Policejní vírus

Zpráva

rakato11 · #1 Příspěvek od **rakato11** » 14 zář 2015 18:37

Dobrý den, před chvíli mi do PC skočil tento vírus a zablokoval prohlížeč. Napadlo mě skusit spustit CCleaner a podařilo se mi vyskočené okno zavřít a PC se zdá v pořádku (zatím jsem jej nevypínal ani nerestartoval) ale myslím si že tento vírus je stále v mém PC proto prosím o kontrolu.
Předem děkuji za pomoc.

Ještě přikládám log z RSIT:

Logfile of random's system information tool 1.10 (written by random/random)
Run by Otakar Vavrečka at 2015-09-14 19:40:17
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 32 GB (20%) free of 158 GB
Total RAM: 3066 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:41:00, on 14.9.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\SCANJET\PrecisionScanLT\hppwrsav.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\MSTMON_N.EXE
C:\Windows\PixArt\Pac7302\Monitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Otakar Vavrečka\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe
C:\Users\Otakar Vavrečka\AppData\Local\Seznam.cz\bin\postak.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
C:\Program Files\Mamemail\Mamemail Postak\Postak.exe
C:\Users\Otakar Vavrečka\Desktop\Gmail Notifier Plus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Otakar Vavrečka\Desktop\RSIT.exe
C:\Program Files\trend micro\Otakar Vavrečka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1300WStatusDisplay] C:\Windows\system32\MSTMON_N.EXE
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1400W STD] C:\Windows\system32\MSTMON_Y.EXE STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Viber] "C:\Users\Otakar Vavrečka\AppData\Local\Viber\Viber.exe" StartMinimized
O4 - HKCU\..\Run: [MP3 Skype Recorder] C:\Users\Otakar Vavrečka\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe
O4 - HKCU\..\Run: [Seznam Postak] "C:\Users\Otakar Vavrečka\AppData\Local\Seznam.cz\bin\postak.exe" -s
O4 - HKCU\..\Run: [EPSON Stylus SX200 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\Users\OTAKAR~1\AppData\Local\Temp\E_S6B3B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [Google Update] "C:\Users\Otakar Vavrečka\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: Mámemail Pošťák.lnk = C:\Program Files\Mamemail\Mamemail Postak\Postak.exe
O4 - Global Startup: ImageBrowser EX Agent.lnk = C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 6362 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe#
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-505298747-3480647553-2469496864-1000Core1cf497f52fda691.job - C:\Users\Otakar Vavrečka\AppData\Local\Google\Update\GoogleUpdate.exe# /c#
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-505298747-3480647553-2469496864-1000UA1cf6b48d8ac1e7d.job - C:\Users\Otakar Vavrečka\AppData\Local\Google\Update\GoogleUpdate.exe# /ua /installsource scheduler#

=========Mozilla firefox=========

ProfilePath - C:\Users\Otakar Vavrečka\AppData\Roaming\Mozilla\Firefox\Profiles\fslv0uhv.default

prefs.js - "browser.search.useDBForOrder" - ""
prefs.js - "browser.startup.homepage" - "http://www.google.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.232 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@canon.com/MycameraPlugin]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Users\Otakar Vavrečka\AppData\Roaming\Mozilla\Firefox\Profiles\fslv0uhv.default\extensions\
{2d3fbcf7-be69-4433-8858-c621a8d0e58d}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hppwrsav"=C:\SCANJET\PrecisionScanLT\hppwrsav.exe [1999-06-07 23552]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2009-05-18 1314816]
"KONICA MINOLTA PagePro 1300WStatusDisplay"=C:\Windows\system32\MSTMON_N.EXE [2004-11-25 151552]
"PAC7302_Monitor"=C:\Windows\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]
"KONICA MINOLTA PagePro 1400W STD"=C:\Windows\system32\MSTMON_Y.EXE [2006-03-01 184320]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2008-05-28 570664]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2015-07-08 5089480]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"Viber"=C:\Users\Otakar Vavrečka\AppData\Local\Viber\Viber.exe [2014-09-02 936656]
"MP3 Skype Recorder"=C:\Users\Otakar Vavrečka\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe [2014-08-08 1544704]
"Seznam Postak"=C:\Users\Otakar Vavrečka\AppData\Local\Seznam.cz\bin\postak.exe [2012-01-10 491040]
"EPSON Stylus SX200 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE [2007-12-13 188928]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2014-10-29 4826904]
"Google Update"=C:\Users\Otakar Vavrečka\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30 144200]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
ImageBrowser EX Agent.lnk - C:\Program Files\Canon\ImageBrowser EX\MFManager.exe

C:\Users\Otakar Vavrečka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Mámemail Pošťák.lnk - C:\Program Files\Mamemail\Mamemail Postak\Postak.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2015-09-14 19:40:17 ----D---- C:\rsit
2015-09-14 19:40:17 ----D---- C:\Program Files\trend micro
2015-09-09 08:54:36 ----A---- C:\Windows\system32\jnwmon.dll
2015-09-09 08:54:36 ----A---- C:\Windows\system32\InkEd.dll
2015-09-09 08:54:32 ----A---- C:\Windows\system32\schedsvc.dll
2015-09-09 08:54:27 ----A---- C:\Windows\system32\setbcdlocale.dll
2015-09-09 08:54:27 ----A---- C:\Windows\system32\appidsvc.dll
2015-09-09 08:54:27 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2015-09-09 08:54:27 ----A---- C:\Windows\system32\appidapi.dll
2015-09-09 08:54:26 ----A---- C:\Windows\system32\drivers\appid.sys
2015-09-09 08:54:26 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2015-09-09 08:54:18 ----A---- C:\Windows\system32\win32k.sys
2015-09-09 08:54:18 ----A---- C:\Windows\system32\lpk.dll
2015-09-09 08:54:18 ----A---- C:\Windows\system32\fontsub.dll
2015-09-09 08:54:18 ----A---- C:\Windows\system32\dciman32.dll
2015-09-09 08:54:18 ----A---- C:\Windows\system32\atmlib.dll
2015-09-09 08:54:18 ----A---- C:\Windows\system32\atmfd.dll
2015-09-09 08:54:16 ----A---- C:\Windows\system32\urlmon.dll
2015-09-09 08:54:16 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-09 08:54:16 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-09 08:54:16 ----A---- C:\Windows\system32\iernonce.dll
2015-09-09 08:54:16 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-09-09 08:54:16 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-09-09 08:54:16 ----A---- C:\Windows\system32\iedkcs32.dll
2015-09-09 08:54:16 ----A---- C:\Windows\system32\ie4uinit.exe
2015-09-09 08:54:15 ----A---- C:\Windows\system32\jsproxy.dll
2015-09-09 08:54:15 ----A---- C:\Windows\system32\jscript9diag.dll
2015-09-09 08:54:15 ----A---- C:\Windows\system32\ieUnatt.exe
2015-09-09 08:54:15 ----A---- C:\Windows\system32\ieapfltr.dll
2015-09-09 08:54:15 ----A---- C:\Windows\system32\dxtmsft.dll
2015-09-09 08:54:14 ----A---- C:\Windows\system32\msfeeds.dll
2015-09-09 08:54:13 ----A---- C:\Windows\system32\msrating.dll
2015-09-09 08:54:13 ----A---- C:\Windows\system32\iesetup.dll
2015-09-09 08:54:12 ----A---- C:\Windows\system32\wininet.dll
2015-09-09 08:54:12 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-09-09 08:54:11 ----A---- C:\Windows\system32\ieui.dll
2015-09-09 08:54:11 ----A---- C:\Windows\system32\dxtrans.dll
2015-09-09 08:54:10 ----A---- C:\Windows\system32\ieframe.dll
2015-09-09 08:54:08 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-09-09 08:54:08 ----A---- C:\Windows\system32\mshtmled.dll
2015-09-09 08:54:07 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-09-09 08:54:07 ----A---- C:\Windows\system32\iertutil.dll
2015-09-09 08:54:06 ----A---- C:\Windows\system32\mshtml.dll
2015-09-09 08:54:05 ----A---- C:\Windows\system32\vbscript.dll
2015-09-09 08:54:04 ----A---- C:\Windows\system32\jscript9.dll
2015-09-09 08:54:04 ----A---- C:\Windows\system32\jscript.dll
2015-09-09 08:53:06 ----A---- C:\Windows\system32\wuwebv.dll
2015-09-09 08:53:06 ----A---- C:\Windows\system32\wups2.dll
2015-09-09 08:53:06 ----A---- C:\Windows\system32\wups.dll
2015-09-09 08:53:06 ----A---- C:\Windows\system32\wudriver.dll
2015-09-09 08:53:06 ----A---- C:\Windows\system32\wucltux.dll
2015-09-09 08:53:06 ----A---- C:\Windows\system32\wuaueng.dll
2015-09-09 08:53:06 ----A---- C:\Windows\system32\wuauclt.exe
2015-09-09 08:53:06 ----A---- C:\Windows\system32\wuapp.exe
2015-09-09 08:53:06 ----A---- C:\Windows\system32\wuapi.dll
2015-09-09 08:53:06 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-09-09 08:53:06 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-09-09 08:52:58 ----A---- C:\Windows\system32\tzres.dll
2015-08-30 15:30:49 ----D---- C:\Program Files\Common Files\Skype
2015-08-28 18:01:20 ----D---- C:\Program Files\Mozilla Firefox
2015-08-27 15:14:11 ----D---- C:\ProgramData\ESET

======List of files/folders modified in the last 1 month======

2015-09-14 19:40:17 ----RD---- C:\Program Files
2015-09-14 19:39:59 ----D---- C:\Windows\temp
2015-09-14 19:06:31 ----D---- C:\Windows\ModemLogs
2015-09-14 19:06:31 ----D---- C:\Windows\inf
2015-09-14 19:06:30 ----D---- C:\Windows\debug
2015-09-14 19:06:30 ----D---- C:\Windows
2015-09-14 16:43:20 ----D---- C:\Windows\system32\config
2015-09-14 16:31:03 ----A---- C:\Windows\VTWAIN.INI
2015-09-13 15:48:56 ----D---- C:\Users\Otakar Vavrečka\AppData\Roaming\Skype
2015-09-10 08:42:25 ----D---- C:\Users\Otakar Vavrečka\AppData\Roaming\vlc
2015-09-09 12:59:34 ----D---- C:\Windows\Microsoft.NET
2015-09-09 12:57:51 ----RSD---- C:\Windows\assembly
2015-09-09 12:29:46 ----D---- C:\Windows\winsxs
2015-09-09 12:27:15 ----D---- C:\Program Files\Windows Journal
2015-09-09 12:27:15 ----AD---- C:\Windows\System32
2015-09-09 12:27:14 ----D---- C:\Windows\system32\en-US
2015-09-09 12:27:14 ----D---- C:\Windows\system32\drivers
2015-09-09 12:27:14 ----D---- C:\Windows\system32\cs-CZ
2015-09-09 12:27:14 ----D---- C:\Windows\PolicyDefinitions
2015-09-09 12:27:12 ----D---- C:\Program Files\Internet Explorer
2015-09-09 09:19:54 ----SHD---- C:\Windows\Installer
2015-09-09 09:11:51 ----D---- C:\Windows\system32\MRT
2015-09-09 09:11:40 ----D---- C:\Windows\Prefetch
2015-09-09 09:10:50 ----D---- C:\Windows\ehome
2015-09-09 09:10:08 ----SHD---- C:\System Volume Information
2015-09-09 08:52:46 ----D---- C:\Windows\system32\catroot2
2015-09-02 21:54:56 ----D---- C:\Windows\system32\NDF
2015-08-30 15:31:52 ----D---- C:\Windows\Tasks
2015-08-30 15:30:49 ----RD---- C:\Program Files\Skype
2015-08-30 15:30:49 ----D---- C:\Program Files\Common Files
2015-08-30 15:30:37 ----D---- C:\ProgramData\Skype
2015-08-29 09:34:37 ----D---- C:\Program Files\Mozilla Maintenance Service
2015-08-27 15:15:00 ----D---- C:\Windows\system32\DriverStore
2015-08-27 15:14:11 ----D---- C:\ProgramData
2015-08-26 18:36:06 ----A---- C:\Windows\system32\MRT.exe
2015-08-23 14:52:53 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-08-16 10:43:43 ----D---- C:\Windows\system32\catroot
2015-08-16 10:35:30 ----DC---- C:\Windows\system32\DRVSTORE
2015-08-16 10:35:28 ----D---- C:\Program Files\Oracle
2015-08-15 12:00:14 ----D---- C:\Windows\system32\Tasks
2015-08-15 11:53:51 ----D---- C:\Windows\system32\wfp
2015-08-15 11:53:49 ----D---- C:\Windows\system32\wbem
2015-08-15 11:52:58 ----D---- C:\Windows\registration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2015-07-14 60552]
R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 25656]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2013-06-03 46096]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2013-05-09 21576]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2015-07-14 202704]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2015-07-14 144536]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2015-07-14 46656]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2015-07-14 185176]
R3 5U876UVC;HP Webcam [2 MP series]; C:\Windows\system32\DRIVERS\5U876.sys [2009-11-13 114688]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 35896]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2009-05-18 381440]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2010-01-26 1163328]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 4994560]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2013-09-26 4268608]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-06-04 1303728]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 MLPTDR_N;MLPTDR_N; \??\C:\Windows\system32\MLPTDR_N.SYS [2003-07-18 18848]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys []
S3 PAC7302;PAC7302 VGA USB Camera; C:\Windows\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 SWDUMon;SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [2013-10-10 13464]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2013-10-02 49152]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 36352]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2015-03-02 115672]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-07-07 82128]
R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2008-07-15 90112]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2009-12-03 26112]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 176128]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2015-07-08 1353720]
R2 EPSON_EB_RPCV4_01;EPSON V5 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [2007-12-17 143872]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-13 26168]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [2014-12-11 89864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-13 269000]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-08-15 102912]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2015-08-28 149160]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-04-08 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-02-23 1343400]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25 107912]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25 107912]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 14 zář 2015 19:13

Zdravím!
Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

rakato11 · #3 Příspěvek od **rakato11** » 14 zář 2015 20:03

ComboFix 15-09-07.01 - Otakar Vavrečka 14.09.2015 20:48:51.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3066.1624 [GMT 2:00]
Spuštěný z: c:\users\Otakar VavreŔka\Desktop\ComboFix.exe
AV: ESET Smart Security 8.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personálny Firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-08-14 do 2015-09-14 )))))))))))))))))))))))))))))))
.
.
2015-09-14 18:59 . 2015-09-14 18:59 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-09-14 18:59 . 2015-09-14 18:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-09-14 18:59 . 2015-09-14 18:59 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-09-14 17:40 . 2015-09-14 17:52 -------- d-----w- C:\rsit
2015-09-14 17:40 . 2015-09-14 17:41 -------- d-----w- c:\program files\trend micro
2015-09-09 06:53 . 2015-08-26 17:56 93184 ----a-w- c:\windows\system32\wudriver.dll
2015-09-09 06:53 . 2015-08-26 17:56 35840 ----a-w- c:\windows\system32\wups2.dll
2015-09-09 06:53 . 2015-08-26 17:56 30208 ----a-w- c:\windows\system32\wups.dll
2015-09-09 06:53 . 2015-08-26 17:56 173056 ----a-w- c:\windows\system32\wuwebv.dll
2015-09-09 06:53 . 2015-08-26 17:56 566784 ----a-w- c:\windows\system32\wuapi.dll
2015-09-09 06:53 . 2015-08-26 17:56 2953728 ----a-w- c:\windows\system32\wucltux.dll
2015-09-09 06:53 . 2015-08-26 17:56 2061824 ----a-w- c:\windows\system32\wuaueng.dll
2015-09-09 06:53 . 2015-08-26 17:55 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-09-09 06:53 . 2015-08-26 17:55 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-09-09 06:53 . 2015-08-26 17:55 34816 ----a-w- c:\windows\system32\wuapp.exe
2015-09-09 06:53 . 2015-08-26 17:55 135680 ----a-w- c:\windows\system32\wuauclt.exe
2015-09-09 06:52 . 2015-07-15 02:54 2048 ----a-w- c:\windows\system32\tzres.dll
2015-08-30 13:30 . 2015-08-30 13:30 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-13 06:31 . 2012-04-03 09:08 778440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-08-13 06:31 . 2011-05-18 10:42 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-08-05 17:41 . 2015-09-09 06:54 751104 ----a-w- c:\windows\system32\schedsvc.dll
2015-07-30 17:57 . 2015-08-12 06:14 909824 ----a-w- c:\windows\system32\FntCache.dll
2015-07-30 17:57 . 2015-08-12 06:14 1251328 ----a-w- c:\windows\system32\DWrite.dll
2015-07-30 17:57 . 2015-08-12 06:14 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-30 13:13 . 2015-08-12 06:24 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-16 19:12 . 2015-08-12 06:14 856064 ----a-w- c:\windows\system32\rdvidcrl.dll
2015-07-16 19:12 . 2015-08-12 06:14 53248 ----a-w- c:\windows\system32\tsgqec.dll
2015-07-16 19:12 . 2015-08-12 06:14 6131200 ----a-w- c:\windows\system32\mstscax.dll
2015-07-16 15:14 . 2015-08-12 06:14 355840 ----a-w- c:\windows\system32\wksprt.exe
2015-07-15 18:46 . 2015-08-12 06:14 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\mountmgr.sys.mui
2015-07-15 17:59 . 2015-08-12 06:14 3989952 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-07-15 17:59 . 2015-08-12 06:14 3934656 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-07-15 17:59 . 2015-08-12 06:14 78784 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-07-15 17:59 . 2015-08-12 06:14 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-07-15 17:59 . 2015-08-12 06:14 137664 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-07-15 17:56 . 2015-08-12 06:14 1308160 ----a-w- c:\windows\system32\ntdll.dll
2015-07-15 17:55 . 2015-08-12 06:14 172032 ----a-w- c:\windows\system32\wdigest.dll
2015-07-15 17:55 . 2015-08-12 06:14 65536 ----a-w- c:\windows\system32\TSpkg.dll
2015-07-15 17:55 . 2015-08-12 06:14 1159168 ----a-w- c:\windows\system32\sysmain.dll
2015-07-15 17:55 . 2015-08-12 06:14 15872 ----a-w- c:\windows\system32\sspisrv.dll
2015-07-15 17:55 . 2015-08-12 06:14 100352 ----a-w- c:\windows\system32\sspicli.dll
2015-07-15 17:55 . 2015-08-12 06:14 400896 ----a-w- c:\windows\system32\srcore.dll
2015-07-15 17:55 . 2015-08-12 06:14 43008 ----a-w- c:\windows\system32\srclient.dll
2015-07-15 17:55 . 2015-08-12 06:14 248832 ----a-w- c:\windows\system32\schannel.dll
2015-07-15 17:55 . 2015-08-12 06:14 22016 ----a-w- c:\windows\system32\secur32.dll
2015-07-15 17:54 . 2015-08-12 06:14 655360 ----a-w- c:\windows\system32\rpcrt4.dll
2015-07-15 17:54 . 2015-08-12 06:14 221184 ----a-w- c:\windows\system32\ncrypt.dll
2015-07-15 17:54 . 2015-08-12 06:14 259584 ----a-w- c:\windows\system32\msv1_0.dll
2015-07-15 17:54 . 2015-08-12 06:14 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-07-15 17:54 . 2015-08-12 06:14 1061376 ----a-w- c:\windows\system32\lsasrv.dll
2015-07-15 17:54 . 2015-08-12 06:14 552960 ----a-w- c:\windows\system32\kerberos.dll
2015-07-15 17:54 . 2015-08-12 06:14 38912 ----a-w- c:\windows\system32\csrsrv.dll
2015-07-15 17:54 . 2015-08-12 06:14 36864 ----a-w- c:\windows\system32\cryptbase.dll
2015-07-15 17:54 . 2015-08-12 06:14 17408 ----a-w- c:\windows\system32\credssp.dll
2015-07-15 17:54 . 2015-08-12 06:14 69632 ----a-w- c:\windows\system32\smss.exe
2015-07-15 17:54 . 2015-08-12 06:14 262656 ----a-w- c:\windows\system32\rstrui.exe
2015-07-15 17:54 . 2015-08-12 06:14 22528 ----a-w- c:\windows\system32\lsass.exe
2015-07-15 17:53 . 2015-08-12 06:14 50176 ----a-w- c:\windows\system32\auditpol.exe
2015-07-15 17:49 . 2015-08-12 06:14 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-07-15 17:48 . 2015-08-12 06:14 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-07-15 17:44 . 2015-08-12 06:14 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-07-15 17:44 . 2015-08-12 06:14 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-07-15 16:36 . 2015-08-12 06:14 225792 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-07-15 16:36 . 2015-08-12 06:14 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-07-15 16:36 . 2015-08-12 06:14 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2015-07-15 02:55 . 2015-08-12 06:13 1390592 ----a-w- c:\windows\system32\msxml6.dll
2015-07-15 02:55 . 2015-08-12 06:13 1241088 ----a-w- c:\windows\system32\msxml3.dll
2015-07-15 02:55 . 2015-08-12 06:13 44032 ----a-w- c:\windows\system32\basesrv.dll
2015-07-15 02:51 . 2015-08-12 06:13 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-07-15 02:51 . 2015-08-12 06:13 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-07-14 13:29 . 2015-07-14 13:29 60552 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2015-07-14 13:29 . 2015-07-14 13:29 46656 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2015-07-14 13:29 . 2015-07-14 13:29 202704 ----a-w- c:\windows\system32\drivers\eamonm.sys
2015-07-14 13:29 . 2015-07-14 13:29 185176 ----a-w- c:\windows\system32\drivers\epfw.sys
2015-07-14 13:29 . 2015-07-14 13:29 144536 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2015-07-09 17:42 . 2015-08-12 06:14 179712 ----a-w- c:\windows\system32\notepad.exe
2015-07-09 17:42 . 2015-08-12 06:14 179712 ----a-w- c:\windows\notepad.exe
2015-07-04 17:48 . 2015-07-15 11:34 1414656 ----a-w- c:\windows\system32\ole32.dll
2015-07-01 20:30 . 2015-08-12 06:14 206848 ----a-w- c:\windows\system32\WebClnt.dll
2015-07-01 20:30 . 2015-08-12 06:14 82432 ----a-w- c:\windows\system32\davclnt.dll
2015-06-17 17:39 . 2015-07-15 11:34 305664 ----a-w- c:\windows\system32\gdi32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-12-22 15:28 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-12-22 15:28 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-12-22 15:28 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-12-22 15:28 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-12-22 15:28 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-12-22 15:28 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Viber"="c:\users\Otakar Vavrečka\AppData\Local\Viber\Viber.exe" [2014-09-02 936656]
"MP3 Skype Recorder"="c:\users\Otakar Vavrečka\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe" [2014-08-08 1544704]
"Seznam Postak"="c:\users\Otakar Vavrečka\AppData\Local\Seznam.cz\bin\postak.exe" [2012-01-10 491040]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-10-29 4826904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hppwrsav"="c:\scanjet\PrecisionScanLT\hppwrsav.exe" [1999-06-07 23552]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"KONICA MINOLTA PagePro 1300WStatusDisplay"="c:\windows\system32\MSTMON_N.EXE" [2004-11-25 151552]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"KONICA MINOLTA PagePro 1400W STD"="c:\windows\system32\MSTMON_Y.EXE" [2006-03-01 184320]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2015-07-08 5089480]
.
c:\users\Otakar Vavrečka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Mámemail Pošťák.lnk - c:\program files\Mamemail\Mamemail Postak\Postak.exe [2015-7-12 740352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ImageBrowser EX Agent.lnk - c:\program files\Canon\ImageBrowser EX\MFManager.exe [2012-8-30 69120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 MLPTDR_N;MLPTDR_N;c:\windows\system32\MLPTDR_N.SYS [2003-07-18 18848]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-07-09 327296]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-08-15 102912]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2013-10-10 13464]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2015-03-02 115672]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-23 1343400]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2015-07-14 60552]
S1 aswKbd;aswKbd; [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2015-07-14 202704]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2015-07-14 144536]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2015-07-14 46656]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2015-07-08 1353720]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\Hp\Common\HPSupportSolutionsFrameworkService.exe [2014-12-11 89864]
S3 5U876UVC;HP Webcam [2 MP series];c:\windows\system32\DRIVERS\5U876.sys [2009-11-13 16:20 114688]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2012-03-27 319264]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-15 19:31 1087816 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-09-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 06:31]
.
.
------- Doplňkový sken -------
.
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Otakar Vavrečka\AppData\Roaming\Mozilla\Firefox\Profiles\fslv0uhv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(1436)
c:\windows\system32\DeviceCenter.dll
.
Celkový čas: 2015-09-14 21:01:53
ComboFix-quarantined-files.txt 2015-09-14 19:01
.
Před spuštěním: Volných bajtů: 33 956 237 312
Po spuštění: Volných bajtů: 34 102 730 752
.
- - End Of File - - 19E87E1AB98F5C9033BD2BB1CA645356
A36C5E4F47E84449FF07ED3517B43A31

#4 Příspěvek od **Rudy** » 14 zář 2015 20:20

Přesuňte ComboFix na kořenový adresář c:\. Otevřte poznámkový blok a zkopírujte do něj:

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-

Driver::
aswKbd

Reboot::

Uložte rovněž na kořenový adresář c:\. Pak jej myší v průzkumníku windows (nebo jiném souborovém manažeru) přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

rakato11 · #5 Příspěvek od **rakato11** » 14 zář 2015 21:56

ComboFix z plochy jsem přesunul na c:\ Qoobox, to nevím zda je správně.

Do poznámkového bloku jsem zkopíroval :

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-

Driver::
aswKbd

Reboot::

Uložit se mi to nějak nedaří, dělám někde chybu?

rakato11 · #6 Příspěvek od **rakato11** » 15 zář 2015 07:32

Tak po včerejším vypnutí notebooku mi dnes ráno po zapnutí tlačítkem notebook naběhne ale když chci vložit heslo tak jednoduše nereaguje, čili nemohu notebook spustit.
Prosím poraďte jak dál postupovat, podotýkám že v PC nejsem až tak zručný.
Včera jsem udělal to jak jsem psal výše, do poznámkového bloku jsem zkopíroval to co jste mi kázal a jelikož mi to nešlo uložit, tak jsem soubor přejmenoval na CFScript, uložil tam kde ComboFix a pak jsem ten soubor přetáhl myší nad ComboFix a spustil. On chvíli pracoval ale pak se jakoby zaseknul a již dál se nehnul po asi 45min.
Bylo již pozdě a já byl děsně unavený a asi jsem udělal chybu že jsem ComboFix zavřel a PC vypnul, měl jsem jej nechat běžet do rána.

#7 Příspěvek od **Rudy** » 15 zář 2015 16:33

Musíte uložit na C:\ jako CFScript.txt (uložit jako...)

Jestli jste to vypnul při chodu CF, příliš jste si neposloužil, může dojít až k reinstalu systému. Je možné, že jste si poškodil systém. V návodu jasně stojí:

behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

Tím "ani nic jiného" je myšleno ani neklikat. Zkuste nastartovat do nouz. režimu

rakato11 · #8 Příspěvek od **rakato11** » 15 zář 2015 17:51

Tak ani v nouzovém režimu nelze zadat heslo, tak jsem to totálně po.ral. Dá se s tím něco udělat, je tam také možnost opravit systém.

#9 Příspěvek od **Rudy** » 15 zář 2015 18:17

To zkuste, případně poslední známou funkční konfiguraci.

rakato11 · #10 Příspěvek od **rakato11** » 15 zář 2015 18:40

Takže při pokusu o opravu počítače jsem byl neúspěšný, zabralo až na Vaše doporučení "poslední známá funkční konfigurace".
Jsem jíž na svým notebooku, jak pokračovat dále?

#11 Příspěvek od **Rudy** » 15 zář 2015 19:01

Uložit CFScript.txt do stejného adresáře, jako CF a přetáhnout. Tím se CF spustí a vykoná příkazy ze skriptu. Ve vašem případě není možné to mít na ploše, potažmo v jiném adresáři v c:\users\Otakar VavreŔka, neboť máte v názvu profilu diakritiku a CF pak z toho důvodu nenačte skript (program není kompatiobilní s českou diakritkou). Proto ta komplikace.

rakato11 · #12 Příspěvek od **rakato11** » 15 zář 2015 20:35

Nyní jsem nechal CF v klidu vykonávat svojí práci, po restartu který provedl CF však opět nešlo zadat heslo proto jsem musel přistoupit opětovně k "poslední známá funkční konfigurace".
CF vytvořil log který zde dávám.

ComboFix 15-09-07.01 - Otakar Vavrečka 15.09.2015 21:04:46.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3066.2048 [GMT 2:00]
Spuštěný z: c:\qoobox\ComboFix.exe
Použité ovládací přepínače :: c:\qoobox\CFScript.txt.txt
AV: ESET Smart Security 8.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personálny Firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_aswKbd
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-08-15 do 2015-09-15 )))))))))))))))))))))))))))))))
.
.
2015-09-15 19:15 . 2015-09-15 19:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-09-15 19:15 . 2015-09-15 19:15 -------- d-----w- c:\users\Otakar Vavreźka\AppData\Local\temp
2015-09-15 19:15 . 2015-09-15 19:15 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-09-15 19:15 . 2015-09-15 19:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-09-14 17:40 . 2015-09-14 17:52 -------- d-----w- C:\rsit
2015-09-14 17:40 . 2015-09-14 17:41 -------- d-----w- c:\program files\trend micro
2015-09-09 06:53 . 2015-08-26 17:56 93184 ----a-w- c:\windows\system32\wudriver.dll
2015-09-09 06:53 . 2015-08-26 17:56 35840 ----a-w- c:\windows\system32\wups2.dll
2015-09-09 06:53 . 2015-08-26 17:56 30208 ----a-w- c:\windows\system32\wups.dll
2015-09-09 06:53 . 2015-08-26 17:56 173056 ----a-w- c:\windows\system32\wuwebv.dll
2015-09-09 06:53 . 2015-08-26 17:56 566784 ----a-w- c:\windows\system32\wuapi.dll
2015-09-09 06:53 . 2015-08-26 17:56 2953728 ----a-w- c:\windows\system32\wucltux.dll
2015-09-09 06:53 . 2015-08-26 17:56 2061824 ----a-w- c:\windows\system32\wuaueng.dll
2015-09-09 06:53 . 2015-08-26 17:55 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-09-09 06:53 . 2015-08-26 17:55 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-09-09 06:53 . 2015-08-26 17:55 34816 ----a-w- c:\windows\system32\wuapp.exe
2015-09-09 06:53 . 2015-08-26 17:55 135680 ----a-w- c:\windows\system32\wuauclt.exe
2015-09-09 06:52 . 2015-07-15 02:54 2048 ----a-w- c:\windows\system32\tzres.dll
2015-08-30 13:30 . 2015-08-30 13:30 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-13 06:31 . 2012-04-03 09:08 778440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-08-13 06:31 . 2011-05-18 10:42 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-08-05 17:41 . 2015-09-09 06:54 751104 ----a-w- c:\windows\system32\schedsvc.dll
2015-07-30 17:57 . 2015-08-12 06:14 909824 ----a-w- c:\windows\system32\FntCache.dll
2015-07-30 17:57 . 2015-08-12 06:14 1251328 ----a-w- c:\windows\system32\DWrite.dll
2015-07-30 17:57 . 2015-08-12 06:14 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-30 13:13 . 2015-08-12 06:24 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-16 19:12 . 2015-08-12 06:14 856064 ----a-w- c:\windows\system32\rdvidcrl.dll
2015-07-16 19:12 . 2015-08-12 06:14 53248 ----a-w- c:\windows\system32\tsgqec.dll
2015-07-16 19:12 . 2015-08-12 06:14 6131200 ----a-w- c:\windows\system32\mstscax.dll
2015-07-16 15:14 . 2015-08-12 06:14 355840 ----a-w- c:\windows\system32\wksprt.exe
2015-07-15 18:46 . 2015-08-12 06:14 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\mountmgr.sys.mui
2015-07-15 17:59 . 2015-08-12 06:14 3989952 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-07-15 17:59 . 2015-08-12 06:14 3934656 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-07-15 17:59 . 2015-08-12 06:14 78784 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-07-15 17:59 . 2015-08-12 06:14 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-07-15 17:59 . 2015-08-12 06:14 137664 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-07-15 17:56 . 2015-08-12 06:14 1308160 ----a-w- c:\windows\system32\ntdll.dll
2015-07-15 17:55 . 2015-08-12 06:14 172032 ----a-w- c:\windows\system32\wdigest.dll
2015-07-15 17:55 . 2015-08-12 06:14 65536 ----a-w- c:\windows\system32\TSpkg.dll
2015-07-15 17:55 . 2015-08-12 06:14 1159168 ----a-w- c:\windows\system32\sysmain.dll
2015-07-15 17:55 . 2015-08-12 06:14 15872 ----a-w- c:\windows\system32\sspisrv.dll
2015-07-15 17:55 . 2015-08-12 06:14 100352 ----a-w- c:\windows\system32\sspicli.dll
2015-07-15 17:55 . 2015-08-12 06:14 400896 ----a-w- c:\windows\system32\srcore.dll
2015-07-15 17:55 . 2015-08-12 06:14 43008 ----a-w- c:\windows\system32\srclient.dll
2015-07-15 17:55 . 2015-08-12 06:14 248832 ----a-w- c:\windows\system32\schannel.dll
2015-07-15 17:55 . 2015-08-12 06:14 22016 ----a-w- c:\windows\system32\secur32.dll
2015-07-15 17:54 . 2015-08-12 06:14 655360 ----a-w- c:\windows\system32\rpcrt4.dll
2015-07-15 17:54 . 2015-08-12 06:14 221184 ----a-w- c:\windows\system32\ncrypt.dll
2015-07-15 17:54 . 2015-08-12 06:14 259584 ----a-w- c:\windows\system32\msv1_0.dll
2015-07-15 17:54 . 2015-08-12 06:14 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-07-15 17:54 . 2015-08-12 06:14 1061376 ----a-w- c:\windows\system32\lsasrv.dll
2015-07-15 17:54 . 2015-08-12 06:14 552960 ----a-w- c:\windows\system32\kerberos.dll
2015-07-15 17:54 . 2015-08-12 06:14 38912 ----a-w- c:\windows\system32\csrsrv.dll
2015-07-15 17:54 . 2015-08-12 06:14 36864 ----a-w- c:\windows\system32\cryptbase.dll
2015-07-15 17:54 . 2015-08-12 06:14 17408 ----a-w- c:\windows\system32\credssp.dll
2015-07-15 17:54 . 2015-08-12 06:14 69632 ----a-w- c:\windows\system32\smss.exe
2015-07-15 17:54 . 2015-08-12 06:14 262656 ----a-w- c:\windows\system32\rstrui.exe
2015-07-15 17:54 . 2015-08-12 06:14 22528 ----a-w- c:\windows\system32\lsass.exe
2015-07-15 17:53 . 2015-08-12 06:14 50176 ----a-w- c:\windows\system32\auditpol.exe
2015-07-15 17:49 . 2015-08-12 06:14 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-07-15 17:48 . 2015-08-12 06:14 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-07-15 17:44 . 2015-08-12 06:14 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-07-15 17:44 . 2015-08-12 06:14 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-07-15 16:36 . 2015-08-12 06:14 225792 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-07-15 16:36 . 2015-08-12 06:14 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-07-15 16:36 . 2015-08-12 06:14 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2015-07-15 02:55 . 2015-08-12 06:13 1390592 ----a-w- c:\windows\system32\msxml6.dll
2015-07-15 02:55 . 2015-08-12 06:13 1241088 ----a-w- c:\windows\system32\msxml3.dll
2015-07-15 02:55 . 2015-08-12 06:13 44032 ----a-w- c:\windows\system32\basesrv.dll
2015-07-15 02:51 . 2015-08-12 06:13 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-07-15 02:51 . 2015-08-12 06:13 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-07-14 13:29 . 2015-07-14 13:29 60552 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2015-07-14 13:29 . 2015-07-14 13:29 46656 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2015-07-14 13:29 . 2015-07-14 13:29 202704 ----a-w- c:\windows\system32\drivers\eamonm.sys
2015-07-14 13:29 . 2015-07-14 13:29 185176 ----a-w- c:\windows\system32\drivers\epfw.sys
2015-07-14 13:29 . 2015-07-14 13:29 144536 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2015-07-09 17:42 . 2015-08-12 06:14 179712 ----a-w- c:\windows\system32\notepad.exe
2015-07-09 17:42 . 2015-08-12 06:14 179712 ----a-w- c:\windows\notepad.exe
2015-07-04 17:48 . 2015-07-15 11:34 1414656 ----a-w- c:\windows\system32\ole32.dll
2015-07-01 20:30 . 2015-08-12 06:14 206848 ----a-w- c:\windows\system32\WebClnt.dll
2015-07-01 20:30 . 2015-08-12 06:14 82432 ----a-w- c:\windows\system32\davclnt.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-12-22 15:28 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-12-22 15:28 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-12-22 15:28 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-12-22 15:28 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-12-22 15:28 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-12-22 15:28 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Viber"="c:\users\Otakar Vavrečka\AppData\Local\Viber\Viber.exe" [2014-09-02 936656]
"MP3 Skype Recorder"="c:\users\Otakar Vavrečka\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe" [2014-08-08 1544704]
"Seznam Postak"="c:\users\Otakar Vavrečka\AppData\Local\Seznam.cz\bin\postak.exe" [2012-01-10 491040]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-10-29 4826904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hppwrsav"="c:\scanjet\PrecisionScanLT\hppwrsav.exe" [1999-06-07 23552]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"KONICA MINOLTA PagePro 1300WStatusDisplay"="c:\windows\system32\MSTMON_N.EXE" [2004-11-25 151552]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"KONICA MINOLTA PagePro 1400W STD"="c:\windows\system32\MSTMON_Y.EXE" [2006-03-01 184320]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2015-07-08 5089480]
.
c:\users\Otakar Vavrečka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Mámemail Pošťák.lnk - c:\program files\Mamemail\Mamemail Postak\Postak.exe [2015-7-12 740352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ImageBrowser EX Agent.lnk - c:\program files\Canon\ImageBrowser EX\MFManager.exe [2012-8-30 69120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S3 5U876UVC;HP Webcam [2 MP series];c:\windows\system32\DRIVERS\5U876.sys [2009-11-13 16:20 114688]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-15 19:31 1087816 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 06:31]
.
.
------- Doplňkový sken -------
.
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Otakar Vavrečka\AppData\Roaming\Mozilla\Firefox\Profiles\fslv0uhv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Hpservice.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\ESET\ESET Smart Security\ekrn.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Hp\Common\HPSupportSolutionsFrameworkService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\users\Otakar Vavrec:\users\Otakar Vavrec:\program files\CCleaner\CCleaner.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2015-09-15 21:28:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-09-15 19:28
ComboFix2.txt 2015-09-14 19:01
.
Před spuštěním: Volných bajtů: 33 890 766 848
Po spuštění: Volných bajtů: 33 719 386 112
.
- - End Of File - - 35BEF5C9707CA40F339A01474252CD9C
A36C5E4F47E84449FF07ED3517B43A31

#13 Příspěvek od **Rudy** » 15 zář 2015 21:25

To je divné, tohle CF běžně nedělá. U něj se musí dávat pozor na jiné věci. Mělo by být čisto. CF přejmenujte na uninstall a spusťte. CF se spustí a odinstaluje.

rakato11 · #14 Příspěvek od **rakato11** » 16 zář 2015 07:53

Když jsem dnes ráno zapínal PC tak mi opět nešlo zadat heslo, musel jsem opět použít "poslední známá funkční konfigurace".
Po odinstalování CF jsem zkusil PC vypnout a znovu zapnout a už je vše v pořádku, heslo jde zadat normálně.
Moc Vám děkuji za Vaší trpělivost se mnou a hlavně za pomoc kterou jste mi poskytnul.

#15 Příspěvek od **Rudy** » 16 zář 2015 18:18

Vir asi nějak nakopal systém. Tohle se nám ještě v souvislosti s použitím CF nestalo. CF spíše někdy maže regulérní programy. Pokud teď vše funguje, bude to OK.

VIRY.CZ

Policejní vírus

Policejní vírus

Re: Policejní vírus

Re: Policejní vírus

Re: Policejní vírus

Re: Policejní vírus

Re: Policejní vírus

Re: Policejní vírus

Re: Policejní vírus

Re: Policejní vírus

Re: Policejní vírus

Re: Policejní vírus

Re: Policejní vírus

Re: Policejní vírus

Re: Policejní vírus

Re: Policejní vírus