VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Problém s virem JS/Kryptik.I Trojský kůň

https://forum.viry.cz:443/viewtopic.php?t=137287

Stránka 1 z 1

Problém s virem JS/Kryptik.I Trojský kůň

Napsal: 06 dub 2014 12:11
od ventus2
Dobrý den, mám stejný problém jako kolega. Mohu postupovat dle stejného návodu, který byl poskytnut mu?

FRST log a příloha addition:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Jan (administrator) on JAN-PC on 06-04-2014 13:11:22
Running from C:\Users\Jan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Dassault Systemes) C:\Program Files\Dassault Systemes\B21\win_b64\code\bin\CATSysDemon.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Flexera Software, Inc.) C:\Users\Jan\AppData\Roaming\MSC.Software\MSC.Licensing\11.9\lmgrd.exe
(Flexera Software, Inc.) C:\Users\Jan\AppData\Roaming\MSC.Software\MSC.Licensing\11.9\lmgrd.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(MSC.Software Corporation) C:\Users\Jan\AppData\Roaming\MSC.Software\MSC.Licensing\11.9\MSC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Spotify Ltd) C:\Users\Jan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\Jan\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\windows\system32\mspaint.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11786344 2011-03-28] (Realtek Semiconductor)
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2712360 2011-03-21] (Synaptics Incorporated)
HKLM\...\Run: [OnekeyStudio] - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2011-09-06] (Lenovo)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2011-09-06] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-09-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2011-09-06] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-25] (APN)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-349598337-85247011-4086345617-1000\...\Run: [FactoryTest] - C:\Windows\Test.bat
HKU\S-1-5-21-349598337-85247011-4086345617-1000\...\Run: [Power2GoExpress] - NA
HKU\S-1-5-21-349598337-85247011-4086345617-1001\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)
HKU\S-1-5-21-349598337-85247011-4086345617-1001\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)
HKU\S-1-5-21-349598337-85247011-4086345617-1001\...\Run: [Spotify Web Helper] - C:\Users\Jan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-26] (Spotify Ltd)
HKU\S-1-5-21-349598337-85247011-4086345617-1001\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-349598337-85247011-4086345617-1001\...\MountPoints2: {fbc4af6a-8bf2-11e3-8455-b870f43e0eaf} - F:\AutoRun.exe
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [226920 2011-05-10] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [193128 2011-05-10] (NVIDIA Corporation)
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lingea Update Center.lnk
ShortcutTarget: Lingea Update Center.lnk -> C:\Program Files (x86)\Common Files\Lingea Shared\luc.exe (Lingea)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=LENN
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKCU - DefaultScope {3B01401F-6101-4F09-875F-66DC659CFD70} URL = http://search.seznam.cz/?q={searchTerms ... arch_13415
SearchScopes: HKCU - {3B01401F-6101-4F09-875F-66DC659CFD70} URL = http://search.seznam.cz/?q={searchTerms ... arch_13415
SearchScopes: HKCU - {CEE1CAD9-F83F-4821-B0CB-76B4764A45BB} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 212.96.160.7 212.96.161.6

Chrome:
=======
CHR HomePage: hxxp://www.google.cz/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-11]
CHR Extension: (Value apps) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon [2014-02-03]
CHR Extension: (Skype Click to Call) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-09-20]
CHR Extension: (Google Mail Checker) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-09-24]
CHR Extension: (Google Wallet) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-18]
CHR Extension: (WebSite Recommendation) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj [2013-09-26]
CHR Extension: (Ask Toolbar) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljcgbedjplidkdjahbaalanadmjfgop [2014-03-30]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Jan\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]
CHR HKLM-x32\...\Chrome\Extension: [pljcgbedjplidkdjahbaalanadmjfgop] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7C\CRX\ToolbarCR.crx [2014-02-25]

==================== Services (Whitelisted) =================

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-25] (APN LLC.)
R2 BBDemon; C:\Program Files\Dassault Systemes\B21\win_b64\code\bin\CATSysDemon.exe [46592 2011-01-08] (Dassault Systemes)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [970016 2011-05-12] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 Flexlm Service 1; C:\Users\Jan\AppData\Roaming\MSC.Software\MSC.Licensing\11.9\lmgrd.exe [1775440 2011-03-15] (Flexera Software, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()

==================== Drivers (Whitelisted) ====================

R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-13] (Broadcom Corporation.)
R3 DelayMan; C:\Windows\System32\DRIVERS\delayman.sys [20064 2011-09-06] (Ensurebit Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-09-18] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
R1 hybridcfile; C:\Windows\System32\DRIVERS\HybridCFileX64.sys [13920 2010-03-02] (Lenovo.)
R0 HybridDisk; C:\Windows\System32\DRIVERS\HybridDiskX64.sys [38496 2010-03-02] (Lenovo.)
R1 LUMDriver; C:\windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8199016 2011-03-23] (Realtek Semiconductor Corp.)
R1 winioex; C:\Windows\System32\drivers\winioex.sys [15456 2011-09-06] (Ensurebit Inc.)
U3 BcmSqlStartupSvc;
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
S3 Huawei; system32\DRIVERS\ewdcsc.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
U2 Oasis2Service;
U2 PCCarerService;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U3 SQLWriter;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-06 13:11 - 2014-04-06 13:11 - 00018762 _____ () C:\Users\Jan\Desktop\FRST.txt
2014-04-06 13:10 - 2014-04-06 13:11 - 00000000 ____D () C:\FRST
2014-04-06 13:08 - 2014-04-06 13:08 - 02157056 _____ (Farbar) C:\Users\Jan\Desktop\FRST64.exe
2014-04-06 13:08 - 2014-04-06 13:08 - 00112640 _____ (forum.viry.cz) C:\Users\Jan\Desktop\Unconfirmed 592124.crdownload
2014-03-31 18:43 - 2014-04-06 12:48 - 00000952 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf4d005e6d0ed1.job
2014-03-31 18:43 - 2014-04-06 09:31 - 00000948 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore1cf4d005e4e3bbd.job
2014-03-31 18:43 - 2014-03-31 18:43 - 00003948 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf4d005e6d0ed1
2014-03-31 18:43 - 2014-03-31 18:43 - 00003696 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf4d005e4e3bbd
2014-03-30 23:17 - 2014-03-30 23:23 - 00000000 ____D () C:\Users\Jan\Diplomova_prace_V2
2014-03-30 22:19 - 2014-03-30 23:25 - 00001132 _____ () C:\Users\Jan\Desktop\graphs.m
2014-03-30 21:45 - 2014-03-30 21:46 - 00000000 ____D () C:\Users\Jan\Desktop\2014-03-30
2014-03-30 18:48 - 2014-03-30 18:48 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-03-30 18:48 - 2014-03-30 18:48 - 00000000 ____D () C:\ProgramData\APN
2014-03-30 18:48 - 2014-03-30 18:48 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-03-30 18:47 - 2014-02-09 13:37 - 00000000 ____D () C:\Users\Jan\Desktop\PlotDigitizer_Windows
2014-03-30 18:46 - 2014-03-30 18:46 - 00000000 ____D () C:\ProgramData\Sun
2014-03-30 18:46 - 2014-03-30 18:46 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-30 18:45 - 2014-03-30 18:45 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-03-30 18:45 - 2014-03-30 18:45 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-03-30 18:45 - 2014-03-30 18:45 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-03-30 18:45 - 2014-03-30 18:45 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-30 18:45 - 2014-03-30 18:45 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-30 18:44 - 2014-03-30 18:44 - 01214986 _____ () C:\Users\Jan\Desktop\PlotDigitizer_2.6.4_Windows.zip
2014-03-25 07:15 - 2014-03-25 07:15 - 06406008 _____ () C:\Users\Jan\Desktop\Přístrojové vybavení malých sportovních a turistických letadel.ppsx
2014-03-24 20:42 - 2014-04-06 11:04 - 00000282 _____ () C:\Users\Jan\Desktop\DATABAZE.txt
2014-03-22 23:27 - 2014-03-25 07:14 - 06406008 _____ () C:\Users\Jan\Desktop\Přístrojové vybavení malých sportovních a turistických letadel.pptx
2014-03-20 23:34 - 2014-03-20 23:34 - 00000000 ____D () C:\Program Files (x86)\PSS
2014-03-18 00:00 - 2014-03-18 00:00 - 00000000 ____D () C:\Users\Jan\Desktop\2014-03-17
2014-03-17 23:10 - 2014-03-17 23:10 - 00138356 _____ () C:\Users\Jan\Desktop\37rfi4b1.igc
2014-03-16 16:31 - 2014-04-06 12:24 - 00020241 _____ () C:\Users\Jan\Documents\prijmyvydaje.xlsx
2014-03-13 13:54 - 2014-03-13 20:23 - 00000000 ____D () C:\Users\Jan\AppData\Local\Windows Live
2014-03-13 13:54 - 2014-03-13 13:54 - 00000000 ____D () C:\Users\Jan\AppData\Local\{4E893375-4538-489E-A959-A31038397C77}
2014-03-12 20:07 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-12 20:07 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-12 20:07 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-12 20:07 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-12 20:07 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-12 20:07 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-12 20:07 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-12 20:07 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-12 20:07 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-12 20:07 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-12 20:07 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-12 20:07 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-12 20:07 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-12 20:07 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-12 20:07 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-12 20:07 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-12 20:07 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-12 20:07 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-12 20:07 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-12 20:07 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-12 20:07 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-12 20:07 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-12 20:07 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-12 20:07 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-12 20:07 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-12 20:07 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-12 20:07 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-12 20:07 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-12 20:07 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-12 20:07 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-12 20:07 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-12 20:07 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-12 20:07 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-12 20:07 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-12 20:07 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-12 20:07 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-12 20:06 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-12 20:06 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-12 20:06 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-12 20:06 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-12 20:06 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-12 20:06 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-12 20:06 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-12 20:06 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-12 20:06 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-12 20:06 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-12 20:06 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-12 20:06 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-09 13:40 - 2014-03-09 13:41 - 00000000 ____D () C:\windows\WindowsMobile

==================== One Month Modified Files and Folders =======

2014-04-06 13:11 - 2014-04-06 13:11 - 00018762 _____ () C:\Users\Jan\Desktop\FRST.txt
2014-04-06 13:11 - 2014-04-06 13:10 - 00000000 ____D () C:\FRST
2014-04-06 13:08 - 2014-04-06 13:08 - 02157056 _____ (Farbar) C:\Users\Jan\Desktop\FRST64.exe
2014-04-06 13:08 - 2014-04-06 13:08 - 00112640 _____ (forum.viry.cz) C:\Users\Jan\Desktop\Unconfirmed 592124.crdownload
2014-04-06 12:49 - 2013-09-23 21:47 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Dropbox
2014-04-06 12:48 - 2014-03-31 18:43 - 00000952 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA1cf4d005e6d0ed1.job
2014-04-06 12:29 - 2013-09-18 19:45 - 00000000 ____D () C:\Users\Jan\Documents\Soubory aplikace Outlook
2014-04-06 12:24 - 2014-03-16 16:31 - 00020241 _____ () C:\Users\Jan\Documents\prijmyvydaje.xlsx
2014-04-06 11:04 - 2014-03-24 20:42 - 00000282 _____ () C:\Users\Jan\Desktop\DATABAZE.txt
2014-04-06 09:38 - 2009-07-14 06:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-06 09:38 - 2009-07-14 06:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-06 09:37 - 2009-07-14 07:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-06 09:33 - 2011-09-06 05:44 - 01131775 _____ () C:\windows\WindowsUpdate.log
2014-04-06 09:31 - 2014-03-31 18:43 - 00000948 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore1cf4d005e4e3bbd.job
2014-04-06 09:31 - 2014-02-26 11:56 - 00002740 _____ () C:\windows\System32\Tasks\AutoKMSDaily
2014-04-06 09:31 - 2014-02-26 11:56 - 00000202 _____ () C:\windows\Tasks\AutoKMSDaily.job
2014-04-06 09:31 - 2014-02-16 10:45 - 00286095 _____ () C:\FaceProv.log
2014-04-06 09:31 - 2013-11-11 17:25 - 00000000 ___RD () C:\Users\Jan\Disk Google
2014-04-06 09:31 - 2013-10-22 15:39 - 00076241 _____ () C:\windows\AutoKMS.log
2014-04-06 09:31 - 2013-10-21 19:23 - 00078848 _____ () C:\windows\KMSEmulator.exe
2014-04-06 09:31 - 2013-10-21 19:23 - 00000196 _____ () C:\windows\Tasks\AutoKMS.job
2014-04-06 09:31 - 2013-09-18 18:23 - 00000000 ___RD () C:\Users\Jan\Dropbox
2014-04-06 09:31 - 2011-09-06 06:32 - 00000000 ____D () C:\ProgramData\VeriFace
2014-04-06 09:31 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-06 09:31 - 2009-07-14 06:51 - 00069222 _____ () C:\windows\setupact.log
2014-04-01 15:47 - 2014-03-05 14:23 - 00000000 ____D () C:\SCRATCH
2014-04-01 15:02 - 2013-09-18 18:33 - 00000000 ____D () C:\Users\Jan\School
2014-04-01 12:37 - 2013-09-26 10:21 - 00000000 ____D () C:\Users\Jan\Documents\BitLord
2014-03-31 18:43 - 2014-03-31 18:43 - 00003948 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf4d005e6d0ed1
2014-03-31 18:43 - 2014-03-31 18:43 - 00003696 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf4d005e4e3bbd
2014-03-30 23:25 - 2014-03-30 22:19 - 00001132 _____ () C:\Users\Jan\Desktop\graphs.m
2014-03-30 23:23 - 2014-03-30 23:17 - 00000000 ____D () C:\Users\Jan\Diplomova_prace_V2
2014-03-30 23:17 - 2013-09-17 23:51 - 00000000 ____D () C:\Users\Jan
2014-03-30 22:08 - 2013-09-26 22:24 - 00000000 ____D () C:\Users\Jan\Documents\MATLAB
2014-03-30 21:56 - 2013-09-18 19:39 - 00000000 ____D () C:\Users\Jan\Documents\Lexicon
2014-03-30 21:46 - 2014-03-30 21:45 - 00000000 ____D () C:\Users\Jan\Desktop\2014-03-30
2014-03-30 18:48 - 2014-03-30 18:48 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-03-30 18:48 - 2014-03-30 18:48 - 00000000 ____D () C:\ProgramData\APN
2014-03-30 18:48 - 2014-03-30 18:48 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-03-30 18:46 - 2014-03-30 18:46 - 00000000 ____D () C:\ProgramData\Sun
2014-03-30 18:46 - 2014-03-30 18:46 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-30 18:45 - 2014-03-30 18:45 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-03-30 18:45 - 2014-03-30 18:45 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-03-30 18:45 - 2014-03-30 18:45 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-03-30 18:45 - 2014-03-30 18:45 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-30 18:45 - 2014-03-30 18:45 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-30 18:44 - 2014-03-30 18:44 - 01214986 _____ () C:\Users\Jan\Desktop\PlotDigitizer_2.6.4_Windows.zip
2014-03-25 07:15 - 2014-03-25 07:15 - 06406008 _____ () C:\Users\Jan\Desktop\Přístrojové vybavení malých sportovních a turistických letadel.ppsx
2014-03-25 07:14 - 2014-03-22 23:27 - 06406008 _____ () C:\Users\Jan\Desktop\Přístrojové vybavení malých sportovních a turistických letadel.pptx
2014-03-23 23:56 - 2013-10-09 21:29 - 00000000 ____D () C:\Users\Jan\EVE
2014-03-23 09:33 - 2009-07-14 07:08 - 00032652 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-03-21 04:01 - 2013-09-22 20:27 - 00000000 ____D () C:\windows\system32\MRT
2014-03-21 04:00 - 2013-09-22 20:26 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-20 23:34 - 2014-03-20 23:34 - 00000000 ____D () C:\Program Files (x86)\PSS
2014-03-18 00:00 - 2014-03-18 00:00 - 00000000 ____D () C:\Users\Jan\Desktop\2014-03-17
2014-03-17 23:10 - 2014-03-17 23:10 - 00138356 _____ () C:\Users\Jan\Desktop\37rfi4b1.igc
2014-03-16 19:45 - 2013-09-19 23:13 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-13 20:23 - 2014-03-13 13:54 - 00000000 ____D () C:\Users\Jan\AppData\Local\Windows Live
2014-03-13 13:54 - 2014-03-13 13:54 - 00000000 ____D () C:\Users\Jan\AppData\Local\{4E893375-4538-489E-A959-A31038397C77}
2014-03-13 04:19 - 2009-07-14 06:45 - 00886096 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-13 04:18 - 2013-09-19 01:28 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 04:18 - 2013-09-19 01:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 04:02 - 2013-09-18 19:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-09 13:41 - 2014-03-09 13:40 - 00000000 ____D () C:\windows\WindowsMobile

Some content of TEMP:
====================
C:\Users\Jan\AppData\Local\Temp\APNSetup.exe
C:\Users\Jan\AppData\Local\Temp\bi_cleaner.exe
C:\Users\Jan\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Jan\AppData\Local\Temp\dlLogic.exe
C:\Users\Jan\AppData\Local\Temp\InstHelper.exe
C:\Users\Jan\AppData\Local\Temp\listicka-partner-13415-1.1.2-offline.exe
C:\Users\Jan\AppData\Local\Temp\ose00000.exe
C:\Users\Jan\AppData\Local\Temp\ResetDevice.exe
C:\Users\Jan\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 17:08

==================== End Of Log ============================


Děkuji předem za poskytnuté informace jak se toho šmejdu zbavit!

Re: Problém s virem JS/Kryptik.I Trojský kůň

Napsal: 06 dub 2014 15:31
od Rudy
Zdravím!
Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

Re: Problém s virem JS/Kryptik.I Trojský kůň

Napsal: 07 dub 2014 20:00
od ventus2
Combofix log zde:
ComboFix 14-04-06.01 - Jan 07.04.2014 19:47:46.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1033.18.8136.5031 [GMT 2:00]
Spuštěný z: c:\users\Jan\Desktop\ComboFix.exe
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personální firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
C:\Install.exe
c:\programdata\Roaming
c:\users\Jan\AppData\Local\Temp\_MEI44123\_ctypes.pyd
c:\users\Jan\AppData\Local\Temp\_MEI44123\_elementtree.pyd
c:\users\Jan\AppData\Local\Temp\_MEI44123\_hashlib.pyd
c:\users\Jan\AppData\Local\Temp\_MEI44123\_multiprocessing.pyd
c:\users\Jan\AppData\Local\Temp\_MEI44123\_socket.pyd
c:\users\Jan\AppData\Local\Temp\_MEI44123\_ssl.pyd
c:\users\Jan\AppData\Local\Temp\_MEI44123\pyexpat.pyd
c:\users\Jan\AppData\Local\Temp\_MEI44123\pysqlite2._sqlite.pyd
c:\users\Jan\AppData\Local\Temp\_MEI44123\python27.dll
c:\users\Jan\AppData\Local\Temp\_MEI44123\pythoncom27.dll
c:\users\Jan\AppData\Local\Temp\_MEI44123\PyWinTypes27.dll
c:\users\Jan\AppData\Local\Temp\_MEI44123\select.pyd
c:\users\Jan\AppData\Local\Temp\_MEI44123\unicodedata.pyd
c:\users\Jan\AppData\Local\Temp\_MEI44123\win32api.pyd
c:\users\Jan\AppData\Local\Temp\_MEI44123\win32com.shell.shell.pyd
c:\users\Jan\AppData\Local\Temp\_MEI44123\win32crypt.pyd
c:\users\Jan\AppData\Local\Temp\_MEI44123\win32event.pyd
c:\users\Jan\AppData\Local\Temp\_MEI44123\win32file.pyd
c:\users\Jan\AppData\Local\Temp\_MEI44123\win32inet.pyd
c:\users\Jan\AppData\Local\Temp\_MEI44123\win32pdh.pyd
c:\users\Jan\AppData\Local\Temp\_MEI44123\win32pipe.pyd
c:\users\Jan\AppData\Local\Temp\_MEI44123\win32process.pyd
c:\users\Jan\AppData\Local\Temp\_MEI44123\win32profile.pyd
c:\users\Jan\AppData\Local\Temp\_MEI44123\win32security.pyd
c:\users\Jan\AppData\Local\Temp\_MEI44123\win32ts.pyd
c:\users\Jan\AppData\Local\Temp\_MEI44123\windows._lib_cacheinvalidation.pyd
c:\users\Jan\AppData\Local\Temp\_MEI44123\wx._controls_.pyd
c:\users\Jan\AppData\Local\Temp\_MEI44123\wx._core_.pyd
c:\users\Jan\AppData\Local\Temp\_MEI44123\wx._gdi_.pyd
c:\users\Jan\AppData\Local\Temp\_MEI44123\wx._html2.pyd
c:\users\Jan\AppData\Local\Temp\_MEI44123\wx._misc_.pyd
c:\users\Jan\AppData\Local\Temp\_MEI44123\wx._windows_.pyd
c:\users\Jan\AppData\Local\Temp\_MEI44123\wx._wizard.pyd
c:\users\Jan\AppData\Local\Temp\_MEI44123\wxbase294u_net_vc90.dll
c:\users\Jan\AppData\Local\Temp\_MEI44123\wxbase294u_vc90.dll
c:\users\Jan\AppData\Local\Temp\_MEI44123\wxmsw294u_adv_vc90.dll
c:\users\Jan\AppData\Local\Temp\_MEI44123\wxmsw294u_core_vc90.dll
c:\users\Jan\AppData\Local\Temp\_MEI44123\wxmsw294u_html_vc90.dll
c:\users\Jan\AppData\Local\Temp\_MEI44123\wxmsw294u_webview_vc90.dll
c:\windows\s.bat
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-07 do 2014-04-07 )))))))))))))))))))))))))))))))
.
.
2014-04-07 18:16 . 2014-04-07 18:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-07 18:16 . 2014-04-07 18:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-04-07 18:16 . 2014-04-07 18:16 -------- d-----w- c:\users\Host\AppData\Local\temp
2014-04-06 15:17 . 2014-04-06 15:17 -------- d-----w- c:\users\Jan\AppData\Roaming\PDF Architect
2014-04-06 15:15 . 2014-04-06 15:15 -------- d-----w- c:\program files (x86)\PDF Architect
2014-04-06 15:15 . 2014-04-06 15:15 -------- d-----w- c:\users\Jan\AppData\Roaming\pdfforge
2014-04-06 15:15 . 2013-04-09 12:13 110264 ----a-w- c:\windows\system32\pdfcmon.dll
2014-04-06 15:15 . 2012-05-05 08:54 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2014-04-06 15:15 . 2012-05-05 08:54 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2014-04-06 15:15 . 2014-04-06 15:15 -------- d-----w- c:\program files (x86)\PDFCreator
2014-04-06 15:15 . 2012-05-05 08:54 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2014-04-06 11:10 . 2014-04-06 11:12 -------- d-----w- C:\FRST
2014-04-04 19:42 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7DD9A71C-F94B-492A-9692-0BBB53ADF5D2}\mpengine.dll
2014-03-30 21:17 . 2014-03-30 21:23 -------- d-----w- c:\users\Jan\Diplomova_prace_V2
2014-03-30 16:48 . 2014-03-30 16:48 -------- d-----w- c:\programdata\AskPartnerNetwork
2014-03-30 16:48 . 2014-03-30 16:48 -------- d-----w- c:\program files (x86)\AskPartnerNetwork
2014-03-30 16:48 . 2014-03-30 16:48 -------- d-----w- c:\programdata\APN
2014-03-30 16:46 . 2014-03-30 16:46 -------- d-----w- c:\programdata\Oracle
2014-03-30 16:46 . 2014-03-30 16:46 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-03-30 16:45 . 2014-03-30 16:45 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-30 16:45 . 2014-03-30 16:45 -------- d-----w- c:\program files (x86)\Java
2014-03-20 21:34 . 2014-03-20 21:34 -------- d-----w- c:\program files (x86)\PSS
2014-03-13 11:54 . 2014-03-13 18:23 -------- d-----w- c:\users\Jan\AppData\Local\Windows Live
2014-03-12 18:06 . 2014-03-01 04:33 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-09 11:40 . 2014-03-09 11:41 -------- d-----w- c:\windows\WindowsMobile
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-07 18:19 . 2013-10-21 17:23 78848 ----a-w- c:\windows\KMSEmulator.exe
2014-03-21 02:00 . 2013-09-22 18:26 90015360 ----a-w- c:\windows\system32\MRT.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-01-30 21822128]
"Spotify Web Helper"="c:\users\Jan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-01-26 1171968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-09-06 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2014-02-25 1758160]
.
c:\users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jan\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
Lingea Update Center.lnk - c:\program files (x86)\Common Files\Lingea Shared\luc.exe [2013-9-18 275736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-5-12 1211168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys;c:\windows\SYSNATIVE\DRIVERS\ewdcsc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 HybridDisk;HybridDisk;c:\windows\System32\DRIVERS\HybridDiskX64.sys;c:\windows\SYSNATIVE\DRIVERS\HybridDiskX64.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 hybridcfile;hybridcfile;c:\windows\system32\DRIVERS\HybridCFileX64.sys;c:\windows\SYSNATIVE\DRIVERS\HybridCFileX64.sys [x]
S1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys;c:\windows\SYSNATIVE\drivers\LUMDriver.sys [x]
S1 winioex;winioex;c:\windows\system32\drivers\winioex.sys;c:\windows\SYSNATIVE\drivers\winioex.sys [x]
S2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 BBDemon;Backbone Service;c:\program files\Dassault Systemes\B21\win_b64\code\bin\CATSysDemon.exe;c:\program files\Dassault Systemes\B21\win_b64\code\bin\CATSysDemon.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 Flexlm Service 1;Flexlm Service 1;c:\users\Jan\AppData\Roaming\MSC.Software\MSC.Licensing\11.9\lmgrd.exe;c:\users\Jan\AppData\Roaming\MSC.Software\MSC.Licensing\11.9\lmgrd.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 DelayMan;ACPI DelayMan Filter Service;c:\windows\system32\DRIVERS\delayman.sys;c:\windows\SYSNATIVE\DRIVERS\delayman.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 16:42 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-07 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2013-10-21 17:23]
.
2014-04-07 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS.exe [2013-10-21 17:23]
.
2014-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf4d005e4e3bbd.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-06 04:26]
.
2014-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf4d005e6d0ed1.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-06 04:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-09-06 04:32 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-09-06 789920]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-09-06 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-09-06 5908928]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5618456]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uStart Page = hxxp://lenovo.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 212.96.160.7 212.96.161.6
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\TeamViewer\Version9\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version9\tv_w32.exe
c:\users\Jan\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\windows\SysWOW64\RunDll32.exe
.
**************************************************************************
.
Celkový čas: 2014-04-07 21:02:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-04-07 19:01
.
Před spuštěním: 388 857 909 248 bytes free
Po spuštění: 394 351 243 264 bytes free
.
- - End Of File - - AAEB1C008886CFFE52B28CEAF35A76E5

Re: Problém s virem JS/Kryptik.I Trojský kůň

Napsal: 07 dub 2014 20:41
od Rudy
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
KillAll::

Folder::
c:\programdata\AskPartnerNetwork
c:\program files (x86)\AskPartnerNetwork
c:\programdata\APN
c:\program files (x86)\AskPartnerNetwork
c:\program files (x86)\Skype\Toolbars

File::
c:\windows\KMSEmulator.exe
c:\windows\Tasks\AutoKMS.job
c:\windows\Tasks\AutoKMSDaily.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf4d005e4e3bbd.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf4d005e6d0ed1.job

Driver::
c2cautoupdatesvc

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"ApnTBMon"=-

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: Problém s virem JS/Kryptik.I Trojský kůň

Napsal: 08 dub 2014 05:37
od ventus2
Následný log
ComboFix 14-04-06.01 - Jan 07.04.2014 23:47:29.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1033.18.8136.4759 [GMT 2:00]
Spuštěný z: c:\users\Jan\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jan\Desktop\CFScript.txt
AV: ESET Smart Security 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personální firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\KMSEmulator.exe"
"c:\windows\Tasks\AutoKMS.job"
"c:\windows\Tasks\AutoKMSDaily.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf4d005e4e3bbd.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf4d005e6d0ed1.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AskPartnerNetwork
c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
c:\program files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe
c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\1031.mst
c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\1033.mst
c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\1034.mst
c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\1036.mst
c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\1040.mst
c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\1041.mst
c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\1043.mst
c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\1045.mst
c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\1049.mst
c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\2070.mst
c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions\toolbar_ORJ-V7C@apn.ask.com.xpi
c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\AskToolbarInstaller-12.10.3_ORJ-V7C.msi
c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\{Crx_Version}\Toolbar.crx
c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\ToolbarCR.crx
c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\Update.xml
c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll
c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll
c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe
c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll
c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe
c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\SO.dll
c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll
c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe
c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll
c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll
c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe
c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\Updater\{PartnerID}\config.xml
c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\Updater\ask-search.xml
c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\VNT\content.zip
c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\VNT\vntldr.exe
c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Source\program files\VNT\vntsrv.dll
c:\program files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe
c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\ask-search.xml
c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\ORJ-V7C\config.xml
c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
c:\program files (x86)\Skype\Toolbars
c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
c:\program files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx
c:\program files (x86)\Skype\Toolbars\Internet Explorer x64\icon.ico
c:\program files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll
c:\program files (x86)\Skype\Toolbars\Internet Explorer\icon.ico
c:\program files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
c:\program files (x86)\Skype\Toolbars\Shared x64\SkypeBrowserOptions.dll
c:\program files (x86)\Skype\Toolbars\Shared x64\SkypePnr.dll
c:\program files (x86)\Skype\Toolbars\Shared\root.pem
c:\program files (x86)\Skype\Toolbars\Shared\SkypeBrowserOptions.dll
c:\program files (x86)\Skype\Toolbars\Shared\SkypePnr.dll
c:\programdata\APN
c:\programdata\AskPartnerNetwork
c:\programdata\AskPartnerNetwork\Toolbar\ORJ-V7C\CRX\ToolbarCR.crx
c:\programdata\AskPartnerNetwork\Toolbar\ORJ-V7C\Updater\Config\Config.31.6.3.0-4.xml
c:\programdata\AskPartnerNetwork\Toolbar\ORJ-V7C\Updater\Response\Response.31.6.3.0-3.xml
c:\programdata\AskPartnerNetwork\Toolbar\ORJ-V7C\Updater\Response\Response.31.6.3.0-4.xml
c:\users\Jan\AppData\Local\Temp\_MEI46882\_ctypes.pyd
c:\users\Jan\AppData\Local\Temp\_MEI46882\_elementtree.pyd
c:\users\Jan\AppData\Local\Temp\_MEI46882\_hashlib.pyd
c:\users\Jan\AppData\Local\Temp\_MEI46882\_multiprocessing.pyd
c:\users\Jan\AppData\Local\Temp\_MEI46882\_socket.pyd
c:\users\Jan\AppData\Local\Temp\_MEI46882\_ssl.pyd
c:\users\Jan\AppData\Local\Temp\_MEI46882\pyexpat.pyd
c:\users\Jan\AppData\Local\Temp\_MEI46882\pysqlite2._sqlite.pyd
c:\users\Jan\AppData\Local\Temp\_MEI46882\python27.dll
c:\users\Jan\AppData\Local\Temp\_MEI46882\pythoncom27.dll
c:\users\Jan\AppData\Local\Temp\_MEI46882\PyWinTypes27.dll
c:\users\Jan\AppData\Local\Temp\_MEI46882\select.pyd
c:\users\Jan\AppData\Local\Temp\_MEI46882\unicodedata.pyd
c:\users\Jan\AppData\Local\Temp\_MEI46882\win32api.pyd
c:\users\Jan\AppData\Local\Temp\_MEI46882\win32com.shell.shell.pyd
c:\users\Jan\AppData\Local\Temp\_MEI46882\win32crypt.pyd
c:\users\Jan\AppData\Local\Temp\_MEI46882\win32event.pyd
c:\users\Jan\AppData\Local\Temp\_MEI46882\win32file.pyd
c:\users\Jan\AppData\Local\Temp\_MEI46882\win32inet.pyd
c:\users\Jan\AppData\Local\Temp\_MEI46882\win32pdh.pyd
c:\users\Jan\AppData\Local\Temp\_MEI46882\win32pipe.pyd
c:\users\Jan\AppData\Local\Temp\_MEI46882\win32process.pyd
c:\users\Jan\AppData\Local\Temp\_MEI46882\win32profile.pyd
c:\users\Jan\AppData\Local\Temp\_MEI46882\win32security.pyd
c:\users\Jan\AppData\Local\Temp\_MEI46882\win32ts.pyd
c:\users\Jan\AppData\Local\Temp\_MEI46882\windows._lib_cacheinvalidation.pyd
c:\users\Jan\AppData\Local\Temp\_MEI46882\wx._controls_.pyd
c:\users\Jan\AppData\Local\Temp\_MEI46882\wx._core_.pyd
c:\users\Jan\AppData\Local\Temp\_MEI46882\wx._gdi_.pyd
c:\users\Jan\AppData\Local\Temp\_MEI46882\wx._html2.pyd
c:\users\Jan\AppData\Local\Temp\_MEI46882\wx._misc_.pyd
c:\users\Jan\AppData\Local\Temp\_MEI46882\wx._windows_.pyd
c:\users\Jan\AppData\Local\Temp\_MEI46882\wx._wizard.pyd
c:\users\Jan\AppData\Local\Temp\_MEI46882\wxbase294u_net_vc90.dll
c:\users\Jan\AppData\Local\Temp\_MEI46882\wxbase294u_vc90.dll
c:\users\Jan\AppData\Local\Temp\_MEI46882\wxmsw294u_adv_vc90.dll
c:\users\Jan\AppData\Local\Temp\_MEI46882\wxmsw294u_core_vc90.dll
c:\users\Jan\AppData\Local\Temp\_MEI46882\wxmsw294u_html_vc90.dll
c:\users\Jan\AppData\Local\Temp\_MEI46882\wxmsw294u_webview_vc90.dll
c:\windows\KMSEmulator.exe
c:\windows\Tasks\AutoKMS.job
c:\windows\Tasks\AutoKMSDaily.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf4d005e4e3bbd.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf4d005e6d0ed1.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_c2cautoupdatesvc
-------\Service_APNMCP
-------\Service_c2cpnrsvc
-------\Service_APNMCP
-------\Service_c2cpnrsvc
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-07 do 2014-04-07 )))))))))))))))))))))))))))))))
.
.
2014-04-07 22:24 . 2014-04-07 22:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-04-07 22:24 . 2014-04-07 22:24 -------- d-----w- c:\users\Host\AppData\Local\temp
2014-04-07 22:24 . 2014-04-07 22:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-06 15:17 . 2014-04-06 15:17 -------- d-----w- c:\users\Jan\AppData\Roaming\PDF Architect
2014-04-06 15:15 . 2014-04-06 15:15 -------- d-----w- c:\program files (x86)\PDF Architect
2014-04-06 15:15 . 2014-04-06 15:15 -------- d-----w- c:\users\Jan\AppData\Roaming\pdfforge
2014-04-06 15:15 . 2013-04-09 12:13 110264 ----a-w- c:\windows\system32\pdfcmon.dll
2014-04-06 15:15 . 2012-05-05 08:54 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2014-04-06 15:15 . 2012-05-05 08:54 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2014-04-06 15:15 . 2014-04-06 15:15 -------- d-----w- c:\program files (x86)\PDFCreator
2014-04-06 15:15 . 2012-05-05 08:54 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2014-04-06 11:10 . 2014-04-06 11:12 -------- d-----w- C:\FRST
2014-04-04 19:42 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7DD9A71C-F94B-492A-9692-0BBB53ADF5D2}\mpengine.dll
2014-03-30 21:17 . 2014-03-30 21:23 -------- d-----w- c:\users\Jan\Diplomova_prace_V2
2014-03-30 16:46 . 2014-03-30 16:46 -------- d-----w- c:\programdata\Oracle
2014-03-30 16:46 . 2014-03-30 16:46 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-03-30 16:45 . 2014-03-30 16:45 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-30 16:45 . 2014-03-30 16:45 -------- d-----w- c:\program files (x86)\Java
2014-03-20 21:34 . 2014-03-20 21:34 -------- d-----w- c:\program files (x86)\PSS
2014-03-13 11:54 . 2014-03-13 18:23 -------- d-----w- c:\users\Jan\AppData\Local\Windows Live
2014-03-12 18:06 . 2014-03-01 04:33 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-09 11:40 . 2014-03-09 11:41 -------- d-----w- c:\windows\WindowsMobile
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-21 02:00 . 2013-09-22 18:26 90015360 ----a-w- c:\windows\system32\MRT.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-01-30 21822128]
"Spotify Web Helper"="c:\users\Jan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-01-26 1171968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-09-06 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
.
c:\users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jan\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
Lingea Update Center.lnk - c:\program files (x86)\Common Files\Lingea Shared\luc.exe [2013-9-18 275736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-5-12 1211168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys;c:\windows\SYSNATIVE\DRIVERS\ewdcsc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 HybridDisk;HybridDisk;c:\windows\System32\DRIVERS\HybridDiskX64.sys;c:\windows\SYSNATIVE\DRIVERS\HybridDiskX64.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 hybridcfile;hybridcfile;c:\windows\system32\DRIVERS\HybridCFileX64.sys;c:\windows\SYSNATIVE\DRIVERS\HybridCFileX64.sys [x]
S1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys;c:\windows\SYSNATIVE\drivers\LUMDriver.sys [x]
S1 winioex;winioex;c:\windows\system32\drivers\winioex.sys;c:\windows\SYSNATIVE\drivers\winioex.sys [x]
S2 BBDemon;Backbone Service;c:\program files\Dassault Systemes\B21\win_b64\code\bin\CATSysDemon.exe;c:\program files\Dassault Systemes\B21\win_b64\code\bin\CATSysDemon.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 Flexlm Service 1;Flexlm Service 1;c:\users\Jan\AppData\Roaming\MSC.Software\MSC.Licensing\11.9\lmgrd.exe;c:\users\Jan\AppData\Roaming\MSC.Software\MSC.Licensing\11.9\lmgrd.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 DelayMan;ACPI DelayMan Filter Service;c:\windows\system32\DRIVERS\delayman.sys;c:\windows\SYSNATIVE\DRIVERS\delayman.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 16:42 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 14:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-09-06 04:32 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-09-06 789920]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-09-06 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-09-06 5908928]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5618456]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uStart Page = hxxp://lenovo.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 212.96.160.7 212.96.161.6
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\TeamViewer\Version9\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version9\tv_w32.exe
c:\users\Jan\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Celkový čas: 2014-04-08 01:07:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-04-07 23:06
ComboFix2.txt 2014-04-07 19:02
.
Před spuštěním: 394 105 946 112 bytes free
Po spuštění: 393 586 118 656 bytes free
.
- - End Of File - - 5E09870C6C028F54DFF353289AF0A791

Re: Problém s virem JS/Kryptik.I Trojský kůň

Napsal: 08 dub 2014 18:25
od Rudy
OK. Nastala nějaká změna?

Re: Problém s virem JS/Kryptik.I Trojský kůň

Napsal: 08 dub 2014 21:49
od ventus2
Nechci se předčasně radovat, ale hláška ESETu už se neukazuje :-).
Pokud je tedy problém vyřešen, mnohokrát vám děkuji za pomoc!

Re: Problém s virem JS/Kryptik.I Trojský kůň

Napsal: 09 dub 2014 17:08
od Rudy
Měl by být vyřešen. Zatím nemáte zač a bude-li třeba,ozvěte se. :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz