VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

HTML/Fraud.BQ, Win32/InstallMonetizer.AQ a Win32/Hao123.A

https://forum.viry.cz:443/viewtopic.php?t=138195

Stránka 1 z 2

HTML/Fraud.BQ, Win32/InstallMonetizer.AQ a Win32/Hao123.A

Napsal: 24 kvě 2014 06:51
od dandar
Ahoj, Eset mi zachytil a vyléčil tyto viry, ale od té doby je můj NTB zpomalený a nejdou spustit některé programy (např. CCleaner). Požádám Vás o kontrolu, zda v systému není ještě nějaká ta potvora. Díky...

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-05-2014
Ran by Acer (administrator) on ACERR-NTB on 24-05-2014 07:34:41
Running from C:\Users\Acer\Desktop
Platform: Windows 8 (X64) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(forum.viry.cz) C:\Users\Acer\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [10592256 2014-03-18] (Broadcom Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876304 2013-01-18] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13267016 2013-01-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1276488 2013-01-18] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [4148664 2013-10-07] (ESET)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2014-03-18] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
SearchScopes: HKLM - DefaultScope {9BE538B0-98BE-4950-BA4E-8074A6EFE854} URL = http://www.bing.com/search?q={searchTer ... &pc=MAARJS
SearchScopes: HKLM - {9BE538B0-98BE-4950-BA4E-8074A6EFE854} URL = http://www.bing.com/search?q={searchTer ... &pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope {9BE538B0-98BE-4950-BA4E-8074A6EFE854} URL = http://www.bing.com/search?q={searchTer ... &pc=MAARJS
SearchScopes: HKLM-x32 - {9BE538B0-98BE-4950-BA4E-8074A6EFE854} URL = http://www.bing.com/search?q={searchTer ... &pc=MAARJS
SearchScopes: HKCU - DefaultScope {9BE538B0-98BE-4950-BA4E-8074A6EFE854} URL =
SearchScopes: HKCU - {9BE538B0-98BE-4950-BA4E-8074A6EFE854} URL =
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\luu8yumh.default
FF Homepage: http://www.idnes.cz
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 - C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Český slovník pro kontrolu pravopisu - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\luu8yumh.default\Extensions\cs@dictionaries.addons.mozilla.org [2014-03-21]
FF Extension: Adblock Plus - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\luu8yumh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-20]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird
FF Extension: ESET Endpoint Security Extension - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird [2014-03-21]

==================== Services (Whitelisted) =================

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2227992 2012-10-01] (Broadcom Corporation.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-20] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-17] (Acer Incorporated)
S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [42048 2013-10-07] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [1025584 2013-10-07] (ESET)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated)
S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [191368 2013-10-07] (ESET)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2013-01-18] (ELAN Microelectronics Corp.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2014-03-18] (Dritek System INC.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [6068736 2014-03-18] (Broadcom Corporation)

==================== Drivers (Whitelisted) ====================

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [169240 2012-10-01] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6835784 2012-10-13] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [219184 2013-10-25] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [185224 2013-09-09] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [155896 2013-09-09] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [147096 2013-09-09] (ESET)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2014-03-18] (Dritek System Inc.)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(http://www.devguru.co.kr))

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-24 07:34 - 2014-05-24 07:34 - 00012369 _____ () C:\Users\Acer\Desktop\FRST.txt
2014-05-24 07:34 - 2014-05-24 07:34 - 00000000 ____D () C:\FRST
2014-05-24 07:32 - 2014-05-24 07:32 - 00112640 _____ (forum.viry.cz) C:\Users\Acer\Desktop\FRSTLauncher.exe
2014-05-24 07:28 - 2014-05-24 07:29 - 02067456 _____ (Farbar) C:\Users\Acer\Desktop\FRST64.exe
2014-05-24 07:25 - 2014-05-24 07:32 - 00000000 ____D () C:\rsit
2014-05-24 07:25 - 2014-05-24 07:25 - 00000000 ____D () C:\Program Files\trend micro
2014-05-24 07:24 - 2014-05-24 07:24 - 00935175 _____ () C:\Users\Acer\Desktop\RSITx64.exe
2014-05-23 12:35 - 2014-05-23 17:17 - 00000000 ____D () C:\Users\Acer\Desktop\B958
2014-05-23 12:32 - 2014-05-23 12:33 - 00000000 ____D () C:\Users\Acer\Desktop\B958_Huawei
2014-05-23 12:29 - 2014-05-23 12:30 - 00000000 ____D () C:\Users\Acer\Desktop\B895
2014-05-22 20:41 - 2014-05-22 20:41 - 00000000 ____D () C:\Users\Acer\Desktop\B948 Sin
2014-05-22 19:25 - 2014-05-22 19:25 - 00000000 ____D () C:\Users\Acer\Desktop\B937
2014-05-21 19:12 - 2014-05-21 19:33 - 00000000 ____D () C:\Users\Acer\Documents\Wave
2014-05-21 12:24 - 2014-05-21 12:24 - 00000000 ____D () C:\Users\Acer\Desktop\B952 orig
2014-05-21 10:27 - 2014-05-21 10:27 - 00000000 ____D () C:\Users\Acer\Desktop\B894_2
2014-05-21 10:11 - 2014-05-21 10:11 - 00000000 ____D () C:\Users\Acer\Desktop\B894
2014-05-21 10:11 - 2014-05-21 10:11 - 00000000 ____D () C:\Users\Acer\AppData\Local\GHISLER
2014-05-21 10:10 - 2014-05-21 10:10 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2014-05-21 10:10 - 2014-05-21 10:10 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\GHISLER
2014-05-21 10:10 - 2014-05-21 10:10 - 00000000 ____D () C:\totalcmd
2014-05-21 08:13 - 2014-05-21 08:13 - 00000000 ____D () C:\Users\Acer\Desktop\B952
2014-05-21 07:52 - 2014-05-21 07:52 - 36283976 _____ () C:\Users\Acer\Desktop\HiSuiteSetup_v1.8.10.26.06.zip
2014-05-21 07:44 - 2014-05-21 07:44 - 00000000 ____D () C:\Users\Acer\Desktop\G300 downgrade
2014-05-19 14:48 - 2014-05-19 14:48 - 00000000 ____D () C:\Users\Acer\Documents\PDF Architect 2
2014-05-19 14:48 - 2014-05-19 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-05-19 14:48 - 2014-05-19 14:48 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2
2014-05-19 14:47 - 2014-05-24 07:18 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-05-19 14:47 - 2014-05-19 14:47 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\pdfforge
2014-05-19 14:47 - 2014-05-19 14:47 - 00000000 ____D () C:\Users\Acer\AppData\Local\ESET
2014-05-19 14:47 - 2014-05-19 14:47 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-05-19 14:47 - 2014-05-19 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-05-19 14:47 - 2014-04-25 17:44 - 01070152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2014-05-19 14:47 - 2014-04-25 17:44 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2014-05-19 14:47 - 2014-04-25 17:44 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2014-05-19 14:47 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2014-05-14 10:46 - 2014-03-28 21:19 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-14 10:46 - 2014-03-28 10:23 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 10:46 - 2014-03-28 08:18 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 10:46 - 2014-03-24 00:11 - 00269592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-14 10:45 - 2014-05-06 07:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 10:45 - 2014-05-06 07:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 10:45 - 2014-05-06 05:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 10:45 - 2014-05-06 05:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 10:45 - 2014-05-06 05:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 10:45 - 2014-05-06 05:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 10:45 - 2014-04-12 11:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 10:45 - 2014-04-12 11:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 10:45 - 2014-04-12 11:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-05-14 10:45 - 2014-04-12 11:09 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-05-14 10:45 - 2014-04-12 11:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 10:45 - 2014-04-12 11:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 10:45 - 2014-04-12 11:08 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 10:45 - 2014-04-12 11:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 10:45 - 2014-04-12 11:08 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-05-14 10:45 - 2014-04-12 11:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 10:45 - 2014-04-12 11:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 10:45 - 2014-04-12 09:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-05-14 10:45 - 2014-04-12 09:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-05-14 10:45 - 2014-04-12 09:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 10:45 - 2014-04-12 09:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 10:45 - 2014-04-12 09:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 10:45 - 2014-04-12 09:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 10:45 - 2014-04-12 09:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 10:45 - 2014-04-12 08:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll
2014-05-14 10:45 - 2014-03-28 10:23 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-05-14 10:45 - 2014-03-11 05:32 - 06987096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 10:45 - 2014-03-11 05:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 10:45 - 2014-03-11 02:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 10:45 - 2014-03-11 02:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 10:45 - 2014-03-11 02:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 10:45 - 2014-03-11 02:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 10:45 - 2014-03-11 02:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 10:45 - 2014-03-11 02:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 10:45 - 2014-03-11 02:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 10:45 - 2014-03-11 02:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-05-14 10:45 - 2014-03-11 02:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 10:45 - 2014-03-11 02:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 10:45 - 2014-03-11 02:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 10:45 - 2014-03-10 05:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 10:45 - 2014-03-10 03:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 10:45 - 2014-03-04 01:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-05-14 10:45 - 2014-03-01 11:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-14 10:45 - 2014-03-01 11:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-05-14 10:45 - 2014-03-01 10:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-05-14 10:45 - 2014-03-01 08:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-05-14 10:45 - 2014-02-27 01:18 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-05-14 10:45 - 2014-02-27 01:18 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-05-14 10:45 - 2014-02-27 01:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-05-14 10:45 - 2014-02-27 01:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-05-14 10:45 - 2014-02-15 06:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-05-14 10:10 - 2014-05-14 10:10 - 00000000 ____D () C:\Users\Public\Documents\sun
2014-05-14 09:47 - 2014-05-14 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2
2014-05-14 09:46 - 2014-05-14 09:47 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-05-13 13:48 - 2014-05-13 13:48 - 00006144 _____ () C:\Users\Acer\Desktop\Ceny_štítek.xls
2014-05-12 11:18 - 2014-05-12 11:20 - 00044281 _____ () C:\Users\Acer\Desktop\Platby.ods
2014-05-10 10:24 - 2014-05-19 09:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-07 11:09 - 2014-05-14 08:48 - 00031232 _____ () C:\Users\Acer\Desktop\Zbozi_MO.xls
2014-05-07 09:18 - 2014-05-07 09:18 - 00061558 _____ () C:\Users\Acer\Desktop\Analýza dokladů.ods
2014-05-06 10:43 - 2014-04-19 11:39 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-05-06 10:43 - 2014-04-19 10:45 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-06 10:43 - 2014-04-19 10:45 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 10:43 - 2014-04-19 08:57 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-06 10:43 - 2014-04-19 08:57 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-05 08:15 - 2014-05-09 08:10 - 00020124 _____ () C:\Users\Acer\Desktop\Nesouhlas.odt
2014-04-29 10:44 - 2014-05-24 07:18 - 00000000 ____D () C:\Users\Acer\AppData\Local\CrashDumps

==================== One Month Modified Files and Folders =======

2014-05-24 07:34 - 2014-05-24 07:34 - 00012369 _____ () C:\Users\Acer\Desktop\FRST.txt
2014-05-24 07:34 - 2014-05-24 07:34 - 00000000 ____D () C:\FRST
2014-05-24 07:32 - 2014-05-24 07:32 - 00112640 _____ (forum.viry.cz) C:\Users\Acer\Desktop\FRSTLauncher.exe
2014-05-24 07:32 - 2014-05-24 07:25 - 00000000 ____D () C:\rsit
2014-05-24 07:29 - 2014-05-24 07:28 - 02067456 _____ (Farbar) C:\Users\Acer\Desktop\FRST64.exe
2014-05-24 07:25 - 2014-05-24 07:25 - 00000000 ____D () C:\Program Files\trend micro
2014-05-24 07:24 - 2014-05-24 07:24 - 00935175 _____ () C:\Users\Acer\Desktop\RSITx64.exe
2014-05-24 07:24 - 2014-03-20 15:55 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\ClassicShell
2014-05-24 07:18 - 2014-05-19 14:47 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-05-24 07:18 - 2014-04-29 10:44 - 00000000 ____D () C:\Users\Acer\AppData\Local\CrashDumps
2014-05-24 07:09 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-05-23 18:30 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-23 17:17 - 2014-05-23 12:35 - 00000000 ____D () C:\Users\Acer\Desktop\B958
2014-05-23 16:51 - 2014-03-18 00:41 - 00751374 _____ () C:\Windows\system32\perfh005.dat
2014-05-23 16:51 - 2014-03-18 00:41 - 00154566 _____ () C:\Windows\system32\perfc005.dat
2014-05-23 16:51 - 2012-07-26 09:28 - 01776480 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-23 14:48 - 2014-03-20 15:09 - 00000000 ____D () C:\Tim
2014-05-23 12:33 - 2014-05-23 12:32 - 00000000 ____D () C:\Users\Acer\Desktop\B958_Huawei
2014-05-23 12:30 - 2014-05-23 12:29 - 00000000 ____D () C:\Users\Acer\Desktop\B895
2014-05-23 06:29 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-23 06:28 - 2014-03-18 00:47 - 00053284 _____ () C:\Windows\system32\wpbbin.exe
2014-05-23 06:28 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-05-22 20:41 - 2014-05-22 20:41 - 00000000 ____D () C:\Users\Acer\Desktop\B948 Sin
2014-05-22 19:25 - 2014-05-22 19:25 - 00000000 ____D () C:\Users\Acer\Desktop\B937
2014-05-21 19:33 - 2014-05-21 19:12 - 00000000 ____D () C:\Users\Acer\Documents\Wave
2014-05-21 12:24 - 2014-05-21 12:24 - 00000000 ____D () C:\Users\Acer\Desktop\B952 orig
2014-05-21 10:27 - 2014-05-21 10:27 - 00000000 ____D () C:\Users\Acer\Desktop\B894_2
2014-05-21 10:11 - 2014-05-21 10:11 - 00000000 ____D () C:\Users\Acer\Desktop\B894
2014-05-21 10:11 - 2014-05-21 10:11 - 00000000 ____D () C:\Users\Acer\AppData\Local\GHISLER
2014-05-21 10:10 - 2014-05-21 10:10 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2014-05-21 10:10 - 2014-05-21 10:10 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\GHISLER
2014-05-21 10:10 - 2014-05-21 10:10 - 00000000 ____D () C:\totalcmd
2014-05-21 08:13 - 2014-05-21 08:13 - 00000000 ____D () C:\Users\Acer\Desktop\B952
2014-05-21 07:52 - 2014-05-21 07:52 - 36283976 _____ () C:\Users\Acer\Desktop\HiSuiteSetup_v1.8.10.26.06.zip
2014-05-21 07:44 - 2014-05-21 07:44 - 00000000 ____D () C:\Users\Acer\Desktop\G300 downgrade
2014-05-20 09:36 - 2014-03-20 15:10 - 00002120 _____ () C:\Users\Acer\Desktop\vision32.lnk
2014-05-20 09:36 - 2014-03-20 15:10 - 00002031 _____ () C:\Users\Acer\Desktop\Tim.lnk
2014-05-19 14:48 - 2014-05-19 14:48 - 00000000 ____D () C:\Users\Acer\Documents\PDF Architect 2
2014-05-19 14:48 - 2014-05-19 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-05-19 14:48 - 2014-05-19 14:48 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2
2014-05-19 14:47 - 2014-05-19 14:47 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\pdfforge
2014-05-19 14:47 - 2014-05-19 14:47 - 00000000 ____D () C:\Users\Acer\AppData\Local\ESET
2014-05-19 14:47 - 2014-05-19 14:47 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-05-19 14:47 - 2014-05-19 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-05-19 09:21 - 2014-05-10 10:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-16 13:49 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-05-16 12:07 - 2014-03-18 18:29 - 00000000 ___RD () C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 12:07 - 2014-03-18 18:29 - 00000000 ___RD () C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 12:06 - 2014-04-13 08:31 - 00305240 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-16 12:06 - 2014-03-20 15:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-16 12:05 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-05-16 12:05 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-16 12:05 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-16 12:05 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-05-16 12:05 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-16 12:05 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-16 12:05 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-14 12:38 - 2014-03-20 15:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 12:36 - 2014-03-20 15:58 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 12:36 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-14 10:46 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-05-14 10:10 - 2014-05-14 10:10 - 00000000 ____D () C:\Users\Public\Documents\sun
2014-05-14 09:47 - 2014-05-14 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2
2014-05-14 09:47 - 2014-05-14 09:46 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-05-14 08:48 - 2014-05-07 11:09 - 00031232 _____ () C:\Users\Acer\Desktop\Zbozi_MO.xls
2014-05-13 13:48 - 2014-05-13 13:48 - 00006144 _____ () C:\Users\Acer\Desktop\Ceny_štítek.xls
2014-05-12 11:20 - 2014-05-12 11:18 - 00044281 _____ () C:\Users\Acer\Desktop\Platby.ods
2014-05-09 19:32 - 2014-04-09 08:09 - 00002190 ____H () C:\Users\Acer\Documents\Default.rdp
2014-05-09 08:10 - 2014-05-05 08:15 - 00020124 _____ () C:\Users\Acer\Desktop\Nesouhlas.odt
2014-05-07 09:18 - 2014-05-07 09:18 - 00061558 _____ () C:\Users\Acer\Desktop\Analýza dokladů.ods
2014-05-07 07:38 - 2014-04-14 11:32 - 00123694 _____ () C:\Users\Acer\Desktop\Obrat prodejen 2011-2014 duben.ods
2014-05-06 07:14 - 2014-05-14 10:45 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 07:14 - 2014-05-14 10:45 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 05:48 - 2014-05-14 10:45 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:48 - 2014-05-14 10:45 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-06 05:37 - 2014-05-14 10:45 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:26 - 2014-05-14 10:45 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-01 22:37 - 2013-03-07 00:24 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 22:37 - 2013-03-07 00:24 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-25 17:44 - 2014-05-19 14:47 - 01070152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2014-04-25 17:44 - 2014-05-19 14:47 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2014-04-25 17:44 - 2014-05-19 14:47 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2014-04-25 17:44 - 2014-05-19 14:47 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-14 10:45] - [2014-04-12 11:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================


==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: ESET Endpoint Antivirus 5.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Endpoint Antivirus 5.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Acer\Desktop" je 6156 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: HTML/Fraud.BQ, Win32/InstallMonetizer.AQ a Win32/Hao123.

Napsal: 24 kvě 2014 10:16
od Rudy
Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM-x32\...\Run: [LManager] => [X]
SearchScopes: HKLM - DefaultScope {9BE538B0-98BE-4950-BA4E-8074A6EFE854} URL = http://www.bing.com/search?q={searchTer ... &pc=MAARJS
SearchScopes: HKLM - {9BE538B0-98BE-4950-BA4E-8074A6EFE854} URL = http://www.bing.com/search?q={searchTer ... &pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope {9BE538B0-98BE-4950-BA4E-8074A6EFE854} URL = http://www.bing.com/search?q={searchTer ... &pc=MAARJS
SearchScopes: HKLM-x32 - {9BE538B0-98BE-4950-BA4E-8074A6EFE854} URL = http://www.bing.com/search?q={searchTer ... &pc=MAARJS
SearchScopes: HKCU - DefaultScope {9BE538B0-98BE-4950-BA4E-8074A6EFE854} URL =
SearchScopes: HKCU - {9BE538B0-98BE-4950-BA4E-8074A6EFE854} URL =
End
Uložte na plochu jako fixlist.txt. Pak znovu spusťte FRST a klikněte na >Fix<. Zkopírujte sem pak log, který se na závěr vytvoří.

Re: HTML/Fraud.BQ, Win32/InstallMonetizer.AQ a Win32/Hao123.

Napsal: 24 kvě 2014 13:47
od dandar
Zde je log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-05-2014
Ran by Acer at 2014-05-24 14:45:57 Run:1
Running from C:\Users\Acer\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [LManager] => [X]
SearchScopes: HKLM - DefaultScope {9BE538B0-98BE-4950-BA4E-8074A6EFE854} URL = http://www.bing.com/search?q={searchTer ... &pc=MAARJS
SearchScopes: HKLM - {9BE538B0-98BE-4950-BA4E-8074A6EFE854} URL = http://www.bing.com/search?q={searchTer ... &pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope {9BE538B0-98BE-4950-BA4E-8074A6EFE854} URL = http://www.bing.com/search?q={searchTer ... &pc=MAARJS
SearchScopes: HKLM-x32 - {9BE538B0-98BE-4950-BA4E-8074A6EFE854} URL = http://www.bing.com/search?q={searchTer ... &pc=MAARJS
SearchScopes: HKCU - DefaultScope {9BE538B0-98BE-4950-BA4E-8074A6EFE854} URL =
SearchScopes: HKCU - {9BE538B0-98BE-4950-BA4E-8074A6EFE854} URL =
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\LManager => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BE538B0-98BE-4950-BA4E-8074A6EFE854} => Key deleted successfully.
HKCR\CLSID\{9BE538B0-98BE-4950-BA4E-8074A6EFE854} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BE538B0-98BE-4950-BA4E-8074A6EFE854} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BE538B0-98BE-4950-BA4E-8074A6EFE854} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BE538B0-98BE-4950-BA4E-8074A6EFE854} => Key deleted successfully.
HKCR\CLSID\{9BE538B0-98BE-4950-BA4E-8074A6EFE854} => Key not found.

==== End of Fixlog ====

Re: HTML/Fraud.BQ, Win32/InstallMonetizer.AQ a Win32/Hao123.

Napsal: 24 kvě 2014 14:19
od dandar
Jen poznatek. CCleaner se stále nespouští a po startu NTB trvá cca 2 min, než se mohu dostat do Centra síťových připojení a než mohu pracovat se sítí celkově. Standardně jsem se sítí pracoval ihned po startu.

Re: HTML/Fraud.BQ, Win32/InstallMonetizer.AQ a Win32/Hao123.

Napsal: 24 kvě 2014 16:47
od Rudy
Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

Re: HTML/Fraud.BQ, Win32/InstallMonetizer.AQ a Win32/Hao123.

Napsal: 24 kvě 2014 18:25
od dandar
Log...

ComboFix 14-05-19.01 - Acer . 05. 2014 18:47:53.1.2 - x64
Microsoft Windows 8 6.2.9200.0.1250.420.1029.18.7988.6355 [GMT 2:00]
Spuštěný z: c:\users\Acer\Desktop\ComboFix.exe
AV: ESET Endpoint Antivirus 5.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET Endpoint Antivirus 5.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Acer\AppData\Local\Msgbox.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-04-24 do 2014-05-24 )))))))))))))))))))))))))))))))
.
.
2014-05-24 17:00 . 2014-05-24 17:00 -------- d-----w- c:\users\Acer\AppData\Local\temp
2014-05-24 17:00 . 2014-05-24 17:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-24 05:46 . 2014-05-24 05:46 258224 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10240.bin
2014-05-24 05:34 . 2014-05-24 12:45 -------- d-----w- C:\FRST
2014-05-24 05:25 . 2014-05-24 05:32 -------- d-----w- C:\rsit
2014-05-24 05:25 . 2014-05-24 05:25 -------- d-----w- c:\program files\trend micro
2014-05-23 16:30 . 2014-05-23 16:30 -------- d-----w- c:\users\Acer\AppData\Local\Diagnostics
2014-05-21 08:11 . 2014-05-21 08:11 -------- d-----w- c:\users\Acer\AppData\Local\GHISLER
2014-05-21 08:10 . 2014-05-21 08:10 -------- d-----w- C:\totalcmd
2014-05-21 08:10 . 2014-05-21 08:10 -------- d-----w- c:\users\Acer\AppData\Roaming\GHISLER
2014-05-19 12:48 . 2014-05-19 12:48 -------- d-----w- c:\program files (x86)\PDF Architect 2
2014-05-19 12:47 . 2014-05-19 12:47 -------- d-----w- c:\users\Acer\AppData\Local\ESET
2014-05-19 12:47 . 2014-05-19 12:47 -------- d-----w- c:\programdata\PDF Architect 2
2014-05-19 12:47 . 2014-05-19 12:47 -------- d-----w- c:\users\Acer\AppData\Roaming\pdfforge
2014-05-19 12:47 . 2014-04-25 15:44 110264 ----a-w- c:\windows\system32\pdfcmon.dll
2014-05-19 12:47 . 2014-04-25 15:44 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2014-05-19 12:47 . 2014-04-25 15:44 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-05-19 12:47 . 2014-05-24 05:18 -------- d-----w- c:\program files (x86)\PDFCreator
2014-05-19 12:47 . 2014-04-25 15:44 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2014-05-14 08:45 . 2014-04-12 09:08 1281536 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-14 07:46 . 2014-05-14 07:47 -------- d-----w- c:\program files (x86)\LibreOffice 4
2014-05-06 08:43 . 2014-04-19 09:39 628024 ----a-w- c:\windows\system32\NotificationUI.exe
2014-05-06 08:43 . 2014-04-19 08:45 693760 ----a-w- c:\windows\system32\WSShared.dll
2014-05-06 08:43 . 2014-04-19 08:45 163840 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 08:43 . 2014-04-19 06:57 566784 ----a-w- c:\windows\SysWow64\WSShared.dll
2014-05-06 08:43 . 2014-04-19 06:57 124928 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-29 08:44 . 2014-05-24 05:18 -------- d-----w- c:\users\Acer\AppData\Local\CrashDumps
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-23 04:28 . 2014-03-17 22:47 53284 ----a-w- c:\windows\system32\wpbbin.exe
2014-05-14 10:36 . 2014-03-20 13:58 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-01 20:37 . 2013-03-06 22:24 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-01 20:37 . 2013-03-06 22:24 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-28 08:23 . 2014-05-14 08:45 1287168 ----a-w- c:\windows\system32\schedsvc.dll
2014-03-18 17:00 . 2014-03-18 17:00 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2014-03-18 17:00 . 2014-03-18 17:00 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-03-18 16:32 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-03-17 23:13 . 2014-03-17 23:13 96880 ----a-w- c:\windows\RfBtnSvc64.exe
2014-03-17 23:13 . 2014-03-17 23:13 284240 ----a-w- c:\windows\UnInstRfBtn.EXE
2014-03-17 23:13 . 2014-03-17 23:13 26736 ----a-w- c:\windows\system32\drivers\aPs2Kb2Hid.sys
2014-03-17 23:08 . 2014-03-17 23:09 70144 ----a-w- c:\windows\system32\wltrynt.dll
2014-03-17 23:08 . 2014-03-17 23:09 35344 ----a-w- c:\windows\system32\drivers\npf.sys
2014-03-17 23:08 . 2014-03-17 23:09 1212928 ----a-w- c:\windows\system32\BCMLogon.dll
2014-03-17 23:08 . 2014-03-17 23:09 22632 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2014-03-17 22:40 . 2014-03-17 22:40 6144 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\ndiscap.sys.mui
2014-03-17 22:40 . 2014-03-17 22:40 2560 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\wfplwfs.sys.mui
2014-03-17 22:40 . 2014-03-17 22:40 14848 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\NdisImPlatform.sys.mui
2014-03-11 00:41 . 2014-05-14 08:45 323072 ----a-w- c:\windows\SysWow64\schannel.dll
2014-03-11 00:38 . 2014-05-14 08:45 419328 ----a-w- c:\windows\system32\schannel.dll
2014-03-07 00:48 . 2014-04-12 11:53 1766400 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-07 00:47 . 2014-04-12 11:53 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-07 00:08 . 2014-04-12 11:53 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-07 00:08 . 2014-04-12 11:53 2240000 ----a-w- c:\windows\system32\wininet.dll
2014-03-07 00:08 . 2014-04-12 11:53 1365504 ----a-w- c:\windows\system32\urlmon.dll
2014-03-07 00:08 . 2014-04-12 11:53 915968 ----a-w- c:\windows\system32\uxtheme.dll
2014-03-07 00:08 . 2014-04-12 11:53 603136 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-07 00:08 . 2014-04-12 11:53 855552 ----a-w- c:\windows\system32\jscript.dll
2014-03-07 00:08 . 2014-04-12 11:53 3959808 ----a-w- c:\windows\system32\jscript9.dll
2014-03-07 00:08 . 2014-04-12 11:53 15404544 ----a-w- c:\windows\system32\ieframe.dll
2014-03-07 00:08 . 2014-04-12 11:53 2648576 ----a-w- c:\windows\system32\iertutil.dll
2014-03-06 20:43 . 2014-03-21 07:18 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{69E78F48-A857-4F7D-AC4F-1FF5FE1B8935}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2014-01-18 16:11 674496 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RadioController"="c:\program files (x86)\RadioController\RfBtnHelper.exe" [2014-03-17 111216]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R3 DeviceFastLaneService;Device Fast-lane Service;c:\program files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe;c:\program files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ESHASRV;ESET SHA Service;c:\program files\ESET\ESET Endpoint Antivirus\EShaSrv.exe;c:\program files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 PDF Architect 2;PDF Architect 2;c:\program files (x86)\PDF Architect 2\ws.exe;c:\program files (x86)\PDF Architect 2\ws.exe [x]
R3 pdfforge CrashHandler;pdfforge CrashHandler;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 edevmon;edevmon;c:\windows\system32\DRIVERS\edevmon.sys;c:\windows\SYSNATIVE\DRIVERS\edevmon.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 BcmBtRSupport;Bluetooth Radio Control Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
S2 CCDMonitorService;CCDMonitorService;c:\program files (x86)\Acer\Acer Cloud\CCDMonitorService.exe;c:\program files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 ETDService;Elan Service;c:\program files\Elantech\ETDService.exe;c:\program files\Elantech\ETDService.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 RfButtonDriverService;Dritek RF Button Command Service;c:\windows\RfBtnSvc64.exe;c:\windows\RfBtnSvc64.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 BthLEEnum;Ovladač úspory energie technologie Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 ePowerSvc;ePower Service;c:\program files\Acer\Acer Power Management\ePowerSvc.exe;c:\program files\Acer\Acer Power Management\ePowerSvc.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;c:\windows\System32\drivers\aPs2Kb2Hid.sys;c:\windows\SYSNATIVE\drivers\aPs2Kb2Hid.sys [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2014-01-18 16:12 796352 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-23 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-23 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-23 441888]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" [2014-03-17 10592256]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-01-29 13267016]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-01-18 1276488]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2014-01-18 161984]
"egui"="c:\program files\ESET\ESET Endpoint Antivirus\egui.exe" [2013-10-07 4148664]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\luu8yumh.default\
FF - prefs.js: browser.startup.homepage - www.idnes.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Celkový čas: 2014-05-24 19:22:37
ComboFix-quarantined-files.txt 2014-05-24 17:22
.
Před spuštěním: 911 502 340 096 bytes free
Po spuštění: 911 362 641 920 bytes free
.
- - End Of File - - 32F04A2E05BB1B686C6FBD3A23CF8189

Re: HTML/Fraud.BQ, Win32/InstallMonetizer.AQ a Win32/Hao123.

Napsal: 24 kvě 2014 18:59
od Rudy
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
KillAll::

Folder::
c:\users\Acer\AppData\Roaming\pdfforge

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte.CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: HTML/Fraud.BQ, Win32/InstallMonetizer.AQ a Win32/Hao123.

Napsal: 24 kvě 2014 19:43
od dandar
log po vyčištění

asy\ComboFix 14-05-19.01 - Acer . 05. 2014 20:11:31.2.2 - x64
Microsoft Windows 8 6.2.9200.0.1250.420.1029.18.7988.6717 [GMT 2:00]
Spuštěný z: c:\users\Acer\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Acer\Desktop\CFScript.txt
AV: ESET Endpoint Antivirus 5.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET Endpoint Antivirus 5.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Acer\AppData\Roaming\pdfforge
c:\users\Acer\AppData\Roaming\pdfforge\Images2PDF\Images2PDF.settings
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-04-24 do 2014-05-24 )))))))))))))))))))))))))))))))
.
.
2014-05-24 18:20 . 2014-05-24 18:25 -------- d-----w- c:\users\Acer\AppData\Local\temp
2014-05-24 18:20 . 2014-05-24 18:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-24 05:46 . 2014-05-24 05:46 258224 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10240.bin
2014-05-24 05:34 . 2014-05-24 12:45 -------- d-----w- C:\FRST
2014-05-24 05:25 . 2014-05-24 05:32 -------- d-----w- C:\rsit
2014-05-24 05:25 . 2014-05-24 05:25 -------- d-----w- c:\program files\trend micro
2014-05-23 16:30 . 2014-05-23 16:30 -------- d-----w- c:\users\Acer\AppData\Local\Diagnostics
2014-05-21 08:11 . 2014-05-21 08:11 -------- d-----w- c:\users\Acer\AppData\Local\GHISLER
2014-05-21 08:10 . 2014-05-21 08:10 -------- d-----w- C:\totalcmd
2014-05-21 08:10 . 2014-05-21 08:10 -------- d-----w- c:\users\Acer\AppData\Roaming\GHISLER
2014-05-19 12:48 . 2014-05-19 12:48 -------- d-----w- c:\program files (x86)\PDF Architect 2
2014-05-19 12:47 . 2014-05-19 12:47 -------- d-----w- c:\users\Acer\AppData\Local\ESET
2014-05-19 12:47 . 2014-05-19 12:47 -------- d-----w- c:\programdata\PDF Architect 2
2014-05-19 12:47 . 2014-04-25 15:44 110264 ----a-w- c:\windows\system32\pdfcmon.dll
2014-05-19 12:47 . 2014-04-25 15:44 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2014-05-19 12:47 . 2014-04-25 15:44 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-05-19 12:47 . 2014-05-24 05:18 -------- d-----w- c:\program files (x86)\PDFCreator
2014-05-19 12:47 . 2014-04-25 15:44 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2014-05-14 08:45 . 2014-04-12 09:08 1281536 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-14 07:46 . 2014-05-14 07:47 -------- d-----w- c:\program files (x86)\LibreOffice 4
2014-05-06 08:43 . 2014-04-19 09:39 628024 ----a-w- c:\windows\system32\NotificationUI.exe
2014-05-06 08:43 . 2014-04-19 08:45 693760 ----a-w- c:\windows\system32\WSShared.dll
2014-05-06 08:43 . 2014-04-19 08:45 163840 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 08:43 . 2014-04-19 06:57 566784 ----a-w- c:\windows\SysWow64\WSShared.dll
2014-05-06 08:43 . 2014-04-19 06:57 124928 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-29 08:44 . 2014-05-24 05:18 -------- d-----w- c:\users\Acer\AppData\Local\CrashDumps
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-24 18:21 . 2014-03-17 22:47 53284 ----a-w- c:\windows\system32\wpbbin.exe
2014-05-14 10:36 . 2014-03-20 13:58 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-01 20:37 . 2013-03-06 22:24 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-01 20:37 . 2013-03-06 22:24 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-28 08:23 . 2014-05-14 08:45 1287168 ----a-w- c:\windows\system32\schedsvc.dll
2014-03-18 17:00 . 2014-03-18 17:00 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2014-03-18 17:00 . 2014-03-18 17:00 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-03-18 16:32 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-03-17 23:13 . 2014-03-17 23:13 96880 ----a-w- c:\windows\RfBtnSvc64.exe
2014-03-17 23:13 . 2014-03-17 23:13 284240 ----a-w- c:\windows\UnInstRfBtn.EXE
2014-03-17 23:13 . 2014-03-17 23:13 26736 ----a-w- c:\windows\system32\drivers\aPs2Kb2Hid.sys
2014-03-17 23:08 . 2014-03-17 23:09 70144 ----a-w- c:\windows\system32\wltrynt.dll
2014-03-17 23:08 . 2014-03-17 23:09 35344 ----a-w- c:\windows\system32\drivers\npf.sys
2014-03-17 23:08 . 2014-03-17 23:09 1212928 ----a-w- c:\windows\system32\BCMLogon.dll
2014-03-17 23:08 . 2014-03-17 23:09 22632 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2014-03-17 22:40 . 2014-03-17 22:40 6144 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\ndiscap.sys.mui
2014-03-17 22:40 . 2014-03-17 22:40 2560 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\wfplwfs.sys.mui
2014-03-17 22:40 . 2014-03-17 22:40 14848 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\NdisImPlatform.sys.mui
2014-03-11 00:41 . 2014-05-14 08:45 323072 ----a-w- c:\windows\SysWow64\schannel.dll
2014-03-11 00:38 . 2014-05-14 08:45 419328 ----a-w- c:\windows\system32\schannel.dll
2014-03-07 00:48 . 2014-04-12 11:53 1766400 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-07 00:47 . 2014-04-12 11:53 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-07 00:08 . 2014-04-12 11:53 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-07 00:08 . 2014-04-12 11:53 2240000 ----a-w- c:\windows\system32\wininet.dll
2014-03-07 00:08 . 2014-04-12 11:53 1365504 ----a-w- c:\windows\system32\urlmon.dll
2014-03-07 00:08 . 2014-04-12 11:53 915968 ----a-w- c:\windows\system32\uxtheme.dll
2014-03-07 00:08 . 2014-04-12 11:53 603136 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-07 00:08 . 2014-04-12 11:53 855552 ----a-w- c:\windows\system32\jscript.dll
2014-03-07 00:08 . 2014-04-12 11:53 3959808 ----a-w- c:\windows\system32\jscript9.dll
2014-03-07 00:08 . 2014-04-12 11:53 15404544 ----a-w- c:\windows\system32\ieframe.dll
2014-03-07 00:08 . 2014-04-12 11:53 2648576 ----a-w- c:\windows\system32\iertutil.dll
2014-03-06 20:43 . 2014-03-21 07:18 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{69E78F48-A857-4F7D-AC4F-1FF5FE1B8935}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2014-01-18 16:11 674496 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RadioController"="c:\program files (x86)\RadioController\RfBtnHelper.exe" [2014-03-17 111216]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R3 DeviceFastLaneService;Device Fast-lane Service;c:\program files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe;c:\program files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ESHASRV;ESET SHA Service;c:\program files\ESET\ESET Endpoint Antivirus\EShaSrv.exe;c:\program files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 PDF Architect 2;PDF Architect 2;c:\program files (x86)\PDF Architect 2\ws.exe;c:\program files (x86)\PDF Architect 2\ws.exe [x]
R3 pdfforge CrashHandler;pdfforge CrashHandler;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 BcmBtRSupport;Bluetooth Radio Control Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
S2 CCDMonitorService;CCDMonitorService;c:\program files (x86)\Acer\Acer Cloud\CCDMonitorService.exe;c:\program files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 ETDService;Elan Service;c:\program files\Elantech\ETDService.exe;c:\program files\Elantech\ETDService.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 RfButtonDriverService;Dritek RF Button Command Service;c:\windows\RfBtnSvc64.exe;c:\windows\RfBtnSvc64.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 BthLEEnum;Ovladač úspory energie technologie Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 ePowerSvc;ePower Service;c:\program files\Acer\Acer Power Management\ePowerSvc.exe;c:\program files\Acer\Acer Power Management\ePowerSvc.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;c:\windows\System32\drivers\aPs2Kb2Hid.sys;c:\windows\SYSNATIVE\drivers\aPs2Kb2Hid.sys [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2014-01-18 16:12 796352 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-23 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-23 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-23 441888]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" [2014-03-17 10592256]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-01-29 13267016]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-01-18 1276488]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2014-01-18 161984]
"egui"="c:\program files\ESET\ESET Endpoint Antivirus\egui.exe" [2013-10-07 4148664]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\luu8yumh.default\
FF - prefs.js: browser.startup.homepage - www.idnes.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Launch Manager\LManager.exe
c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
c:\program files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
c:\program files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
.
**************************************************************************
.
Celkový čas: 2014-05-24 20:38:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-05-24 18:38
ComboFix2.txt 2014-05-24 17:22
.
Před spuštěním: 911 392 866 304 bytes free
Po spuštění: 911 415 648 256 bytes free
.
- - End Of File - - 6EB2D18150A8E92959D8108146DE269F

Re: HTML/Fraud.BQ, Win32/InstallMonetizer.AQ a Win32/Hao123.

Napsal: 24 kvě 2014 20:22
od Rudy
Smazáno. Nastala nějaká změna?

Re: HTML/Fraud.BQ, Win32/InstallMonetizer.AQ a Win32/Hao123.

Napsal: 25 kvě 2014 06:59
od dandar
Super, už zase šlape jak hodinky. Moc díky... :thumbsup:

Re: HTML/Fraud.BQ, Win32/InstallMonetizer.AQ a Win32/Hao123.

Napsal: 25 kvě 2014 10:32
od Rudy
Nemáte zač! :)

Re: HTML/Fraud.BQ, Win32/InstallMonetizer.AQ a Win32/Hao123.

Napsal: 02 srp 2014 13:43
od wegel
Dobrý den, eset online scanner mi našel přesně ty samé viry (spíš je identifikoval jako nechtěné/zneužitelné aplikace) a několik dalších, mám je také odstranit a nevíte o co se přesně jedná?

Re: HTML/Fraud.BQ, Win32/InstallMonetizer.AQ a Win32/Hao123.

Napsal: 02 srp 2014 16:38
od Rudy
InstallMonetizer: http://www.timesoft.cz/odstraneni-installmonetizer-af/
Win32/Hao123: http://www.2-removevirus.com/cz/odstran ... -by-baidu/

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Re: HTML/Fraud.BQ, Win32/InstallMonetizer.AQ a Win32/Hao123.

Napsal: 02 srp 2014 17:39
od wegel
nejnovější verze mbam mi bohužel neuloží protokol, tak používam starší 1.75, ale podle výsledku je vše vcelku ok, jsou to programy které znám.
Ještě bych měl dotaz, dneska mi přišel na gmail, nějaká notifikace od facebooku bez rozmyšlení jsem na to klik (jsem blbec ano) a přihlásil se, pak když jsem se do detailu podíval na ten mail, nebyl uplně standartní,(ještě nějaké korejské znaky) pak jsem si hned změnil heslo od FB, ale muže se ještě něco stát nebo být něco v PC ?(přílohy jsem žádné nestahoval) jen asi ty údaje...


Malwarebytes Anti-Malware 1.75.0.1300
http://www.malwarebytes.org

Verze: v2014.08.02.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17207
Milan :: MILAN-PC [administrátor]

2.8.2014 17:36:31
MBAM-log-2014-08-02 (18-33-47).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 537395
Uplynulý čas: 56 minut, 41 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 5
C:\Downloads\YTDSetup.exe (PUP.Optional.Spigot.A) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\ICQ7.5\upgrade\2dcd1d63cb45e6613582211c3d5f4b23 (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\PROGRAMY\winamp561_full_emusic-7plus_all.exe (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\PROGRAMY\system\kf141.zip (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
C:\Users\Milan\Downloads\winamp563_full_emusic-7plus_all.exe (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.

(konec)

Re: HTML/Fraud.BQ, Win32/InstallMonetizer.AQ a Win32/Hao123.

Napsal: 02 srp 2014 17:47
od Rudy
Znát je můžete, ale svinstvo to je. Normálně je vyhazujeme. Jsou to AdWary,které mohou zpomalovat PC.
spusťte ještě toto:

1.
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
a

2.
Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

Ulozte nejlepe na plochu
Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
Probehne vytvoreni zalohy a nasledne prohledavani
Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz