nemocnej explorer

Zpráva

#16 Příspěvek od **Rudy** » 26 bře 2013 19:33

Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

ebola · #17 Příspěvek od **ebola** » 27 bře 2013 17:49

zdravim,tak tady je log :

ComboFix 13-03-27.01 - jemin 27.03.2013 17:28:42.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.3070.1798 [GMT 1:00]
Spuštěný z: c:\users\jemin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-02-27 do 2013-03-27 )))))))))))))))))))))))))))))))
.
.
2013-03-27 16:35 . 2013-03-27 16:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-26 13:52 . 2013-03-26 13:52 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{49430FEA-4F60-4650-BE5C-B486A15AC781}\offreg.dll
2013-03-25 12:01 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{49430FEA-4F60-4650-BE5C-B486A15AC781}\mpengine.dll
2013-03-24 14:50 . 2013-03-24 14:51 -------- d-----w- C:\rsit
2013-03-23 08:38 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-21 10:20 . 2012-11-28 13:58 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F596C12F-278B-426A-AC33-37785819496D}\gapaengine.dll
2013-03-20 15:22 . 2013-02-05 08:54 37344 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2013-03-20 15:22 . 2013-02-05 08:54 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe
2013-03-20 15:22 . 2011-11-29 15:40 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2013-03-18 19:35 . 2013-03-18 19:35 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-18 19:32 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-18 15:01 . 2013-03-14 11:36 8952608 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-03-18 15:01 . 2013-03-14 11:36 892704 ----a-w- c:\windows\system32\nvdispgenco3231421.dll
2013-03-18 15:01 . 2013-03-14 11:36 7959000 ----a-w- c:\windows\system32\nvcuda.dll
2013-03-18 15:01 . 2013-03-14 11:36 6271872 ----a-w- c:\windows\system32\nvopencl.dll
2013-03-18 15:01 . 2013-03-14 11:36 481056 ----a-w- c:\windows\system32\nvEncodeAPI.dll
2013-03-18 15:01 . 2013-03-14 11:36 2728736 ----a-w- c:\windows\system32\nvcuvid.dll
2013-03-18 15:01 . 2013-03-14 11:36 205184 ----a-w- c:\windows\system32\nvinit.dll
2013-03-18 15:01 . 2013-03-14 11:36 1995552 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-03-18 15:01 . 2013-03-14 11:36 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
2013-03-18 15:01 . 2013-03-14 11:36 1012512 ----a-w- c:\windows\system32\nvdispco3231421.dll
2013-03-18 15:01 . 2013-03-14 11:36 20542752 ----a-w- c:\windows\system32\nvoglv32.dll
2013-03-15 22:10 . 2013-03-15 22:10 -------- d-----w- c:\users\jemin\.objectdb
2013-03-15 16:57 . 2013-03-15 16:57 -------- d-----w- c:\program files\AGEIA Technologies
2013-03-15 16:55 . 2012-12-19 05:41 28600 ----a-w- c:\windows\system32\nvhdap32.dll
2013-03-15 16:55 . 2012-12-19 05:41 154040 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2013-03-15 16:55 . 2013-02-10 03:20 892704 ----a-w- c:\windows\system32\nvdispgenco3220162.dll
2013-03-15 16:55 . 2013-02-10 03:20 1012512 ----a-w- c:\windows\system32\nvdispco3220294.dll
2013-03-15 09:18 . 2013-03-15 13:49 -------- d-----w- c:\users\jemin\AppData\Roaming\NVIDIA
2013-03-15 08:39 . 2013-03-26 16:24 -------- d-----w- c:\programdata\NVIDIA
2013-03-15 08:39 . 2013-03-23 20:26 -------- d-----w- c:\users\UpdatusUser
2013-03-15 08:39 . 2013-03-14 08:50 3014432 ----a-w- c:\windows\system32\nvsvc.dll
2013-03-15 08:39 . 2013-03-14 08:50 634144 ----a-w- c:\windows\system32\nvvsvc.exe
2013-03-15 08:39 . 2013-03-14 08:50 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-03-15 08:39 . 2013-03-12 13:50 3065455 ----a-w- c:\windows\system32\nvcoproc.bin
2013-03-15 08:39 . 2013-02-10 00:35 2555168 ----a-w- c:\windows\system32\nvsvcr.dll
2013-03-15 08:39 . 2013-03-14 08:50 4119328 ----a-w- c:\windows\system32\nvcpl.dll
2013-03-15 08:39 . 2013-03-14 08:50 223008 ----a-w- c:\windows\system32\nvmctray.dll
2013-03-15 08:38 . 2013-03-15 08:38 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-03-15 08:38 . 2012-08-30 19:13 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2013-03-15 08:38 . 2012-08-30 19:13 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2013-03-15 08:37 . 2013-03-14 11:36 13001456 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-03-15 08:37 . 2013-03-14 11:36 968408 ----a-w- c:\windows\system32\nvumdshim.dll
2013-03-15 08:37 . 2013-03-14 11:36 15042928 ----a-w- c:\windows\system32\nvd3dum.dll
2013-03-15 08:37 . 2013-03-14 11:36 2539128 ----a-w- c:\windows\system32\nvapi.dll
2013-03-14 02:38 . 2013-03-14 02:38 559904 ----a-w- c:\windows\system32\nvStreaming.exe
2013-03-09 05:40 . 2013-03-09 05:40 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-04 16:53 . 2013-03-04 16:53 -------- d-----w- c:\users\jemin\AppData\Roaming\LangSoft
2013-02-26 06:55 . 2013-02-26 06:55 65536 ----a-w- c:\windows\system32\frapsvid.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-23 17:17 . 2012-09-24 15:24 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-03-23 17:17 . 2012-06-23 18:43 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-03-19 18:36 . 2012-01-29 07:14 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-03-19 18:35 . 2011-03-17 19:48 214520 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-03-15 09:36 . 2012-04-10 16:12 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-15 09:36 . 2011-05-18 03:30 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-09 05:40 . 2012-07-23 17:01 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-09 05:40 . 2011-02-13 17:53 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-12 04:48 . 2013-03-18 19:32 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-18 19:32 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-06 06:42 . 2013-02-06 06:42 83864 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2013-02-06 06:42 . 2013-02-06 06:42 181784 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2013-01-30 10:53 . 2011-02-13 10:25 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 14:59 . 2013-01-20 14:59 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 14:59 . 2012-03-20 18:44 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-05 05:00 . 2013-02-13 14:00 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 14:00 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 04:50 . 2013-02-13 14:00 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 03:00 . 2013-02-13 14:00 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 05:05 . 2013-02-13 14:00 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 05:04 . 2013-02-13 14:00 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{4DB74D06-491C-440D-305E-012400990F3E}]
2010-11-20 12:24 73728 ----a-w- c:\windows\System32\cii.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Svátky a výročí"="c:\program files\OKsoftware\Svátky a výročí\Vyroci.exe" [2006-04-28 1019904]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2012-08-23 366576]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"KiesAirMessage"="f:\kies\KiesAirMessage.exe" [2013-02-06 578560]
"KiesPreload"="f:\kies\Kies.exe" [2013-02-13 1509232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-01-18 10025576]
"GrooveMonitor"="f:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2012-09-07 2777296]
"SpywareTerminatorUpdater"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-09-07 3673808]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\jemin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Vesmír na dlani.lnk - c:\program files\Noční obloha\vesmir.exe [2003-11-29 57344]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kaspersky Security Scan.lnk - c:\program files\Kaspersky Security Scan\KSS.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 16:53 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 XDva401;XDva401;c:\windows\system32\XDva401.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-03-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 09:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - f:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - f:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - f:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-03-27 17:37:07
ComboFix-quarantined-files.txt 2013-03-27 16:37
.
Před spuštěním: 1 121 411 072
Po spuštění: 1 043 402 752
.
- - End Of File - - 1BF11D2DC07F54DF89AF1EA9E6AA87EC

#18 Příspěvek od **Rudy** » 27 bře 2013 19:49

Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
c:\windows\system32\XDva401.sys

Driver::
XDva401

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

ebola · #19 Příspěvek od **ebola** » 27 bře 2013 21:04

problém přetrvává -poslední log je zde

ComboFix 13-03-27.01 - jemin 27.03.2013 20:42:10.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.3070.1733 [GMT 1:00]
Spuštěný z: c:\users\jemin\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\jemin\Desktop\CFScript.txt..txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_XDVA401
-------\Service_XDva401
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-02-27 do 2013-03-27 )))))))))))))))))))))))))))))))
.
.
2013-03-27 19:47 . 2013-03-27 19:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-27 19:39 . 2013-03-27 19:39 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9FE3928A-D491-4CB6-8427-79067193BD11}\MpKslfe5b83bf.sys
2013-03-27 16:49 . 2013-03-27 16:49 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9FE3928A-D491-4CB6-8427-79067193BD11}\offreg.dll
2013-03-27 16:49 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9FE3928A-D491-4CB6-8427-79067193BD11}\mpengine.dll
2013-03-25 12:01 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-24 14:50 . 2013-03-24 14:51 -------- d-----w- C:\rsit
2013-03-21 10:20 . 2012-11-28 13:58 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F596C12F-278B-426A-AC33-37785819496D}\gapaengine.dll
2013-03-20 15:22 . 2013-02-05 08:54 37344 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2013-03-20 15:22 . 2013-02-05 08:54 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe
2013-03-20 15:22 . 2011-11-29 15:40 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2013-03-18 19:35 . 2013-03-18 19:35 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-18 19:32 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-18 15:01 . 2013-03-14 11:36 8952608 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-03-18 15:01 . 2013-03-14 11:36 892704 ----a-w- c:\windows\system32\nvdispgenco3231421.dll
2013-03-18 15:01 . 2013-03-14 11:36 7959000 ----a-w- c:\windows\system32\nvcuda.dll
2013-03-18 15:01 . 2013-03-14 11:36 6271872 ----a-w- c:\windows\system32\nvopencl.dll
2013-03-18 15:01 . 2013-03-14 11:36 481056 ----a-w- c:\windows\system32\nvEncodeAPI.dll
2013-03-18 15:01 . 2013-03-14 11:36 2728736 ----a-w- c:\windows\system32\nvcuvid.dll
2013-03-18 15:01 . 2013-03-14 11:36 205184 ----a-w- c:\windows\system32\nvinit.dll
2013-03-18 15:01 . 2013-03-14 11:36 1995552 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-03-18 15:01 . 2013-03-14 11:36 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
2013-03-18 15:01 . 2013-03-14 11:36 1012512 ----a-w- c:\windows\system32\nvdispco3231421.dll
2013-03-18 15:01 . 2013-03-14 11:36 20542752 ----a-w- c:\windows\system32\nvoglv32.dll
2013-03-15 22:10 . 2013-03-15 22:10 -------- d-----w- c:\users\jemin\.objectdb
2013-03-15 16:57 . 2013-03-15 16:57 -------- d-----w- c:\program files\AGEIA Technologies
2013-03-15 16:55 . 2012-12-19 05:41 28600 ----a-w- c:\windows\system32\nvhdap32.dll
2013-03-15 16:55 . 2012-12-19 05:41 154040 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2013-03-15 16:55 . 2013-02-10 03:20 892704 ----a-w- c:\windows\system32\nvdispgenco3220162.dll
2013-03-15 16:55 . 2013-02-10 03:20 1012512 ----a-w- c:\windows\system32\nvdispco3220294.dll
2013-03-15 09:18 . 2013-03-15 13:49 -------- d-----w- c:\users\jemin\AppData\Roaming\NVIDIA
2013-03-15 08:39 . 2013-03-27 19:49 -------- d-----w- c:\programdata\NVIDIA
2013-03-15 08:39 . 2013-03-23 20:26 -------- d-----w- c:\users\UpdatusUser
2013-03-15 08:39 . 2013-03-14 08:50 3014432 ----a-w- c:\windows\system32\nvsvc.dll
2013-03-15 08:39 . 2013-03-14 08:50 634144 ----a-w- c:\windows\system32\nvvsvc.exe
2013-03-15 08:39 . 2013-03-14 08:50 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-03-15 08:39 . 2013-03-12 13:50 3065455 ----a-w- c:\windows\system32\nvcoproc.bin
2013-03-15 08:39 . 2013-02-10 00:35 2555168 ----a-w- c:\windows\system32\nvsvcr.dll
2013-03-15 08:39 . 2013-03-14 08:50 4119328 ----a-w- c:\windows\system32\nvcpl.dll
2013-03-15 08:39 . 2013-03-14 08:50 223008 ----a-w- c:\windows\system32\nvmctray.dll
2013-03-15 08:38 . 2013-03-15 08:38 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-03-15 08:38 . 2012-08-30 19:13 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2013-03-15 08:38 . 2012-08-30 19:13 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2013-03-15 08:37 . 2013-03-14 11:36 13001456 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-03-15 08:37 . 2013-03-14 11:36 968408 ----a-w- c:\windows\system32\nvumdshim.dll
2013-03-15 08:37 . 2013-03-14 11:36 15042928 ----a-w- c:\windows\system32\nvd3dum.dll
2013-03-15 08:37 . 2013-03-14 11:36 2539128 ----a-w- c:\windows\system32\nvapi.dll
2013-03-14 02:38 . 2013-03-14 02:38 559904 ----a-w- c:\windows\system32\nvStreaming.exe
2013-03-09 05:40 . 2013-03-09 05:40 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-04 16:53 . 2013-03-04 16:53 -------- d-----w- c:\users\jemin\AppData\Roaming\LangSoft
2013-02-26 06:55 . 2013-02-26 06:55 65536 ----a-w- c:\windows\system32\frapsvid.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-23 17:17 . 2012-09-24 15:24 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-03-23 17:17 . 2012-06-23 18:43 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-03-19 18:36 . 2012-01-29 07:14 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-03-19 18:35 . 2011-03-17 19:48 214520 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-03-15 09:36 . 2012-04-10 16:12 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-15 09:36 . 2011-05-18 03:30 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-09 05:40 . 2012-07-23 17:01 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-09 05:40 . 2011-02-13 17:53 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-12 04:48 . 2013-03-18 19:32 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-18 19:32 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-06 06:42 . 2013-02-06 06:42 83864 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2013-02-06 06:42 . 2013-02-06 06:42 181784 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2013-01-30 10:53 . 2011-02-13 10:25 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 14:59 . 2013-01-20 14:59 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 14:59 . 2012-03-20 18:44 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-05 05:00 . 2013-02-13 14:00 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 14:00 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 04:50 . 2013-02-13 14:00 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 03:00 . 2013-02-13 14:00 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 05:05 . 2013-02-13 14:00 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 05:04 . 2013-02-13 14:00 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{4DB74D06-491C-440D-305E-012400990F3E}]
2010-11-20 12:24 73728 ----a-w- c:\windows\System32\cii.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Svátky a výročí"="c:\program files\OKsoftware\Svátky a výročí\Vyroci.exe" [2006-04-28 1019904]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2012-08-23 366576]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"KiesAirMessage"="f:\kies\KiesAirMessage.exe" [2013-02-06 578560]
"KiesPreload"="f:\kies\Kies.exe" [2013-02-13 1509232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-01-18 10025576]
"GrooveMonitor"="f:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2012-09-07 2777296]
"SpywareTerminatorUpdater"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-09-07 3673808]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
.
c:\users\jemin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Vesmír na dlani.lnk - c:\program files\Noční obloha\vesmir.exe [2003-11-29 57344]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kaspersky Security Scan.lnk - c:\program files\Kaspersky Security Scan\KSS.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 16:53 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 MpKslfe5b83bf;MpKslfe5b83bf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9FE3928A-D491-4CB6-8427-79067193BD11}\MpKslfe5b83bf.sys [x]
S1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-03-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 09:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - f:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - f:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - f:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3288)
c:\program files\SmartFTP Client 2.0\smarthook.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
d:\fraps\fraps.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\sppsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Noc:\windows\system32\SearchProtocolHost.exe
c:\program files\IncrediMail\Bin\ImApp.exe
c:\windows\system32\DllHost.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2013-03-27 20:53:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-03-27 19:53
ComboFix2.txt 2013-03-27 16:37
.
Před spuštěním: 975 433 728
Po spuštění: 1 005 137 920
.
- - End Of File - - C6E9D68CF87AC4F6F1E4A0506A2BCFCE

#20 Příspěvek od **Rudy** » 27 bře 2013 21:24

Log je již OK. Na zkoušku nainstalujte alternativní prohlížeča vyzkoušejte, zda na něm bude stejný problém.

ebola · #21 Příspěvek od **ebola** » 27 bře 2013 21:33

nainstaloval jsem Google Chrome a tam je vše ok

#22 Příspěvek od **Rudy** » 27 bře 2013 21:38

IE přeinstalujte.

ebola · #23 Příspěvek od **ebola** » 28 bře 2013 17:52

přeinstalováno,problém je pryč -díky za pomoc

#24 Příspěvek od **Rudy** » 28 bře 2013 18:27

Nemáte zač!

VIRY.CZ

nemocnej explorer

Re: nemocnej explorer

Re: nemocnej explorer

Re: nemocnej explorer

Re: nemocnej explorer

Re: nemocnej explorer

Re: nemocnej explorer

Re: nemocnej explorer

Re: nemocnej explorer

Re: nemocnej explorer