Norton nedokáže odstranit bezp. riziko suspicious.cloud.9

[tschuf]

ComboFix 14-08-17.01 - lenka 18.08.2014 6:13.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2036.978 [GMT 2:00]
Spuštěný z: c:\users\lenka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\lenka\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton 360 *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton 360 *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-18 do 2014-08-18 )))))))))))))))))))))))))))))))
.
.
2014-08-18 04:26 . 2014-08-18 04:26 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2014-08-18 04:26 . 2014-08-18 04:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-17 20:03 . 2014-08-18 04:28 -------- d-----w- c:\users\lenka\AppData\Local\temp
2014-08-17 07:46 . 2014-08-17 07:46 -------- d-----w- C:\_OTL
2014-08-16 17:34 . 2014-08-16 17:34 512 ----a-w- C:\PhysicalMBR.bin
2014-08-16 13:36 . 2014-08-16 13:37 -------- d-----w- c:\program files\trend micro
2014-08-16 13:36 . 2014-08-16 13:37 -------- d-----w- C:\rsit
2014-08-16 12:31 . 2014-03-09 21:47 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-16 12:31 . 2014-06-30 22:14 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-16 12:31 . 2014-03-09 21:47 619672 ----a-w- c:\windows\system32\icardagt.exe
2014-08-16 12:31 . 2014-06-06 06:16 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-16 12:23 . 2014-07-25 11:07 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-08-16 12:22 . 2014-06-16 01:44 730048 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-16 12:22 . 2014-06-16 01:44 219072 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2014-08-16 12:22 . 2014-06-16 01:40 107520 ----a-w- c:\windows\system32\cdd.dll
2014-08-16 12:07 . 2014-08-16 12:07 -------- d-----w- c:\program files\Common Files\Java
2014-08-16 12:06 . 2014-08-16 12:06 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-08-16 12:06 . 2014-08-16 12:06 -------- d-----w- c:\program files\Java
2014-08-10 20:03 . 2014-08-14 03:43 -------- d-----w- c:\windows\system32\drivers\N360\1505000.013
2014-08-01 10:12 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll
2014-08-01 10:12 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-01 10:12 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-01 10:12 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll
2014-08-01 10:12 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll
2014-08-01 10:12 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll
2014-08-01 10:12 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll
2014-08-01 10:12 . 2014-05-14 07:23 179656 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-01 10:12 . 2014-05-14 07:17 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-18 04:28 . 2014-08-18 04:28 151552 ----a-w- c:\windows\KMSEmulator.exe
2014-06-18 01:51 . 2014-07-10 18:52 646144 ----a-w- c:\windows\system32\osk.exe
2014-06-18 00:52 . 2014-07-10 18:52 2350080 ----a-w- c:\windows\system32\win32k.sys
2014-06-06 09:44 . 2014-07-10 18:52 509440 ----a-w- c:\windows\system32\qedit.dll
2014-06-05 14:26 . 2014-07-10 18:45 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-30 07:52 . 2014-07-10 18:52 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 07:52 . 2014-07-10 18:52 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 07:52 . 2014-07-10 18:52 247808 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 07:52 . 2014-07-10 18:52 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 07:52 . 2014-07-10 18:52 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 07:52 . 2014-07-10 18:52 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 07:52 . 2014-07-10 18:52 17408 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 06:36 . 2014-07-10 18:53 338944 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" [2012-10-24 6475264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-10-08 1934632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-03 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-03 175896]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-03 168216]
"GfxServiceInstall"="c:\windows\system32\GfxCUIServiceInstall.vbs" [2012-02-27 131]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-05-18 10082920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2014-05-08 41336]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2014-05-08 840568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-09-16 35488]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-09-16 290976]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-09-16 97440]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-09-16 147616]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-09-16 60064]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-09-16 263968]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2011-08-30 525352]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-08-30 76328]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-10-30 12400]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-07-25 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-24 1343400]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\1505000.013\SYMDS.SYS [2013-09-10 367704]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\1505000.013\SYMEFA.SYS [2014-03-04 936152]
S1 BHDrvx86;BHDrvx86;c:\program files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140801.001\BHDrvx86.sys [2014-05-10 1101616]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360\1505000.013\ccSetx86.sys [2013-09-26 127064]
S1 IDSVix86;IDSVix86;c:\program files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140815.001\IDSvix86.sys [2014-03-26 395992]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\1505000.013\Ironx86.SYS [2013-09-27 206936]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\1505000.013\SYMNETS.SYS [2014-02-18 447704]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [2011-09-16 84640]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-07 1755136]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2012-04-05 255376]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\21.5.0.19\N360.exe [2014-07-31 265040]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-08-06 5052224]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-09-16 25248]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-06-11 109872]
S3 igddim32;igddim32;c:\windows\system32\DRIVERS\igddim32.sys [2012-02-27 1344512]
S3 igdkmd32;igdkmd32;c:\windows\system32\DRIVERS\igdkmd32.sys [2012-02-27 419328]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-06-09 278528]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-30 254056]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-09-29 490088]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-21 14:38]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\21.5.0.19\N360.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\21.5.0.19\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360\1505000.013\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files\Norton 360\Engine\21.5.0.19"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(596)
c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
- - - - - - - > 'Explorer.exe'(2028)
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\TeamViewer\Version9\TeamViewer.exe
c:\program files\TeamViewer\Version9\tv_w32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2014-08-18 06:34:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-08-18 04:34
ComboFix2.txt 2014-08-17 20:03
.
Před spuštěním: Volných bajtů: 232 346 963 968
Po spuštění: Volných bajtů: 232 298 766 336
.
- - End Of File - - E86956DD333D35B258507C0AF98A2C1B
A36C5E4F47E84449FF07ED3517B43A31

[Rudy]

Smazáno. Nastala nějaká změna?

[tschuf]

vypadá to, že problém je vyřešen. hláška o riziku už se nezobrazuje.

[tschuf]

tak beru zpět. ted to opět vyskočilo:(

[Rudy]

Ještě zkuste tento postup: http://www.yac.mx/cs/guides/browser-hij ... lorer.html .

[tschuf]

ten program vubec nefunguje, nezobrazujou se tam zadny tlacitka, nic. proste jen modrej sloupecek vedle sirokyho bilyho. jen to hazi spoustu otravnejch bublin. a mel jsem hodne problemu, aby se mi to vubec povedlo odinstalovat. ten rucni postup jsem sice mozna spatne pochopil, je to z nejakyho prekladace, takze nedava moc smysl, ale rekl bych, ze taky nefunguje. zadny rozsireni, ktery by odpovidalo tomu, co se ma smazat nainstalovany nemam. tudy zrejme cesta nepovede. je jeste nejaka sance, ze se toho zbavim bez kompletniho preinstalovani systemu?

[Rudy]

Dole je ještě sice poněkud riskantní, ale asi funkční způsob odstranění: Jak odstranit Suspicious.Cloud.9 RUČNÍ Zkuste ho, jestli si troufáte. Bohužel, tento problém zde řešíme poprvé.