Kontrola pc - internet vkuse pada

[dex73r]

https://www.virustotal.com/file/8298684 ... 358369003/

aj mne sa ten subor nezdal :S

[dex73r]

Halooo, nezabudol si namna? :/ Pozeram ze vsetci maju odpisane a mna si preskocil

[vyosek]

Nezabudlo a nemaji vsichni odpoved...My jsme tu ve svem volnem case...

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Collect::
  c:\program files (x86)\Internet Explorer\ielowutil - kópia.exe
  
  Folder::
  c:\users\Spravca\AppData\Local\Avg2013
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Skype"=-
  "GarenaPlus"=-
  "uTorrent"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  "LogMeIn Hamachi Ui"=-
  "AdobeCS5.5ServiceManager"=-
  "SwitchBoard"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "AdobeAAMUpdater-1.0"=-
  
  DDS::
  Trusted Zone: clonewarsadventures.com
  Trusted Zone: freerealms.com
  Trusted Zone: soe.com
  Trusted Zone: sony.com
  
  Driver::
  EagleX64
  X6va003
  gdrv
  
  File::
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[dex73r]

ComboFix 13-01-17.03 - Spravca . 01. 2013 16:14:38.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.8189.6938 [GMT 1:00]
Running from: c:\users\Spravca\Downloads\ComboFix.exe
Command switches used :: c:\users\Spravca\Desktop\CFScript.txt
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Spravca\AppData\Local\Avg2013
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EAGLEX64
-------\Legacy_GDRV
-------\Legacy_X6VA003
-------\Service_EagleX64
-------\Service_gdrv
-------\Service_X6va003
.
.
((((((((((((((((((((((((( Files Created from 2012-12-17 to 2013-01-17 )))))))))))))))))))))))))))))))
.
.
2013-01-17 15:21 . 2013-01-17 15:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-17 15:21 . 2013-01-17 15:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-16 17:34 . 2013-01-16 17:34 -------- d-----w- c:\users\Dex
2013-01-16 16:33 . 2013-01-16 16:33 -------- d-----w- c:\users\Spravca\AppData\Local\ESET
2013-01-16 16:30 . 2013-01-16 16:30 -------- d-----w- c:\program files\ESET
2013-01-16 12:40 . 2013-01-16 12:40 -------- d-----w- c:\users\Spravca\AppData\Roaming\Malwarebytes
2013-01-16 12:40 . 2013-01-16 12:40 -------- d-----w- c:\programdata\Malwarebytes
2013-01-16 12:40 . 2013-01-16 12:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-16 12:40 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-16 05:32 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4295E8E-208C-48BF-BC69-048CBD1D0300}\mpengine.dll
2013-01-15 19:24 . 2013-01-15 19:24 -------- d-----w- C:\rsit
2013-01-15 17:12 . 2013-01-15 17:12 -------- d-----w- c:\users\Spravca\AppData\Local\Skyrim
2013-01-15 17:05 . 2012-11-13 14:56 222720 ------w- c:\program files (x86)\Internet Explorer\ielowutil - kópia.exe
2013-01-15 16:32 . 2013-01-15 16:36 -------- d-----w- C:\skyrim
2013-01-11 15:39 . 2013-01-11 15:39 -------- d-----w- c:\users\Spravca\AppData\Local\My Games
2013-01-11 06:07 . 2013-01-11 06:07 -------- d-----w- c:\programdata\Orbit
2013-01-10 19:14 . 2013-01-10 19:14 -------- d-----w- C:\NVIDIA
2013-01-09 16:11 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 16:11 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 16:11 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 16:11 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 16:11 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 16:11 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-08 14:34 . 2013-01-08 15:06 -------- d-----w- C:\Valve hammer editor
2013-01-05 19:05 . 2013-01-05 19:05 -------- d-----w- c:\program files (x86)\Adobe Story
2013-01-05 19:04 . 2013-01-05 19:04 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2013-01-04 13:06 . 2013-01-04 13:06 -------- d-----w- c:\users\Spravca\AppData\Roaming\Sony Creative Software Inc
2013-01-02 21:26 . 2013-01-02 21:26 -------- d-----w- c:\program files\Games
2012-12-31 20:51 . 2012-12-31 20:51 -------- d-----w- c:\users\Spravca\AppData\Roaming\Garena
2012-12-31 20:51 . 2012-12-31 20:51 -------- d-----w- c:\programdata\Garena
2012-12-29 01:54 . 2012-12-29 01:54 550328 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-12-28 18:20 . 2012-12-28 18:21 -------- d-----w- c:\users\Spravca\AppData\Roaming\PSpad
2012-12-28 18:20 . 2012-12-28 18:20 -------- d-----w- c:\program files (x86)\PSPad editor
2012-12-28 16:36 . 2013-01-16 17:54 -------- d-----w- c:\users\Spravca\AppData\Local\LogMeIn Hamachi
2012-12-28 16:36 . 2012-12-28 16:36 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-12-27 08:17 . 2012-12-27 08:17 -------- d-----w- c:\programdata\RoboForm
2012-12-27 08:16 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-12-27 08:16 . 2013-01-16 16:25 -------- d-----w- c:\programdata\AVAST Software
2012-12-27 08:16 . 2012-12-27 08:16 -------- d-----w- c:\program files\AVAST Software
2012-12-24 16:18 . 2012-12-24 16:18 -------- d-----w- c:\programdata\Nexon
2012-12-24 16:17 . 2012-12-24 18:47 -------- d-----w- c:\users\Spravca\AppData\Local\CSO
2012-12-22 20:31 . 2012-12-22 20:31 -------- d-----w- c:\users\Spravca\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-12-22 15:58 . 2010-01-13 16:48 230752 ----a-w- c:\windows\patchw32.dll
2012-12-22 15:58 . 2010-01-13 16:48 118176 ----a-w- c:\windows\patchw.dll
2012-12-22 15:57 . 2012-12-22 15:57 -------- d-----w- c:\program files (x86)\Outspark
2012-12-22 09:45 . 2013-01-17 13:21 -------- d-----w- c:\users\Spravca\AppData\Roaming\.minecraft
2012-12-22 07:27 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 07:27 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 07:27 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 07:27 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-20 21:39 . 2012-12-20 21:39 -------- d-----w- c:\users\Spravca\jagexcache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-15 16:49 . 2012-11-20 12:28 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-01-15 16:49 . 2012-11-20 12:26 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-01-15 14:41 . 2012-11-20 12:26 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-01-09 21:49 . 2012-11-14 16:41 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-29 10:34 . 2012-11-13 14:13 1813432 ----a-w- c:\windows\system32\nvdispco64.dll
2012-12-29 10:34 . 2012-11-13 14:13 1504696 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-12-29 10:34 . 2012-10-10 20:23 2824656 ----a-w- c:\windows\system32\nvapi64.dll
2012-12-29 10:34 . 2012-10-10 20:23 1107592 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-12-29 10:34 . 2012-10-10 20:22 2504248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-12-29 10:34 . 2012-10-10 20:22 15129064 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-12-29 08:40 . 2012-11-13 14:14 6382008 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-29 08:40 . 2012-11-13 14:14 3455416 ----a-w- c:\windows\system32\nvsvc64.dll
2012-12-29 08:40 . 2012-11-13 14:14 2923201 ----a-w- c:\windows\system32\nvcoproc.bin
2012-12-29 08:40 . 2012-11-13 14:14 884152 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-29 08:40 . 2012-11-13 14:14 63928 ----a-w- c:\windows\system32\nvshext.dll
2012-12-29 08:40 . 2012-11-13 14:14 2558392 ----a-w- c:\windows\system32\nvsvcr.dll
2012-12-29 08:40 . 2012-11-13 14:14 118712 ----a-w- c:\windows\system32\nvmctray.dll
2012-11-30 04:45 . 2013-01-09 16:10 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-28 17:22 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2012-11-28 17:22 . 2010-11-21 03:23 2851840 ----a-w- c:\windows\system32\themeui.dll
2012-11-28 17:22 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2012-11-28 08:07 . 2012-11-28 08:07 57904 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2012-11-22 12:55 . 2012-11-20 12:26 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-19 15:57 . 2012-11-13 15:25 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-19 15:57 . 2012-11-13 15:25 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-15 15:12 . 2012-11-15 15:12 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-11-15 15:12 . 2012-11-15 15:12 289768 ----a-w- c:\windows\system32\javaws.exe
2012-11-15 15:12 . 2012-11-15 15:12 189416 ----a-w- c:\windows\system32\javaw.exe
2012-11-15 15:12 . 2012-11-15 15:12 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-15 15:12 . 2012-11-15 15:12 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-15 15:12 . 2012-11-15 15:12 188904 ----a-w- c:\windows\system32\java.exe
2012-11-14 19:13 . 2012-11-14 19:13 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-14 19:13 . 2012-11-14 19:14 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-14 19:13 . 2012-11-14 19:14 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-14 07:06 . 2012-12-12 21:32 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 21:32 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 21:32 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 21:32 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 21:32 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 21:32 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 21:32 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 21:32 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 21:32 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 21:32 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 21:32 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 21:32 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 21:32 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 21:32 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 21:32 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 21:32 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 21:32 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 21:32 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 21:32 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 21:32 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 21:32 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 21:32 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-13 15:12 . 2012-11-13 15:12 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-11-13 15:12 . 2012-11-13 15:12 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-11-13 15:12 . 2012-11-13 15:12 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-11-13 14:56 . 2012-11-13 14:56 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-11-13 14:56 . 2012-11-13 14:56 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-11-13 14:56 . 2012-11-13 14:56 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-11-13 14:56 . 2012-11-13 14:56 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-11-13 14:56 . 2012-11-13 14:56 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-11-13 14:56 . 2012-11-13 14:56 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-11-13 14:56 . 2012-11-13 14:56 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-11-13 14:56 . 2012-11-13 14:56 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-11-13 14:55 . 2012-11-13 14:55 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-11-13 14:55 . 2012-11-13 14:55 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-11-13 14:55 . 2012-11-13 14:55 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-11-13 14:55 . 2012-11-13 14:55 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-11-13 14:55 . 2012-11-13 14:55 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-11-13 14:55 . 2012-11-13 14:55 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-11-13 14:55 . 2012-11-13 14:55 222208 ----a-w- c:\windows\system32\msls31.dll
2012-11-13 14:55 . 2012-11-13 14:55 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-11-13 14:55 . 2012-11-13 14:55 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-11-13 14:55 . 2012-11-13 14:55 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-11-13 14:55 . 2012-11-13 14:55 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-11-13 14:55 . 2012-11-13 14:55 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-11-13 14:55 . 2012-11-13 14:55 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-11-13 14:55 . 2012-11-13 14:55 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-11-13 14:55 . 2012-11-13 14:55 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-11-13 14:55 . 2012-11-13 14:55 197120 ----a-w- c:\windows\system32\msrating.dll
2012-11-13 14:55 . 2012-11-13 14:55 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-11-13 14:55 . 2012-11-13 14:55 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-11-13 14:55 . 2012-11-13 14:55 149504 ----a-w- c:\windows\system32\occache.dll
2012-11-13 14:55 . 2012-11-13 14:55 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-11-13 14:55 . 2012-11-13 14:55 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-11-13 14:55 . 2012-11-13 14:55 12288 ----a-w- c:\windows\system32\mshta.exe
2012-11-13 14:55 . 2012-11-13 14:55 114176 ----a-w- c:\windows\system32\admparse.dll
2012-11-13 14:55 . 2012-11-13 14:55 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-11-13 14:55 . 2012-11-13 14:55 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-11-13 14:55 . 2012-11-13 14:55 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-11-13 14:55 . 2012-11-13 14:55 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-11-13 14:55 . 2012-11-13 14:55 82432 ----a-w- c:\windows\system32\icardie.dll
2012-11-13 14:55 . 2012-11-13 14:55 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-11-13 14:55 . 2012-11-13 14:55 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-11-13 14:55 . 2012-11-13 14:55 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-11-13 14:55 . 2012-11-13 14:55 448512 ----a-w- c:\windows\system32\html.iec
2012-11-13 14:55 . 2012-11-13 14:55 403248 ----a-w- c:\windows\system32\iedkcs32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-14 1255736]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-11-28 57904]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-10-08 211344]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-10-08 149592]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-10-08 59440]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2008-02-01 32240]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-11-26 1329304]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-14 2466304]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athuwx.sys [2011-07-28 2224160]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-07-29 56960]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-07-29 79104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-13 14:03 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-11-26 6325936]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.sk/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Counter-Strike: Source - c:\games\Counter-Strike Source\Uninst.exe
AddRemove-Uplay - c:\program files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe
AddRemove-{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88} - c:\program files (x86)\InstallShield Installation Information\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2013-01-17 16:26:31 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-17 15:26
ComboFix2.txt 2013-01-16 17:57
.
Pre-Run: 275 063 283 712 bytes free
Post-Run: 274 825 777 152 bytes free
.
- - End Of File - - CD3B421956E7A35EB83BE61BBE321344
Upload was successful




-- CF chcel odomna uploadnut malware tak som klikol ano, dufam ze som spravil dobre..

[vyosek]

Ano, vzorek se poslal sUBsovi - autorovi CF k dalsimu vyvoji

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  :files
  ipconfig /flushdns /c
  c:\program files (x86)\Internet Explorer\ielowutil - kópia.exe
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  [EMPTYJAVA]

• Nasledne kliknete na Opravit
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[dex73r]

do vasho custom skriptu som pridal aj original ielowutil pretoze tu kopiu som skopiroval ja este predtym nez som smazal original.. ale ono sa to tam dalo znovu..

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Spravca\Downloads\cmd.bat deleted successfully.
C:\Users\Spravca\Downloads\cmd.txt deleted successfully.
c:\program files (x86)\Internet Explorer\ielowutil - kópia.exe moved successfully.
c:\program files (x86)\Internet Explorer\ielowutil.exe moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dex
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dex.Spravca-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Spravca
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 409734 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 375029760 bytes
->Flash cache emptied: 917 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50252 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 358,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Dex
->Flash cache emptied: 0 bytes

User: Dex.Spravca-PC
->Flash cache emptied: 0 bytes

User: Public

User: Spravca
->Flash cache emptied: 0 bytes

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Dex

User: Dex.Spravca-PC

User: Public

User: Spravca
->Java cache emptied: 0 bytes

User: UpdatusUser

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01172013_165746

Files\Folders moved on Reboot...
C:\Users\Spravca\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[vyosek]

Stahnete SytemLook http://jpshortstuff.247fixes.com/SystemLook_x64.exe a ulozte jej na plochu

• Do okna vlozte skript nize

• Kód: Vybrat vše

  filefind
  ielowutil.exe
  ielowutil*.exe

• Kliknete na Look
• Tlacitko Look se zmeni na Scanning a zsedne
• Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
• Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte

[dex73r]

SystemLook 30.07.11 by jpshortstuff
Log created at 06:39 on 18/01/2013 by Spravca
Administrator - Elevation successful

No Context: filefind

No Context: ielowutil.exe

No Context: ielowutil*.exe

-= EOF =-

[vyosek]

Ha, moje chybka, pouzijte prosim tento skript

Kód: Vybrat vše

:filefind
ielowutil.exe
ielowutil*.exe

[dex73r]

SystemLook 30.07.11 by jpshortstuff
Log created at 13:28 on 18/01/2013 by Spravca
Administrator - Elevation successful

========== filefind ==========

Searching for "ielowutil.exe"
C:\Program Files\Internet Explorer\ielowutil.exe --a---- 223232 bytes [14:55 13/11/2012] [14:55 13/11/2012] 530B34241856C2299382421C414F97EE
C:\Windows\winsxs\amd64_microsoft-windows-ie-ielowutil_31bf3856ad364e35_8.0.7600.16385_none_7d25450501edb94f\ielowutil.exe --a---- 115712 bytes [23:58 13/07/2009] [01:39 14/07/2009] E5CAFD3D9E70F6B38701445E39F9C329
C:\Windows\winsxs\amd64_microsoft-windows-ie-ielowutil_31bf3856ad364e35_9.4.8112.16421_none_7b144a6843de7cd6\ielowutil.exe --a---- 223232 bytes [14:55 13/11/2012] [14:55 13/11/2012] 530B34241856C2299382421C414F97EE
C:\Windows\winsxs\x86_microsoft-windows-ie-ielowutil_31bf3856ad364e35_8.0.7600.16385_none_2106a98149904819\ielowutil.exe --a---- 115712 bytes [23:43 13/07/2009] [01:14 14/07/2009] FCB358973491095D026BB289EA5CC75A
C:\Windows\winsxs\x86_microsoft-windows-ie-ielowutil_31bf3856ad364e35_9.4.8112.16421_none_1ef5aee48b810ba0\ielowutil.exe --a---- 222720 bytes [14:56 13/11/2012] [14:56 13/11/2012] 8911702CC546B76FE8F9C61987C68C43
C:\_OTL\MovedFiles\01172013_165746\c_program files (x86)\Internet Explorer\ielowutil.exe --a---- 222720 bytes [14:56 13/11/2012] [14:56 13/11/2012] 8911702CC546B76FE8F9C61987C68C43

Searching for "ielowutil*.exe"
C:\Program Files\Internet Explorer\ielowutil.exe --a---- 223232 bytes [14:55 13/11/2012] [14:55 13/11/2012] 530B34241856C2299382421C414F97EE
C:\Windows\winsxs\amd64_microsoft-windows-ie-ielowutil_31bf3856ad364e35_8.0.7600.16385_none_7d25450501edb94f\ielowutil.exe --a---- 115712 bytes [23:58 13/07/2009] [01:39 14/07/2009] E5CAFD3D9E70F6B38701445E39F9C329
C:\Windows\winsxs\amd64_microsoft-windows-ie-ielowutil_31bf3856ad364e35_9.4.8112.16421_none_7b144a6843de7cd6\ielowutil.exe --a---- 223232 bytes [14:55 13/11/2012] [14:55 13/11/2012] 530B34241856C2299382421C414F97EE
C:\Windows\winsxs\x86_microsoft-windows-ie-ielowutil_31bf3856ad364e35_8.0.7600.16385_none_2106a98149904819\ielowutil.exe --a---- 115712 bytes [23:43 13/07/2009] [01:14 14/07/2009] FCB358973491095D026BB289EA5CC75A
C:\Windows\winsxs\x86_microsoft-windows-ie-ielowutil_31bf3856ad364e35_9.4.8112.16421_none_1ef5aee48b810ba0\ielowutil.exe --a---- 222720 bytes [14:56 13/11/2012] [14:56 13/11/2012] 8911702CC546B76FE8F9C61987C68C43
C:\_OTL\MovedFiles\01172013_165746\c_program files (x86)\Internet Explorer\ielowutil - kópia.exe --a---- 222720 bytes [17:05 15/01/2013] [14:56 13/11/2012] 8911702CC546B76FE8F9C61987C68C43
C:\_OTL\MovedFiles\01172013_165746\c_program files (x86)\Internet Explorer\ielowutil.exe --a---- 222720 bytes [14:56 13/11/2012] [14:56 13/11/2012] 8911702CC546B76FE8F9C61987C68C43

-= EOF =-

[vyosek]

Na virustotal otestujte tyto soubory, ale zdaji se mi OK

C:\Program Files\Internet Explorer\ielowutil.exe
C:\Windows\winsxs\amd64_microsoft-windows-ie-ielowutil_31bf3856ad364e35_8.0.7600.16385_none_7d25450501edb94f\ielowutil.exe

[dex73r]

https://www.virustotal.com/file/a987216 ... 358540466/
https://www.virustotal.com/file/612b2b2 ... 358540455/

[vyosek]

Fajn, je nejaky problem nyni s PC

[dex73r]

Ano, nemozem zapnut firewall ani centrum zabezpecenia (ktore neviem ani ako sa vo windowse zapina.. vypol mi to ten vir)

http://imgur.com/B4rLCLo

[dex73r]

Zdravicko, teraz si len hram CS 1.6 a zrazu mi vyskoci eset vraj nejaky java.exploit a aj java sa zapla.. vypol som ju v procesoch, prikladam aj screenshot..

http://imgur.com/2l3XiuP