VIRY.CZ

Ahoj, když chci otevřít jakoukoli webovou stránků s doménou 3 řádu tak se probudí JS/Kryptik.ANM - trojský kůň. ESET ho sice hned snaže ale i tak se toho nemůžu zbavit.

ComboFix log:
ComboFix 13-08-05.03 - Honza 05.08.2013 22:31:11.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2048.591 [GMT 2:00]
Spuštěný z: c:\users\Honza\Desktop\ComboFix.exe
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\pthreadVC.dll
D:\resycled
F:\resycled
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-07-05 do 2013-08-05 )))))))))))))))))))))))))))))))
.
.
2013-08-05 20:38 . 2013-08-05 20:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-05 19:56 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{349CBA33-CC26-49FD-9674-BA8977AEB336}\mpengine.dll
2013-08-05 11:31 . 2013-08-05 19:53 -------- d-----w- c:\windows\WindowsMobile
2013-08-05 09:12 . 2013-08-05 09:12 203576 ----a-w- c:\windows\SysWow64\richtx32.ocx
2013-07-28 20:40 . 2013-07-28 20:40 -------- d-----w- c:\users\Honza\AppData\Local\SKIDROW
2013-07-25 13:08 . 2013-07-25 13:08 -------- d-----w- c:\users\Honza\AppData\Roaming\TeamViewer
2013-07-23 06:41 . 2013-02-24 11:34 -------- d-----w- C:\FreeRapid-0.9u2
2013-07-23 06:35 . 2013-07-23 06:35 -------- d-----w- c:\users\Honza\.objectdb
2013-07-23 06:35 . 2013-07-23 06:35 -------- d-----w- c:\users\Honza\AppData\Roaming\VitySoft
2013-07-22 08:08 . 2013-07-22 08:07 312232 ----a-w- c:\windows\system32\javaws.exe
2013-07-22 08:08 . 2013-07-22 08:07 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-22 08:08 . 2013-07-22 08:07 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-22 08:07 . 2013-07-22 08:07 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-07-22 08:07 . 2013-07-22 08:07 189352 ----a-w- c:\windows\system32\javaw.exe
2013-07-22 08:07 . 2013-07-22 08:07 188840 ----a-w- c:\windows\system32\java.exe
2013-07-22 08:07 . 2013-07-22 08:07 -------- d-----w- c:\program files\Java
2013-07-17 19:13 . 2013-07-17 19:13 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-07-16 17:25 . 2013-07-16 17:29 -------- d-----w- c:\windows\system32\MRT
2013-07-16 14:14 . 2013-07-16 14:14 -------- d-----w- c:\users\Honza\AppData\Roaming\dvdcss
2013-07-15 08:50 . 2013-07-15 08:50 -------- d-----w- c:\programdata\EAGLE Software
2013-07-15 08:50 . 2013-07-15 08:54 -------- d-----w- c:\program files (x86)\Cyklotrasy
2013-07-14 14:17 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-08 20:42 . 2013-07-08 20:42 -------- d-----w- c:\users\Honza\AppData\Roaming\Ashampoo
2013-07-08 20:41 . 2013-07-08 20:42 -------- d-----w- c:\users\Honza\AppData\Local\ashampoo
2013-07-08 20:40 . 2013-07-08 20:41 -------- d-----w- c:\programdata\Ashampoo
2013-07-08 20:40 . 2013-07-08 20:40 -------- d-----w- c:\program files (x86)\Ashampoo
2013-07-08 20:40 . 2013-07-08 20:40 -------- d-----w- c:\users\Honza\AppData\Local\Programs
2013-07-08 18:33 . 2013-07-08 18:34 -------- d-----w- c:\program files (x86)\Common Files\Ulead Systems
2013-07-08 18:33 . 2013-07-08 18:36 -------- d-----w- c:\programdata\Ulead Systems
2013-07-08 18:33 . 2013-07-08 18:33 -------- d-----w- c:\program files (x86)\Corel
2013-07-08 18:30 . 2013-08-05 19:52 -------- d-----w- c:\program files\Corel DVD MovieFactory 7
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-23 22:57 . 2013-06-02 14:19 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-11 20:14 . 2013-05-31 16:09 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 20:14 . 2013-05-31 16:09 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 20:14 . 2013-06-11 20:14 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-06-09 18:20 . 2013-06-09 18:20 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-09 18:20 . 2013-06-09 18:20 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-09 18:20 . 2013-05-31 14:58 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-05 13:38 . 2013-06-05 13:38 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-05 13:38 . 2013-06-05 13:38 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-05 13:38 . 2013-06-05 13:38 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-05 13:38 . 2013-06-05 13:38 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-05 13:38 . 2013-06-05 13:38 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-05 13:38 . 2013-06-05 13:38 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-05 13:38 . 2013-06-05 13:38 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-05 13:38 . 2013-06-05 13:38 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-05 13:37 . 2013-06-05 13:37 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-05 13:37 . 2013-06-05 13:37 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-05 13:37 . 2013-06-05 13:37 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-05 13:37 . 2013-06-05 13:37 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-05 13:37 . 2013-06-05 13:37 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-05 13:37 . 2013-06-05 13:37 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-05 13:37 . 2013-06-05 13:37 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-05 13:37 . 2013-06-05 13:37 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-05 13:37 . 2013-06-05 13:37 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-05 13:37 . 2013-06-05 13:37 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-05 13:37 . 2013-06-05 13:37 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-05 13:37 . 2013-06-05 13:37 441856 ----a-w- c:\windows\system32\html.iec
2013-06-05 13:37 . 2013-06-05 13:37 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-05 13:37 . 2013-06-05 13:37 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-05 13:37 . 2013-06-05 13:37 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-05 13:37 . 2013-06-05 13:37 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-05 13:37 . 2013-06-05 13:37 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-05 13:37 . 2013-06-05 13:37 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-05 13:37 . 2013-06-05 13:37 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-05 13:37 . 2013-06-05 13:37 235008 ----a-w- c:\windows\system32\url.dll
2013-06-05 13:37 . 2013-06-05 13:37 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-05 13:37 . 2013-06-05 13:37 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-05 13:37 . 2013-06-05 13:37 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-05 13:37 . 2013-06-05 13:37 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-05 13:37 . 2013-06-05 13:37 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-05 13:37 . 2013-06-05 13:37 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-05 13:37 . 2013-06-05 13:37 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-05 13:37 . 2013-06-05 13:37 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-05 13:37 . 2013-06-05 13:37 102912 ----a-w- c:\windows\system32\inseng.dll
2013-06-05 13:37 . 2013-06-05 13:37 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-05 13:37 . 2013-06-05 13:37 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-05 13:37 . 2013-06-05 13:37 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-05 13:37 . 2013-06-05 13:37 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-05 13:37 . 2013-06-05 13:37 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-05 13:37 . 2013-06-05 13:37 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-05 13:37 . 2013-06-05 13:37 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-05 13:37 . 2013-06-05 13:37 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-05 13:37 . 2013-06-05 13:37 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-05 13:37 . 2013-06-05 13:37 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-05 13:37 . 2013-06-05 13:37 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-06-05 13:37 . 2013-06-05 13:37 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-03 12:16 . 2013-06-03 12:16 310368 ----a-w- c:\windows\system32\drivers\snapman.sys
2013-06-03 12:16 . 2013-06-03 12:16 132704 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2013-05-31 16:13 . 2013-05-31 16:13 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-05-31 13:38 . 2013-05-31 12:48 22336 ----a-w- c:\windows\gdrv.sys
2013-05-31 12:50 . 2013-05-31 12:50 319456 ----a-w- c:\windows\DIFxAPI.dll
2013-05-13 05:51 . 2013-06-17 18:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-17 18:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-17 18:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-17 18:51 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-17 18:51 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-17 18:51 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-17 18:51 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-17 18:51 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-17 18:51 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-17 18:51 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-17 18:51 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-17 18:51 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-17 18:51 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"GamingMouseEditor"="c:\program files (x86)\GamingMouseEditor\GamingMouseEditor\GamingMouseEditor.exe" [2011-11-09 3324416]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2012-07-03 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-24 642304]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-03-21 1061960]
"AllShareAgent"="c:\program files (x86)\Samsung\AllShare\AllShareAgent.exe" [2012-03-01 285072]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2013-5-31 155648]
AVerQuick.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2013-5-31 675840]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 602XML Updater;602Updater;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [x]
S2 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe;c:\program files\OO Software\Defrag\oodag.exe [x]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\DRIVERS\AVerPola.sys;c:\windows\SYSNATIVE\DRIVERS\AVerPola.sys [x]
S3 AVPolCIR;AVerMedia USB Polaris Series Custom IR Service;c:\windows\system32\DRIVERS\AVPolCIR.sys;c:\windows\SYSNATIVE\DRIVERS\AVPolCIR.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2013-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-31 20:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 6330568]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/?clid=12454
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\povyxm5n.default\
FF - prefs.js: browser.startup.homepage - centrum.cz
FF - ExtSQL: !HIDDEN! 2013-05-31 15:58; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG16.00.00.01PROFESSIONAL"="85A31F86F106D6538932AF905799DDCC736ABC07E9A1A48151A33AA2BBB28EE1F775270BE0E933D61D609F9F167B373589BB0392770F337CD4011FCAC5EBB4E4385C7625BD74C3436811177201F3003B04B1745C8639C8B8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407BA7FD869164D6794A9C6AECB7A5D14079DB7CE019D40AA5C8789D8259E21714F8860190B8021DF2210D302D1C9232DEBF630396BEB6D3CFEF79F934EA2F6A582A6E2794B6B81F371E35256330B0BCE6CF3B71F562287CED89AEADC435B69555346CB59EA9507F56D57064B00B53EF1C064A419317778C44F9CF6AE35D5EFB8B03B455DA1FD531998FED44B10DBAB65A03BBAFE9B2C9E236E7685E82823F5301F1BAD0B762700B50CB158A8138F3A9AD9B171090B834C9459600A4DF35AD9BF34BF155049979847748A60950CE84025CE43F25445C6C7E64558AE024795EE0C9C47417A4AD91D6E10676EAC51848DBEF1312063E6C4CA8CFE9CCD92A2707CE195932D3E01FC026F366E3A690F8061434FFE0D99604A0399E2B5F86BD80EBC2F75CB84B1C513AE30CC03AE2BC18072B502F30042F4AF934964EAF36095145F06215AA9D1C6B37F3F51D3E7383E2DE7393E9D7509BB4A117A074939A654AB879F956BB17D8679C449534EBAB72A32DF1746CA9B02A1F9862CE82473DA6481CB55DFF167F75A0242A5F7A42CB601BF6B3CF411579F651DF187368D83F86CC8372625A447E76CF02F49F5CFF82590860F39364740BD9B98C4D43161FEE4E437C8B49CFD83D9B86C39521B890DD7FCC144C38D8A20972CD5E40230B92DE39A8574C8903B80BC921F7F00C7530C86BB2BF6348EBA7850D0C1AD9F1F7B8A222D729FCC615FD8E39FB895B56E6D4C4E98820A07E2FB7B6C9C4C6C66794949AC13BDA7CF812FD8085AE984FB9961592FB10D515EC73512D4F06AE1AED30CCBF4142F5804773683C10FE9C6FDE477700FF88F96FD0F95565886144576D2722CD34D10784260C20E92DF74CE0CFE4284B3B7D8154F1E0A98A7E84741DF326D35022FACBB036BE5E0DD43487E1A2E92BC4B86B500606C49DC587804F2B03F31E99E7ED64FE5D9751BE98226AEBFC900726555FBFB5F09C95963E64E6DD3DCB7FC2CD4E651AF840D0D63BBD6ABB9BE66B4776602A02415C7F9263EAEB4D400BDD7101E32D444D68A3C58E0A334E78CE4C65850A37CA445445EE2DA3344E6354417959B9A6131CF1063BD37DB7E4CC75D9EC5FD419080E383DABDE8EB8AE019910A6BE1FDF0A38102EEE95852B0901878E5DF2E3ECF774C8CF542EFECE83BDE2DB523D9C5736F160D019732DC67013C20FC2A7481266DF0AB6B5B46CF3515CAE453B23FD84B8BC51EEE680756B38B0184F48EB6F76E6D58"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Celkový čas: 2013-08-05 22:44:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-08-05 20:44
.
Před spuštěním: Volných bajtů: 19 558 797 312
Po spuštění: Volných bajtů: 18 862 284 800
.
- - End Of File - - 016727E2E9D9AFEC560418D657CD3F52
413FC2A0C716421B3158746D63736515

prosím pomůže někdo.

ahoj,
CF by sa nemal pouzivat svojvolne

prescanuj PC s AVPTool - pocas scanu NOD vypni

nic nenacel - dal bych to sem ale je to moc dlouhy

ked nenasiel, log netreba

citat:
TFC http://oldtimer.geekstogo.com/TFC.exe
• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte
+
prescanuj PC s MBAM

zkusim to. Jinak ted jsem udelal novou instalaci systemu a dela to zas. Zacinam mit podezreni na ESET

no moze to byt falosny poplach

Opravdu to dělal ESET - vůbech nechápu proč.

Každopádně díky za pomoc.

Ještě otázečka jaký je podle Vás nej antivirus?

díky

nuz chybicka se vloudi aj do tych lepsich AV, kde urcite ESET patri

dlhodobo ku spicke patri Kaspersky, Bitdefender a Avira

děkuji za pomoc.

rado sa stalo

VIRY.CZ

JS/Kryptik.ANM - trojský kůň

JS/Kryptik.ANM - trojský kůň

Re: JS/Kryptik.ANM - trojský kůň

Re: JS/Kryptik.ANM - trojský kůň

Re: JS/Kryptik.ANM - trojský kůň

Re: JS/Kryptik.ANM - trojský kůň

Re: JS/Kryptik.ANM - trojský kůň

Re: JS/Kryptik.ANM - trojský kůň

Re: JS/Kryptik.ANM - trojský kůň

Re: JS/Kryptik.ANM - trojský kůň

Re: JS/Kryptik.ANM - trojský kůň