VIRY.CZ

ComboFix 14-08-15.01 - Ingrida . 08. 2014 14:48:34.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.421.1051.18.3066.1913 [GMT 2:00]
Running from: c:\users\Ingrida\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ingrida\AppData\Roaming\Love
c:\users\Ingrida\AppData\Roaming\Love\mari0\options.txt
c:\windows\system32\SETBBC5.tmp
c:\windows\system32\SETBCB2.tmp
.
.
((((((((((((((((((((((((( Files Created from 2014-07-17 to 2014-08-17 )))))))))))))))))))))))))))))))
.
.
2014-08-17 12:59 . 2014-08-17 12:59 -------- d-----w- c:\users\Ingrida\AppData\Local\temp
2014-08-17 12:59 . 2014-08-17 12:59 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-08-17 12:59 . 2014-08-17 12:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-09 21:06 . 2014-08-09 21:06 -------- d-----w- c:\program files\ESET
2014-08-09 19:18 . 2014-08-09 19:18 87608 ----a-w- c:\users\Ingrida\AppData\Roaming\inst.exe
2014-08-09 18:50 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-08-09 12:56 . 2014-08-09 12:56 -------- d-----w- c:\users\Ingrida\AppData\Local\TempPDFC
2014-08-09 08:28 . 2014-08-09 11:15 -------- d-----w- C:\FRST
2014-08-03 09:53 . 2014-08-03 09:53 188304 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2014-08-03 09:53 . 2014-08-03 09:53 188304 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2014-07-19 15:14 . 2014-07-19 15:14 -------- d-----w- c:\users\Ingrida\AppData\Local\Opera Software
2014-07-19 15:14 . 2014-07-19 15:14 -------- d-----w- c:\users\Ingrida\AppData\Roaming\Opera Software
2014-07-19 09:09 . 2014-07-19 09:09 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-09 19:18 . 2010-04-25 12:38 47360 ----a-w- c:\users\Ingrida\AppData\Roaming\pcouffin.sys
2014-07-10 06:27 . 2012-05-28 13:34 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-10 06:27 . 2011-06-14 17:53 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-10 06:27 . 2014-07-10 06:27 11204096 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-01-09 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-05-12 318488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2014-02-24 5075104]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-04-11 09:54 3672384 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2009-11-25 19:42 54672 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2008-05-08 00:34 238984 ----a-w- c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-11 14:11 287800 ----a-r- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-04-16 10:07 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-15 07:41 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 06:27]
.
2014-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 18:23]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Ingrida\AppData\Roaming\Mozilla\Firefox\Profiles\f12jha0d.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - (no file)
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-sl-dlc - c:\program files\OApps\sl-dlc_uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-08-17 14:59
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-425153742-1188894343-820399068-1004\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,00,44,
36,c0,0d,09,0c,b0,aa,90,f5,66,65,0f,85
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,3b,1b,9a,51,10,
2e,9f,12,8b,09,9c,e0,df,d4,39,cb,d8,0d
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,84,15,
e3,6c,9a,42,04,a7,32,c9,b5,28,9d,18,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c4,fa,
a1,53,94,bc,5b,a4,e4,5f,fc,c8,41,f8,1b
"{3134413B-49B4-425C-98A5-893C1F195601}"=hex:51,66,7a,6c,4c,1d,3b,1b,2b,5b,24,
2d,82,1f,30,08,80,ac,d6,60,1e,52,1b,15
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2b,95,
6e,f3,66,4e,07,af,f0,54,e0,1c,73,ee,6a
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1a,d8,
c7,73,f2,37,09,a4,7d,c3,79,c0,8e,c5,bd
"{DF21F1DB-80C6-11D3-9483-B03D0EC10000}"=hex:51,66,7a,6c,4c,1d,3b,1b,cb,eb,31,
c3,f0,d6,bf,5b,8c,8a,ef,61,0f,8a,4d,14
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,21,3d,
51,88,3f,16,0d,88,fc,a2,87,04,7e,34,61
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,3b,1b,44,3c,4e,
92,1b,fb,d3,02,b4,24,8e,23,01,c2,c0,12
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,3b,1b,a1,d8,08,
3f,53,1f,b8,5b,83,11,5f,cc,26,ee,80,5b
"{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,a6,d5,35,
64,3c,1f,07,09,87,2f,15,27,5d,b7,4c,bd
"{7F6AFBF1-E065-4627-A2FD-810366367D01}"=hex:51,66,7a,6c,4c,1d,3b,1b,e1,e1,7a,
63,53,b6,4b,0c,ba,f4,de,5f,67,7d,30,15
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,3b,1b,48,f7,48,
b6,eb,57,fd,07,9b,3a,90,4c,56,3f,3e,e3
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8d,04,
6a,c6,80,40,0c,ae,e2,8b,86,f0,92,60,57
"{7B523E7C-F096-4E36-A0CB-7EFEB5C675C1}"=hex:51,66,7a,6c,4c,1d,3b,1b,6c,24,42,
67,a0,a6,5a,04,b8,c2,21,a2,b4,8d,38,d5
"{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}"=hex:51,66,7a,6c,4c,1d,3b,1b,c6,1b,81,
51,96,0d,24,0a,a5,d7,21,71,f4,07,c1,53
"{54739D49-AC03-4C57-9264-C5195596B3A1}"=hex:51,66,7a,6c,4c,1d,38,12,27,9e,60,
50,31,e2,39,09,ed,72,86,59,50,c8,f7,b5
.
[HKEY_USERS\S-1-5-21-425153742-1188894343-820399068-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{70619E99-3054-922B-A2D9-A9F61AF0FEDA}*]
"jalblhfcommoajcedbpl"=hex:62,61,6e,70,00,f6
"ialceckijhnceoolnm"=hex:6b,61,6b,70,6e,6e,6c,6d,69,68,70,68,65,6c,6f,6b,64,65,
67,6e,70,6b,00,00
"jalblhfcommoajcedbll"=hex:62,61,6d,70,00,f6
"habdoipcboimpgdh"=hex:6b,61,6b,70,6e,6e,62,61,67,67,68,64,62,6c,6d,6a,63,63,
64,67,6d,6c,00,00
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(988)
c:\windows\System32\APSHook.dll
.
- - - - - - - > 'lsass.exe'(744)
c:\windows\System32\APSHook.dll
.
Completion time: 2014-08-17 15:02:09
ComboFix-quarantined-files.txt 2014-08-17 13:02
ComboFix2.txt 2013-01-28 08:13
.
Pre-Run: 39 453 044 736 bytes free
Post-Run: 46 603 722 752 bytes free
.
- - End Of File - - 9DD1D477E589FB21BA2185FBF6E5EC80
5C616939100B85E558DA92B899A0FC36

Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\program files\Google\GoogleToolbarNotifier

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

Driver::
accoca

Regnull::
[HKEY_USERS\S-1-5-21-425153742-1188894343-820399068-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{70619E99-3054-922B-A2D9-A9F61AF0FEDA}*]

RegLock::
[HKEY_USERS\S-1-5-21-425153742-1188894343-820399068-1004\Software\Microsoft\Internet Explorer\Approved Extensions]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

ComboFix 14-08-15.01 - Ingrida . 08. 2014 10:33:26.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.421.1051.18.3066.1897 [GMT 2:00]
Running from: c:\users\Ingrida\Desktop\ComboFix.exe
Command switches used :: c:\users\Ingrida\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\GoogleToolbarNotifier
c:\program files\Google\GoogleToolbarNotifier\5.7.9012.1008\gth.dll
c:\program files\Google\GoogleToolbarNotifier\5.7.9012.1008\gtn.dll
c:\program files\Google\GoogleToolbarNotifier\5.7.9012.1008\Readme.url
c:\program files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_accoca
.
.
((((((((((((((((((((((((( Files Created from 2014-07-20 to 2014-08-20 )))))))))))))))))))))))))))))))
.
.
2014-08-20 08:42 . 2014-08-20 08:47 -------- d-----w- c:\users\Ingrida\AppData\Local\temp
2014-08-20 08:42 . 2014-08-20 08:42 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-08-20 08:42 . 2014-08-20 08:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-09 21:06 . 2014-08-09 21:06 -------- d-----w- c:\program files\ESET
2014-08-09 19:18 . 2014-08-09 19:18 87608 ----a-w- c:\users\Ingrida\AppData\Roaming\inst.exe
2014-08-09 18:50 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-08-09 12:56 . 2014-08-09 12:56 -------- d-----w- c:\users\Ingrida\AppData\Local\TempPDFC
2014-08-09 08:28 . 2014-08-09 11:15 -------- d-----w- C:\FRST
2014-08-03 09:53 . 2014-08-03 09:53 188304 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2014-08-03 09:53 . 2014-08-03 09:53 188304 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-09 19:18 . 2010-04-25 12:38 47360 ----a-w- c:\users\Ingrida\AppData\Roaming\pcouffin.sys
2014-07-10 06:27 . 2012-05-28 13:34 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-10 06:27 . 2011-06-14 17:53 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-10 06:27 . 2014-07-10 06:27 11204096 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-05-12 318488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2014-02-24 5075104]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-04-11 09:54 3672384 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2009-11-25 19:42 54672 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2008-05-08 00:34 238984 ----a-w- c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-11 14:11 287800 ----a-r- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-04-16 10:07 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-15 07:41 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 06:27]
.
2014-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 18:23]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Ingrida\AppData\Roaming\Mozilla\Firefox\Profiles\f12jha0d.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Wdf01000.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-08-20 10:47
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe
c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
c:\windows\system32\atiesrxx.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\Hpservice.exe
c:\windows\system32\WLANExt.exe
c:\windows\System32\lpksetup.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\AEADISRV.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\PANDORA.TV\PanService\PandoraService.exe
c:\program files\PDF Complete\pdfsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\MsiExec.exe
c:\windows\system32\ntvdm.exe
.
**************************************************************************
.
Completion time: 2014-08-20 10:54:25 - machine was rebooted
ComboFix-quarantined-files.txt 2014-08-20 08:54
ComboFix2.txt 2014-08-17 13:02
ComboFix3.txt 2013-01-28 08:13
.
Pre-Run: 38 577 758 208 bytes free
Post-Run: 37 915 324 416 bytes free
.
- - End Of File - - D433E6A47AAA7C41E6ABEAB4EB0DBED0
5C616939100B85E558DA92B899A0FC36

Tak naskakuje mi stále ten Windows inštalátor,Active Client.A po reštarte po Combofix mi naskakoval windows prieskumník a asi na 10 krát som ho zrušil.Musel som potom natvrdo vypnúť notebook lebo nič nereagovalo

Ještě zkuste tyto utility:

1.

Stáhněte AdwCleaner http://www.stahuj.centrum.cz/utility_a_ ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve >Scan< a potom na >Clean< (smazat)
Proběhne skenováni a pak se objeví log, který sem vložte.

a

2.

Stáhněte Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
-Uložte program na plochu a spusťte . Pak se zobrazí se licenční podminky - potvrďte start libovolnou klávesou.
- vytvoří se záloha a proběhne skenování.
Po skončení skenování na Vás vyběhne log (bude uložen v c:\JRT jako JRT.txt) - zkopírujte jej sem

# AdwCleaner v3.308 - Report created 21/08/2014 at 08:19:46
# Updated 20/08/2014 by Xplode
# Operating System : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Username : Ingrida - INGRIDA-PC
# Running from : C:\Users\Ingrida\Desktop\adwcleaner_3.308.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4BD2D6C3-31DC-B947-23D0-DC52EC4F0C4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{726E90BE-DC22-4965-B215-E0784DC26F47}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\sl-dlc

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Mozilla Firefox v30.0 (sk)

[ File : C:\Users\Ingrida\AppData\Roaming\Mozilla\Firefox\Profiles\f12jha0d.default\prefs.js ]


-\\ Google Chrome v28.0.1500.95

[ File : C:\Users\Ingrida\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_crm
Deleted [Search Provider] : hxxp://www.default-search.net/search?sid=503&a ... earchTerms}
Deleted [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&a ... 22645DB07F
Deleted [Startup_urls] : hxxp://www.default-search.net?sid=503&aid=101& ... 85&src=hmp
Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

*************************

AdwCleaner[R2].txt - [3165 octets] - [21/08/2014 08:17:27]
AdwCleaner[S2].txt - [3110 octets] - [21/08/2014 08:19:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3170 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows Vista (TM) Home Basic x86
Ran by Ingrida on çt 21. 08. 2014 at 8:33:00,04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Ingrida\AppData\Roaming\mozilla\firefox\profiles\f12jha0d.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on çt 21. 08. 2014 at 8:40:09,58
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tak som nakoniec urobil to,že som spustil msconfig,vypol som ActivClient po spustení systému a už to nenaskakuje.Nieje to vyriešené ale tak nenaskakuje mi to stále.Ďakujem za pomoc

roskild píše:...vypol som ActivClient po spustení systému a už to nenaskakuje.Nieje to vyriešené...

Proč, když už to nenaskakuje?

No ono to naskakuje stále ale tým,že som to vypol (spustenie programov po štarte) tak už to nenaskakuje.

OK. Zjistěte cestu k adresáři a smažte ho. Cesta není z logu patrná.

Rudy píše:OK. Zjistěte cestu k adresáři a smažte ho. Cesta není z logu patrná.

Ok.Ďakujem za pomoc

Nemáte zač!