Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

policejní vir

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Trixl
Návštěvník
Návštěvník
Příspěvky: 53
Registrován: 06 úno 2014 10:27

policejní vir

#1 Příspěvek od Trixl »

Dobrý den,
bohužel mě to taky postihlo, děkuji předem za pomoc. V problematice se moc neorientuji, snad to s vaší pomocí zvládnu.
Prozatím jsem si přečetla již vyřešený případ.
Stáhla jsem si FRST a použila dle návodu na zavirovaném pc.
Mám ale nejdříve dvě otázky na ComboFix.
1) PC mi instalovala před x lety firma, když spustím pc v nouzovém režimu mám dva admistrátory. Jeden jinak pro mě neviditelný, to byl ten kdo mi instaloval pc a sobě jsem přidělila administrátorská práva na mém profilu, v běžném provozu mám na pc viditelný pouze můj profil. Bude to pro ComboFix stačit?
2) rozumím tomu dobře, že si pak mám ComboFix normálně uložit na tom zavirovaném pc na Plochu?
Nejsem blondýna, ale raději se zeptám i blbě než bych něco pokazila :oops:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-02-2014
Ran by Lynx (administrator) on LYNX-E8BB066701 on 06-02-2014 10:19:25
Running from F:\
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) ===================

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Cmaudio] - RunDll32 cmicnfg.cpl,CMICtrlWnd
HKLM\...\Run: [igfxhkcmd] - C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [pdfSaver3] - [X]
HKLM\...\Run: [602PC SUITE PDF Saver] - C:\Program Files\Common Files\soft602\pdfSaver.exe [49152 2005-08-31] ()
HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2552856 2014-02-04] ()
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2013-11-20] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [NtVdmSrv] - C:\WINDOWS\inf\ntvdm.vbe [884 2013-06-14] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe
HKU\S-1-5-21-448539723-1383384898-1644491937-1004\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-448539723-1383384898-1644491937-1004\...\Run: [pdfSaver3] - c:\Program Files\PDF\pdfSaver\pdfSaver3.exe [385024 2004-05-19] (Tracker Software Products Ltd.)
HKU\S-1-5-21-448539723-1383384898-1644491937-1004\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-15] (SUPERAntiSpyware)
HKU\S-1-5-21-448539723-1383384898-1644491937-1004\...\Run: [PC Suite Tray] - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Device Detector 3.lnk
ShortcutTarget: Device Detector 3.lnk -> C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aplavysocina.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
URLSearchHook: HKCU - (No Name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - No File
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={1694 ... 2011-12-07 09:55:22&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {0165A0CC-4F27-481C-AFF3-84DF918CBBD7} URL = http://websearch.ask.com/redirect?clien ... A718594DAB&
SearchScopes: HKCU - {69592B17-EA9F-4764-8B1C-9DBD012C21D5} URL = http://www.mysearchresults.com/search?c ... earchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={1694 ... 2011-12-07 09:55:22&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT2186473
SearchScopes: HKCU - {F18B1482-B38A-44AD-9136-AB2860A85B2D} URL = http://www.google.cz/search?q={searchTe ... {startPage}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\Lynx\Data aplikací\defaulttab\defaulttab\DefaultTabBHO.dll (Search Results LLC.)
BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: DealPly Shopping - {9cf699ca-2174-4ed8-bec1-ba82095edce0} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-08-04] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 10.24.2.1 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\gsn1okiw.default
FF Homepage: hxxp://tv.sms.cz/index.php?P_id_kategorie=56456&P_soubor=televize%2Findex.php%3F%26zobrazeni%3D%26typprg_pouze%3D%26casod%3D0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.dpliveupdate.com/DealPlyLive Update;version=3 - C:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin: @tools.dpliveupdate.com/DealPlyLive Update;version=9 - C:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin: @videolan.org/vlc,version=1.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\gsn1okiw.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\gsn1okiw.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\gsn1okiw.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\gsn1okiw.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\gsn1okiw.default\searchplugins\icqplugin-16.xml
FF SearchPlugin: C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\gsn1okiw.default\searchplugins\icqplugin-17.xml
FF SearchPlugin: C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\gsn1okiw.default\searchplugins\icqplugin-18.xml
FF SearchPlugin: C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\gsn1okiw.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\gsn1okiw.default\searchplugins\icqplugin-3.xml
FF SearchPlugin: C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\gsn1okiw.default\searchplugins\icqplugin-4.xml
FF SearchPlugin: C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\gsn1okiw.default\searchplugins\icqplugin-5.xml
FF SearchPlugin: C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\gsn1okiw.default\searchplugins\icqplugin-6.xml
FF SearchPlugin: C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\gsn1okiw.default\searchplugins\icqplugin-7.xml
FF SearchPlugin: C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\gsn1okiw.default\searchplugins\icqplugin-8.xml
FF SearchPlugin: C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\gsn1okiw.default\searchplugins\icqplugin-9.xml
FF SearchPlugin: C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\gsn1okiw.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\gsn1okiw.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Český slovník pro kontrolu pravopisu - C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\gsn1okiw.default\Extensions\cs@dictionaries.addons.mozilla.org [2013-01-13]
FF Extension: No Name - C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\gsn1okiw.default\Extensions\staged(2) [2012-11-08]
FF Extension: WebSite Recommendation - C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\gsn1okiw.default\Extensions\WebSiteRecommendation@weliketheweb.com [2013-12-24]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\gsn1okiw.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-05-27]
FF Extension: BBCodeXtra - C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\gsn1okiw.default\Extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc} [2011-05-27]
FF Extension: Default Tab - C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\gsn1okiw.default\Extensions\addon@defaulttab.com.xpi [2013-11-26]
FF Extension: FlashGot - C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\gsn1okiw.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012-05-16]
FF Extension: Sage - C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\gsn1okiw.default\Extensions\{a6ca9b3b-5e52-4f47-85d8-cca35bb57596}.xpi [2011-05-27]
FF Extension: Adblock Plus - C:\Documents and Settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\gsn1okiw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-27]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-05]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-02-05]
FF HKLM\...\Firefox\Extensions: [avg@igeared] - C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\Documents and Settings\All Users\Data aplikací\AVG Secure Search\FireFoxExt\17.3.0.49
FF Extension: AVG Security Toolbar - C:\Documents and Settings\All Users\Data aplikací\AVG Secure Search\FireFoxExt\17.3.0.49 [2014-01-08]

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-11-28] (SUPERAntiSpyware.com)
S2 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1432080 2013-10-23] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
S2 dealplylive; C:\Program Files\DealPlyLive\Update\DealPlyLive.exe [148000 2013-08-10] (DealPly Technologies Ltd)
S3 dealplylivem; C:\Program Files\DealPlyLive\Update\DealPlyLive.exe [148000 2013-08-10] (DealPly Technologies Ltd)
S2 DefaultTabUpdate; C:\Documents and Settings\Lynx\Data aplikací\defaulttab\defaulttab\dtupdate.exe [107520 2013-11-26] ()
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
S2 vToolbarUpdater17.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-08] (AVG Secure Search)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [X]

==================== Drivers (Whitelisted) ====================

S3 Avgfwdx; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S3 Avgfwfd; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [208184 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22328 2013-10-23] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [39224 2013-10-23] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-11-10] (AVG Technologies)
S3 cmuda; C:\WINDOWS\System32\drivers\cmuda.sys [1332544 2005-05-12] (C-Media Inc)
S3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
S3 MA-620; C:\WINDOWS\System32\DRIVERS\MA-620.sys [27136 2003-03-25] (Mobile Action Tech. Inc.)
S3 MSIRCOMM; C:\WINDOWS\System32\DRIVERS\MSIRCOMM.sys [22016 2008-04-13] (Microsoft Corporation)
S3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [74496 2005-03-04] (Realtek Semiconductor Corporation )
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 VNUSB; C:\WINDOWS\System32\DRIVERS\VNUSB.sys [38448 2003-12-15] (OLYMPUS OPTICAL CO.,LTD.)
S4 IntelIde; No ImagePath
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-06 10:19 - 2014-02-06 10:19 - 00000000 ___DC () C:\FRST
2014-02-05 23:06 - 2014-02-05 23:09 - 00000000 ___DC () C:\Program Files\Mozilla Firefox
2014-01-21 18:34 - 2014-01-21 18:34 - 00000000 ____C () C:\Program Files\GUM6F.tmp
2014-01-21 18:33 - 2014-01-24 15:02 - 00000000 ___DC () C:\Program Files\Google
2014-01-15 23:07 - 2014-01-15 23:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-01-15 23:06 - 2014-01-15 23:07 - 00004510 ____C () C:\WINDOWS\KB2914368.log
2014-01-15 07:58 - 2014-01-15 07:58 - 00000000 ___DC () C:\Documents and Settings\All Users\Nabídka Start\Programy\Java
2014-01-15 07:58 - 2013-12-18 21:10 - 00094632 ____C (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-01-15 07:58 - 2013-12-18 21:04 - 00264616 ____C (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-01-15 07:58 - 2013-12-18 21:04 - 00175016 ____C (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-01-15 07:58 - 2013-12-18 21:03 - 00174504 ____C (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-01-15 07:58 - 2013-12-18 20:46 - 00145408 ____C (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-01-15 07:57 - 2014-01-15 07:58 - 00005134 ____C () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-01-11 11:07 - 2014-02-05 23:51 - 00000444 ____C () C:\WINDOWS\Tasks\DTReg.job

==================== One Month Modified Files and Folders =======

2014-02-06 10:19 - 2014-02-06 10:19 - 00000000 ___DC () C:\FRST
2014-02-06 10:13 - 2011-05-27 11:56 - 00000213 ____C () C:\WINDOWS\wiadebug.log
2014-02-06 10:13 - 2011-05-27 10:08 - 00000178 __SHC () C:\Documents and Settings\Lynx\ntuser.ini
2014-02-06 10:13 - 2011-05-27 10:07 - 00032504 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-06 10:13 - 2011-05-27 10:07 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2014-02-06 10:13 - 2011-05-27 10:01 - 01066738 ____C () C:\WINDOWS\WindowsUpdate.log
2014-02-06 10:09 - 2013-08-10 16:09 - 00000406 ____C () C:\WINDOWS\Tasks\At1.job
2014-02-06 10:04 - 2013-03-09 23:06 - 00000914 ____C () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-06 09:57 - 2011-05-27 12:16 - 00000000 ___DC () C:\Documents and Settings\All Users\Data aplikací\MFAData
2014-02-06 09:54 - 2012-09-19 15:48 - 00000392 ____C () C:\WINDOWS\Tasks\ProgramUpdateCheck.job
2014-02-06 09:52 - 2011-05-27 10:08 - 00000000 __HDC () C:\Documents and Settings\Lynx\Local Settings\Data aplikací
2014-02-06 09:51 - 2011-05-27 11:56 - 00000048 ____C () C:\WINDOWS\wiaservc.log
2014-02-06 09:50 - 2013-08-10 16:10 - 00000886 ____C () C:\WINDOWS\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2014-02-06 09:50 - 2013-01-23 09:09 - 00000342 ____C () C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job
2014-02-06 09:50 - 2012-04-26 23:16 - 00000000 ___DC () C:\Program Files\Mozilla Maintenance Service
2014-02-06 01:15 - 2013-08-10 16:10 - 00000890 ____C () C:\WINDOWS\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2014-02-06 00:03 - 2011-05-27 10:08 - 00000000 ___DC () C:\Documents and Settings\Lynx\Plocha
2014-02-05 23:51 - 2014-01-11 11:07 - 00000444 ____C () C:\WINDOWS\Tasks\DTReg.job
2014-02-05 23:09 - 2014-02-05 23:06 - 00000000 ___DC () C:\Program Files\Mozilla Firefox
2014-02-05 09:10 - 2008-04-14 13:00 - 00013646 ____C () C:\WINDOWS\system32\wpa.dbl
2014-02-04 22:06 - 2012-04-12 06:10 - 00692616 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-04 22:06 - 2011-05-27 12:00 - 00071048 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-04 18:30 - 2012-12-08 18:41 - 00345265 ____C () C:\WINDOWS\setupapi.log
2014-02-04 18:23 - 2011-12-07 09:55 - 00000000 ___DC () C:\Program Files\AVG Secure Search
2014-02-02 10:03 - 2013-08-17 15:16 - 00000000 ___DC () C:\Documents and Settings\Lynx\Data aplikací\vlc
2014-01-26 00:09 - 2013-12-19 00:09 - 00000129 ____C () C:\Documents and Settings\Lynx\Data aplikací\WB.CFG
2014-01-24 15:03 - 2011-05-27 11:47 - 00000000 __RDC () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-01-24 15:02 - 2014-01-21 18:33 - 00000000 ___DC () C:\Program Files\Google
2014-01-24 15:01 - 2012-11-20 18:02 - 00000000 ___DC () C:\Documents and Settings\Lynx\Local Settings\Data aplikací\Google
2014-01-24 15:00 - 2011-08-01 11:11 - 00000000 ___DC () C:\WINDOWS\system32\Adobe
2014-01-24 14:56 - 2011-05-27 11:47 - 00000000 ___DC () C:\Documents and Settings\All Users\Plocha
2014-01-21 18:34 - 2014-01-21 18:34 - 00000000 ____C () C:\Program Files\GUM6F.tmp
2014-01-21 16:30 - 2013-02-21 17:00 - 00000000 ___DC () C:\Documents and Settings\Lynx\Local Settings\Data aplikací\WMTools Downloaded Files
2014-01-17 22:30 - 2013-01-10 03:32 - 00005239 ____C () C:\WINDOWS\wmsetup.log
2014-01-17 14:46 - 2011-05-28 11:33 - 00144896 ____C () C:\Documents and Settings\Lynx\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-15 23:13 - 2013-07-17 11:00 - 00000000 ___DC () C:\WINDOWS\system32\MRT
2014-01-15 23:07 - 2014-01-15 23:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-01-15 23:07 - 2014-01-15 23:06 - 00004510 ____C () C:\WINDOWS\KB2914368.log
2014-01-15 23:07 - 2012-12-12 12:05 - 00377148 ____C () C:\WINDOWS\FaxSetup.log
2014-01-15 23:07 - 2012-12-12 12:05 - 00180316 ____C () C:\WINDOWS\ocgen.log
2014-01-15 23:07 - 2012-12-12 12:05 - 00143900 ____C () C:\WINDOWS\tsoc.log
2014-01-15 23:07 - 2012-12-12 12:05 - 00125734 ____C () C:\WINDOWS\comsetup.log
2014-01-15 23:07 - 2012-12-12 12:05 - 00076290 ____C () C:\WINDOWS\ntdtcsetup.log
2014-01-15 23:07 - 2012-12-12 12:05 - 00060156 ____C () C:\WINDOWS\iis6.log
2014-01-15 23:07 - 2012-12-12 12:05 - 00023546 ____C () C:\WINDOWS\ocmsn.log
2014-01-15 23:07 - 2012-12-12 12:05 - 00018849 ____C () C:\WINDOWS\msgsocm.log
2014-01-15 23:07 - 2012-12-12 12:05 - 00001374 ____C () C:\WINDOWS\imsins.log
2014-01-15 23:07 - 2011-05-27 10:40 - 83425928 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-15 07:58 - 2014-01-15 07:58 - 00000000 ___DC () C:\Documents and Settings\All Users\Nabídka Start\Programy\Java
2014-01-15 07:58 - 2014-01-15 07:57 - 00005134 ____C () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-01-15 07:58 - 2011-06-11 11:39 - 00000000 ___DC () C:\Program Files\Java
2014-01-15 07:34 - 2013-05-28 16:04 - 00002347 ____C () C:\Documents and Settings\All Users\Nabídka Start\Programy\Adobe Reader XI.lnk
2014-01-15 07:28 - 2011-05-27 18:12 - 00000000 ___DC () C:\Program Files\SUPERAntiSpyware
2014-01-08 17:41 - 2013-06-26 18:19 - 00003728 ____C () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2014-01-08 17:40 - 2012-01-18 11:47 - 00000000 ___DC () C:\WINDOWS\system32\cache

Files to move or delete:
====================
C:\Documents and Settings\Lynx\data.dat
C:\Windows\Tasks\At1.job


Some content of TEMP:
====================
C:\Documents and Settings\Lynx\Local Settings\Temp\DefaultTabSetup2.exe
C:\Documents and Settings\Lynx\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\Lynx\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\Lynx\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\Lynx\Local Settings\Temp\KMP_3.7.0.113.exe
C:\Documents and Settings\Lynx\Local Settings\Temp\Nokia_PC_Suite_cze.exe
C:\Documents and Settings\Lynx\Local Settings\Temp\Shockwave_Installer_FF.exe
C:\Documents and Settings\Lynx\Local Settings\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe
[2008-04-14 13:00] - [2008-04-14 13:00] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1

C:\WINDOWS\system32\winlogon.exe
[2008-04-14 13:00] - [2008-04-14 13:00] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea

C:\WINDOWS\system32\svchost.exe
[2008-04-14 13:00] - [2008-04-14 13:00] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93

C:\WINDOWS\system32\services.exe
[2008-04-14 13:00] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7

C:\WINDOWS\system32\User32.dll
[2008-04-14 13:00] - [2008-04-14 13:00] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53

C:\WINDOWS\system32\userinit.exe
[2008-04-14 13:00] - [2008-04-14 13:00] - 0026112 ___AC (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239

C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys
[2008-04-14 13:00] - [2008-04-14 13:00] - 0052480 ___AC (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1


==================== End Of Log ============================
Nahoru
Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15724
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: policejní vir

#2 Příspěvek od JaRon »

ahoj,
1. bude stacit Tvoj profil
2. uloz na plochu a spust CF - log vloz
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Nahoru
Trixl
Návštěvník
Návštěvník
Příspěvky: 53
Registrován: 06 úno 2014 10:27

Re: policejní vir

#3 Příspěvek od Trixl »

Chjo, tak avg mi dovolí vypnout ochranu jen na 15 minut :roll: a prý uzamknul cosi z combofix jako nákazu do trezoru :roll: takže teď mám plochu čistou bez ikon a bez lišt, ale pc stále bliká, stále bliká jako že pracuje, tak tedy čekám ...

Nevydržela jsem a dala restart, kouknu co je s ComboFix a spustím ho znovu.
Nahoru
Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15724
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: policejní vir

#4 Příspěvek od JaRon »

ak to do 15min nevypluje log, tak natvrdo PC restartuj a prescanuj PC s MBAM - postaci rychla kontrola
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Nahoru
Trixl
Návštěvník
Návštěvník
Příspěvky: 53
Registrován: 06 úno 2014 10:27

Re: policejní vir

#5 Příspěvek od Trixl »

Zapnula jsem ComboFix znovu, snad nevadí. MBAM neznám a určitě nemám. Tak kdyby to znovu spadlo najdu si ho a udělám to tak.
Nahoru
Trixl
Návštěvník
Návštěvník
Příspěvky: 53
Registrován: 06 úno 2014 10:27

Re: policejní vir

#6 Příspěvek od Trixl »

ComboFix 14-02-05.02 - Lynx 06.02.2014 15:05:05.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2039.1551 [GMT 1:00]
Spuštěný z: c:\documents and settings\Lynx\Plocha\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: AVG Internet Security 2013 *Disabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\documents and settings\Lynx\WINDOWS
c:\program files\DealPly
c:\program files\DealPly\DealPly.crx
c:\program files\DealPly\DealPly.xpi
c:\program files\DealPly\DealPlyIE.dll
c:\program files\DealPly\DealPlyIE64.dll
c:\program files\DealPly\DealPlyUpdate.exe
c:\program files\DealPly\DealPlyUpdateRun.exe
c:\program files\DealPly\DealPlyUpdateVer.exe
c:\program files\DealPly\icon.ico
c:\program files\DealPly\uninst.exe
c:\windows\inf\ntvdm.vbe
c:\windows\IsUn0405.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\Cache
c:\windows\system32\Cache\03680c34398d4c3a.fb
c:\windows\system32\Cache\1a7f93b1fc08f674.fb
c:\windows\system32\Cache\21a5cafa8642a01a.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\4e455cb96be26917.fb
c:\windows\system32\Cache\50ee79ce14c9bb53.fb
c:\windows\system32\Cache\558c4d62ac4d2fa4.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\66b8643319aac342.fb
c:\windows\system32\Cache\675567d82675b0b3.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\71fabec93561233c.fb
c:\windows\system32\Cache\7282b02726c52588.fb
c:\windows\system32\Cache\761604e1705d96bb.fb
c:\windows\system32\Cache\79e3fd9284b0f6d7.fb
c:\windows\system32\Cache\8d68b04a74289aa0.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\9946a10ad5cda77f.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\c87fe3f7aede2610.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\ee53dc5555d48f6b.fb
c:\windows\system32\Cache\f0c45eeff6cc6ec4.fb
c:\windows\system32\Cache\f75f11753d17ed63.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\Cache\fcc831de49fe1986.fb
c:\windows\system32\SET159.tmp
c:\windows\system32\SET15D.tmp
c:\windows\system32\SET15E.tmp
c:\windows\system32\SET165.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-06 do 2014-02-06 )))))))))))))))))))))))))))))))
.
.
2014-02-06 13:19 . 2008-04-14 07:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2014-02-06 09:19 . 2014-02-06 09:21 -------- dc----w- C:\FRST
2014-01-21 17:34 . 2014-01-21 17:34 0 -c--a-w- c:\program files\GUM6F.tmp
2014-01-21 17:33 . 2014-01-24 14:02 -------- dc----w- c:\program files\Google
2014-01-15 06:58 . 2013-12-18 19:46 145408 -c--a-w- c:\windows\system32\javacpl.cpl
2014-01-15 06:58 . 2013-12-18 20:10 94632 -c--a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-04 21:06 . 2012-04-12 05:10 692616 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-04 21:06 . 2011-05-27 11:00 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-27 20:21 . 2008-04-14 12:00 40960 -c--a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-25 00:48 . 2013-03-29 00:53 208184 -c--a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-11-13 03:00 . 2008-04-14 12:00 150528 -c--a-w- c:\windows\system32\imagehlp.dll
2013-11-10 18:41 . 2012-08-30 20:48 37664 -c--a-w- c:\windows\system32\drivers\avgtpx86.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-01-08 16:40 3349528 -c--a-w- c:\program files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll" [2014-01-08 3349528]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pdfSaver3"="c:\program files\PDF\pdfSaver\pdfSaver3.exe" [2004-05-19 385024]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-15 5625624]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"602PC SUITE PDF Saver"="c:\program files\Common Files\soft602\pdfSaver.exe" [2005-08-31 49152]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2014-02-04 2552856]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-11-20 4411952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2013-3-1 114688]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\File Type Assistant\\tsassist.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [8.2.2013 3:37 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [8.2.2013 3:37 246072]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16.3.2011 15:03 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [29.3.2013 1:53 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [1.3.2013 9:32 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.1.2011 5:41 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4.4.2011 23:59 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [30.8.2012 21:48 37664]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17.2.2010 19:25 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 19:41 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [4.5.2011 18:54 116608]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2013\avgfws.exe [23.10.2013 1:06 1432080]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [4.7.2013 14:53 4939312]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [20.11.2013 1:54 283136]
R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [8.1.2014 17:40 1771544]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12.7.2010 3:33 30944]
S2 dealplylive;SluA3ba DealPly Live (dealplylive);c:\program files\DealPlyLive\Update\DealPlyLive.exe [10.8.2013 16:10 148000]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12.7.2010 3:33 30944]
S3 dealplylivem;SluA3ba DealPly Live (dealplylivem);c:\program files\DealPlyLive\Update\DealPlyLive.exe [10.8.2013 16:10 148000]
.
Obsah adresáře 'Naplánované úlohy'
.
2014-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 21:06]
.
2014-02-06 c:\windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
- c:\program files\DealPlyLive\Update\DealPlyLive.exe [2013-08-10 15:10]
.
2014-02-06 c:\windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
- c:\program files\DealPlyLive\Update\DealPlyLive.exe [2013-08-10 15:10]
.
2014-02-06 c:\windows\Tasks\ProgramUpdateCheck.job
- c:\program files\File Type Assistant\tsassist.exe [2011-07-09 12:22]
.
2014-02-06 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job
- c:\program files\AVG Secure Search\PostInstall\ROC.exe [2013-01-23 14:39]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.aplavysocina.cz/
TCP: DhcpNameServer = 10.24.2.1 10.0.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Lynx\Data aplikací\Mozilla\Firefox\Profiles\gsn1okiw.default\
FF - prefs.js: browser.startup.homepage - hxxp://tv.sms.cz/index.php?P_id_kategorie=56456&P_soubor=televize%2Findex.php%3F%26zobrazeni%3D%26typprg_pouze%3D%26casod%3D0
FF - ExtSQL: !HIDDEN! 2011-10-31 03:09; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-pdfSaver3 - (no file)
HKLM-Run-DivXMediaServer - c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-Run-NtVdmSrv - c:\windows\inf\ntvdm.vbe
HKLM-Run-mobilegeni daemon - c:\program files\Mobogenie\DaemonProcess.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-DealPly - c:\program files\DealPly\uninst.exe
AddRemove-IW FTPort Client - c:\windows\IsUn0405.exe
AddRemove-Totalcmd - c:\totalcmd\tcuninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-06 15:24
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
mobilegeni daemon = c:\program files\Mobogenie\DaemonProcess.exe?????????????????????????????????????????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2052)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\RunDll32.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2014-02-06 15:33:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-02-06 14:33
.
Před spuštěním: Volných bajtů: 15 848 140 800
Po spuštění: Volných bajtů: 15 783 821 312
.
- - End Of File - - 4B1F60B3BB9CA9BDC98CBF3E49C43B2E
413FC2A0C716421B3158746D63736515
Nahoru
Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15724
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: policejní vir

#7 Příspěvek od JaRon »

ComboFix urobil co mal, doporucujem odinstalovat AVG a nainstalovat nejaky normalny AV a prescanovat nim PC
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Nahoru
Trixl
Návštěvník
Návštěvník
Příspěvky: 53
Registrován: 06 úno 2014 10:27

Re: policejní vir

#8 Příspěvek od Trixl »

Diky moc, nj vyšplouchlo mě avg, nevarovalo a nic nevidělo nenašlo. Můžete mi doporučit něco spolehlivějšího?
Nahoru
Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15724
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: policejní vir

#9 Příspěvek od JaRon »

skus AVAST prip. si vyber tu http://forum.viry.cz/viewtopic.php?f=29&t=6152
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Nahoru
Trixl
Návštěvník
Návštěvník
Příspěvky: 53
Registrován: 06 úno 2014 10:27

Re: policejní vir

#10 Příspěvek od Trixl »

Děkuji moc, jste skvěli. Podpoříme taky vaše forum, protože jinak bychom byli v p* :) Ať se daří.
Nahoru
Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15724
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: policejní vir

#11 Příspěvek od JaRon »

citat:
Odinstalujte Combofix
• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky
+
diiiiky a prajem pekny den :thumbsup:
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“