VIRY.CZ

Zdravím, díky za odpověď a posílám výsledek scanu.
Prosím o radu.
Lakp

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-08-2013 02
Ran by Petr (administrator) on 23-08-2013 17:05:21
Running from F:\
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [159744 2007-09-07] (Alps Electric Co., Ltd.)
HKLM\...\Run: [OEM02Mon.exe] - C:\Windows\OEM02Mon.exe [36864 2008-03-04] (Creative Technology Ltd.)
HKLM\...\Run: [DELL Webcam Manager] - C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [118784 2007-07-27] (Creative Technology Ltd.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-03-21] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [3444736 2007-12-12] (Dell Inc.)
HKLM\...\Run: [PCMService] - C:\Program Files\Dell\MediaDirect\PCMService.exe [184320 2007-12-21] (CyberLink Corp.)
HKLM\...\Run: [autoclk] - C:\Windows\autoclk.exe [143360 2003-01-30] ()
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [77824 2008-06-15] (Apple Computer, Inc.)
HKLM\...\Run: [SpywareTerminator] - C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [1817600 2008-10-17] (Crawler.com)
HKLM\...\Run: [SigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-11-12] (IDT, Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [EPSON Stylus DX7400 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\Windows\TEMP\E_S3DAB.tmp" /EF "HKCU" [x]
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-04-07] (Google Inc.)
HKCU\...\Run: [Google Update] - C:\Users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe [133104 2009-09-29] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKCU\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe [578560 2013-02-06] (Samsung Electronics)
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [bRpdVDxr] - C:\Users\Petr\AppData\Local\{E772BEED-1A25-4708-829D-8EFFCC508272}\dwGDTcET.exe [261632 2013-08-21] ()
MountPoints2: {b31ea808-4484-11de-ae79-001d09524395} - F:\lcw.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DSLMON.lnk
ShortcutTarget: DSLMON.lnk -> C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
Startup: C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ThsunYZm.exe ()
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://www.icq.com/search/results.php?q ... &ch_id=osd
URLSearchHook: (No Name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (Crawler.com)
URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
SearchScopes: HKCU - DefaultScope {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatche ... tbid=60076
SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatche ... tbid=60076
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://www.icq.com/search/results.php?q ... &ch_id=osd
SearchScopes: HKCU - {97422624-374E-41D1-863D-939AE1A7FAF7} URL = http://download.seznam.cz/vyhledavani/o ... rceid=IE_5
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: No Name - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (Crawler.com)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (Crawler.com)
Toolbar: HKLM - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -&Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (Crawler.com)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: msdaipp - No CLSID Value -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (Crawler.com)
Winsock: Catalog5 02 %SystemRoot%\system32\napinsp.dll [50176] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Petr\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Users\Petr\AppData\Local\Google\Chrome\Application\28.0.1500.72\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Petr\AppData\Local\Google\Chrome\Application\28.0.1500.72\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.150.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Petr\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Skype Click to Call) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0
CHR Extension: (Gmail) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Petr\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

S2 ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [222968 2009-06-01] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-06-20] (Microsoft Corporation)
S2 sp_rssrv; C:\Program Files\Spyware Terminator\sp_rsser.exe [606720 2008-10-17] (Crawler.com)
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2506752 2007-12-12] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

S2 ADILOADER; C:\Windows\System32\Drivers\adildr.sys [46167 2003-07-17] (Analog Deivces)
S3 adiusbaw; C:\Windows\System32\DRIVERS\adiusbaw.sys [127145 2003-03-27] (Analog Devices Inc.)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
S1 sp_rsdrv2; C:\Windows\system32\drivers\sp_rsdrv2.sys [141312 2008-10-17] ()
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [x]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-23 16:45 - 2013-08-23 16:45 - 00004236 ____N C:\bootex.log
2013-08-23 16:42 - 2013-08-23 16:42 - 00000000 __SHD C:\found.001
2013-08-21 22:25 - 2013-08-22 10:55 - 00000000 ____D C:\Users\Petr\AppData\Roaming\Dirty
2013-08-21 22:25 - 2013-08-22 10:55 - 00000000 ____D C:\Users\Petr\AppData\Local\Dirty
2013-08-21 22:25 - 2013-08-21 22:25 - 00000000 ____D C:\Users\Petr\AppData\Local\miXnLbRK
2013-08-21 22:25 - 2013-08-21 22:25 - 00000000 ____D C:\Users\Petr\AppData\Local\ebahdwtF
2013-08-15 21:59 - 2013-08-15 22:04 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 21:52 - 2013-08-15 21:52 - 00046514 ____R C:\Users\Petr\Desktop\Rodiče kontakty 2013 SE do MŽ zkr..xls
2013-08-15 21:39 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 21:39 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 21:39 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 21:39 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 21:39 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 21:39 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-15 21:39 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-15 21:39 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 21:39 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 21:39 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 21:39 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 21:39 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-15 21:39 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-15 21:39 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 21:39 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 21:39 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-14 07:26 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 07:26 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 07:26 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 07:26 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 07:26 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 07:26 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 07:26 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 07:26 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 07:26 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 07:26 - 2013-07-05 05:20 - 00914880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 07:26 - 2013-07-05 03:43 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-08-14 07:26 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-14 07:26 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-08-23 17:04 - 2008-05-21 11:26 - 01496616 _____ C:\Windows\WindowsUpdate.log
2013-08-23 16:45 - 2013-08-23 16:45 - 00004236 ____N C:\bootex.log
2013-08-23 16:42 - 2013-08-23 16:42 - 00000000 __SHD C:\found.001
2013-08-23 16:30 - 2006-11-02 15:01 - 00032592 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-23 16:30 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-23 16:29 - 2011-03-16 22:55 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-23 16:28 - 2006-11-02 14:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-23 16:28 - 2006-11-02 14:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-22 11:06 - 2008-06-18 09:10 - 00002671 _____ C:\Users\Petr\Desktop\Microsoft Word.lnk
2013-08-22 10:55 - 2013-08-21 22:25 - 00000000 ____D C:\Users\Petr\AppData\Roaming\Dirty
2013-08-22 10:55 - 2013-08-21 22:25 - 00000000 ____D C:\Users\Petr\AppData\Local\Dirty
2013-08-22 08:01 - 2012-09-23 07:43 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-22 07:51 - 2008-06-25 10:59 - 00006648 _____ C:\Users\Petr\AppData\Local\d3d9caps.dat
2013-08-21 23:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\LogFiles
2013-08-21 22:25 - 2013-08-21 22:25 - 00000000 ____D C:\Users\Petr\AppData\Local\miXnLbRK
2013-08-21 22:25 - 2013-08-21 22:25 - 00000000 ____D C:\Users\Petr\AppData\Local\ebahdwtF
2013-08-21 22:25 - 2011-04-05 21:57 - 00000000 ____D C:\Users\Petr\AppData\Local\{E772BEED-1A25-4708-829D-8EFFCC508272}
2013-08-21 22:25 - 2008-06-28 09:09 - 00000000 ____D C:\Program Files\Crawler
2013-08-21 21:58 - 2009-09-29 21:23 - 00000958 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2434723846-1121043897-3588410394-1000UA.job
2013-08-21 21:50 - 2011-03-16 22:55 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-21 21:09 - 2009-09-29 21:23 - 00002039 _____ C:\Users\Petr\Desktop\Google Chrome.lnk
2013-08-21 15:30 - 2008-10-17 16:57 - 00000000 ____D C:\Users\Petr\AppData\Roaming\Spyware Terminator
2013-08-20 21:02 - 2012-09-23 07:43 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-20 21:02 - 2011-05-20 18:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-19 20:04 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-19 19:04 - 2011-04-27 17:53 - 00001912 _____ C:\Windows\epplauncher.mif
2013-08-19 19:03 - 2012-08-12 10:50 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-08-17 10:21 - 2008-10-31 12:12 - 00000000 ____D C:\Users\Petr\AppData\Roaming\Skype
2013-08-15 22:48 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-08-15 22:04 - 2013-08-15 21:59 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 21:58 - 2006-11-02 12:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-15 21:52 - 2013-08-15 21:52 - 00046514 ____R C:\Users\Petr\Desktop\Rodiče kontakty 2013 SE do MŽ zkr..xls
2013-08-15 21:52 - 2008-06-18 09:10 - 00002615 _____ C:\Users\Petr\Desktop\Microsoft Excel.lnk
2013-08-15 21:49 - 2006-11-02 12:33 - 01441070 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-12 19:24 - 2010-06-21 19:32 - 00000000 ____D C:\Users\Petr\Desktop\Fotbal
2013-08-05 21:52 - 2008-10-31 12:02 - 00000000 ____D C:\Program Files\Google
2013-07-30 20:51 - 2008-06-15 10:42 - 00086016 _____ C:\Users\Petr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-25 04:40 - 2013-08-15 21:39 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-25 04:32 - 2013-08-15 21:39 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-25 04:30 - 2013-08-15 21:39 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-25 04:26 - 2013-08-15 21:39 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-25 04:26 - 2013-08-15 21:39 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-25 04:25 - 2013-08-15 21:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-25 04:24 - 2013-08-15 21:39 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-25 04:24 - 2013-08-15 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-25 04:23 - 2013-08-15 21:39 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-25 04:23 - 2013-08-15 21:39 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-25 04:23 - 2013-08-15 21:39 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-25 04:23 - 2013-08-15 21:39 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-25 04:23 - 2013-08-15 21:39 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-25 04:22 - 2013-08-15 21:39 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-25 04:22 - 2013-08-15 21:39 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-25 04:22 - 2013-08-15 21:39 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

Files to move or delete:
====================
C:\Users\Petr\iStar.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-08-22 11:11

==================== End Of Log ============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-04-07] (Google Inc.)
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://www.icq.com/search/results.php?q ... &ch_id=osd
URLSearchHook: (No Name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (Crawler.com)
URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
SearchScopes: HKCU - DefaultScope {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatche ... tp=bs&qkw={searchTerms}&tbid=60076
SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatche ... tp=bs&qkw={searchTerms}&tbid=60076
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://www.icq.com/search/results.php?q ... &ch_id=osd
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Toolbar: HKCU -&Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (Crawler.com)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
S2 ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [222968 2009-06-01] ()
2013-07-30 20:51 - 2008-06-15 10:42 - 00086016 _____ C:\Users\Petr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
End

Uložte do stejného adresáře, jako FRST pod názvem fixlist.txt. Pak spusťte FRST a klikněte na >Fix<. Po proběhnutí fixování dejte log.

Čau, díky za návod jen se chci zeptat, myslím že antivirák odinstloval vir,
protože již PC pracuje normálně.Nebo to jen zdání a mám udělat vše dle
tvého doporučení?
Já jsem FRST uložil na flash disk, tak ho mám ztahnout případně do PC?
Díky lakp

Lze to také, ale pokud vám PC normálně funguje, dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

Ahoj, tak posílám výsledek scanu, prosím o kontrolu jestli je vše ok.
Mám Combofix používat i pro případnou další kontrolu?
Moc díky za pomoc.
lakp

ComboFix 13-08-25.01 - Petr 25.08.2013 21:00:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2037.921 [GMT 2:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.4.0.4340\Data\config.md
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.dat
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.3.0.790\Data\config.md
c:\program files\Media Access Startup\1.3.0.790\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\1.3.0.790\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\1.3.0.790\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\1.3.0.790\FF\install.rdf
c:\program files\Media Access Startup\1.3.0.790\unins000.dat
c:\program files\System Search Dispatcher
c:\program files\System Search Dispatcher\1.2.0.750\Data\eacore.mx
c:\program files\System Search Dispatcher\1.2.0.750\Data\URLDynamic.mx
c:\program files\System Search Dispatcher\1.2.0.750\Data\URLStatic.mx
c:\program files\System Search Dispatcher\1.2.0.750\unins000.dat
c:\programdata\windows
c:\programdata\windows\dsdd.dat
c:\programdata\windows\nudr.dat
c:\users\Petr\AppData\Roaming\7go
c:\users\Petr\AppData\Roaming\7go\7go.crx
c:\users\Petr\AppData\Roaming\7go\icon.ico
c:\users\Petr\AppData\Roaming\Dirty
c:\users\Petr\iStar.exe
c:\windows\unin0405.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-07-25 do 2013-08-25 )))))))))))))))))))))))))))))))
.
.
2013-08-25 19:09 . 2013-08-25 19:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-25 18:46 . 2013-08-25 18:45 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-08-25 18:39 . 2013-08-25 18:39 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F15B22D-2FF0-41F2-9C20-3A4644D80A7C}\MpKslae9267da.sys
2013-08-25 16:47 . 2013-08-25 16:47 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F15B22D-2FF0-41F2-9C20-3A4644D80A7C}\MpKsl2de1e439.sys
2013-08-25 15:19 . 2013-08-25 15:19 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F15B22D-2FF0-41F2-9C20-3A4644D80A7C}\offreg.dll
2013-08-25 12:40 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F15B22D-2FF0-41F2-9C20-3A4644D80A7C}\mpengine.dll
2013-08-24 22:07 . 2013-08-24 22:07 -------- d-----w- c:\users\Petr\AppData\Roaming\Apple Computer
2013-08-24 20:04 . 2013-08-24 20:04 -------- d-----w- c:\program files\CCleaner
2013-08-24 19:54 . 2013-08-24 20:14 -------- d-----w- c:\users\Petr\AppData\Roaming\Media Player Classic
2013-08-24 19:45 . 2013-08-24 19:43 723808 ----a-w- c:\program files\Uninstall Information\Ib\34\4019\ib_uninstall.exe
2013-08-24 19:45 . 2013-08-24 19:46 -------- d-----w- c:\users\Petr\AppData\Roaming\RocketPDF
2013-08-24 19:45 . 2013-08-24 19:45 -------- d-----w- c:\program files\RocketPDF
2013-08-24 19:45 . 2013-08-24 19:45 -------- d-----w- c:\users\Petr\AppData\Roaming\PerformerSoft
2013-08-24 19:45 . 2013-06-19 12:58 17920 ----a-w- c:\windows\system32\roboot.exe
2013-08-24 19:45 . 2013-08-24 19:45 -------- d-----w- c:\program files\7Go Games
2013-08-24 19:45 . 2013-08-24 19:45 -------- d-----w- c:\program files\PC Performer
2013-08-24 19:45 . 2013-08-24 19:45 -------- d-----w- c:\users\Petr\AppData\Roaming\File Scout
2013-08-24 19:44 . 2013-08-24 19:44 -------- d-----w- c:\programdata\IBUpdaterService
2013-08-24 19:44 . 2013-08-24 19:44 -------- d-----w- c:\users\Petr\AppData\Roaming\SpeedAnalysis2
2013-08-24 19:44 . 2013-08-24 19:44 -------- d-----w- c:\programdata\Babylon
2013-08-24 19:44 . 2013-08-24 19:44 -------- d-----w- c:\users\Petr\AppData\Roaming\Babylon
2013-08-24 19:44 . 2013-08-24 19:44 -------- d-----w- c:\program files\Speed Analysis 2
2013-08-24 19:42 . 2013-08-24 19:43 -------- d-----w- c:\program files\QuickTime
2013-08-24 19:42 . 2013-08-24 19:42 -------- d-----w- c:\programdata\Apple Computer
2013-08-24 19:41 . 2013-08-24 19:41 -------- d-----w- c:\users\Petr\AppData\Local\Apple
2013-08-24 19:41 . 2013-08-24 19:41 -------- d-----w- c:\program files\Apple Software Update
2013-08-24 19:41 . 2013-08-24 19:41 -------- d-----w- c:\programdata\Apple
2013-08-24 19:41 . 2013-08-24 19:41 -------- d-----w- c:\program files\Common Files\Apple
2013-08-24 19:27 . 2013-08-24 19:27 -------- d-----w- c:\users\Petr\AppData\Local\Secunia PSI
2013-08-24 19:26 . 2013-08-24 19:26 -------- d-----w- c:\program files\Secunia
2013-08-24 18:30 . 2013-08-24 18:26 697992 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7D8C86C-6A67-4AD6-B865-C0EE4B6E8D70}\gapaengine.dll
2013-08-24 18:26 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-23 15:05 . 2013-08-23 15:05 -------- d-----w- C:\FRST
2013-08-23 14:42 . 2013-08-23 14:42 -------- d-----w- C:\found.001
2013-08-21 20:25 . 2013-08-21 20:25 -------- d-----w- c:\users\Petr\AppData\Local\miXnLbRK
2013-08-21 20:25 . 2013-08-21 20:25 -------- d-----w- c:\users\Petr\AppData\Local\ebahdwtF
2013-08-21 20:25 . 2013-08-24 18:06 -------- d-----w- c:\users\Petr\AppData\Local\Dirty
2013-08-15 19:59 . 2013-08-15 20:04 -------- d-----w- c:\windows\system32\MRT
2013-08-14 05:26 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll
2013-08-14 05:26 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 05:26 . 2013-07-05 03:20 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 05:26 . 2013-07-05 01:43 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-08-14 05:26 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-14 05:26 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 05:26 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-14 05:26 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-14 05:26 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-08-14 05:26 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 05:26 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 05:26 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 05:26 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-25 18:45 . 2012-09-23 05:50 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-08-25 18:45 . 2010-07-18 13:49 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-24 19:38 . 2012-09-23 05:43 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-24 19:38 . 2011-05-20 16:52 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-17 17:23 . 2012-10-03 20:46 698504 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-03 08:32 . 2013-07-03 08:32 16024 ----a-w- c:\windows\system32\drivers\psi_mf_x86.sys
2013-06-18 19:50 . 2013-06-18 19:50 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-18 19:50 . 2012-03-20 18:44 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-04 01:50 . 2013-07-12 20:15 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-06-01 04:06 . 2013-07-12 20:14 505344 ----a-w- c:\windows\system32\qedit.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-07 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-02-13 1509232]
"KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [2013-02-06 578560]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"autoclk"="autoclk.exe" [2003-01-30 143360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-10-17 1817600]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-02-13 310128]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-5-21 50688]
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-6-13 962663]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-7-3 563416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSLAE9267DA
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2013-08-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-23 19:38]
.
2013-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-16 05:49]
.
2013-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-16 05:49]
.
2013-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2434723846-1121043897-3588410394-1000Core.job
- c:\users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-29 19:23]
.
2013-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2434723846-1121043897-3588410394-1000UA.job
- c:\users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-29 19:23]
.
2013-08-25 c:\windows\Tasks\PC Performer_DEFAULT.job
- c:\program files\PC Performer\PCPerformer.exe [2013-08-24 12:58]
.
2013-08-24 c:\windows\Tasks\PC Performer_UPDATES.job
- c:\program files\PC Performer\PCPerformer.exe [2013-08-24 12:58]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.0.0.138
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-25 21:09
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\users\Petr\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7f,65,bd,be,56,2f,e7,45,86,4d,da,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7f,65,bd,be,56,2f,e7,45,86,4d,da,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2013-08-25 21:12:23
ComboFix-quarantined-files.txt 2013-08-25 19:12
.
Před spuštěním: 5 682 761 728
Po spuštění: 5 414 150 144
.
- - End Of File - - 8A23B69DD8CAAC20FADAAA779ECDACB4
5C616939100B85E558DA92B899A0FC36

Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
c:\windows\system32\roboot.exe

Folder::
c:\programdata\Babylon
c:\users\Petr\AppData\Roaming\Babylon
c:\program files\Google\GoogleToolbarNotifier

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2434723846-1121043897-3588410394-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2434723846-1121043897-3588410394-1000UA.job

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

CF nikdy nespouštějte bez doporučení rádce.

Ahoj tak posílám další log.
lakp

ComboFix 13-08-25.01 - Petr 25.08.2013 21:44:48.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2037.687 [GMT 2:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Petr\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2434723846-1121043897-3588410394-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2434723846-1121043897-3588410394-1000UA.job"
.
file zipped: c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\GoogleToolbarNotifier
c:\program files\Google\GoogleToolbarNotifier\5.7.8313.1002\gth.dll
c:\program files\Google\GoogleToolbarNotifier\5.7.8313.1002\gtn.dll
c:\program files\Google\GoogleToolbarNotifier\5.7.8313.1002\Readme.url
c:\program files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\programdata\Babylon
c:\users\Petr\AppData\Roaming\Babylon
c:\users\Petr\AppData\Roaming\Babylon\log_file.txt
c:\windows\system32\roboot.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2434723846-1121043897-3588410394-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2434723846-1121043897-3588410394-1000UA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-07-25 do 2013-08-25 )))))))))))))))))))))))))))))))
.
.
2013-08-25 19:52 . 2013-08-25 19:55 -------- d-----w- c:\users\Petr\AppData\Local\temp
2013-08-25 19:52 . 2013-08-25 19:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-24 22:07 . 2013-08-24 22:07 -------- d-----w- c:\users\Petr\AppData\Roaming\Apple Computer
2013-08-24 20:04 . 2013-08-24 20:04 -------- d-----w- c:\program files\CCleaner
2013-08-24 19:54 . 2013-08-24 20:14 -------- d-----w- c:\users\Petr\AppData\Roaming\Media Player Classic
2013-08-24 19:45 . 2013-08-24 19:43 723808 ----a-w- c:\program files\Uninstall Information\Ib\34\4019\ib_uninstall.exe
2013-08-24 19:45 . 2013-08-25 19:26 -------- d-----w- c:\users\Petr\AppData\Roaming\RocketPDF
2013-08-24 19:45 . 2013-08-24 19:45 -------- d-----w- c:\program files\RocketPDF
2013-08-24 19:45 . 2013-08-24 19:45 -------- d-----w- c:\users\Petr\AppData\Roaming\PerformerSoft
2013-08-24 19:45 . 2013-08-24 19:45 -------- d-----w- c:\program files\7Go Games
2013-08-24 19:45 . 2013-08-24 19:45 -------- d-----w- c:\program files\PC Performer
2013-08-24 19:45 . 2013-08-24 19:45 -------- d-----w- c:\users\Petr\AppData\Roaming\File Scout
2013-08-24 19:44 . 2013-08-24 19:44 -------- d-----w- c:\programdata\IBUpdaterService
2013-08-24 19:44 . 2013-08-24 19:44 -------- d-----w- c:\users\Petr\AppData\Roaming\SpeedAnalysis2
2013-08-24 19:44 . 2013-08-24 19:44 -------- d-----w- c:\program files\Speed Analysis 2
2013-08-24 19:42 . 2013-08-24 19:43 -------- d-----w- c:\program files\QuickTime
2013-08-24 19:42 . 2013-08-24 19:42 -------- d-----w- c:\programdata\Apple Computer
2013-08-24 19:41 . 2013-08-24 19:41 -------- d-----w- c:\users\Petr\AppData\Local\Apple
2013-08-24 19:41 . 2013-08-24 19:41 -------- d-----w- c:\program files\Apple Software Update
2013-08-24 19:41 . 2013-08-24 19:41 -------- d-----w- c:\programdata\Apple
2013-08-24 19:41 . 2013-08-24 19:41 -------- d-----w- c:\program files\Common Files\Apple
2013-08-24 19:27 . 2013-08-24 19:27 -------- d-----w- c:\users\Petr\AppData\Local\Secunia PSI
2013-08-24 19:26 . 2013-08-24 19:26 -------- d-----w- c:\program files\Secunia
2013-08-23 15:05 . 2013-08-23 15:05 -------- d-----w- C:\FRST
2013-08-23 14:42 . 2013-08-23 14:42 -------- d-----w- C:\found.001
2013-08-21 20:25 . 2013-08-21 20:25 -------- d-----w- c:\users\Petr\AppData\Local\miXnLbRK
2013-08-21 20:25 . 2013-08-21 20:25 -------- d-----w- c:\users\Petr\AppData\Local\ebahdwtF
2013-08-21 20:25 . 2013-08-24 18:06 -------- d-----w- c:\users\Petr\AppData\Local\Dirty
2013-08-14 05:26 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll
2013-08-14 05:26 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 05:26 . 2013-07-05 03:20 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 05:26 . 2013-07-05 01:43 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-08-14 05:26 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 05:26 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 05:26 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-25 18:45 . 2013-08-25 18:46 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-08-25 18:45 . 2012-09-23 05:50 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-08-25 18:45 . 2010-07-18 13:49 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-24 19:38 . 2012-09-23 05:43 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-24 19:38 . 2011-05-20 16:52 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-24 18:26 . 2013-08-24 18:30 697992 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7D8C86C-6A67-4AD6-B865-C0EE4B6E8D70}\gapaengine.dll
2013-08-06 07:28 . 2013-08-25 19:14 7166848 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A80036F-13BC-41EF-BDC1-9434F5D22084}\mpengine.dll
2013-08-06 07:28 . 2013-08-24 18:26 7166848 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-25 02:26 . 2013-08-15 19:39 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-07-25 02:23 . 2013-08-15 19:39 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-07-25 02:22 . 2013-08-15 19:39 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-17 19:41 . 2013-08-14 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-17 17:23 . 2012-10-03 20:46 698504 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-10 09:47 . 2013-08-14 05:26 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 12:10 . 2013-08-14 05:26 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-07-08 04:55 . 2013-08-14 05:26 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-08 04:55 . 2013-08-14 05:26 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-08 04:20 . 2013-08-14 05:26 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-07-03 08:32 . 2013-07-03 08:32 16024 ----a-w- c:\windows\system32\drivers\psi_mf_x86.sys
2013-06-18 19:50 . 2013-06-18 19:50 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-18 19:50 . 2012-03-20 18:44 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-04 01:50 . 2013-07-12 20:15 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-06-01 04:06 . 2013-07-12 20:14 505344 ----a-w- c:\windows\system32\qedit.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-02-13 1509232]
"KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [2013-02-06 578560]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"autoclk"="autoclk.exe" [2003-01-30 143360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-10-17 1817600]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-02-13 310128]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-5-21 50688]
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-6-13 962663]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-7-3 563416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - FSUSBEXDISK
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2013-08-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-23 19:38]
.
2013-08-25 c:\windows\Tasks\PC Performer_DEFAULT.job
- c:\program files\PC Performer\PCPerformer.exe [2013-08-24 12:58]
.
2013-08-24 c:\windows\Tasks\PC Performer_UPDATES.job
- c:\program files\PC Performer\PCPerformer.exe [2013-08-24 12:58]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.0.0.138
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-Wdf01000.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-25 21:57
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\FsUsbExService.Exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Secunia\PSI\PSIA.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\STacSV.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\program files\Secunia\PSI\sua.exe
c:\windows\autoclk.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2013-08-25 22:03:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-08-25 20:03
ComboFix2.txt 2013-08-25 19:12
.
Před spuštěním: 5 215 723 520
Po spuštění: 4 988 706 816
.
- - End Of File - - E95F689BC82B83167AA65545F8851B03
5C616939100B85E558DA92B899A0FC36
Nahr nˇ probŘhlo ŁspŘçnŘ

Ahoj ještě jednou, kouknul jsem na fotky ap. a všude je File is encrypted,
co můžu udělat dál.
lakp

Tak to je problém. Ten vir je zakryptoval. Protože neznáme, jak byly soubory kryptovány, těžko určíme, jak je dekryptovat. Zkusím ještě konzultaci s kolegy.

Díky zatím budu čekat.
lakp

OK. Pokud bude někdo něco vědět, dám to sem.

Zdravim a omlouvam se kolegovi za vstup

Ten obrazek po otevreni vypada nejak takto

Pokud ano, tak bohuzel je to opravdu spatne, tenhle kram ma desifrovaci klic u nich na webu.

Fabian Wosar (Authorized Emsisoft Representative) píše:I only took a brief look at it a few weeks ago. Back then it appeared to use RSA for encrypting the files, where one half of the key was stored on the attackers server. Without that half, decryption is impossible.

Ahoj vypadá to podobně jen to má jiný popis, teď jsem zjistil že některé fotky nejsou
zašifrovány a některé ano.
Týka se to i exelu,pdf ap.
lakp

Zabalte mi prosim par zakryptovany a pokud nekde najdete i jejich nezakryptovane originaly (treba nekde na FB uploadnute) a poslete mi je na mail...Zkusim se zas poptat mozkovych kapacit, jestli nebudou vedet...

Jestli dobře chápu tak pošlu fotku z externího disku nebo ještě ve foťáku , která bude snad Ok a stejnou
kterou mám uloženou a zašifrovanou v PC ?
lakp

VIRY.CZ

Policejní virus

Re: Policejní virus

Re: Policejní virus

Re: Policejní virus

Re: Policejní virus

Re: Policejní virus

Re: Policejní virus

Re: Policejní virus

Re: Policejní virus

Re: Policejní virus

Re: Policejní virus

Re: Policejní virus

Re: Policejní virus

Re: Policejní virus

Re: Policejní virus

Re: Policejní virus