Pomoc prosím
Napsal: 25 zář 2012 20:59
http://ulozto.cz/xy56MdM/log-rar Zde je log je bohužel moc dlouhý. V pc je vir a nejde odstranit antivirem nevím co dál prosím o radu 
Předem děkuji
Předem děkujiStránka 1 z 1
Re: Pomoc prosím
Napsal: 25 zář 2012 21:06
Kde se podle antivir vir nachází. V logu jej nevidím.
Re: Pomoc prosím
Napsal: 25 zář 2012 21:12
Objekt:
C:\Windows\Installer\{39e976c2-523d-7f6e-03e1-88eecaaf6aa5}\U\00000008.@
Infiltrace:
Win64/Agent.BA trojský kůň
Objekt:
C:\Windows\Installer\{39e976c2-523d-7f6e-03e1-88eecaaf6aa5}\U\00000008.@
Infiltrace:
Win64/Agent.BA trojský kůň
nejde to skrz antivir nijak odtsranit a stále se vytváří furt dokola
Obejkt:
C:\Windows\system32\services.exe
C:\Windows\Installer\{39e976c2-523d-7f6e-03e1-88eecaaf6aa5}\U\00000008.@
Infiltrace:
Win64/Agent.BA trojský kůň
Objekt:
C:\Windows\Installer\{39e976c2-523d-7f6e-03e1-88eecaaf6aa5}\U\00000008.@
Infiltrace:
Win64/Agent.BA trojský kůň
nejde to skrz antivir nijak odtsranit a stále se vytváří furt dokola
Obejkt:
C:\Windows\system32\services.exe
Re: Pomoc prosím
Napsal: 25 zář 2012 21:42
1. Soubor C:\Windows\system32\services.exe otestujte online na www.virustotal.com .
2. Stáhněte Avenger: http://forum.viry.cz/viewtopic.php?f=11&t=19832 . Spusťte a do bílého okna zkopírujte:
2. Stáhněte Avenger: http://forum.viry.cz/viewtopic.php?f=11&t=19832 . Spusťte a do bílého okna zkopírujte:
a klikněte na >Execute<. PC bude restartován.Files to delete:
C:\Windows\Installer\{39e976c2-523d-7f6e-03e1-88eecaaf6aa5}\U\00000008.@
Re: Pomoc prosím
Napsal: 25 zář 2012 22:38
Bohužel po provedení příkažu se vše chvíl itvářilo dobře, ale pak se začal znovu objevovat ten vir v souboru instaler jak je psáno výše a navíc se objevila i infiltrace Operační paměti C:\Windows\assembly\GAC_32\Desktop.ini
A s online testováním mám problém protože tam nenajdu ten soubor, ale v adresáři ve windows v pc ho najdu
A s online testováním mám problém protože tam nenajdu ten soubor, ale v adresáři ve windows v pc ho najdu
Re: Pomoc prosím
Napsal: 26 zář 2012 17:13
Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Re: Pomoc prosím
Napsal: 26 zář 2012 20:33
ComboFix 12-09-26.04 - Carl 26.09.2012 21:10:45.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4094.2807 [GMT 2:00]
Spuštěný z: c:\users\Carl\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{39e976c2-523d-7f6e-03e1-88eecaaf6aa5}\@
c:\windows\Installer\{39e976c2-523d-7f6e-03e1-88eecaaf6aa5}\L\00000004.@
c:\windows\Installer\{39e976c2-523d-7f6e-03e1-88eecaaf6aa5}\L\201d3dde
c:\windows\Installer\{39e976c2-523d-7f6e-03e1-88eecaaf6aa5}\U\00000008.@
c:\windows\Installer\{39e976c2-523d-7f6e-03e1-88eecaaf6aa5}\U\80000032.@
c:\windows\Installer\{39e976c2-523d-7f6e-03e1-88eecaaf6aa5}\U\80000064.@
.
Nakažená kopie c:\windows\system32\Services.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-26 do 2012-09-26 )))))))))))))))))))))))))))))))
.
.
2012-09-26 19:16 . 2012-09-26 19:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-26 19:16 . 2012-09-26 19:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-26 19:10 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-09-26 19:10 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-09-26 19:10 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-09-26 19:10 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-09-26 19:09 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-09-26 19:09 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-09-25 21:20 . 2012-09-25 21:20 61440 ----a-w- c:\windows\SysWow64\drivers\mchjel.sys
2012-09-25 21:14 . 2012-09-25 21:14 61440 ----a-w- c:\windows\SysWow64\drivers\tbzu.sys
2012-09-25 19:31 . 2012-09-25 19:53 -------- d-----w- C:\rsit
2012-09-25 19:31 . 2012-09-25 19:32 -------- d-----w- c:\program files\trend micro
2012-09-25 14:09 . 2012-09-25 14:09 -------- d-----w- c:\users\Carl\AppData\Local\ElevatedDiagnostics
2012-09-25 13:45 . 2012-09-25 13:45 -------- d-----w- c:\windows\system32\SPReview
2012-09-25 13:19 . 2010-11-20 03:13 6144 ----a-w- c:\windows\system32\drivers\en-US\rdvgkmd.sys.mui
2012-09-25 13:19 . 2010-11-20 03:01 2560 ----a-w- c:\windows\system32\drivers\en-US\rdpwd.sys.mui
2012-09-25 13:19 . 2010-11-20 03:11 4096 ----a-w- c:\windows\system32\drivers\en-US\tsusbhub.sys.mui
2012-09-25 13:19 . 2010-11-20 02:57 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2012-09-25 13:18 . 2010-11-20 03:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui
2012-09-25 13:18 . 2010-11-20 03:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2012-09-25 13:05 . 2010-11-20 03:33 6656 ----a-w- c:\windows\system32\drivers\cs-CZ\rdvgkmd.sys.mui
2012-09-25 13:05 . 2010-11-20 03:32 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\rdpwd.sys.mui
2012-09-25 13:05 . 2010-11-20 03:26 3584 ----a-w- c:\windows\system32\drivers\cs-CZ\tsusbflt.sys.mui
2012-09-25 13:05 . 2010-11-20 03:25 4096 ----a-w- c:\windows\system32\drivers\cs-CZ\tsusbhub.sys.mui
2012-09-25 13:05 . 2010-11-20 03:32 3072 ----a-w- c:\windows\system32\drivers\cs-CZ\GAGP30KX.SYS.mui
2012-09-25 13:05 . 2010-11-20 03:32 4608 ----a-w- c:\windows\system32\drivers\cs-CZ\kbdclass.sys.mui
2012-09-25 13:01 . 2010-11-20 03:27 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-09-25 13:00 . 2010-11-20 03:27 98304 ----a-w- c:\windows\system32\wudriver.dll
2012-09-25 12:59 . 2010-11-20 03:32 2217856 ----a-w- c:\windows\system32\bootres.dll
2012-09-25 12:58 . 2010-11-20 03:33 289664 ----a-w- c:\windows\system32\drivers\fltMgr.sys
2012-09-25 12:02 . 2012-09-25 12:02 -------- d-----w- c:\users\Carl\AppData\Roaming\SUPERAntiSpyware.com
2012-09-25 12:02 . 2012-09-25 12:02 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-25 11:47 . 2012-09-25 11:47 -------- d-----w- c:\windows\system32\EventProviders
2012-09-25 07:42 . 2012-09-25 07:42 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-09-22 08:59 . 2012-09-22 08:59 -------- d-----w- c:\windows\system32\appmgmt
2012-09-18 19:46 . 2012-09-23 21:02 -------- d-----w- c:\users\Carl\AppData\Roaming\vlc
2012-09-15 14:11 . 2012-09-15 14:11 -------- d-----w- c:\users\Carl\AppData\Local\Symbian-Toys.com
2012-09-13 20:00 . 2012-09-13 20:00 -------- d-----w- c:\programdata\Readon
2012-09-13 19:54 . 2012-09-13 20:02 -------- d-----w- c:\users\Carl\AppData\Local\Readon_Technology
2012-09-13 19:54 . 2012-09-13 20:02 -------- d-----w- c:\program files (x86)\Readon Technology
2012-09-11 14:56 . 2012-09-11 14:56 -------- d-sh--w- c:\programdata\DSS
2012-09-11 14:56 . 2012-09-11 14:56 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2012-09-11 14:19 . 2012-09-11 14:28 -------- d-----w- c:\program files (x86)\Origin Games
2012-09-11 14:19 . 2012-09-11 14:19 -------- d-----w- c:\users\Carl\AppData\Local\Origin
2012-09-11 14:16 . 2012-09-11 14:19 -------- d-----w- c:\program files (x86)\Origin
2012-09-06 12:56 . 2012-09-06 12:56 -------- d-----w- c:\programdata\Solidshield
2012-09-06 11:17 . 2012-09-06 11:17 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-06 11:17 . 2012-09-06 11:17 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-06 11:17 . 2012-09-06 11:17 -------- d-----w- c:\program files (x86)\Java
2012-09-02 09:38 . 2012-09-02 09:38 -------- d-----w- c:\program files (x86)\Common Files\Nokia
2012-09-02 09:37 . 2012-09-02 09:37 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
2012-08-31 20:30 . 2012-08-31 20:30 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-08-31 20:30 . 2012-08-31 20:30 -------- d-----w- c:\users\Carl\AppData\Local\PunkBuster
2012-08-31 20:06 . 2012-08-31 20:30 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-08-31 20:06 . 2012-08-31 20:06 281872 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-08-31 20:06 . 2012-08-31 20:06 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-08-31 17:04 . 2012-08-31 17:04 -------- d-----w- c:\program files (x86)\Pando Networks
2012-08-31 17:04 . 2012-08-31 20:54 -------- d-----w- c:\program files (x86)\GamersFirst
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-25 13:38 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-09-25 13:38 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-09-06 11:17 . 2012-05-23 12:15 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-06 11:17 . 2012-05-23 12:15 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-24 16:25 . 2012-04-30 14:47 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-24 16:25 . 2012-04-30 14:47 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-12 880496]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-08-03 1086376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TotalMedia Server.lnk - c:\program files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe [2010-12-20 519744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 dvkg;dvkg;c:\windows\system32\drivers\mchjel.sys [x]
R0 sfnv;sfnv;c:\windows\system32\drivers\tbzu.sys [x]
R1 SASDIFSV;SASDIFSV;c:\users\Carl\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Carl\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-04-30 123816]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-24 250568]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [2010-09-21 312184]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-29 283200]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys [2009-06-10 1627520]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 16:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.255.255.10 10.255.255.20
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3488166982-2271184013-3148361466-1000\Software\SecuROM\License information*]
"datasecu"=hex:37,92,67,a1,b8,55,c4,6c,f8,94,d8,d7,9c,00,86,93,91,33,43,cf,f5,
07,b7,07,46,7b,37,7f,63,60,2d,23,79,57,a6,d6,ad,2e,33,23,64,40,85,e5,49,d6,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
.
**************************************************************************
.
Celkový čas: 2012-09-26 21:22:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-09-26 19:22
.
Před spuštěním: Volných bajtů: 32 517 775 360
Po spuštění: Volných bajtů: 33 578 102 784
.
- - End Of File - - 3E515379B9CDA418AE45D3E8C1173AED
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4094.2807 [GMT 2:00]
Spuštěný z: c:\users\Carl\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{39e976c2-523d-7f6e-03e1-88eecaaf6aa5}\@
c:\windows\Installer\{39e976c2-523d-7f6e-03e1-88eecaaf6aa5}\L\00000004.@
c:\windows\Installer\{39e976c2-523d-7f6e-03e1-88eecaaf6aa5}\L\201d3dde
c:\windows\Installer\{39e976c2-523d-7f6e-03e1-88eecaaf6aa5}\U\00000008.@
c:\windows\Installer\{39e976c2-523d-7f6e-03e1-88eecaaf6aa5}\U\80000032.@
c:\windows\Installer\{39e976c2-523d-7f6e-03e1-88eecaaf6aa5}\U\80000064.@
.
Nakažená kopie c:\windows\system32\Services.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-26 do 2012-09-26 )))))))))))))))))))))))))))))))
.
.
2012-09-26 19:16 . 2012-09-26 19:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-26 19:16 . 2012-09-26 19:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-26 19:10 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-09-26 19:10 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-09-26 19:10 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-09-26 19:10 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-09-26 19:09 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-09-26 19:09 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-09-25 21:20 . 2012-09-25 21:20 61440 ----a-w- c:\windows\SysWow64\drivers\mchjel.sys
2012-09-25 21:14 . 2012-09-25 21:14 61440 ----a-w- c:\windows\SysWow64\drivers\tbzu.sys
2012-09-25 19:31 . 2012-09-25 19:53 -------- d-----w- C:\rsit
2012-09-25 19:31 . 2012-09-25 19:32 -------- d-----w- c:\program files\trend micro
2012-09-25 14:09 . 2012-09-25 14:09 -------- d-----w- c:\users\Carl\AppData\Local\ElevatedDiagnostics
2012-09-25 13:45 . 2012-09-25 13:45 -------- d-----w- c:\windows\system32\SPReview
2012-09-25 13:19 . 2010-11-20 03:13 6144 ----a-w- c:\windows\system32\drivers\en-US\rdvgkmd.sys.mui
2012-09-25 13:19 . 2010-11-20 03:01 2560 ----a-w- c:\windows\system32\drivers\en-US\rdpwd.sys.mui
2012-09-25 13:19 . 2010-11-20 03:11 4096 ----a-w- c:\windows\system32\drivers\en-US\tsusbhub.sys.mui
2012-09-25 13:19 . 2010-11-20 02:57 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2012-09-25 13:18 . 2010-11-20 03:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui
2012-09-25 13:18 . 2010-11-20 03:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2012-09-25 13:05 . 2010-11-20 03:33 6656 ----a-w- c:\windows\system32\drivers\cs-CZ\rdvgkmd.sys.mui
2012-09-25 13:05 . 2010-11-20 03:32 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\rdpwd.sys.mui
2012-09-25 13:05 . 2010-11-20 03:26 3584 ----a-w- c:\windows\system32\drivers\cs-CZ\tsusbflt.sys.mui
2012-09-25 13:05 . 2010-11-20 03:25 4096 ----a-w- c:\windows\system32\drivers\cs-CZ\tsusbhub.sys.mui
2012-09-25 13:05 . 2010-11-20 03:32 3072 ----a-w- c:\windows\system32\drivers\cs-CZ\GAGP30KX.SYS.mui
2012-09-25 13:05 . 2010-11-20 03:32 4608 ----a-w- c:\windows\system32\drivers\cs-CZ\kbdclass.sys.mui
2012-09-25 13:01 . 2010-11-20 03:27 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-09-25 13:00 . 2010-11-20 03:27 98304 ----a-w- c:\windows\system32\wudriver.dll
2012-09-25 12:59 . 2010-11-20 03:32 2217856 ----a-w- c:\windows\system32\bootres.dll
2012-09-25 12:58 . 2010-11-20 03:33 289664 ----a-w- c:\windows\system32\drivers\fltMgr.sys
2012-09-25 12:02 . 2012-09-25 12:02 -------- d-----w- c:\users\Carl\AppData\Roaming\SUPERAntiSpyware.com
2012-09-25 12:02 . 2012-09-25 12:02 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-25 11:47 . 2012-09-25 11:47 -------- d-----w- c:\windows\system32\EventProviders
2012-09-25 07:42 . 2012-09-25 07:42 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-09-22 08:59 . 2012-09-22 08:59 -------- d-----w- c:\windows\system32\appmgmt
2012-09-18 19:46 . 2012-09-23 21:02 -------- d-----w- c:\users\Carl\AppData\Roaming\vlc
2012-09-15 14:11 . 2012-09-15 14:11 -------- d-----w- c:\users\Carl\AppData\Local\Symbian-Toys.com
2012-09-13 20:00 . 2012-09-13 20:00 -------- d-----w- c:\programdata\Readon
2012-09-13 19:54 . 2012-09-13 20:02 -------- d-----w- c:\users\Carl\AppData\Local\Readon_Technology
2012-09-13 19:54 . 2012-09-13 20:02 -------- d-----w- c:\program files (x86)\Readon Technology
2012-09-11 14:56 . 2012-09-11 14:56 -------- d-sh--w- c:\programdata\DSS
2012-09-11 14:56 . 2012-09-11 14:56 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2012-09-11 14:19 . 2012-09-11 14:28 -------- d-----w- c:\program files (x86)\Origin Games
2012-09-11 14:19 . 2012-09-11 14:19 -------- d-----w- c:\users\Carl\AppData\Local\Origin
2012-09-11 14:16 . 2012-09-11 14:19 -------- d-----w- c:\program files (x86)\Origin
2012-09-06 12:56 . 2012-09-06 12:56 -------- d-----w- c:\programdata\Solidshield
2012-09-06 11:17 . 2012-09-06 11:17 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-06 11:17 . 2012-09-06 11:17 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-06 11:17 . 2012-09-06 11:17 -------- d-----w- c:\program files (x86)\Java
2012-09-02 09:38 . 2012-09-02 09:38 -------- d-----w- c:\program files (x86)\Common Files\Nokia
2012-09-02 09:37 . 2012-09-02 09:37 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
2012-08-31 20:30 . 2012-08-31 20:30 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-08-31 20:30 . 2012-08-31 20:30 -------- d-----w- c:\users\Carl\AppData\Local\PunkBuster
2012-08-31 20:06 . 2012-08-31 20:30 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-08-31 20:06 . 2012-08-31 20:06 281872 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-08-31 20:06 . 2012-08-31 20:06 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-08-31 17:04 . 2012-08-31 17:04 -------- d-----w- c:\program files (x86)\Pando Networks
2012-08-31 17:04 . 2012-08-31 20:54 -------- d-----w- c:\program files (x86)\GamersFirst
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-25 13:38 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-09-25 13:38 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-09-06 11:17 . 2012-05-23 12:15 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-06 11:17 . 2012-05-23 12:15 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-24 16:25 . 2012-04-30 14:47 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-24 16:25 . 2012-04-30 14:47 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-12 880496]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-08-03 1086376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TotalMedia Server.lnk - c:\program files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe [2010-12-20 519744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 dvkg;dvkg;c:\windows\system32\drivers\mchjel.sys [x]
R0 sfnv;sfnv;c:\windows\system32\drivers\tbzu.sys [x]
R1 SASDIFSV;SASDIFSV;c:\users\Carl\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Carl\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-04-30 123816]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-24 250568]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [2010-09-21 312184]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-29 283200]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys [2009-06-10 1627520]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 16:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.255.255.10 10.255.255.20
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3488166982-2271184013-3148361466-1000\Software\SecuROM\License information*]
"datasecu"=hex:37,92,67,a1,b8,55,c4,6c,f8,94,d8,d7,9c,00,86,93,91,33,43,cf,f5,
07,b7,07,46,7b,37,7f,63,60,2d,23,79,57,a6,d6,ad,2e,33,23,64,40,85,e5,49,d6,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
.
**************************************************************************
.
Celkový čas: 2012-09-26 21:22:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-09-26 19:22
.
Před spuštěním: Volných bajtů: 32 517 775 360
Po spuštění: Volných bajtů: 33 578 102 784
.
- - End Of File - - 3E515379B9CDA418AE45D3E8C1173AED
Re: Pomoc prosím
Napsal: 26 zář 2012 20:47
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
Collect::
c:\windows\SysWow64\drivers\mchjel.sys
c:\windows\SysWow64\drivers\tbzu.sys
Driver::
dvkg
sfnv
Regnull::
[HKEY_USERS\S-1-5-21-3488166982-2271184013-3148361466-1000\Software\SecuROM\License information*]
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Reboot::
Re: Pomoc prosím
Napsal: 26 zář 2012 23:58
Provedl jsem a vše vypadá, že je ok. Počítač se dal dohromady šlape jako dříve. A antivir už také nic nehlásí děkuji moc za pomoc
Re: Pomoc prosím
Napsal: 27 zář 2012 20:45
Nemáte zač!