VIRY.CZ

Dobrý den,
měl jsem v pc virus Interpol,
odstranil jsem jej Malware Free,
již se nic neděje, jen při startu pc se objeví hláška o chybě, viz příloha.
Log přikládám.
Děkuji Vám a zdravím.
Kadlec

Logfile of random's system information tool 1.06 (written by random/random)
Run by lynx at 2013-09-01 11:20:01
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 461 GB (48%) free of 954 GB
Total RAM: 3326 MB (60% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Program Files\IEPro\iepro.dll [2008-05-20 736360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-03-26 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
Vuze Remote Toolbar - C:\Program Files\Vuze_Remote\prxtbVuze.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-03-26 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}]
c:\Program Files\PicLensIE\PicLens.dll [2008-07-21 2609152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]
FreeOnlineRadioPlayerRecorder Toolbar - C:\Program Files\FreeOnlineRadioPlayerRecorder\tbFree.dll [2010-06-13 2734688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{f999a48b-1950-4d81-9971-79018f807b4b} - FreeOnlineRadioPlayerRecorder Toolbar - C:\Program Files\FreeOnlineRadioPlayerRecorder\tbFree.dll [2010-06-13 2734688]
{ba14329e-9550-4989-b3f2-9732e92d17cc} - Vuze Remote Toolbar - C:\Program Files\Vuze_Remote\prxtbVuze.dll [2011-05-09 176936]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-08-25 98304]
"KiesTrayAgent"=C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2012-05-04 3521424]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-05-09 4858968]
"SpywareTerminatorShield"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2012-09-07 2777296]
"SpywareTerminatorUpdater"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2013-04-03 3684488]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-10-11 59280]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"QuickTime Task"=C:\Program Files\QT Lite\QTTask.exe [2013-05-01 421888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-02-26 443968]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"Center Agent"=C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe [2007-07-13 1435648]
"KiesHelper"=C:\Program Files\Samsung\Kies\KiesHelper.exe [2012-05-04 955792]
"KiesPDLR"=C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2012-05-04 21392]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Remote Control.lnk - C:\Program Files\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe

C:\Users\lynx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
pkqlukowinyppjojvow.lnk - C:\Windows\System32\rundll32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=FFFFFFFF
"NoDriveTypeAutoRun"=36

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2013-09-01 10:59:20 ----D---- C:\Program Files\HitmanPro
2013-09-01 10:59:03 ----D---- C:\ProgramData\HitmanPro
2013-09-01 09:27:35 ----A---- C:\Windows\ntbtlog.txt
2013-08-30 22:18:44 ----D---- C:\Windows\Minidump
2013-08-28 17:57:26 ----A---- C:\Windows\system32\WMVDECOD.DLL
2013-08-21 16:23:03 ----D---- C:\Users\lynx\AppData\Roaming\Opera Software
2013-08-21 16:22:57 ----D---- C:\Program Files\Opera Next
2013-08-19 22:51:57 ----D---- C:\Windows\system32\MRT
2013-08-19 18:45:39 ----A---- C:\Windows\system32\icaapi.dll
2013-08-19 18:45:17 ----A---- C:\Windows\system32\ieframe.dll
2013-08-19 18:45:15 ----A---- C:\Windows\system32\mshtml.dll
2013-08-19 18:45:14 ----A---- C:\Windows\system32\msfeeds.dll
2013-08-19 18:45:12 ----A---- C:\Windows\system32\wininet.dll
2013-08-19 18:45:12 ----A---- C:\Windows\system32\urlmon.dll
2013-08-19 18:45:11 ----A---- C:\Windows\system32\iepeers.dll
2013-08-19 18:45:11 ----A---- C:\Windows\system32\iedkcs32.dll
2013-08-19 18:45:10 ----A---- C:\Windows\system32\mstime.dll
2013-08-19 18:45:10 ----A---- C:\Windows\system32\ieUnatt.exe
2013-08-19 18:45:10 ----A---- C:\Windows\system32\iesetup.dll
2013-08-19 18:45:10 ----A---- C:\Windows\system32\iertutil.dll
2013-08-19 18:45:09 ----A---- C:\Windows\system32\mshtmled.dll
2013-08-19 18:45:08 ----A---- C:\Windows\system32\occache.dll
2013-08-19 18:45:07 ----A---- C:\Windows\system32\ieui.dll
2013-08-19 18:45:07 ----A---- C:\Windows\system32\iernonce.dll
2013-08-19 18:45:06 ----A---- C:\Windows\system32\msfeedsbs.dll
2013-08-19 18:45:06 ----A---- C:\Windows\system32\licmgr10.dll
2013-08-19 18:45:06 ----A---- C:\Windows\system32\iesysprep.dll
2013-08-19 18:45:06 ----A---- C:\Windows\system32\ie4uinit.exe
2013-08-19 18:45:05 ----A---- C:\Windows\system32\url.dll
2013-08-19 18:45:04 ----A---- C:\Windows\system32\msfeedssync.exe
2013-08-19 18:45:04 ----A---- C:\Windows\system32\jsproxy.dll
2013-08-19 18:44:47 ----A---- C:\Windows\system32\tzres.dll
2013-08-19 18:44:37 ----A---- C:\Windows\system32\rpcrt4.dll
2013-08-19 18:44:31 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-08-19 18:44:31 ----A---- C:\Windows\system32\ntkrnlpa.exe
2013-08-19 18:44:30 ----A---- C:\Windows\system32\ntdll.dll
2013-08-19 18:37:38 ----A---- C:\Windows\system32\crypt32.dll
2013-08-19 18:37:37 ----A---- C:\Windows\system32\wintrust.dll
2013-08-19 18:37:37 ----A---- C:\Windows\system32\cryptsvc.dll
2013-08-19 18:37:36 ----A---- C:\Windows\system32\cryptnet.dll
2013-08-19 18:30:32 ----SHD---- C:\Config.Msi

======List of files/folders modified in the last 1 months======

2013-09-01 11:20:06 ----D---- C:\Program Files\Trend Micro
2013-09-01 11:20:05 ----D---- C:\Windows\Prefetch
2013-09-01 11:19:58 ----D---- C:\Windows\temp
2013-09-01 11:17:16 ----D---- C:\ProgramData\Spyware Terminator
2013-09-01 11:06:33 ----D---- C:\Windows\system32\drivers
2013-09-01 10:59:20 ----RD---- C:\Program Files
2013-09-01 10:59:03 ----D---- C:\ProgramData
2013-09-01 10:48:24 ----D---- C:\Windows
2013-09-01 09:33:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-09-01 08:39:15 ----D---- C:\Users\lynx\AppData\Roaming\Azureus
2013-09-01 08:37:32 ----D---- C:\Program Files\CCleaner
2013-08-29 19:27:49 ----D---- C:\Windows\winsxs
2013-08-29 19:17:22 ----AD---- C:\Windows\System32
2013-08-29 19:17:22 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-08-29 19:17:21 ----D---- C:\Windows\inf
2013-08-28 20:20:07 ----D---- C:\Windows\system32\catroot
2013-08-28 20:19:45 ----SHD---- C:\System Volume Information
2013-08-25 09:59:47 ----D---- C:\OSVC
2013-08-25 09:58:33 ----D---- C:\Users\lynx\AppData\Roaming\vlc
2013-08-21 17:24:36 ----D---- C:\Windows\Microsoft.NET
2013-08-21 17:24:35 ----RSD---- C:\Windows\assembly
2013-08-21 17:13:48 ----D---- C:\Windows\Debug
2013-08-20 19:41:20 ----D---- C:\Windows\rescache
2013-08-20 19:21:25 ----D---- C:\Program Files\Internet Explorer
2013-08-20 19:21:24 ----D---- C:\Windows\system32\migration
2013-08-20 19:21:23 ----D---- C:\Windows\system32\cs-CZ
2013-08-19 22:51:52 ----A---- C:\Windows\system32\mrt.exe
2013-08-19 22:49:40 ----SHD---- C:\Windows\Installer
2013-08-19 21:13:48 ----D---- C:\Users\lynx\AppData\Roaming\Temp
2013-08-19 18:43:57 ----D---- C:\Windows\system32\catroot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2013-05-09 49760]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2013-06-27 770344]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2013-06-27 369584]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-05-09 56080]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2011-06-21 32768]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2013-05-09 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-11-16 50704]
R3 3xHybrid;3xHybrid service; C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-04-20 674048]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-08-26 6380032]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-08-26 221696]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdLH3.sys [2010-07-15 99344]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-10-04 133120]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-08-26 6380032]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys []
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-10-27 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-10-27 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-10-27 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-10-27 114280]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-08-26 176128]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-05-09 46808]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 CrossLoopService;CrossLoop Service; C:\Users\lynx\AppData\Local\CrossLoop\CrossLoopService.exe [2010-08-17 560848]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service; C:\Program Files\Spyware Terminator\st_rsser.exe [2012-09-07 587472]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-04-16 755880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-23 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-16 257416]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-23 136176]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-10 136120]
S3 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 tvnserver;TightVNC Server; C:\Users\lynx\AppData\Local\CrossLoop\tvnserver.exe [2010-07-21 814080]

-----------------EOF-----------------

Zdravím!
Dejte log ComboFix

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj

se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci

skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install

Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

Dobrý den,
tady je:
ComboFix 13-08-31.01 - lynx 01.09.2013 11:42:00.5.4 - x86
Spuštěný z: c:\users\lynx\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Skype
c:\skype\Toolbars\SkypeToolbars.msi
c:\windows\host32.exe
c:\windows\system32\ntos.exe
c:\windows\system32\sdra64.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
c:\windows\system32\twext.exe
c:\windows\TEMP\sig8DAD.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-01 do 2013-09-01 )))))))))))))))))))))))))))))))
.
.
2013-09-01 09:53 . 2013-09-01 09:57 -------- d-----w- c:\users\lynx\AppData\Local\temp
2013-09-01 09:53 . 2013-09-01 09:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-09-01 09:53 . 2013-09-01 09:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-01 08:59 . 2013-09-01 08:59 -------- d-----w- c:\program files\HitmanPro
2013-09-01 08:59 . 2013-09-01 09:06 -------- d-----w- c:\programdata\HitmanPro
2013-09-01 06:36 . 2013-09-01 06:36 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{95570A25-95AD-4F42-AB32-B09ADFD81DD4}\offreg.dll
2013-08-30 14:41 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{95570A25-95AD-4F42-AB32-B09ADFD81DD4}\mpengine.dll
2013-08-28 15:57 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-21 14:23 . 2013-08-21 14:23 -------- d-----w- c:\users\lynx\AppData\Local\Opera Software
2013-08-21 14:23 . 2013-08-21 14:23 -------- d-----w- c:\users\lynx\AppData\Roaming\Opera Software
2013-08-21 14:22 . 2013-08-21 14:23 -------- d-----w- c:\program files\Opera Next
2013-08-19 20:51 . 2013-08-19 20:54 -------- d-----w- c:\windows\system32\MRT
2013-08-19 16:44 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-19 16:44 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-19 16:44 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-19 16:44 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-19 16:44 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-08-19 16:37 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-08-19 16:37 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-08-19 16:37 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-19 16:37 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-16 15:10 . 2012-04-11 06:41 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-16 15:10 . 2011-05-14 06:47 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-27 19:46 . 2013-03-19 14:49 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-27 19:46 . 2012-01-17 19:47 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-27 19:46 . 2012-01-17 19:47 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-04 01:50 . 2013-07-15 12:42 2049024 ----a-w- c:\windows\system32\win32k.sys
1999-05-05 21:22 222390 --sha-r- c:\windows\ConfigSetRoot\IO.SYS
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 08:49 176936 ----a-w- c:\program files\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]
2010-06-13 17:10 2734688 ----a-w- c:\program files\FreeOnlineRadioPlayerRecorder\tbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files\FreeOnlineRadioPlayerRecorder\tbFree.dll" [2010-06-13 2734688]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F999A48B-1950-4D81-9971-79018F807B4B}"= "c:\program files\FreeOnlineRadioPlayerRecorder\tbFree.dll" [2010-06-13 2734688]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Center Agent"="c:\program files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe" [2007-07-13 1435648]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-05-04 955792]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-04 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-05-04 3521424]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2012-09-06 2777296]
"SpywareTerminatorUpdater"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-04-03 3684488]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files\QT Lite\QTTask.exe" [2013-05-01 421888]
.
c:\users\lynx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
pkqlukowinyppjojvow.lnk - c:\windows\System32\rundll32.exe c:\users\lynx\AppData\Local\Temp\wovjojppyniwokulqkp.exe,OKL00 [2006-11-2 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [2000-1-21 65588]
Remote Control.lnk - c:\program files\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe [2009-5-9 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
S3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-04-20 674048]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-01 04:15 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 15:10]
.
2013-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-23 10:32]
.
2013-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-23 10:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\lynx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: microsoft.com\update
TCP: DhcpNameServer = 172.25.30.212
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-01 11:56
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\users\lynx\AppData\Roaming\Apple Computer\Logs\asl.222216_30Aug13.log
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atiesrxx.exe
c:\windows\system32\atieclxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\users\lynx\AppData\Local\CrossLoop\CrossLoopService.exe
c:\program files\Spyware Terminator\st_rsser.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\ehome\ehmsas.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2013-09-01 12:03:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-09-01 10:03
.
Před spuštěním: Volných bajtů: 483 457 380 352
Po spuštění: Volných bajtů: 483 609 808 896
.
- - End Of File - - B60A394D8CAC79B3544DC1BB6EDEC75D
5C616939100B85E558DA92B899A0FC36

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\users\lynx\AppData\Roaming\Apple Computer\Logs\asl.222216_30Aug13.log

Collect::
c:\users\lynx\AppData\Local\Temp\wovjojppyniwokulqkp.exe
c:\users\lynx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkqlukowinyppjojvow.lnk

Registry::
[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[-HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Dobrý den,
je to pryč!
Srdečně děkuji a zdravím!
Kadlec
ComboFix 13-08-31.01 - lynx 01.09.2013 12:43:49.7.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3326.2165 [GMT 2:00]
Spuštěný z: c:\users\lynx\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\lynx\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\lynx\AppData\Roaming\Apple Computer\Logs\asl.222216_30Aug13.log"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
file zipped: c:\users\lynx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkqlukowinyppjojvow.lnk
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\lynx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkqlukowinyppjojvow.lnk
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
Nakažená kopie c:\windows\system32\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\userinit.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-01 do 2013-09-01 )))))))))))))))))))))))))))))))
.
.
2013-09-01 10:53 . 2013-09-01 10:56 -------- d-----w- c:\users\lynx\AppData\Local\temp
2013-09-01 10:53 . 2013-09-01 10:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-09-01 10:53 . 2013-09-01 10:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-01 08:59 . 2013-09-01 08:59 -------- d-----w- c:\program files\HitmanPro
2013-09-01 08:59 . 2013-09-01 09:06 -------- d-----w- c:\programdata\HitmanPro
2013-09-01 06:36 . 2013-09-01 06:36 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{95570A25-95AD-4F42-AB32-B09ADFD81DD4}\offreg.dll
2013-08-30 14:41 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{95570A25-95AD-4F42-AB32-B09ADFD81DD4}\mpengine.dll
2013-08-28 15:57 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-21 14:23 . 2013-08-21 14:23 -------- d-----w- c:\users\lynx\AppData\Local\Opera Software
2013-08-21 14:23 . 2013-08-21 14:23 -------- d-----w- c:\users\lynx\AppData\Roaming\Opera Software
2013-08-21 14:22 . 2013-08-21 14:23 -------- d-----w- c:\program files\Opera Next
2013-08-19 20:51 . 2013-08-19 20:54 -------- d-----w- c:\windows\system32\MRT
2013-08-19 16:44 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-19 16:44 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-19 16:44 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-19 16:44 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-19 16:44 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-08-19 16:37 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-08-19 16:37 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-08-19 16:37 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-19 16:37 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-16 15:10 . 2012-04-11 06:41 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-16 15:10 . 2011-05-14 06:47 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-27 19:46 . 2013-03-19 14:49 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-27 19:46 . 2012-01-17 19:47 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-27 19:46 . 2012-01-17 19:47 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-04 01:50 . 2013-07-15 12:42 2049024 ----a-w- c:\windows\system32\win32k.sys
1999-05-05 21:22 222390 --sha-r- c:\windows\ConfigSetRoot\IO.SYS
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 14:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Center Agent"="c:\program files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe" [2007-07-13 1435648]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-05-04 955792]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-04 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-05-04 3521424]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2012-09-06 2777296]
"SpywareTerminatorUpdater"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-04-03 3684488]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files\QT Lite\QTTask.exe" [2013-05-01 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [2000-1-21 65588]
Remote Control.lnk - c:\program files\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe [2009-5-9 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
S3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-04-20 674048]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-01 04:15 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 15:10]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\lynx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: microsoft.com\update
TCP: DhcpNameServer = 172.25.30.212
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
BHO-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
BHO-{f999a48b-1950-4d81-9971-79018f807b4b} - (no file)
Toolbar-{f999a48b-1950-4d81-9971-79018f807b4b} - (no file)
Toolbar-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-01 12:56
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\windows\system.ini 215 bytes
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atiesrxx.exe
c:\windows\system32\atieclxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\users\lynx\AppData\Local\CrossLoop\CrossLoopService.exe
c:\program files\Spyware Terminator\st_rsser.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2013-09-01 13:02:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-09-01 11:02
ComboFix2.txt 2013-09-01 10:03
.
Před spuštěním: Volných bajtů: 483 435 855 872
Po spuštění: Volných bajtů: 483 375 030 272
.
- - End Of File - - AFBEEF0B6281375A39A25E18B91BF370
5C616939100B85E558DA92B899A0FC36
Nahr nˇ probŘhlo ŁspŘçnŘ

Log již vypadá čistý. CF odinstalujte pomocí T-Cleaneru: http://vyosek.ic.cz/pro_usery/T-Cleaner.exe . Nemáte zač!