VIRY.CZ

Dobrý den,
do počítače se mi dostal nějaký virus, kterého se nemůžu zbavit. Avast mi najednou začal několikrát denně hlásit, že „štít souborového systému zablokoval útok“. Podle toho jsem zjistila, že se mi v různých složkách v počítači samy vytvářejí různé exe soubory, které si spouští různé procesy. Když proces ukončím a soubor smažu, za chvíli se vytvoří a spustí znovu. Soubory, které se vytvářejí, na které jsem zatím přišla, se jmenují jhProtominer.exe, apts.exe, string.exe, 2.exe a 5.exe, a vytvářejí se na několika různých místech v počítači (i ve složce Program Files/Avast ).
Avast při žádném testu nic neobjeví. Zkoušela jsem podle různých návodů na internetu i jiné programy, např. Combofix nebo The Cleaner, ale vůbec to nepomohlo. Byla bych vděčná za jakoukoliv radu

Vkládám sem log z RSIT podle návodu tady na fóru.




Logfile of random's system information tool 1.09 (written by random/random)
Run by Klif at 2014-02-04 01:14:59
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 414 GB (43%) free of 954 GB
Total RAM: 2047 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:15:02, on 4.2.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVAST\AvastUI.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\QIP Infium\infium.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Klif\Plocha\stazene\RSIT.exe
C:\Program Files\trend micro\Klif.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Web Accessibility Toolbar - {11352A67-0178-46B1-8855-D50B2F81C054} - C:\PROGRA~1\ACCESS~1\ACCESS~1.DLL
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST\aswWebRepIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [AutoKMS] C:\WINDOWS\AutoKMS.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [openoffic] \Windows\Explorer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP Infium\infium.exe" /autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [icq] C:\Documents and Settings\Klif\Data aplikací\ICQM\icq.exe -CU
O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [openoffic] \Windows\Explorer.exe
O4 - HKCU\..\Run: [tcactive] C:\Program Files\The Cleaner\tcap.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1614895754-287218729-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Documents and Settings\Klif\Data aplikací\ICQM\icq.exe (HKCU)
O9 - Extra 'Tools' menuitem: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Documents and Settings\Klif\Data aplikací\ICQM\icq.exe (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: The Cleaner Helper Service (moohelp) - MooSoft Development LLC - C:\Program Files\The Cleaner\mhelper.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 9017 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-KLIFIK-Klif.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Klif\Data aplikací\Mozilla\Firefox\Profiles\c3quzlch.default

"wrc@avast.com"=C:\Program Files\AVAST\WebRep\FF
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.43 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


C:\Documents and Settings\Klif\Data aplikací\Mozilla\Firefox\Profiles\c3quzlch.default\extensions\
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-18 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST\aswWebRepIE.dll [2014-01-05 1138536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC7E636D-39AA-49b6-B511-65413DA137A1}]
IE Developer Toolbar BHO - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll [2007-03-01 623992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{11352A67-0178-46B1-8855-D50B2F81C054} - Web Accessibility Toolbar - C:\PROGRA~1\ACCESS~1\ACCESS~1.DLL [2007-07-20 427520]
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - avast! Online Security - C:\Program Files\AVAST\aswWebRepIE.dll [2014-01-05 1138536]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2014-01-03 20145368]
"AvastUI.exe"=C:\Program Files\AVAST\AvastUI.exe [2014-01-05 3764024]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-04-07 13891176]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2011-02-24 1753192]
"AutoKMS"=C:\WINDOWS\AutoKMS.exe [2014-01-03 615936]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-01-04 500208]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-07-22 402432]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"openoffic"=\Windows\Explorer.exe [2008-04-14 1034240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]
"Infium"=C:\Program Files\QIP Infium\infium.exe [2010-09-01 5896656]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-11-14 20584608]
"icq"=C:\Documents and Settings\Klif\Data aplikací\ICQM\icq.exe [2014-01-04 33664344]
"Xvid"=C:\Program Files\Xvid\CheckUpdate.exe [2011-01-17 8192]
"Rainlendar2"=C:\Program Files\Rainlendar2\Rainlendar2.exe [2011-02-04 2346496]
"openoffic"=\Windows\Explorer.exe [2008-04-14 1034240]
"tcactive"=C:\Program Files\The Cleaner\tcap.exe [2013-11-24 6152272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"TaskbarNoNotification"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\QIP Infium\infium.exe"="C:\Program Files\QIP Infium\infium.exe:*:Enabled:QIP Infium"
"C:\AppServ\Apache2.2\bin\httpd.exe"="C:\AppServ\Apache2.2\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Klif\Data aplikací\ICQM\icq.exe"="C:\Documents and Settings\Klif\Data aplikací\ICQM\icq.exe:*:Enabled:ICQ"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll

======List of files/folders created in the last 1 month======

2014-02-04 01:13:31 ----D---- C:\rsit
2014-02-04 01:13:31 ----D---- C:\Program Files\trend micro
2014-02-04 01:06:27 ----A---- C:\ComboFix.txt
2014-02-02 23:08:42 ----D---- C:\Documents and Settings\Klif\Data aplikací\Runscanner.net
2014-02-02 22:46:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\IObit
2014-02-02 22:46:04 ----D---- C:\Program Files\IObit Unlocker
2014-02-01 15:24:14 ----D---- C:\Documents and Settings\Klif\Data aplikací\thecleaner
2014-02-01 15:22:39 ----D---- C:\Program Files\The Cleaner
2014-01-31 21:56:15 ----RASHD---- C:\cmdcons
2014-01-31 21:41:03 ----A---- C:\WINDOWS\zip.exe
2014-01-31 21:41:03 ----A---- C:\WINDOWS\SWXCACLS.exe
2014-01-31 21:41:03 ----A---- C:\WINDOWS\SWSC.exe
2014-01-31 21:41:03 ----A---- C:\WINDOWS\SWREG.exe
2014-01-31 21:41:03 ----A---- C:\WINDOWS\sed.exe
2014-01-31 21:41:03 ----A---- C:\WINDOWS\PEV.exe
2014-01-31 21:41:03 ----A---- C:\WINDOWS\NIRCMD.exe
2014-01-31 21:41:03 ----A---- C:\WINDOWS\MBR.exe
2014-01-31 21:41:03 ----A---- C:\WINDOWS\grep.exe
2014-01-31 21:39:49 ----D---- C:\Qoobox
2014-01-31 21:39:21 ----D---- C:\WINDOWS\erdnt
2014-01-24 00:24:40 ----D---- C:\Documents and Settings\Klif\Data aplikací\NVIDIA
2014-01-24 00:21:51 ----D---- C:\Documents and Settings\Klif\Data aplikací\newnext.me
2014-01-24 00:20:16 ----D---- C:\Program Files\DVDVideoSoft
2014-01-24 00:20:16 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2014-01-24 00:20:16 ----D---- C:\Documents and Settings\Klif\Data aplikací\OpenCandy
2014-01-24 00:20:16 ----D---- C:\Documents and Settings\Klif\Data aplikací\DVDVideoSoft
2014-01-24 00:10:24 ----D---- C:\Documents and Settings\Klif\Data aplikací\FreeVideoConverter
2014-01-24 00:10:04 ----D---- C:\Program Files\Free Video Converter
2014-01-20 03:13:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Gemfor
2014-01-20 02:54:38 ----A---- C:\WINDOWS\system32\javaws.exe
2014-01-20 02:54:31 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-01-20 02:54:31 ----A---- C:\WINDOWS\system32\javaw.exe
2014-01-20 02:54:31 ----A---- C:\WINDOWS\system32\java.exe
2014-01-19 16:03:49 ----D---- C:\Documents and Settings\Klif\Data aplikací\.minecraft
2014-01-16 02:35:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2914368$
2014-01-15 23:38:51 ----D---- C:\WINDOWS\Minidump
2014-01-15 19:59:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\{CC71B1CB-A2E4-4CF7-8EDB-A0E290BA1604}
2014-01-15 18:11:32 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2014-01-15 18:09:24 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2014-01-15 18:09:19 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
2014-01-15 18:09:14 ----A---- C:\WINDOWS\system32\wdfcoinstaller01007.dll
2014-01-15 18:09:14 ----A---- C:\WINDOWS\system32\drivers\WdfCoInstaller01007.dll
2014-01-15 18:09:09 ----D---- C:\Program Files\Huawei
2014-01-15 18:08:55 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS
2014-01-05 14:14:26 ----A---- C:\WINDOWS\XMLSchemaValidator.INI
2014-01-05 00:56:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2014-01-05 00:15:49 ----D---- C:\Program Files\Common Files\DirectX
2014-01-05 00:14:21 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2014-01-05 00:14:21 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2014-01-05 00:14:20 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2014-01-05 00:14:20 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2014-01-05 00:14:20 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2014-01-05 00:14:19 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2014-01-05 00:14:19 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2014-01-05 00:14:18 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2014-01-05 00:14:18 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2014-01-05 00:14:18 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2014-01-05 00:14:18 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2014-01-05 00:14:17 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2014-01-05 00:14:10 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2014-01-05 00:14:10 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2014-01-05 00:14:10 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2014-01-05 00:14:09 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2014-01-05 00:14:09 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2014-01-05 00:14:09 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2014-01-05 00:14:08 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2014-01-05 00:14:08 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2014-01-05 00:14:07 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2014-01-05 00:14:05 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2014-01-05 00:13:31 ----D---- C:\Program Files\Hospital Tycoon
2014-01-05 00:02:50 ----A---- C:\WINDOWS\system32\CmdLineExt.dll

======List of files/folders modified in the last 1 month======

2014-02-04 01:14:43 ----D---- C:\Documents and Settings\Klif\Data aplikací\FileZilla
2014-02-04 01:13:31 ----RD---- C:\Program Files
2014-02-04 01:11:02 ----D---- C:\WINDOWS\Temp
2014-02-04 01:01:13 ----D---- C:\Documents and Settings\Klif\Data aplikací\Skype
2014-02-04 00:59:27 ----D---- C:\WINDOWS
2014-02-04 00:59:27 ----A---- C:\WINDOWS\system.ini
2014-02-04 00:51:17 ----D---- C:\WINDOWS\system32\drivers
2014-02-04 00:51:17 ----D---- C:\WINDOWS\system32
2014-02-04 00:51:17 ----D---- C:\WINDOWS\AppPatch
2014-02-04 00:51:13 ----D---- C:\Program Files\Common Files
2014-02-04 00:42:17 ----D---- C:\WINDOWS\system32\CatRoot2
2014-02-04 00:41:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-02-04 00:38:32 ----D---- C:\WINDOWS\Prefetch
2014-02-02 22:53:18 ----D---- C:\Program Files\Opera
2014-01-31 22:22:22 ----SD---- C:\WINDOWS\Tasks
2014-01-31 22:15:56 ----D---- C:\WINDOWS\system32\drivers\etc
2014-01-30 23:44:52 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-01-24 18:31:41 ----D---- C:\Documents and Settings\Klif\Data aplikací\Adobe
2014-01-24 00:11:23 ----A---- C:\WINDOWS\win.ini
2014-01-20 22:35:57 ----HD---- C:\WINDOWS\inf
2014-01-20 18:49:59 ----A---- C:\WINDOWS\php.ini
2014-01-20 18:46:59 ----SHD---- C:\WINDOWS\Installer
2014-01-20 02:54:31 ----D---- C:\Program Files\Java
2014-01-16 02:37:55 ----D---- C:\WINDOWS\system32\MRT
2014-01-16 02:35:39 ----A---- C:\WINDOWS\system32\MRT.exe
2014-01-16 02:35:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-01-15 18:09:27 ----A---- C:\WINDOWS\imsins.BAK
2014-01-09 19:31:43 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-01-09 00:05:20 ----D---- C:\Program Files\QIP Infium
2014-01-07 00:45:40 ----D---- C:\Program Files\Mozilla Thunderbird
2014-01-07 00:44:18 ----D---- C:\Program Files\Adobe
2014-01-07 00:44:15 ----D---- C:\Program Files\Common Files\Adobe AIR
2014-01-05 02:26:21 ----D---- C:\WINDOWS\Microsoft.NET
2014-01-05 02:26:18 ----RSD---- C:\WINDOWS\assembly
2014-01-05 02:12:10 ----D---- C:\Program Files\AVAST
2014-01-05 02:09:37 ----A---- C:\WINDOWS\system32\aswBoot.exe
2014-01-05 01:06:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-05 01:06:08 ----D---- C:\WINDOWS\WinSxS
2014-01-05 00:57:56 ----D---- C:\WINDOWS\system32\CatRoot
2014-01-05 00:43:38 ----D---- C:\WINDOWS\system32\XPSViewer
2014-01-05 00:14:22 ----D---- C:\WINDOWS\system32\DirectX

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2014-01-03 49944]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2014-01-05 180248]
R1 aswRdr;aswRdr; \??\C:\WINDOWS\system32\drivers\aswRdr.sys []
R1 aswSnx;aswSnx; \??\C:\WINDOWS\system32\drivers\aswSnx.sys []
R1 aswSP;aswSP; \??\C:\WINDOWS\system32\drivers\aswSP.sys []
R1 aswTdi;aswTdi; \??\C:\WINDOWS\system32\drivers\aswTdi.sys []
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2014-01-03 243128]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2014-01-03 5620440]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-04-08 12501600]
R3 usbfilter;AMD USB Filter Driver; C:\WINDOWS\system32\DRIVERS\usbfilter.sys [2010-11-29 35712]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2014-01-03 1691480]
S3 catchme;catchme; \??\C:\DOCUME~1\Klif\LOCALS~1\Temp\catchme.sys []
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys []
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\WINDOWS\system32\DRIVERS\ew_usbenumfilter.sys []
S3 huawei_cdcacm;huawei_cdcacm; C:\WINDOWS\system32\DRIVERS\ew_jucdcacm.sys []
S3 huawei_cdcecm;huawei_cdcecm; C:\WINDOWS\system32\DRIVERS\ew_jucdcecm.sys []
S3 huawei_enumerator;huawei_enumerator; C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys []
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\WINDOWS\system32\DRIVERS\ew_juextctrl.sys []
S3 IObitUnlocker;IObitUnlocker; \??\C:\Program Files\IObit Unlocker\IObitUnlocker.sys []
S3 mbr;mbr; \??\C:\ComboFix\mbr.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2014-01-03 1395800]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apache2.2;Apache2.2; C:\AppServ\Apache2.2\bin\httpd.exe [2008-01-17 24635]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST\AvastSvc.exe [2014-01-05 50344]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-12-18 182696]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2011-04-07 155752]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-03 116648]
S2 moohelp;The Cleaner Helper Service; C:\Program Files\The Cleaner\mhelper.exe [2013-11-24 816208]
S2 mysql;mysql; C:\AppServ\MySQL\bin\mysqld-nt --defaults-file=C:\AppServ\MySQL\my.ini mysql []
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-30 257928]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-03 116648]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-12-05 119408]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------



Předem moc děkuji
Helena

Zdravim

Co ten nelegalni office?


Proc jste spoustela ComboFix?

Kdybyste si precetla pravidla fora http://forum.viry.cz/viewtopic.php?f=12&t=5601 , docetla byste se mimo jine toto

2. Před položením dotazu použijte tlačítko Hledat. Možná již někdo problém podobným Vašemu řešil. Pokud ale ve vyřešeném tématu budou aplikovány různé utility\aplikace, nespouštějte je. Utility se používají až na pokyn rádce, jelikož mohou mazat stopy po havěti a v rukou ne-oborníka může mít jejich použití nedozírné následky.

3. Zvláště utilitu ComboFix nespouštějte i když Vám ji poradil kamarád\nějaký rádoby odborný web. Naše fórum je jediné z CZ-SK antivirových fór, která mají právo luštit logy z ComboFixu a mámě též plnou podporu autora této utility a přístup k nejaktuálnějším informacím a návodům.

CF smaze veskere stopy pripadne nakazy. A ja ted muzu tak akorat varit z vody, jak se rika
Zkusime se na to podivat, ale pokud se to bude opakovat, bude pomoc odmitnuta.
A taky upozornuji, ze se to mozna protahne a vysledek vubec neni jisty


Zkopirujte mi tu jeho log, je zde C:\ComboFix.txt



Nainstalujte a aktualizujte MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a v nouzovem rezimu udelejte !!!kompletni!!! kontrolu a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

Dobrý den,
děkuji za rychlou odpověď.
Hledala jsem jako první přes Google nějaký jakýkoliv program, který by mě mohl viru zbavit a návod na stažení a použití Combofixu byl skoro to první, co jsem našla. Až po několika dnech, co s tím už bojuju, jsem se na radu známého rozhodla zkusit si napsat o pomoc sem a začala se o toto fórum víc zajímat, takže předtím jsem o pravidlech fóra nic netušila a teď už s tím nemůžu nic udělat
Vkládám sem ten log z toho Combofixu, MBAM přidám hned, jak ho nainstaluju a udělám kontrolu.



ComboFix 14-01-29.01 - Klif 31.01.2014 22:01:46.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1429 [GMT 1:00]
Spuštěný z: c:\documents and settings\Klif\Plocha\stazene\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\regopt.log
c:\windows\system32\roboot.exe
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-12-28 do 2014-01-31 )))))))))))))))))))))))))))))))
.
.
2014-01-27 02:04 . 2014-01-27 02:04 129536 ----a-w- C:\jhProtominer.exe
2014-01-27 02:04 . 2014-01-27 02:04 155648 ----a-w- C:\apts.exe
2014-01-04 12:37 . 2014-01-04 16:47 -------- d-----w- C:\totalcmd
2014-01-04 12:18 . 2014-01-04 12:18 -------- d-----w- C:\acaa0b79e1d7b077ee31ee5def
2014-01-03 23:13 . 2014-01-03 23:13 -------- d-----w- C:\AppServ
2014-01-03 22:10 . 2014-01-03 22:10 -------- d-----r- C:\MSOCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-27 20:21 . 2006-03-02 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-13 03:00 . 2006-03-02 12:00 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2006-03-02 12:00 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:36 . 2008-05-05 06:25 7168 ----a-w- c:\windows\system32\xpsp4res.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-05 01:09 259464 ----a-w- c:\program files\AVAST\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"Infium"="c:\program files\QIP Infium\infium.exe" [2010-09-01 5896656]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"icq"="c:\documents and settings\Klif\Data aplikací\ICQM\icq.exe" [2014-01-03 33664344]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2011-02-04 2346496]
"NextLive"="c:\documents and settings\Klif\Data aplikací\newnext.me\nengine.dll" [2014-01-06 1283584]
"openoffic"="\Windows\Explorer.exe" [2008-04-14 1034240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2014-01-03 20145368]
"AvastUI.exe"="c:\program files\AVAST\AvastUI.exe" [2014-01-05 3764024]
"NvMediaCenter"="NvMCTray.dll" [2011-04-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-07 13891176]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]
"AutoKMS"="c:\windows\AutoKMS.exe" [2014-01-03 615936]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-01-03 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"mobilegeni daemon"="c:\program files\Mobogenie\DaemonProcess.exe" [2014-01-09 766656]
"openoffic"="\Windows\Explorer.exe" [2008-04-14 1034240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Load"="\apts.exe" [2014-01-27 155648]
"openoffic"="\Windows\Explorer.exe" [2008-04-14 1034240]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\WINDOWS\\KMSEmulator.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\AppServ\\Apache2.2\\bin\\httpd.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Klif\\Data aplikací\\ICQM\\icq.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [3.1.2014 14:09 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [3.1.2014 14:09 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3.1.2014 14:09 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3.1.2014 14:09 410528]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [3.1.2014 19:14 243128]
R2 Apache2.2;Apache2.2;c:\appserv\Apache2.2\bin\httpd.exe [17.1.2008 18:37 24635]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [3.1.2014 14:09 67824]
R2 MgAssistService;MgAssist Service;c:\program files\Mobogenie\MgAssist.exe [24.1.2014 0:21 63168]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [3.1.2014 13:53 35712]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23.10.2013 8:15 172192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3.1.2014 14:05 1691480]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys --> c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [?]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys --> c:\windows\system32\DRIVERS\ew_jucdcacm.sys [?]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\DRIVERS\ew_jucdcecm.sys --> c:\windows\system32\DRIVERS\ew_jucdcecm.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys --> c:\windows\system32\DRIVERS\ew_juextctrl.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-29 01:10 1211672 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-03 22:44]
.
2014-01-31 c:\windows\Tasks\AdobeAAMUpdater-1.0-KLIFIK-Klif.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2014-01-03 23:27]
.
2014-01-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2014-01-31 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST\AvastEmUpdate.exe [2014-01-03 01:09]
.
2014-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-03 17:57]
.
2014-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-03 17:57]
.
.
------- Doplňkový sken -------
.
mWindow Title = IE 4.01 (Microsoft Internet Explorer)
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\documents and settings\Klif\Data aplikací\Mozilla\Firefox\Profiles\c3quzlch.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-31 22:16
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
mobilegeni daemon = c:\program files\Mobogenie\DaemonProcess.exe?????????????????????????????????????????????????????????????????????????????????????
openoffic = "c:\program files\Common Files\openoffic0\zqhkkangs.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
openoffic = "c:\program files\Common Files\openoffic0\zqhkkangs.exe"
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysql]
"ImagePath"="c:\appserv\MySQL\bin\mysqld-nt --defaults-file=c:\appserv\MySQL\my.ini mysql"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{4689CD1A-CDAA-2C44-ABCD-953C1B35A053}]
@Denied: (A 4) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05BDC38E-5493-487a-A7FF-8CF2246ABC13}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Background Task Scheduler"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05BDC38E-5493-487a-A7FF-8CF2246ABC13}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06EEE834-461C-42c2-8DCF-1502B527B1F9}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="URL Shortcut PropSetStorage Mapping"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06EEE834-461C-42c2-8DCF-1502B527B1F9}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06EEE834-461C-42c2-8DCF-1502B527B1F9}\Instance]
"CLSID"="{942bc614-676c-464e-b384-d3202aaa02da}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07C45BB1-4A8C-4642-A1F5-237E7215FF66}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft BrowserBand"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07C45BB1-4A8C-4642-A1F5-237E7215FF66}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1C1EDB47-CE22-4bbb-B608-77B48F83C823}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Fade Task"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1C1EDB47-CE22-4bbb-B608-77B48F83C823}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1D1F0730-0748-4b5f-81DF-865694BD07AC}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE OrderListExport"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1D1F0730-0748-4b5f-81DF-865694BD07AC}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{205D7A97-F16D-4691-86EF-F3075DCCA57D}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Menu Desk Bar"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{205D7A97-F16D-4691-86EF-F3075DCCA57D}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2183DACA-D0BF-4a31-97F7-B87618A81955}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Shared Task Scheduler"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2183DACA-D0BF-4a31-97F7-B87618A81955}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3028902F-6374-48b2-8DC6-9725E775B926}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE AutoComplete"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3028902F-6374-48b2-8DC6-9725E775B926}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{34a3d570-67d9-4265-a9ee-8c3fa3dfeccf}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="TravelLog"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{34a3d570-67d9-4265-a9ee-8c3fa3dfeccf}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3e71f26d-136f-4545-813f-35276024b705}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="XML Feed Subscribe Dialog"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3e71f26d-136f-4545-813f-35276024b705}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{43886CD5-6529-41c4-A707-7B3C92C05E68}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Navigation Bar"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{43886CD5-6529-41c4-A707-7B3C92C05E68}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{447EDBE5-0080-4036-A0BB-7B84C58C604F}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IEDataObjectWrapper"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{447EDBE5-0080-4036-A0BB-7B84C58C604F}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{44C76ECD-F7FA-411c-9929-1B77BA77F524}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Menu Site"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{44C76ECD-F7FA-411c-9929-1B77BA77F524}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4B78D326-D922-44f9-AF2A-07805C2A3560}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Menu Band"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4B78D326-D922-44f9-AF2A-07805C2A3560}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{528d46b3-3a4b-4b13-bf74-d9cbd7306e07}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="XML Feed Document"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{528d46b3-3a4b-4b13-bf74-d9cbd7306e07}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{528d46b3-3a4b-4b13-bf74-d9cbd7306e07}\ProgID]
@="xmlfile"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53510d24-57eb-4713-9afb-e6e60530b87e}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE RSS Feeds Tasks"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53510d24-57eb-4713-9afb-e6e60530b87e}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{553858A7-4922-4e7e-B1C1-97140C1C16EF}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Component Categories cache daemon"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{553858A7-4922-4e7e-B1C1-97140C1C16EF}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6038EF75-ABFC-4e59-AB6F-12D397F6568D}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft History AutoComplete List"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6038EF75-ABFC-4e59-AB6F-12D397F6568D}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Tracking Shell Menu"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6CF48EF8-44CD-45d2-8832-A16EA016311B}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6CF48EF8-44CD-45d2-8832-A16EA016311B}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73CFD649-CD48-4fd8-A272-2070EA56526B}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE BandProxy"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73CFD649-CD48-4fd8-A272-2070EA56526B}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{75847177-f077-4171-bd2c-a6bb2164fbd0}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Private Profile Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{75847177-f077-4171-bd2c-a6bb2164fbd0}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8E989135-2736-4767-8160-EA3613F69D24}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IEDropSourceWrapper"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8E989135-2736-4767-8160-EA3613F69D24}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9271516F-F860-4a02-8F0C-BDAF8A5D13A4}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9271516F-F860-4a02-8F0C-BDAF8A5D13A4}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{942bc614-676c-464e-b384-d3202aaa02da}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="INI Property Set Storage Handler"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{942bc614-676c-464e-b384-d3202aaa02da}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE MRU AutoComplete List"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9a096bb5-9dc3-4d1c-8526-c3cbf991ea4e}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE RSS Feeds Folder"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9a096bb5-9dc3-4d1c-8526-c3cbf991ea4e}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9a096bb5-9dc3-4d1c-8526-c3cbf991ea4e}\ShellFolder]
"Attributes"=dword:a0000000
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft Shell Folder AutoComplete List"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9FAE1230-74AC-4e33-B59C-4051BBEB0803}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Thread Handshake"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9FAE1230-74AC-4e33-B59C-4051BBEB0803}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Both"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A6B222AB-A5EA-4899-B230-084657EDDC7D}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Browser Thread State"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A6B222AB-A5EA-4899-B230-084657EDDC7D}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA0AF823-B0D0-40c7-AE77-F13B14D9FFAE}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA0AF823-B0D0-40c7-AE77-F13B14D9FFAE}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AAC2B978-266D-48ae-AA28-60A3EBB872D0}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE RSS FeedFolder Tasks"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AAC2B978-266D-48ae-AA28-60A3EBB872D0}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ACE52D03-E5CD-4b20-82FF-E71B11BEAE1D}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Shell Name Space ListView"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ACE52D03-E5CD-4b20-82FF-E71B11BEAE1D}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B31C5FAE-961F-415b-BAF0-E697A5178B94}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft Multiple AutoComplete List Container"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B31C5FAE-961F-415b-BAF0-E697A5178B94}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}\ShellFolder]
"Attributes"=dword:a0000050
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Shell Rebar BandSite"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C21B45B8-5D76-4575-BA27-54823098C491}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft Docking Bar Property Bag"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C21B45B8-5D76-4575-BA27-54823098C491}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="PSFactoryBuffer"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InProcServer32]
@="c:\\Program Files\\Internet Explorer\\ieproxy.dll"
"ThreadingModel"="Both"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DC651A43-0720-4a2b-9971-BD2EF1329A3D}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Component Categories conditional cache daemon"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DC651A43-0720-4a2b-9971-BD2EF1329A3D}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Browser Application State"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E6EE9AAC-F76B-4947-8260-A9F136138E11}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Shell Band Site Menu"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E6EE9AAC-F76B-4947-8260-A9F136138E11}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ed72f0d2-b701-4c53-adc3-f2fb59946dd8}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="ProtectedModeAPI"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ed72f0d2-b701-4c53-adc3-f2fb59946dd8}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F2CF5485-4E02-4f68-819C-B92DE9277049}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="&Links"
"MenuTextPUI"="@c:\\WINDOWS\\system32\\ieframe.dll.mui,-13138"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F2CF5485-4E02-4f68-819C-B92DE9277049}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Registry Tree Options Utility"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Both"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FADE020C-B6CB-400b-B794-5A51C9A5F6D0}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft CommBand"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FADE020C-B6CB-400b-B794-5A51C9A5F6D0}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Custom MRU AutoCompleted List"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ffd90217-f7c2-4434-9ee1-6f1b530db20f}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="XML Feed Moniker"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ffd90217-f7c2-4434-9ee1-6f1b530db20f}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{13162E4E-D40C-4A6D-8340-CCE73E87A38A}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{13162E4E-D40C-4A6D-8340-CCE73E87A38A}\NumMethods]
@="16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{13162E4E-D40C-4A6D-8340-CCE73E87A38A}\ProxyStubClsid32]
@="{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{83E7A2AB-486C-466D-AF9C-652713DBBFB2}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{83E7A2AB-486C-466D-AF9C-652713DBBFB2}\NumMethods]
@="6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{83E7A2AB-486C-466D-AF9C-652713DBBFB2}\ProxyStubClsid32]
@="{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9BAB3405-EE3F-4040-8836-25AA9C2D408E}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9BAB3405-EE3F-4040-8836-25AA9C2D408E}\NumMethods]
@="28"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9BAB3405-EE3F-4040-8836-25AA9C2D408E}\ProxyStubClsid32]
@="{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CAE57FE7-5E06-4804-A285-A985E76708CD}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CAE57FE7-5E06-4804-A285-A985E76708CD}\NumMethods]
@="17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CAE57FE7-5E06-4804-A285-A985E76708CD}\ProxyStubClsid32]
@="{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zqhkkangs.exe]
@Denied: (A B 2 3) (Everyone)
"DisableExceptionChainValidation"=""
.
Celkový čas: 2014-01-31 22:24:02
ComboFix-quarantined-files.txt 2014-01-31 21:23
.
Před spuštěním: Volných bajtů: 434 540 847 104
Po spuštění: Volných bajtů: 435 662 725 120
.
- - End Of File - - CAEF15DCFFEA86EC090FB38A75A1C978
413FC2A0C716421B3158746D63736515

Ja vim ze uz s tim nemuzete nic delat Proto to taky zkusim nejak opravit. Slo hlavne o to, abyste, pokud budete potrebovat pomoc v budoucnu, znovu nespustila CF bez predchozi domluvy

Pockam tedy na ten MBAM a pak se uvidi.

Dobrý den,
děkuji a omlouvám se za zdržení, problémy s připojením k internetu.
Program MBAM se mi bohužel nedaří nainstalovat, při dokončování instalace vždycky napíše, že nelze spustit soubor mbam.exe, že systém nemůže najít uvedený soubor. I když se ho snažím spustit přímo z té složky, protože tam je, píše to samé Zkusila jsem oba odkazy na stažení, co tam jsou

Stahnete novy ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho primo na plochu.
Otevrete si poznamkovy blok a zkopirujte do nej tento skript Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

Tady je ten log:

ComboFix 14-02-05.02 - Klif 08.02.2014 9:44.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1437 [GMT 1:00]
Spuštěný z: c:\documents and settings\Klif\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Klif\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\x.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SKYPEUPDATE
-------\Service_SkypeUpdate
-------\Service_SwitchBoard
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-08 do 2014-02-08 )))))))))))))))))))))))))))))))
.
.
2014-02-08 06:21 . 2014-02-08 06:21 129536 ----a-w- C:\jhProtominer.exe
2014-02-08 05:15 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-08 05:08 . 2014-02-08 05:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2014-02-08 05:08 . 2014-02-08 05:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-08 05:04 . 2014-02-08 05:04 77824 ------w- c:\windows\KMSEmulator.exe
2014-02-08 05:03 . 2014-02-08 05:03 0 ----a-w- c:\windows\AutoKMS.tmp
2014-02-07 22:21 . 2014-02-08 06:21 155648 ----a-w- C:\apts.exe
2014-02-07 08:52 . 2014-02-07 08:55 -------- d-----w- c:\program files\Prison Tycoon 4
2014-02-04 00:13 . 2014-02-04 00:15 -------- d-----w- c:\program files\trend micro
2014-02-04 00:13 . 2014-02-04 00:13 -------- d-----w- C:\rsit
2014-02-02 21:46 . 2014-02-02 21:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2014-02-02 21:46 . 2014-02-02 21:46 -------- d-----w- c:\program files\IObit Unlocker
2014-02-01 14:22 . 2014-02-02 21:41 -------- d-----w- c:\program files\The Cleaner
2014-01-31 05:07 . 2014-01-31 05:07 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2014-01-31 05:07 . 2014-01-31 05:07 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2014-01-29 06:34 . 2014-02-07 19:44 -------- d-sh--w- c:\program files\Common Files\openoffic0
2014-01-29 06:34 . 2014-01-29 06:34 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2014-01-23 23:21 . 2014-01-23 23:21 -------- d-----w- c:\documents and settings\Klif\.android
2014-01-23 23:20 . 2014-01-23 23:20 -------- d-----w- c:\program files\DVDVideoSoft
2014-01-23 23:20 . 2014-01-23 23:20 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2014-01-23 23:10 . 2014-01-23 23:10 -------- d-----w- c:\program files\Free Video Converter
2014-01-20 02:13 . 2014-01-20 02:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Gemfor
2014-01-20 01:54 . 2013-12-18 19:46 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-01-20 01:54 . 2013-12-18 20:10 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-15 18:59 . 2014-01-15 18:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{CC71B1CB-A2E4-4CF7-8EDB-A0E290BA1604}
2014-01-15 18:59 . 2014-01-15 18:59 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Gemfor
2014-01-15 17:09 . 2008-03-21 12:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2014-01-15 17:09 . 2011-08-16 15:40 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2014-01-15 17:09 . 2011-08-16 15:40 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2014-01-15 17:09 . 2014-01-15 17:09 -------- d-----w- c:\program files\Huawei
2014-01-15 17:08 . 2008-04-13 23:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-04 23:28 . 2014-01-03 18:28 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-04 23:28 . 2014-01-03 18:28 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-05 01:09 . 2014-01-03 13:09 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-01-05 01:09 . 2014-01-03 13:09 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-05 01:09 . 2014-01-03 13:09 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-05 01:09 . 2014-01-03 13:09 410528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-05 01:09 . 2014-01-03 13:09 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-05 01:09 . 2014-01-03 13:09 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-01-05 01:09 . 2014-01-03 13:09 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-05 01:09 . 2014-01-03 13:09 43152 ----a-w- c:\windows\avastSS.scr
2014-01-04 23:02 . 2014-01-04 23:02 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2014-01-03 22:18 . 2014-01-03 22:18 615936 ----a-w- c:\windows\AutoKMS.exe
2014-01-03 18:14 . 2014-01-03 18:14 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-01-03 13:09 . 2014-01-03 13:09 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-03 13:05 . 2014-01-03 13:06 891976 ----a-w- c:\windows\system32\RTSndMgr.CPL
2014-01-03 13:05 . 2014-01-03 13:06 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2014-01-03 13:05 . 2014-01-03 13:06 359016 ----a-w- c:\windows\vncutil.exe
2014-01-03 13:05 . 2014-01-03 13:06 1523416 ----a-w- c:\windows\RtlUpd.exe
2014-01-03 13:05 . 2014-01-03 13:06 9721960 ----a-w- c:\windows\RTLCPL.EXE
2014-01-03 13:05 . 2014-01-03 13:06 86232 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2014-01-03 13:05 . 2014-01-03 13:06 5620440 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2014-01-03 13:05 . 2014-01-03 13:06 129640 ----a-w- c:\windows\RtkAudioService.exe
2014-01-03 13:05 . 2014-01-03 13:06 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2014-01-03 13:05 . 2014-01-03 13:05 20145368 ----a-w- c:\windows\RTHDCPL.EXE
2014-01-03 13:05 . 2014-01-03 13:05 2180712 ----a-w- c:\windows\MicCal.exe
2014-01-03 13:05 . 2014-01-03 13:05 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2014-01-03 13:05 . 2014-01-03 13:05 285288 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2014-01-03 13:05 . 2014-01-03 13:05 2815592 ----a-w- c:\windows\ALCWZRD.EXE
2014-01-03 13:05 . 2014-01-03 13:05 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2014-01-03 13:05 . 2014-01-03 13:05 64104 ----a-w- c:\windows\ALCMTR.EXE
2014-01-03 13:05 . 2014-01-03 13:05 2080472 ----a-w- c:\windows\RtlExUpd.dll
2013-11-27 20:21 . 2006-03-02 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-13 03:00 . 2006-03-02 12:00 150528 ----a-w- c:\windows\system32\imagehlp.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-05 01:09 259464 ----a-w- c:\program files\AVAST\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2011-02-04 2346496]
"tcactive"="c:\program files\The Cleaner\tcap.exe" [2013-11-24 6152272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2014-01-03 20145368]
"AvastUI.exe"="c:\program files\AVAST\AvastUI.exe" [2014-01-05 3764024]
"NvMediaCenter"="NvMCTray.dll" [2011-04-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-07 13891176]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]
"AutoKMS"="c:\windows\AutoKMS.exe" [2014-01-03 615936]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\AppServ\\Apache2.2\\bin\\httpd.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Klif\\Data aplikací\\ICQM\\icq.exe"=
"c:\\WINDOWS\\KMSEmulator.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [3.1.2014 14:09 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [3.1.2014 14:09 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3.1.2014 14:09 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3.1.2014 14:09 410528]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [3.1.2014 19:14 243128]
R2 Apache2.2;Apache2.2;c:\appserv\Apache2.2\bin\httpd.exe [17.1.2008 18:37 24635]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [3.1.2014 14:09 67824]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [3.1.2014 13:53 35712]
S2 moohelp;The Cleaner Helper Service;c:\program files\The Cleaner\mhelper.exe [1.2.2014 15:24 816208]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3.1.2014 14:05 1691480]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys --> c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [?]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys --> c:\windows\system32\DRIVERS\ew_jucdcacm.sys [?]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\DRIVERS\ew_jucdcecm.sys --> c:\windows\system32\DRIVERS\ew_jucdcecm.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys --> c:\windows\system32\DRIVERS\ew_juextctrl.sys [?]
S3 IObitUnlocker;IObitUnlocker;c:\program files\IObit Unlocker\IObitUnlocker.sys [2.2.2014 22:46 26248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 02:07 1211720 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-03 23:28]
.
2014-02-08 c:\windows\Tasks\AdobeAAMUpdater-1.0-KLIFIK-Klif.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2014-01-03 23:27]
.
2014-02-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2014-02-08 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST\AvastEmUpdate.exe [2014-01-03 01:09]
.
2014-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-03 17:57]
.
2014-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-03 17:57]
.
.
------- Doplňkový sken -------
.
mWindow Title = IE 4.01 (Microsoft Internet Explorer)
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\documents and settings\Klif\Data aplikací\Mozilla\Firefox\Profiles\c3quzlch.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-08 10:03
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysql]
"ImagePath"="c:\appserv\MySQL\bin\mysqld-nt --defaults-file=c:\appserv\MySQL\my.ini mysql"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{EEA6CCD4-7A56-5647-8989-3160E7005EFC}]
@Denied: (A 4) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwrdsyetp.exe]
@Denied: (A B 2 3) (Everyone)
"DisableExceptionChainValidation"=""
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(592)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\AVAST\AvastSvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\appserv\MySQL\bin\mysqld-nt.exe
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
.
**************************************************************************
.
Celkový čas: 2014-02-08 10:06:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-02-08 09:06
ComboFix2.txt 2014-02-04 00:06
ComboFix3.txt 2014-01-31 21:24
.
Před spuštěním: Volných bajtů: 432 929 718 272
Po spuštění: Volných bajtů: 432 869 818 368
.
- - End Of File - - B1D4637B2318600FD9186D4AE50DE8B5
413FC2A0C716421B3158746D63736515

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu a spustte.
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte

Tady to je:

RogueKiller V8.8.6 [Feb 7 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Klif [Práva správce]
Mód : Kontrola -- Datum : 02/08/2014 11:30:47
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 2 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Inline] EAT @firefox.exe (LdrLoadDll) : ntdll.dll -> HOOKED (C:\Program Files\Mozilla Firefox\mozglue.dll @ 0x00461FFD)

¤¤¤ Externí včelstvo: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HD103UJ +++++
--- User ---
[MBR] c8503baec789112cbb0a6281064500d1
[BSP] 9cd3791a52a6092baa8b65747ed503ba : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953859 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) SAMSUNG HD103UJ +++++
--- User ---
[MBR] 8ddd70d3d92d0b8c91e49070682cb874
[BSP] 6236f453d72931291de86306cda5141e : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953859 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_02082014_113047.txt >>

Znovu spustte RogueKiller (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.

Tady je první zpráva po smazání:

RogueKiller V8.8.6 [Feb 7 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Klif [Práva správce]
Mód : Odebrat -- Datum : 02/08/2014 15:42:25
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 5 ¤¤¤
[IFEO] HKLM\[...]\mbam.exe : Debugger (oisxcdz_.exe [x]) -> VYMAZÁNO
[IFEO] HKLM\[...]\mbamgui.exe : Debugger (tblarrn_.exe [x]) -> VYMAZÁNO
[IFEO] HKLM\[...]\rstrui.exe : Debugger (rb_.exe [x]) -> VYMAZÁNO
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Inline] EAT @firefox.exe (LdrLoadDll) : ntdll.dll -> HOOKED (C:\Program Files\Mozilla Firefox\mozglue.dll @ 0x00551FFD)

¤¤¤ Externí včelstvo: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HD103UJ +++++
--- User ---
[MBR] c8503baec789112cbb0a6281064500d1
[BSP] 9cd3791a52a6092baa8b65747ed503ba : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953859 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) SAMSUNG HD103UJ +++++
--- User ---
[MBR] 8ddd70d3d92d0b8c91e49070682cb874
[BSP] 6236f453d72931291de86306cda5141e : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953859 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_D_02082014_154225.txt >>
RKreport[0]_S_02082014_113047.txt;RKreport[0]_S_02082014_154120.txt





A tady druhá po opravě host:

RogueKiller V8.8.6 [Feb 7 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Klif [Práva správce]
Mód : Oprava HOSTS -- Datum : 02/08/2014 15:43:08
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost


Dokončeno : << RKreport[0]_H_02082014_154308.txt >>
RKreport[0]_D_02082014_154225.txt;RKreport[0]_S_02082014_113047.txt;RKreport[0]_S_02082014_154120.txt

Zkuste ted restartovat pc do nouzoveho rezimu s praci v siti a opet nainstalovat a spustit MBAM. Kdyz to nepujde, dejte vedet, pujdem na to jinak.

Pořád se nemůže spustit, protože nemůže najít C:/Program Files/Malwarebytes' Anti-Malware/mbam.exe . Přitom v Program Files je, v Přidat nebo odebrat programy je, ve Start - Programy je, má i ikonu na ploše... ale spustit nejde odnikud ani v tom nouzovém režimu, dokonce ani přes ten soubor mbam.exe, který říká, že nemůže najít

Postupujte podle navodu kolegy

vyosek píše: Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/

• Ulozte nejlepe na Plochu a rozbalte
• Spustte kliknutim na mbar
• Nyni postupne kliknete na Next a Update
• Po dokonceni update (aktualizace) databaze kliknete opet na Next
• Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
• Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
• Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
• Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
• PC bude restartovan
• Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte

Udelejte sken s AVPTool http://forum.viry.cz/viewtopic.php?f=29&t=58179

Tady je log z Malwarebytes Anti-Rootkit:

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.02.09.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Klif :: KLIFIK [administrator]

9.2.2014 9:03:54
mbar-log-2014-02-09 (09-03-54).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 255685
Time elapsed: 7 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbam.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamgui.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\rstrui.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NWRDSYETP.EXE (Trojan.Agent) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\UKKXQLLFF.EXE (Trojan.Agent) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\UKKXQLLFF.EXE (Trojan.Agent) -> Delete on reboot.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AutoKMS (Riskware.Keygen) -> Data: C:\WINDOWS\AutoKMS.exe -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
c:\program files\common files\openoffic0 (Trojan.Agent) -> Delete on reboot.

Files Detected: 8
C:\WINDOWS\AutoKMS.exe (Riskware.Keygen) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-1614895754-287218729-725345543-1004\Dc9.exe (Trojan.VBInject) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-1614895754-287218729-725345543-1004\Dc11\Keygen.exe (Trojan.Agent.CK) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-1614895754-287218729-725345543-1004\Dc10\Keygen\keygen.exe (RiskWare.Tool.CK) -> Delete on reboot.
c:\program files\common files\openoffic0\eivmuxhgk.exe (Trojan.Agent) -> Delete on reboot.
c:\program files\common files\openoffic0\nwrdsyetp.exe (Trojan.Agent) -> Delete on reboot.
c:\program files\common files\openoffic0\oisxcdlvd.exe (Trojan.Agent) -> Delete on reboot.
c:\program files\common files\openoffic0\ukkxqllff.exe (Trojan.Agent) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)


Akorát restartovat jsem počítač musela ručně, tak snad to tomu nijak nevadí. Nevím, jestli to způsobil ten virus, ale poslední dobou mi počítač často vůbec nereaguje na Restartovat nebo Vypnout ve Startu, nebo když to má udělat nějaký program, a musí se to udělat ručně čudlíkem.

Taky jsem našla další virem vytvořený soubor v obvyklé složce, kde se mi pořád vytvářejí, který to nesmazalo. Denně jich tam několik mažu. Zkusím ještě ten AVPTool...