VIRY.CZ

Dobrý den, dovoluji si požádat o pomoc. Log níže:

ComboFix 14-01-04.03 - Gordak . 01. 2014 23:59:14.1.4 - x64 NETWORK
Microsoft Windows 8 Enterprise 6.2.9200.0.1250.420.1029.18.4095.2767 [GMT 1:00]
Spuštěný z: c:\users\Gordak\Downloads\ComboFix.exe
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-12-06 do 2014-01-06 )))))))))))))))))))))))))))))))
.
.
2014-01-06 22:48 . 2013-09-20 09:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2014-01-06 22:48 . 2014-01-06 22:51 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-01-06 22:48 . 2014-01-06 22:48 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-01-06 22:28 . 2014-01-06 22:28 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2014-01-06 22:21 . 2014-01-06 22:21 -------- d-----w- c:\users\Gordak\AppData\Local\ElevatedDiagnostics
2014-01-06 19:58 . 2014-01-06 19:58 -------- d-----w- c:\program files (x86)\ESET
2014-01-06 12:42 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EA444F8B-ADCB-438C-AD35-7FDB726C1299}\mpengine.dll
2013-12-28 15:52 . 2013-12-28 15:54 -------- d-----w- c:\programdata\ConMet
2013-12-28 15:52 . 2013-12-28 15:54 -------- d-----w- c:\users\Gordak\AppData\Roaming\ConMet
2013-12-28 15:52 . 2013-12-28 15:53 -------- d-----w- c:\program files (x86)\ConMet
2013-12-28 10:19 . 2013-10-30 09:45 43320 ----a-w- c:\windows\system32\uxtuneup.dll
2013-12-28 10:19 . 2013-10-30 09:45 36152 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2013-12-28 10:16 . 2013-10-30 09:45 40760 ----a-w- c:\windows\system32\TURegOpt.exe
2013-12-28 10:16 . 2013-10-30 09:45 29496 ----a-w- c:\windows\system32\authuitu.dll
2013-12-28 10:16 . 2013-10-30 09:45 25400 ----a-w- c:\windows\SysWow64\authuitu.dll
2013-12-28 10:15 . 2013-12-28 10:15 -------- d-----w- c:\users\Gordak\AppData\Roaming\TuneUp Software
2013-12-28 10:15 . 2013-12-28 10:19 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2014
2013-12-28 10:14 . 2013-12-28 10:21 -------- d-----w- c:\programdata\TuneUp Software
2013-12-28 10:14 . 2013-12-28 10:24 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-12-28 10:14 . 2013-12-28 10:14 -------- d--h--w- c:\programdata\Common Files
2013-12-14 20:09 . 2013-11-01 01:45 23350272 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-14 20:09 . 2013-11-01 01:16 22615040 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-14 10:44 . 2013-12-14 10:50 -------- d-----w- c:\windows\rescache
2013-12-11 22:51 . 2013-12-11 22:51 -------- d-----w- c:\users\Gordak\AppData\Roaming\LSS
2013-12-11 06:44 . 2013-10-19 05:45 62976 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-11 06:44 . 2013-10-19 04:04 59392 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-12-11 06:44 . 2013-10-25 06:18 19271168 ----a-w- c:\windows\system32\mshtml.dll
2013-12-11 06:44 . 2013-10-25 06:17 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-12-11 06:44 . 2013-10-25 06:17 3959808 ----a-w- c:\windows\system32\jscript9.dll
2013-12-09 20:02 . 2013-12-09 20:02 -------- d-----w- c:\program files\iPod
2013-12-09 20:02 . 2013-12-09 20:03 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-09 20:02 . 2013-12-09 20:03 -------- d-----w- c:\program files\iTunes
2013-12-09 20:02 . 2013-12-09 20:03 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-14 21:09 . 2013-06-02 09:11 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-04 00:53 . 2013-11-16 12:39 78304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-04 00:53 . 2013-11-16 12:39 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-19 10:21 . 2013-06-02 09:14 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-10-10 11:53 . 2013-11-14 06:53 96600 ----a-w- c:\windows\system32\drivers\wfplwfs.sys
2013-10-10 09:21 . 2013-11-14 06:53 1160192 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-10 09:20 . 2013-11-14 06:53 723968 ----a-w- c:\windows\system32\BFE.DLL
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-11-02 11:35 1727176 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-11-02 11:35 1727176 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-11-02 11:35 1727176 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"LSS Panel"="d:\program files (x86)\Media Labs\Local Streaming Server\LSS Config.exe" [2013-06-01 666624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartW8Button"="c:\program files (x86)\StartW8\bin\StartW8Button.exe" [2013-10-25 59784]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-08-30 766208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-01 152392]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
c:\users\Gordak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Serviio.lnk - d:\program files\Serviio\bin\ServiioConsole.exe [2013-12-20 399360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
TVMOBiLiArtworkManager.lnk - c:\program files (x86)\TVMOBiLi\bin\iTunesAlbumArtGenerator.exe "/path:c:\programdata\TVMOBiLi\cache" [2013-7-10 67584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R2 Serviio;Serviio;d:\program files\Serviio\bin\ServiioService.exe;d:\program files\Serviio\bin\ServiioService.exe [x]
R2 StartW8Service;StartW8Service;c:\program files (x86)\StartW8\bin\StartW8Service.exe;c:\program files (x86)\StartW8\bin\StartW8Service.exe [x]
R2 TeamViewer9;TeamViewer 9;d:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;d:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x]
R2 tvMobiliService;tvMobiliService;c:\program files (x86)\TVMOBiLi\bin\tvMobiliService.exe;c:\program files (x86)\TVMOBiLi\bin\tvMobiliService.exe [x]
R3 amdkmafd;AMD Audio Bus Lower Filter;c:\windows\System32\drivers\amdkmafd.sys;c:\windows\SYSNATIVE\drivers\amdkmafd.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
R3 cpuz135;cpuz135;d:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys;d:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S3 yukonw8;NDIS6.3 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk63x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk63x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 19:49 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-01-06 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-01-06 09:57]
.
2014-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-01 15:18]
.
2014-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-01 15:18]
.
2014-01-06 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-01-06 09:49]
.
2014-01-06 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-01-06 09:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-11-02 11:30 2331336 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-11-02 11:30 2331336 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-11-02 11:30 2331336 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.cz/?rlz=1W4CHBA_csCZ563
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Celkový čas: 2014-01-07 00:06:45
ComboFix-quarantined-files.txt 2014-01-06 23:06
.
Před spuštěním: 4 050 354 176 bytes free
Po spuštění: 3 967 778 816 bytes free
.
- - End Of File - - DB65A9C2B2E9FF6F67F1EE8A97605C20
A36C5E4F47E84449FF07ED3517B43A31

Zapomněl bych dodat, že při spuštění chrome chce po mě zaplatit. Dal jsem tvrdé vypnutí a po najetí do standardního režimu se hned PC zasekne a spustí se nějaká aktualizace (vždy jsem při jejím spuštěním vypl PC na tvrdo)

Zdravim

:arrow:Co se tyce ComboFixu, ktery jste pouzil, tak na zaklade licence a pravidel fora ptam, umite s nim pracovat (spusteni, rozlusteni logu, napsani skriptu)?

Licencni podminky ComboFixu hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"
Obrázek

Nebezpeci CFka

Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
Maze stopy po haveti, takze v logu z RSIT neni nic videt
Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

VIRY.CZ

Policie ČR vir - prosím o pomoc

Policie ČR vir - prosím o pomoc

Re: Policie ČR vir - prosím o pomoc