
2014-07-01 14:48 . 2014-03-26 14:27 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-07-01 14:48 . 2014-03-26 14:25 2048 ----a-w- c:\windows\system32\msxml6r.dll
2014-07-01 14:48 . 2014-03-26 14:25 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-07-01 14:45 . 2014-04-25 02:06 626688 ----a-w- c:\windows\system32\usp10.dll
2014-07-01 13:49 . 2014-07-01 13:49 -------- d-----w- c:\users\Lenovo\AppData\Roaming\Skyrim - Legendary Edition
2014-07-01 13:48 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2014-07-01 13:48 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2014-07-01 13:48 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2014-07-01 13:48 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2014-07-01 13:48 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2014-07-01 13:48 . 2007-04-04 16:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2014-07-01 12:55 . 2014-07-01 12:55 -------- d-----w- c:\users\Lenovo\AppData\Local\Skyrim
2014-07-01 12:06 . 2014-07-01 12:06 -------- d-----w- c:\program files\R.G. Mechanics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-17 14:22 . 2014-06-17 14:22 188696 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-06-17 14:21 . 2014-06-17 14:21 197400 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-06-17 14:18 . 2014-06-17 14:18 241944 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-06-17 14:17 . 2014-06-17 14:17 147736 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-06-17 14:06 . 2014-06-17 14:06 199960 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-06-17 14:06 . 2014-06-17 14:06 121624 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-06-17 14:06 . 2014-06-17 14:06 98584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2014-06-17 14:06 . 2014-06-17 14:06 27416 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-06-17 14:06 . 2014-06-17 14:06 21272 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2013-06-14 5020456]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"RotateImage"="c:\program files\RotateImage\RCIMGDIR.exe" [2008-10-30 31744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 171288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 172824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-05-04 98304]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PIconStartup.exe" [2010-02-04 111640]
"MobileBroadband"="c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2012-03-20 69632]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-12 204136]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-06-17 5179408]
.
c:\users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ql-printer.lnk - c:\program files\tisknulevne\ql-printer\QL-Printer.exe [2014-4-17 1454080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2012-08-24 127072]
R2 SPBIUpd;ShopperPro Update;c:\program files\Common Files\ShopperPro\spbiu.exe [x]
R2 SPDRIVER_1.37.0.199;SPDRIVER_1.37.0.199;c:\program files\ShopperPro\JSDriver\1.37.0.199\jsdrv.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2013-06-14 280640]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-03-16 102784]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-03-16 11136]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files\globalUpdate\Update\GoogleUpdate.exe [2014-07-19 68608]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-03-16 89856]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2012-03-16 26624]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2012-03-16 193536]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-06-18 108032]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2013-06-14 1664808]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 scvad_simple;SplitCam Virtual Microphone (WDM);c:\windows\system32\drivers\SplitCamAudio.sys [2013-11-01 18944]
R3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 SPBIUpdd;ShopperPro UpdateD;c:\program files\Common Files\ShopperPro\spbiw.sys [x]
R3 splitcam_hd_driver;SplitCam Virtual Video Driver;c:\windows\system32\DRIVERS\splitcam_hd_driver.sys [2013-12-16 36984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-10-15 1343400]
R4 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-04-25 5024576]
R4 VmbService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2012-03-20 8704]
R4 YouTubeAcceleratorService;YouTubeAcceleratorService;c:\progra~1\YOUTUB~1\YouTubeAcceleratorService.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2014-06-17 147736]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2014-06-17 241944]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2014-06-17 27416]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2013-06-14 25416]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2014-06-17 121624]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2014-06-17 199960]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2014-06-17 21272]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-06-17 188696]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2014-06-17 197400]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-05-04 176128]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [2014-06-27 3241488]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [2014-06-17 289328]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2013-05-23 116216]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2012-12-04 125504]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2010-02-04 2058776]
S3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\RCUVCMNP.sys [2009-10-23 187776]
S3 e1yexpress;Ovladač gigabitových síťových připojení Intel(R);c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-03-16 73984]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2011-10-13 9037312]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2009-05-11 88832]
S3 NETw5s32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 Power Manager DBC Service;Power Manager Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2013-06-14 1668904]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2013-05-29 38768]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-17 22:26 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-01 20:03]
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://start.alawarhry.cz/?pid=17087
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{013CD172-B340-4B4F-A38F-EED50107BF7E}: NameServer = 217.77.165.81 217.77.161.131
TCP: Interfaces\{B0DD6A44-2750-4DC0-B393-BBC189367765}: NameServer = 217.77.165.81 217.77.161.131
TCP: Interfaces\{C5B57B3B-D24E-4A12-BD7C-B212454CCB39}: NameServer = 217.77.165.81 217.77.161.131
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG2014\avgrsx.exe
c:\program files\AVG\AVG2014\avgcsrvx.exe
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\taskhost.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\LENOVO\HOTKEY\shtctky.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\AVG\AVG2014\avgnsx.exe
c:\program files\AVG\AVG2014\avgemcx.exe
c:\windows\system32\conhost.exe
c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\windows\System32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe
c:\windows\system32\igfxext.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
c:\program files\Intel\AMT\LMS.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2014-07-21 20:40:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-07-21 18:40
ComboFix2.txt 2014-07-21 17:51
ComboFix3.txt 2014-07-21 08:15
.
Před spuštěním: Volných bajtů: 80 220 164 096
Po spuštění: Volných bajtů: 80 177 143 808
.
- - End Of File - - B54EEA9014F7FAF8FCCCBC8C840C21AF
A36C5E4F47E84449FF07ED3517B43A31

Re: do počítače se mi nainstalovaly pochybné programy

Napsal: 21 črc 2014 20:42
od Rudy
Ano, je ve smazaných. CF odinstalujte pomocí T-Cleaneru: http://vyosek.tym.cz/pro_usery/T-Cleaner.exe . Pokud není jiný problém, je to vše.
Všechny časy jsou v UTC+01:00
Stránka 2 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz