V každém stáhnutém souboru se nachází vir

Zpráva

Nilven · #1 Příspěvek od **Nilven** » 28 zář 2013 11:34

Dobrý den,
pokaždé když stahuju jakýkoliv soubor, tak se stahování souboru zablokuje s tím, že se tam nachází virus. Používám IE8. Nedávno mi antivirus nahlásil trojského koně, ale prý ho odstranil. Asi to má nějakou souvislost že?

#2 Příspěvek od **vyosek** » 28 zář 2013 12:23

Zdravim

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

Zkuste udelat log z RSIT http://forum.viry.cz/viewtopic.php?f=24&t=130784

Nilven · #3 Příspěvek od **Nilven** » 28 zář 2013 17:41

Tady máte Rkill
Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/28/2013 06:39:08 PM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* ALERT: ZEROACCESS rootkit symptoms found!

* C:\Program Files\Google\Desktop\Install\{626c600b-982d-7858-b160-3dfb235a8f08}\ [ZA Dir]
* C:\Program Files\Google\Desktop\Install\{626c600b-982d-7858-b160-3dfb235a8f08}\ \ [ZA Dir]
* C:\Program Files\Google\Desktop\Install\{626c600b-982d-7858-b160-3dfb235a8f08}\ \...\ [ZA Dir]
* C:\Program Files\Google\Desktop\Install\{626c600b-982d-7858-b160-3dfb235a8f08}\ \...\ﯹ๛\ [ZA Dir]
* C:\Program Files\Google\Desktop\Install\{626c600b-982d-7858-b160-3dfb235a8f08}\ \...\ﯹ๛\{626c600b-982d-7858-b160-3dfb235a8f08}\ [ZA Dir]
* C:\Users\user\AppData\Local\Google\Desktop\Install\{626c600b-982d-7858-b160-3dfb235a8f08}\ [ZA Dir]
* C:\Users\user\AppData\Local\Google\Desktop\Install\{626c600b-982d-7858-b160-3dfb235a8f08}\❤≸⋙\ [ZA Dir]
* C:\Users\user\AppData\Local\Google\Desktop\Install\{626c600b-982d-7858-b160-3dfb235a8f08}\❤≸⋙\Ⱒ☠⍨\ [ZA Dir]
* C:\Users\user\AppData\Local\Google\Desktop\Install\{626c600b-982d-7858-b160-3dfb235a8f08}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\ [ZA Dir]
* C:\Users\user\AppData\Local\Google\Desktop\Install\{626c600b-982d-7858-b160-3dfb235a8f08}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{626c600b-982d-7858-b160-3dfb235a8f08}\ [ZA Dir]
* C:\Windows\assembly\GAC\Desktop.ini [ZA File]

* ALERT: ZEROACCESS Reparse Point/Junction found!

* C:\Program Files\Windows Defender\MpClient.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpRTP.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpSvc.dll => c:\windows\system32\config [File]

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Automatic (Delayed Start)

* BITS [Missing Service]
* PcaSvc [Missing Service]
* PolicyAgent [Missing Service]
* RemoteAccess [Missing Service]
* wuauserv [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 09/28/2013 06:39:47 PM
Execution time: 0 hours(s), 0 minute(s), and 38 seconds(s)

Nilven · #4 Příspěvek od **Nilven** » 28 zář 2013 17:51

A tady RSIT. Zatím děkuju za spolupráci.
Logfile of random's system information tool 1.09 (written by random/random)
Run by user at 2013-09-28 18:43:04
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 71 GB (23%) free of 305 GB
Total RAM: 2991 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:43:31, on 28.9.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Icon7\iConfig for Gamers\Z500\hid.exe
C:\Program Files\Icon7\iConfig for Gamers\Z300\hid300.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Icon7\iConfig for Gamers\Tray.exe
C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_175_ActiveX.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\user\Desktop\RSIT.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\trend micro\user.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.cz/?rlz=1W4CHBA_csCZ555
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iConfig-z500] "C:\Program Files\Icon7\iConfig for Gamers\Z500\hid.exe"
O4 - HKLM\..\Run: [iConfig-z300] "C:\Program Files\Icon7\iConfig for Gamers\Z300\hid300.exe"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Desktop\Install\{626c600b-982d-7858-b160-3dfb235a8f08}\???\???\???\{626c600b-982d-7858-b160-3dfb235a8f08}\GoogleUpdate.exe" >
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.1\ViProtocol.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: Updater Service (IBUpdaterService) - Unknown owner - C:\ProgramData\IBUpdaterService\ibsvc.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\Windows\system32\uArcCapture.exe
O23 - Service: UltiDev Cassini Web Server for ASP.NET 2.0 - UltiDev LLC - C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: vToolbarUpdater17.0.1 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe

--
End of file - 10626 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12 194432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-09-20 462248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2013-03-31 1520776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-09-20 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2013-03-31 1520776]
{95B7759C-8C7F-4BF1-B163-73684A933233}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-03 1791272]
"QLBController"=C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe [2011-01-28 299576]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
"iConfig-z500"=C:\Program Files\Icon7\iConfig for Gamers\Z500\hid.exe [2010-06-13 361472]
"iConfig-z300"=C:\Program Files\Icon7\iConfig for Gamers\Z300\hid300.exe [2010-06-13 358912]
"DivXMediaServer"=C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [2012-11-13 450560]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2012-11-30 1263512]
""= []
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2013-03-31 1646216]
"Family Tree Builder Update"=C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe [2013-06-18 2528768]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"AVG_UI"=C:\Program Files\AVG\AVG2014\avgui.exe [2013-09-15 4851760]
"vProt"=C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2013-09-28 2404376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-02-13 3481408]
"Google Update"= []
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2011-02-24 1174016]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-09-28 18:43:05 ----D---- C:\Program Files\trend micro
2013-09-28 18:43:04 ----D---- C:\rsit
2013-09-28 09:43:40 ----D---- C:\Users\user\AppData\Roaming\AVG2014
2013-09-28 09:42:42 ----D---- C:\Users\user\AppData\Roaming\TuneUp Software
2013-09-28 09:42:33 ----A---- C:\Windows\system32\drivers\avgtpx86.sys
2013-09-28 09:42:29 ----D---- C:\ProgramData\AVG SafeGuard toolbar
2013-09-28 09:42:28 ----D---- C:\Program Files\Common Files\AVG Secure Search
2013-09-28 09:42:27 ----D---- C:\Program Files\AVG SafeGuard toolbar
2013-09-28 09:41:05 ----HD---- C:\$AVG
2013-09-28 09:41:04 ----D---- C:\ProgramData\AVG2014
2013-09-28 09:40:29 ----D---- C:\Program Files\AVG
2013-09-28 09:37:57 ----HD---- C:\ProgramData\Common Files
2013-09-28 09:37:57 ----D---- C:\ProgramData\MFAData
2013-09-27 21:51:23 ----A---- C:\Windows\ntbtlog.txt
2013-09-27 18:17:29 ----SHD---- C:\Windows\system32\%APPDATA%
2013-09-27 18:10:34 ----D---- C:\Program Files\Google
2013-09-27 18:10:34 ----A---- C:\Users\user\AppData\Roaming\PtNsdDoHjcsNcs.exe
2013-09-20 18:31:52 ----D---- C:\ProgramData\SystemRequirementsLab
2013-09-20 18:31:10 ----D---- C:\ProgramData\Oracle
2013-09-20 18:30:36 ----D---- C:\Program Files\Common Files\Java
2013-09-20 18:30:24 ----A---- C:\Windows\system32\javaws.exe
2013-09-20 18:30:20 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2013-09-20 18:30:20 ----A---- C:\Windows\system32\javaw.exe
2013-09-20 18:30:20 ----A---- C:\Windows\system32\java.exe
2013-09-20 18:30:09 ----D---- C:\Program Files\Java
2013-09-16 19:17:40 ----D---- C:\Program Files\Game Dev Tycoon v1.3.2
2013-09-12 16:38:40 ----D---- C:\ProgramData\WarThunder
2013-09-12 16:38:23 ----D---- C:\Program Files\WarThunder
2013-09-10 22:11:44 ----A---- C:\Windows\system32\drivers\avgidsshimx.sys
2013-09-08 22:12:16 ----A---- C:\Windows\system32\drivers\avgrkx86.sys
2013-09-02 10:39:32 ----A---- C:\Windows\system32\drivers\avgldx86.sys
2013-09-02 10:28:06 ----A---- C:\Windows\system32\drivers\avgidshx.sys
2013-09-02 10:28:04 ----A---- C:\Windows\system32\drivers\avgidsdriverx.sys
2013-09-02 10:28:00 ----A---- C:\Windows\system32\drivers\avglogx.sys
2013-08-30 20:01:12 ----D---- C:\Users\user\AppData\Roaming\3909

======List of files/folders modified in the last 1 month======

2013-09-28 18:43:24 ----D---- C:\Windows\Temp
2013-09-28 18:43:16 ----D---- C:\Windows\Prefetch
2013-09-28 18:43:05 ----RD---- C:\Program Files
2013-09-28 11:25:27 ----SHD---- C:\Windows\Installer
2013-09-28 11:23:32 ----SHD---- C:\System Volume Information
2013-09-28 11:23:18 ----HD---- C:\Program Files\InstallShield Installation Information
2013-09-28 11:23:16 ----D---- C:\Program Files\Aspyr Media, Inc
2013-09-28 11:07:57 ----D---- C:\Program Files\SystemRequirementsLab
2013-09-28 11:07:23 ----D---- C:\Program Files\Kalypso
2013-09-28 11:02:08 ----D---- C:\Program Files\Paradox Interactive
2013-09-28 10:57:41 ----D---- C:\Program Files\VideoLAN
2013-09-28 10:56:19 ----D---- C:\Windows\System32
2013-09-28 10:56:19 ----D---- C:\Windows\inf
2013-09-28 10:56:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-09-28 10:49:33 ----A---- C:\Windows\system32\log.txt
2013-09-28 09:43:13 ----D---- C:\Windows\system32\Tasks
2013-09-28 09:42:33 ----D---- C:\Windows\system32\drivers
2013-09-28 09:42:29 ----HD---- C:\ProgramData
2013-09-28 09:42:28 ----D---- C:\Program Files\Common Files
2013-09-28 09:41:36 ----D---- C:\Windows\system32\catroot
2013-09-28 09:41:35 ----D---- C:\Windows\system32\DriverStore
2013-09-28 09:39:04 ----D---- C:\Windows\system32\config
2013-09-28 08:47:01 ----D---- C:\ProgramData\Media Center Programs
2013-09-27 22:06:01 ----D---- C:\Users\user\AppData\Roaming\uTorrent
2013-09-27 21:58:16 ----SHD---- C:\Recovery
2013-09-27 21:51:23 ----D---- C:\Windows
2013-09-27 21:46:41 ----D---- C:\Windows\system32\catroot2
2013-09-27 21:30:01 ----D---- C:\Windows\Tasks
2013-09-27 19:40:58 ----SD---- C:\Users\user\AppData\Roaming\Microsoft
2013-09-20 18:30:11 ----A---- C:\Windows\system32\npDeployJava1.dll
2013-09-20 18:30:11 ----A---- C:\Windows\system32\deployJava1.dll
2013-09-20 17:32:52 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-09-20 15:39:18 ----D---- C:\Windows\system32\NDF
2013-09-12 21:21:34 ----D---- C:\Windows\system32\directx
2013-09-12 21:21:29 ----HD---- C:\Windows\msdownld.tmp
2013-08-30 20:01:00 ----D---- C:\GOG Games

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHX;AVGIDSHX; C:\Windows\system32\DRIVERS\avgidshx.sys [2013-09-02 145720]
R0 Avglogx;AVG Logging Driver; C:\Windows\system32\DRIVERS\avglogx.sys [2013-09-02 223032]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2013-08-20 102200]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2013-09-08 27448]
R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 25656]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2011-02-24 173440]
R1 Avgdiskx;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiskx.sys [2013-08-01 120120]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2012-09-04 50296]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdriverx.sys [2013-09-02 209208]
R1 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\avgidsshimx.sys [2013-09-10 22840]
R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2013-09-02 176952]
R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2013-08-01 193848]
R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [2013-09-28 37664]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-02 242240]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2012-06-15 25888]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 35896]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-08-13 1163328]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver; C:\Windows\system32\DRIVERS\ArcSoftVCapture.sys [2009-12-04 29824]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2012-05-05 86544]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 4994560]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2011-07-01 4266560]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
R3 btwampfl;Bluetooth AMP USB Filter; C:\Windows\system32\drivers\btwampfl.sys [2010-07-14 297000]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-07-20 88616]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2010-07-20 111656]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-03-03 33320]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-07-20 18728]
R3 HECI;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2009-09-17 41088]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2010-06-02 21560]
R3 I7Z500Filter;Icon7_Z500; C:\Windows\system32\drivers\I7Z500.sys [2010-01-20 12800]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
R3 rtsuvc;HP Webcam [2 MP Fixed]; C:\Windows\system32\DRIVERS\rtsuvc.sys [2011-07-05 6337128]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-06-03 1303728]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2012-06-15 279712]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2011-02-24 52224]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%; C:\Windows\system32\DRIVERS\TsUsbGD.sys [2011-02-24 27264]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2009-03-27 14336]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 176128]
R2 avgfws;AVG Firewall; C:\Program Files\AVG\AVG2014\avgfws.exe [2013-09-22 1358944]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [2013-09-03 3538480]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [2013-09-22 301152]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-07-29 656672]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-11-02 227896]
R2 hpHotkeyMonitor;hpHotkeyMonitor; C:\Program Files\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-01-28 281656]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-13 26168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-08-20 73728]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-11-04 268824]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2012-11-03 76888]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2012-11-03 189248]
R2 uArcCapture;ArcCapture; C:\Windows\system32\uArcCapture.exe [2009-12-04 506472]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0; C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2010-08-25 49152]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
R2 vToolbarUpdater17.0.1;vToolbarUpdater17.0.1; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe [2013-09-28 1734680]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2011-11-02 991288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe /svc []
S2 IBUpdaterService;Updater Service; C:\ProgramData\IBUpdaterService\ibsvc.exe /SERVICE []
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-10-19 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-20 257416]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-03-26 1343400]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#5 Příspěvek od **vyosek** » 28 zář 2013 20:09

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Nilven · #6 Příspěvek od **Nilven** » 28 zář 2013 20:50

Udělal jsem co jste mi napsal, tady je log.
ComboFix 13-09-28.02 - user 28.09.2013 21:33:36.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2991.1766 [GMT 2:00]
Spuštěný z: c:\users\user\Desktop\ComboFix.exe
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Desktop\Install
c:\program files\Google\Desktop\Install\{626c600b-982d-7858-b160-3dfb235a8f08}\9519~1\A535~1\E628~1\{626c600b-982d-7858-b160-3dfb235a8f08}\@
c:\program files\Google\Desktop\Install\{626c600b-982d-7858-b160-3dfb235a8f08}\9519~1\A535~1\E628~1\{626c600b-982d-7858-b160-3dfb235a8f08}\L\00000004.@
c:\program files\Google\Desktop\Install\{626c600b-982d-7858-b160-3dfb235a8f08}\9519~1\A535~1\E628~1\{626c600b-982d-7858-b160-3dfb235a8f08}\L\201d3dde
c:\program files\Google\Desktop\Install\{626c600b-982d-7858-b160-3dfb235a8f08}\9519~1\A535~1\E628~1\{626c600b-982d-7858-b160-3dfb235a8f08}\L\6715e287
c:\program files\Google\Desktop\Install\{626c600b-982d-7858-b160-3dfb235a8f08}\9519~1\A535~1\E628~1\{626c600b-982d-7858-b160-3dfb235a8f08}\L\76603ac3
c:\program files\Google\Desktop\Install\{626c600b-982d-7858-b160-3dfb235a8f08}\9519~1\A535~1\E628~1\{626c600b-982d-7858-b160-3dfb235a8f08}\U\00000004.@
c:\program files\Google\Desktop\Install\{626c600b-982d-7858-b160-3dfb235a8f08}\9519~1\A535~1\E628~1\{626c600b-982d-7858-b160-3dfb235a8f08}\U\00000008.@
c:\program files\Google\Desktop\Install\{626c600b-982d-7858-b160-3dfb235a8f08}\9519~1\A535~1\E628~1\{626c600b-982d-7858-b160-3dfb235a8f08}\U\000000cb.@
c:\program files\Google\Desktop\Install\{626c600b-982d-7858-b160-3dfb235a8f08}\9519~1\A535~1\E628~1\{626c600b-982d-7858-b160-3dfb235a8f08}\U\80000000.@
c:\program files\Google\Desktop\Install\{626c600b-982d-7858-b160-3dfb235a8f08}\9519~1\A535~1\E628~1\{626c600b-982d-7858-b160-3dfb235a8f08}\U\80000032.@
c:\users\user\AppData\Local\Google\Desktop\Install
c:\users\user\AppData\Local\Google\Desktop\Install\{626c600b-982d-7858-b160-3dfb235a8f08}\2E2F~1\28F0~1\E628~1\{626c600b-982d-7858-b160-3dfb235a8f08}\@
c:\users\user\AppData\Local\Google\Desktop\Install\{626c600b-982d-7858-b160-3dfb235a8f08}\2E2F~1\28F0~1\E628~1\{626c600b-982d-7858-b160-3dfb235a8f08}\L\00000004.@
c:\users\user\AppData\Local\Google\Desktop\Install\{626c600b-982d-7858-b160-3dfb235a8f08}\2E2F~1\28F0~1\E628~1\{626c600b-982d-7858-b160-3dfb235a8f08}\L\76603ac3
c:\users\user\AppData\Local\Google\Desktop\Install\{626c600b-982d-7858-b160-3dfb235a8f08}\2E2F~1\28F0~1\E628~1\{626c600b-982d-7858-b160-3dfb235a8f08}\U\00000004.@
c:\users\user\AppData\Local\Google\Desktop\Install\{626c600b-982d-7858-b160-3dfb235a8f08}\2E2F~1\28F0~1\E628~1\{626c600b-982d-7858-b160-3dfb235a8f08}\U\00000008.@
c:\users\user\AppData\Local\Google\Desktop\Install\{626c600b-982d-7858-b160-3dfb235a8f08}\2E2F~1\28F0~1\E628~1\{626c600b-982d-7858-b160-3dfb235a8f08}\U\000000cb.@
c:\users\user\AppData\Local\Google\Desktop\Install\{626c600b-982d-7858-b160-3dfb235a8f08}\2E2F~1\28F0~1\E628~1\{626c600b-982d-7858-b160-3dfb235a8f08}\U\80000000.@
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\user\AppData\Roaming\PtNsdDoHjcsNcs.exe
c:\windows\system32\tmpF21C.tmp
c:\windows\system32\tmpF384.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-28 do 2013-09-28 )))))))))))))))))))))))))))))))
.
.
2013-09-28 19:43 . 2013-09-28 19:43 -------- d-----w- c:\users\hedev\AppData\Local\temp
2013-09-28 19:43 . 2013-09-28 19:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-28 16:43 . 2013-09-28 16:43 -------- d-----w- c:\program files\trend micro
2013-09-28 16:43 . 2013-09-28 16:43 -------- d-----w- C:\rsit
2013-09-28 07:43 . 2013-09-28 07:43 -------- d-----w- c:\users\user\AppData\Roaming\AVG2014
2013-09-28 07:43 . 2013-09-28 07:43 -------- d-----w- c:\users\user\AppData\Local\AVG SafeGuard toolbar
2013-09-28 07:42 . 2013-09-28 07:42 -------- d-----w- c:\users\user\AppData\Roaming\TuneUp Software
2013-09-28 07:42 . 2013-09-28 07:42 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-09-28 07:42 . 2013-09-28 07:42 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
2013-09-28 07:42 . 2013-09-28 07:42 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2013-09-28 07:42 . 2013-09-28 07:42 -------- d-----w- c:\program files\AVG SafeGuard toolbar
2013-09-28 07:41 . 2013-09-28 07:41 -------- d-----w- C:\$AVG
2013-09-28 07:41 . 2013-09-28 07:46 -------- d-----w- c:\programdata\AVG2014
2013-09-28 07:40 . 2013-09-28 07:40 -------- d-----w- c:\program files\AVG
2013-09-28 07:37 . 2013-09-28 19:13 -------- d-----w- c:\programdata\MFAData
2013-09-28 07:37 . 2013-09-28 07:52 -------- d-----w- c:\users\user\AppData\Local\Avg2014
2013-09-28 07:37 . 2013-09-28 07:37 -------- d--h--w- c:\programdata\Common Files
2013-09-28 07:37 . 2013-09-28 07:37 -------- d-----w- c:\users\user\AppData\Local\MFAData
2013-09-27 16:17 . 2013-09-27 16:17 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8E132521-CB57-4D0A-A362-0824B11F837D}\offreg.dll
2013-09-27 16:17 . 2013-09-27 16:17 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-09-27 16:10 . 2013-09-27 19:35 -------- d-----w- c:\program files\Google
2013-09-20 16:31 . 2013-09-20 16:31 -------- d-----w- c:\programdata\SystemRequirementsLab
2013-09-20 16:31 . 2013-09-20 16:31 -------- d-----w- c:\programdata\Oracle
2013-09-20 16:30 . 2013-09-20 16:30 -------- d-----w- c:\program files\Common Files\Java
2013-09-20 16:30 . 2013-09-20 16:30 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-20 16:30 . 2013-09-20 16:30 -------- d-----w- c:\program files\Java
2013-09-16 17:23 . 2013-09-20 18:52 -------- d-----w- c:\users\user\AppData\Local\Game Dev Tycoon
2013-09-16 17:17 . 2013-09-16 17:17 -------- d-----w- c:\program files\Game Dev Tycoon v1.3.2
2013-09-12 14:38 . 2013-09-12 19:26 -------- d-----w- c:\programdata\WarThunder
2013-09-12 14:38 . 2013-09-12 14:38 -------- d-----w- c:\users\user\AppData\Local\WarThunder
2013-09-12 14:38 . 2013-09-28 08:57 -------- d-----w- c:\program files\WarThunder
2013-09-10 20:11 . 2013-09-10 20:11 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-08 20:12 . 2013-09-08 20:12 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-09-02 08:39 . 2013-09-02 08:39 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-09-02 08:28 . 2013-09-02 08:28 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-09-02 08:28 . 2013-09-02 08:28 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-09-02 08:28 . 2013-09-02 08:28 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-08-30 18:01 . 2013-08-30 18:01 -------- d-----w- c:\users\user\AppData\Roaming\3909
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-20 16:30 . 2012-08-22 17:28 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-20 16:30 . 2012-04-09 20:45 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-20 15:32 . 2012-03-30 14:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-20 15:32 . 2012-03-30 14:26 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-20 20:54 . 2013-08-20 20:54 102200 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-08-01 14:08 . 2013-08-01 14:08 193848 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-08-01 14:06 . 2013-08-01 14:06 120120 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-07-02 06:54 . 2013-08-10 07:38 7143960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8E132521-CB57-4D0A-A362-0824B11F837D}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2013-03-31 1520776]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2011-02-24 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-03 1791272]
"QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-01-28 299576]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"iConfig-z500"="c:\program files\Icon7\iConfig for Gamers\Z500\hid.exe" [2010-06-13 361472]
"iConfig-z300"="c:\program files\Icon7\iConfig for Gamers\Z300\hid300.exe" [2010-06-13 358912]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-03-31 1646216]
"Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2013-06-18 2528768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-09-15 4851760]
"vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2013-09-28 2404376]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 836896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2014\avgfws.exe [2013-09-22 1358944]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [2013-09-03 3538480]
R2 IBUpdaterService;Updater Service;c:\programdata\IBUpdaterService\ibsvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-10-19 160944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2011-02-24 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys [2011-02-24 27264]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-26 1343400]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2013-09-02 145720]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2013-09-02 223032]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2013-09-08 27448]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2013-08-01 120120]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2012-09-04 50296]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2013-09-02 209208]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2013-09-10 22840]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2013-09-02 176952]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2013-08-01 193848]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-09-28 37664]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-02 242240]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [2013-09-22 301152]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-11-02 227896]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-01-28 281656]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 uArcCapture;ArcCapture;c:\windows\system32\uArcCapture.exe [2009-12-04 506472]
S2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2010-08-25 49152]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S2 vToolbarUpdater17.0.1;vToolbarUpdater17.0.1;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe [2013-09-28 1734680]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2009-12-04 29824]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-05-04 86544]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 297000]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 33320]
S3 I7Z500Filter;Icon7_Z500;c:\windows\system32\drivers\I7Z500.sys [2010-01-20 12800]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [2011-07-05 19:21 6337128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 15:32]
.
.
------- Doplňkový sken -------
.
uStart Page = https://www.google.cz/?rlz=1W4CHBA_csCZ555
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.1\ViProtocol.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
HKLM_ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
AddRemove-Crusader Kings II_is1 - c:\program files\Paradox Interactive\Crusader Kings II\unins000.exe
AddRemove-GOGPACKPAPERSPLEASE_is1 - c:\gog games\Papers
AddRemove-Lament for the Queen_is1 - c:\program files\Paradox Interactive\Victoria II\unins000.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-PunkBusterSvc - c:\program files\Steam 1\steamapps\common\Red Orchestra 2\Binaries\Win32\pbsvc_hos.exe
AddRemove-Semper Fi_is1 - c:\program files\Paradox Interactive\Hearts of Iron III\unins000.exe
AddRemove-Sierra Utilities - c:\program files\Sierra On-Line\sutil32.exe
AddRemove-Updater Service - c:\programdata\IBUpdaterService\ibsvc.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:6c,43,69,74,f5,1d,cd,01
.
[HKEY_USERS\S-1-5-21-1139336740-2515059982-1884151403-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:b5,4d,65,14,1a,c0,28,b5,49,49,3d,0e,35,8a,28,8b,b7,94,19,bf,d6,ab,91,
56,fd,52,7d,b2,b2,bb,3c,09,0f,a3,35,b1,b4,2f,4f,a3,f2,e0,d1,5b,7a,51,70,ac,\
"??"=hex:9d,6d,62,c7,7e,94,d3,01,62,72,da,46,cb,d1,2f,38
.
[HKEY_USERS\S-1-5-21-1139336740-2515059982-1884151403-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:54,16,16,9b,89,fe,fd,61,0a,1a,a0,11,30,d1,ce,a3,02,17,c8,5d,01,
9e,ee,26,0a,27,91,34,17,32,64,97,5b,c7,b0,41,3a,24,6d,c0,87,22,0f,09,ec,e0,\
"rkeysecu"=hex:0f,91,86,aa,eb,0f,1a,04,d5,a2,ac,af,f3,2c,a6,39
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-09-28 21:45:22
ComboFix-quarantined-files.txt 2013-09-28 19:45
.
Před spuštěním: Volných bajtů: 97 177 354 240
Po spuštění: Volných bajtů: 100 285 435 904
.
- - End Of File - - 6E875BC6028273567FD4D8AD7EB2A642
A36C5E4F47E84449FF07ED3517B43A31

#7 Příspěvek od **vyosek** » 28 zář 2013 20:52

Uz to vypada hned lip, ale jeste nekoncime

Trvate na antiviru AVG - u nas neni moc obliben - vysoka zatez systemu, slabsi detekce

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Nilven · #8 Příspěvek od **Nilven** » 28 zář 2013 21:13

Dík za radu. A jaký antivir by jste mi doporučil?

# AdwCleaner v3.005 - Report created 28/09/2013 at 22:07:44
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : user - PROBOOK4520S
# Running from : C:\Users\user\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : IBUpdaterService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\users\user\AppData\Local\apn
Folder Deleted : C:\users\user\AppData\Local\Conduit
Folder Deleted : C:\users\user\AppData\LocalLow\AskToolbar
Folder Deleted : C:\users\user\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\users\user\AppData\LocalLow\Conduit
Folder Deleted : C:\users\user\AppData\Roaming\Babylon
Folder Deleted : C:\users\user\AppData\Roaming\file scout
Folder Deleted : C:\users\user\AppData\Roaming\PerformerSoft
Folder Deleted : C:\users\user\AppData\Roaming\yourfiledownloader
Folder Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
File Deleted : C:\Windows\system32\roboot.exe
File Deleted : C:\users\user\AppData\Roaming\speedanalysis.ico
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
File Deleted : C:\Windows\System32\Tasks\YourFile Update

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{774CA01F-22D2-4C03-8C3F-34F99CE561AD}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{774CA01F-22D2-4C03-8C3F-34F99CE561AD}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile Update
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BB5F4CD-1A25-4035-8C16-0A0A49DB7F83}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1BB5F4CD-1A25-4035-8C16-0A0A49DB7F83}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\YourFileDownloader
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Product Deleted : Ask Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16464

*************************

AdwCleaner[R0].txt - [7028 octets] - [28/09/2013 22:06:59]
AdwCleaner[S0].txt - [7119 octets] - [28/09/2013 22:07:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7179 octets] ##########

#9 Příspěvek od **vyosek** » 29 zář 2013 21:50

Avg je spise parodie na antivir

Odinstalujte Avg

Nainstalujte Avast Free http://www.avast.com/get/gWR5mo92

Dejte log z DDS http://forum.viry.cz/viewtopic.php?f=13&t=125171

Nilven · #10 Příspěvek od **Nilven** » 30 zář 2013 16:39

Avast nainstalován

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.40.2
Run by user at 17:34:30 on 2013-09-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2991.1813 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\uArcCapture.exe
C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Icon7\iConfig for Gamers\Z500\hid.exe
C:\Program Files\Icon7\iConfig for Gamers\Tray.exe
C:\Program Files\Icon7\iConfig for Gamers\Z300\hid300.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_175_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Program Files\AVAST Software\Avast\setup\avast.setup
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.cz/?rlz=1W4CHBA_csCZ555
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QLBController] c:\program files\hewlett-packard\hp hotkey support\QLBController.exe /start
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iConfig-z500] "c:\program files\icon7\iconfig for gamers\z500\hid.exe"
mRun: [iConfig-z300] "c:\program files\icon7\iconfig for gamers\z300\hid300.exe"
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Family Tree Builder Update] c:\program files\myheritage\bin\FTBCheckUpdates.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{91265AEF-6E88-487C-97BA-E2ABC985A006} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{91265AEF-6E88-487C-97BA-E2ABC985A006}\34352343F584F43545 : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{91265AEF-6E88-487C-97BA-E2ABC985A006}\D41445348405F494E445E2E45445 : DHCPNameServer = 10.0.0.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-9-30 174664]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-9-30 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-9-30 368944]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-4-2 242240]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-9-30 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-9-30 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-9-30 46808]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-11-2 227896]
R2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files\hewlett-packard\hp hotkey support\hpHotkeyMonitor.exe [2011-1-28 281656]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2011-5-13 26168]
R2 uArcCapture;ArcCapture;c:\windows\system32\uArcCapture.exe [2012-3-27 506472]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\ultidev\cassini web server for asp.net 2.0\UltiDevCassinWebServer2a.exe [2007-2-8 49152]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2012-3-23 2320920]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\drivers\ArcSoftVCapture.sys [2012-3-27 29824]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-5-5 86544]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2012-3-28 297000]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-3-28 33320]
R3 I7Z500Filter;Icon7_Z500;c:\windows\system32\drivers\I7Z500.sys [2012-5-23 12800]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
R3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\drivers\rtsuvc.sys [2012-3-23 6337128]
S0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-9-30 49376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-10-19 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-24 52224]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2011-2-24 27264]
S3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\wat\WatAdminSvc.exe [2012-3-26 1343400]
.
=============== Created Last 30 ================
.
2013-09-30 15:31:15 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-09-30 15:31:13 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-09-30 15:31:11 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-09-30 15:31:10 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-09-30 15:31:09 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-09-30 15:30:48 41664 ----a-w- c:\windows\avastSS.scr
2013-09-28 20:06:57 -------- d-----w- C:\AdwCleaner
2013-09-28 19:45:30 -------- d-sh--w- C:\$RECYCLE.BIN
2013-09-28 19:32:23 98816 ----a-w- c:\windows\sed.exe
2013-09-28 19:32:23 256000 ----a-w- c:\windows\PEV.exe
2013-09-28 19:32:23 208896 ----a-w- c:\windows\MBR.exe
2013-09-28 16:43:05 -------- d-----w- c:\program files\trend micro
2013-09-28 07:43:00 -------- d-----w- c:\users\user\appdata\local\AVG SafeGuard toolbar
2013-09-28 07:42:42 -------- d-----w- c:\users\user\appdata\roaming\TuneUp Software
2013-09-28 07:42:29 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
2013-09-28 07:42:27 -------- d-----w- c:\program files\AVG SafeGuard toolbar
2013-09-28 07:41:04 -------- d-----w- c:\programdata\AVG2014
2013-09-28 07:37:57 -------- d--h--w- c:\programdata\Common Files
2013-09-28 07:37:57 -------- d-----w- c:\users\user\appdata\local\MFAData
2013-09-28 07:37:57 -------- d-----w- c:\programdata\MFAData
2013-09-27 16:17:53 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8e132521-cb57-4d0a-a362-0824b11f837d}\offreg.dll
2013-09-27 16:17:29 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-09-20 16:31:52 -------- d-----w- c:\programdata\SystemRequirementsLab
2013-09-20 16:31:10 -------- d-----w- c:\programdata\Oracle
2013-09-20 16:30:20 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-16 17:23:30 -------- d-----w- c:\users\user\appdata\local\Game Dev Tycoon
2013-09-16 17:17:40 -------- d-----w- c:\program files\Game Dev Tycoon v1.3.2
2013-09-12 14:38:40 -------- d-----w- c:\users\user\appdata\local\WarThunder
2013-09-12 14:38:40 -------- d-----w- c:\programdata\WarThunder
2013-09-12 14:38:23 -------- d-----w- c:\program files\WarThunder
2013-09-10 20:11:44 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-08 20:12:16 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-09-02 08:28:06 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-09-02 08:28:04 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
.
==================== Find3M ====================
.
2013-09-20 16:30:11 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-20 16:30:11 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-20 15:32:52 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-20 15:32:52 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-01 14:08:52 193848 ----a-w- c:\windows\system32\drivers\avgtdix.sys
.
============= FINISH: 17:35:23,70 ===============

#11 Příspěvek od **vyosek** » 01 říj 2013 08:38

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

DDS::
uStart Page = hxxps://www.google.cz/?rlz=1W4CHBA_csCZ555

Folder::
c:\users\user\AppData\Roaming\AVG2014
c:\users\user\AppData\Local\AVG SafeGuard toolbar
c:\programdata\AVG SafeGuard toolbar
c:\program files\Common Files\AVG Secure Search
c:\program files\AVG SafeGuard toolbar
C:\$AVG
c:\programdata\AVG2014
c:\program files\AVG
c:\programdata\MFAData
c:\users\user\AppData\Local\Avg2014

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
"DivXMediaServer"=-
"DivXUpdate"=-
"ApnUpdater"=-
"Family Tree Builder Update-
"SunJavaUpdateSched"=-
"AVG_UI"=-
"vProt"=-

File::
c:\windows\Tasks\Adobe Flash Player Updater.job

RegNull::
[HKEY_USERS\S-1-5-21-1139336740-2515059982-1884151403-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-1139336740-2515059982-1884151403-1000\Software\SecuROM\License information*]

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Nilven · #12 Příspěvek od **Nilven** » 01 říj 2013 15:52

Přibližně v půlce se program sekne a dál nejede...

#13 Příspěvek od **vyosek** » 01 říj 2013 16:25

Zopakjte postup v nouzovem rezimu s timto skriptem

Kód: Vybrat vše

KillAll::

DDS::
uStart Page = hxxps://www.google.cz/?rlz=1W4CHBA_csCZ555

Folder::
c:\users\user\AppData\Roaming\AVG2014
c:\users\user\AppData\Local\AVG SafeGuard toolbar
c:\programdata\AVG SafeGuard toolbar
c:\program files\Common Files\AVG Secure Search
c:\program files\AVG SafeGuard toolbar
C:\$AVG
c:\programdata\AVG2014
c:\program files\AVG
c:\programdata\MFAData
c:\users\user\AppData\Local\Avg2014

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
"DivXMediaServer"=-
"DivXUpdate"=-
"ApnUpdater"=-
"Family Tree Builder Update=-
"SunJavaUpdateSched"=-
"AVG_UI"=-
"vProt"=-

File::
c:\windows\Tasks\Adobe Flash Player Updater.job

RegNull::
[HKEY_USERS\S-1-5-21-1139336740-2515059982-1884151403-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-1139336740-2515059982-1884151403-1000\Software\SecuROM\License information*]

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::

Nilven · #14 Příspěvek od **Nilven** » 01 říj 2013 18:45

ComboFix 13-09-30.02 - user 01.10.2013 19:25:44.3.4 - x86 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2991.2475 [GMT 2:00]
Spuštěný z: c:\users\user\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\user\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\program files\AVG SafeGuard toolbar\17.0.0.9\AVG SafeGuard toolbar_toolbar.dll
c:\program files\AVG SafeGuard toolbar\about.gif
c:\program files\AVG SafeGuard toolbar\active-threats18.gif
c:\program files\AVG SafeGuard toolbar\AVG SafeGuard toolbar
c:\program files\AVG SafeGuard toolbar\avgMozXPCOM.js
c:\program files\AVG SafeGuard toolbar\CleanHistory.gif
c:\program files\AVG SafeGuard toolbar\configuration.xml
c:\program files\AVG SafeGuard toolbar\current.gif
c:\program files\AVG SafeGuard toolbar\currently-safe18.gif
c:\program files\AVG SafeGuard toolbar\data.zip
c:\program files\AVG SafeGuard toolbar\DSPDlg_IE\all.css
c:\program files\AVG SafeGuard toolbar\DSPDlg_IE\btn-ok2.gif
c:\program files\AVG SafeGuard toolbar\DSPDlg_IE\downBtn.png
c:\program files\AVG SafeGuard toolbar\DSPDlg_IE\DSPDlg_IE.html
c:\program files\AVG SafeGuard toolbar\DSPDlg_IE\logo2.png
c:\program files\AVG SafeGuard toolbar\DSPDlg_IE\upBtn.png
c:\program files\AVG SafeGuard toolbar\EnableHelperRes\EEImageHandler.html
c:\program files\AVG SafeGuard toolbar\EnableHelperRes\Images\box_ie.png
c:\program files\AVG SafeGuard toolbar\EULA.gif
c:\program files\AVG SafeGuard toolbar\Eula.txt
c:\program files\AVG SafeGuard toolbar\favicon.ico
c:\program files\AVG SafeGuard toolbar\feedback.gif
c:\program files\AVG SafeGuard toolbar\FireFoxSearchXml.tmp
c:\program files\AVG SafeGuard toolbar\help.gif
c:\program files\AVG SafeGuard toolbar\Chrome\content\icons\bg_close.gif
c:\program files\AVG SafeGuard toolbar\Chrome\content\icons\bg_expand.gif
c:\program files\AVG SafeGuard toolbar\Chrome\content\icons\bg_tooltip.gif
c:\program files\AVG SafeGuard toolbar\Chrome\content\icons\bg_tracking.gif
c:\program files\AVG SafeGuard toolbar\Chrome\content\icons\bull4x4.gif
c:\program files\AVG SafeGuard toolbar\Chrome\content\icons\divider.gif
c:\program files\AVG SafeGuard toolbar\Chrome\content\icons\innerBG_gradient.gif
c:\program files\AVG SafeGuard toolbar\Chrome\content\icons\loader.gif
c:\program files\AVG SafeGuard toolbar\ChromeRes\AVG SafeGuard toolbar\nt28.html
c:\program files\AVG SafeGuard toolbar\ChromeRes\AVG Secure Search\nt28.html
c:\program files\AVG SafeGuard toolbar\ChromeRes\nt.html
c:\program files\AVG SafeGuard toolbar\ChromeRes\nt28.html
c:\program files\AVG SafeGuard toolbar\ChromeRes\nt28.js
c:\program files\AVG SafeGuard toolbar\icon18.gif
c:\program files\AVG SafeGuard toolbar\labs.gif
c:\program files\AVG SafeGuard toolbar\Licenses\CPOL license.txt
c:\program files\AVG SafeGuard toolbar\Licenses\Encoding_decoding_base64.txt
c:\program files\AVG SafeGuard toolbar\Licenses\hmac.txt
c:\program files\AVG SafeGuard toolbar\Licenses\LICENSE-bsdiff.txt
c:\program files\AVG SafeGuard toolbar\Licenses\LICENSE-bzip.txt
c:\program files\AVG SafeGuard toolbar\Licenses\LICENSE-JasonCpp.txt
c:\program files\AVG SafeGuard toolbar\Licenses\LICENSE-MPL-NPAPI.txt
c:\program files\AVG SafeGuard toolbar\Licenses\LICENSE-sparsehash.txt
c:\program files\AVG SafeGuard toolbar\Licenses\Log4CPlus.txt
c:\program files\AVG SafeGuard toolbar\Licenses\PassthruApp.txt
c:\program files\AVG SafeGuard toolbar\lip.exe
c:\program files\AVG SafeGuard toolbar\PostInstall.exe
c:\program files\AVG SafeGuard toolbar\PostInstaller.ini
c:\program files\AVG SafeGuard toolbar\privacy.gif
c:\program files\AVG SafeGuard toolbar\remote_configuration.xml
c:\program files\AVG SafeGuard toolbar\search.gif
c:\program files\AVG SafeGuard toolbar\setup.bmp
c:\program files\AVG SafeGuard toolbar\surf-with-caution18.gif
c:\program files\AVG SafeGuard toolbar\Uninstall.exe
c:\program files\AVG SafeGuard toolbar\uninstall.gif
c:\program files\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\cp-bg.png
c:\program files\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\cp_logo.png
c:\program files\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\downBtn.png
c:\program files\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\loader.gif
c:\program files\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\uninstall-bg.png
c:\program files\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\upBtn.png
c:\program files\AVG SafeGuard toolbar\UninstallRes\ClientPackage\jquery-1.5.1.min.js
c:\program files\AVG SafeGuard toolbar\UninstallRes\ClientPackage\jquery-1.8.1.min.js
c:\program files\AVG SafeGuard toolbar\UninstallRes\ClientPackage\JQueyExtensions.js
c:\program files\AVG SafeGuard toolbar\UninstallRes\ClientPackage\uninstall_cp.css
c:\program files\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Uninstall_cp.html
c:\program files\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Uninstall_cp_step2.html
c:\program files\AVG SafeGuard toolbar\updating18.gif
c:\program files\AVG SafeGuard toolbar\vprot.exe
c:\programdata\AVG SafeGuard toolbar\ChromeExt\17.0.0.9\avg.crx
c:\programdata\AVG SafeGuard toolbar\Logger\logger.properties
c:\programdata\AVG2014\$AVG\$VAULT\vault.db-journal
c:\programdata\AVG2014\$AVG\$VAULT\vault.db
c:\programdata\MFAData\avibackup\iavifw.avm
c:\programdata\MFAData\avibackup\iavichjw.avm
c:\programdata\MFAData\avibackup\incavi.avm
c:\programdata\MFAData\public_installation_log.xml
c:\users\user\AppData\Local\AVG SafeGuard toolbar\DNT\dt.dat
c:\users\user\AppData\Local\AVG SafeGuard toolbar\Chrome\Default\Preferences
c:\users\user\AppData\Local\AVG SafeGuard toolbar\Chrome\Default\Web Data
c:\users\user\AppData\Local\AVG SafeGuard toolbar\SiteSafety\l_2013_09_28_12_43_05.db
c:\windows\assembly\GAC\Desktop.ini
c:\windows\Tasks\Adobe Flash Player Updater.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-01 do 2013-10-01 )))))))))))))))))))))))))))))))
.
.
2013-10-01 17:34 . 2013-10-01 17:34 -------- d-----w- c:\users\Martin\AppData\Local\temp
2013-10-01 17:34 . 2013-10-01 17:34 -------- d-----w- c:\users\hedev\AppData\Local\temp
2013-10-01 17:34 . 2013-10-01 17:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-01 17:15 . 2013-10-01 17:37 -------- d-----w- c:\users\user\AppData\Local\temp
2013-10-01 17:11 . 2013-10-01 17:11 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8E132521-CB57-4D0A-A362-0824B11F837D}\offreg.dll
2013-09-30 15:31 . 2013-09-30 16:09 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-09-30 15:31 . 2013-05-09 08:59 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-09-30 15:31 . 2013-05-09 08:59 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-09-30 15:31 . 2013-05-09 08:59 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-09-30 15:31 . 2013-09-30 16:09 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-09-30 15:31 . 2013-09-30 16:09 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-09-30 15:31 . 2013-05-09 08:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-09-30 15:31 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-09-30 15:31 . 2013-05-09 08:58 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-09-30 15:30 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr
2013-09-28 20:06 . 2013-09-28 20:07 -------- d-----w- C:\AdwCleaner
2013-09-28 16:43 . 2013-09-28 16:43 -------- d-----w- c:\program files\trend micro
2013-09-28 16:43 . 2013-09-28 16:43 -------- d-----w- C:\rsit
2013-09-28 07:42 . 2013-09-28 07:42 -------- d-----w- c:\users\user\AppData\Roaming\TuneUp Software
2013-09-28 07:37 . 2013-09-28 07:37 -------- d--h--w- c:\programdata\Common Files
2013-09-28 07:37 . 2013-09-28 07:37 -------- d-----w- c:\users\user\AppData\Local\MFAData
2013-09-27 16:17 . 2013-09-27 16:17 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-09-27 16:10 . 2013-09-27 19:35 -------- d-----w- c:\program files\Google
2013-09-20 16:31 . 2013-09-20 16:31 -------- d-----w- c:\programdata\SystemRequirementsLab
2013-09-20 16:31 . 2013-09-20 16:31 -------- d-----w- c:\programdata\Oracle
2013-09-20 16:30 . 2013-09-20 16:30 -------- d-----w- c:\program files\Common Files\Java
2013-09-20 16:30 . 2013-09-20 16:30 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-20 16:30 . 2013-09-20 16:30 -------- d-----w- c:\program files\Java
2013-09-16 17:23 . 2013-09-20 18:52 -------- d-----w- c:\users\user\AppData\Local\Game Dev Tycoon
2013-09-16 17:17 . 2013-09-16 17:17 -------- d-----w- c:\program files\Game Dev Tycoon v1.3.2
2013-09-12 14:38 . 2013-09-12 19:26 -------- d-----w- c:\programdata\WarThunder
2013-09-12 14:38 . 2013-09-12 14:38 -------- d-----w- c:\users\user\AppData\Local\WarThunder
2013-09-12 14:38 . 2013-09-28 08:57 -------- d-----w- c:\program files\WarThunder
2013-09-10 20:11 . 2013-09-10 20:11 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-08 20:12 . 2013-09-08 20:12 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-09-02 08:28 . 2013-09-02 08:28 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-09-02 08:28 . 2013-09-02 08:28 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-20 16:30 . 2012-08-22 17:28 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-20 16:30 . 2012-04-09 20:45 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-20 15:32 . 2012-03-30 14:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-20 15:32 . 2012-03-30 14:26 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-01 14:08 . 2013-08-01 14:08 193848 ----a-w- c:\windows\system32\drivers\avgtdix.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-03 1791272]
"QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-01-28 299576]
"iConfig-z500"="c:\program files\Icon7\iConfig for Gamers\Z500\hid.exe" [2010-06-13 361472]
"iConfig-z300"="c:\program files\Icon7\iConfig for Gamers\Z300\hid300.exe" [2010-06-13 358912]
"Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2013-06-18 2528768]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 836896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-10-19 160944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2011-02-24 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys [2011-02-24 27264]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-26 1343400]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-02 242240]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-11-02 227896]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-01-28 281656]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 uArcCapture;ArcCapture;c:\windows\system32\uArcCapture.exe [2009-12-04 506472]
S2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2010-08-25 49152]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2009-12-04 29824]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-05-04 86544]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 297000]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 33320]
S3 I7Z500Filter;Icon7_Z500;c:\windows\system32\drivers\I7Z500.sys [2010-01-20 12800]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [2011-07-05 19:21 6337128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-AVG SafeGuard toolbar - c:\program files\AVG SafeGuard toolbar\UNINSTALL.exe
.
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(6108)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Icon7\iConfig for Gamers\Tray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2013-10-01 19:40:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-10-01 17:40
ComboFix2.txt 2013-09-28 19:45
.
Před spuštěním: Volných bajtů: 97 081 966 592
Po spuštění: Volných bajtů: 97 044 078 592
.
- - End Of File - - BFFEAA0AD7E1A7DE9E1990B0C9A46561
A36C5E4F47E84449FF07ED3517B43A31

#15 Příspěvek od **vyosek** » 01 říj 2013 19:23

Fajn, jak se chova PC

VIRY.CZ

V každém stáhnutém souboru se nachází vir

V každém stáhnutém souboru se nachází vir

Re: V každém stáhnutém souboru se nachází vir

Re: V každém stáhnutém souboru se nachází vir

Re: V každém stáhnutém souboru se nachází vir

Re: V každém stáhnutém souboru se nachází vir

Re: V každém stáhnutém souboru se nachází vir

Re: V každém stáhnutém souboru se nachází vir

Re: V každém stáhnutém souboru se nachází vir

Re: V každém stáhnutém souboru se nachází vir

Re: V každém stáhnutém souboru se nachází vir

Re: V každém stáhnutém souboru se nachází vir

Re: V každém stáhnutém souboru se nachází vir

Re: V každém stáhnutém souboru se nachází vir

Re: V každém stáhnutém souboru se nachází vir

Re: V každém stáhnutém souboru se nachází vir