Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Vir Policie ČR

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
uja5
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 28 bře 2013 10:46

Vir Policie ČR

#1 Příspěvek od uja5 »

Dobry den
Bohuzel muj pocitac postihl znamy a neprijemny vir odkazujici na "vyzvu Policie ČR" o zaplaceni nejakych penez. Asi vite o cem mluvim... zacal jsem kontrolou diky MBAM, jak jsem se docetl v jinych tematech. Zde jej vkladam!
Dekuju moc za pomoc, protoze jsem z toho uplne zoufaly! :(
Diky

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2013.04.04.07

Windows 7 Service Pack 1 x64 NTFS (Nouzový režim s podporou sítě)
Internet Explorer 11.0.9600.16518
Lukáš :: PC_PRACOVNI [administrátor]

27.2.2014 13:43:28
mbam-log-2014-02-27 (13-43-28).txt

Typ: Kompletní kontrola (A:\|C:\|D:\|F:\|G:\|H:\|I:\|W:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 588133
Uplynulý čas: 47 minut, 50 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119534
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Vir Policie ČR

#2 Příspěvek od Rudy »

Zdravím!
Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj

se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci

skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install

Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
uja5
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 28 bře 2013 10:46

Re: Vir Policie ČR

#3 Příspěvek od uja5 »

Zde je:

ComboFix 14-02-24.02 - Lukáš 27.02.2014 14:56:08.1.2 - x64 NETWORK
Spuštěný z: c:\users\Lukáš\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\WinZip Driver Updater
c:\program files (x86)\WinZip Driver Updater\Danish_rcp.ini
c:\program files (x86)\WinZip Driver Updater\difxapi.dll
c:\program files (x86)\WinZip Driver Updater\difxapi64.dll
c:\program files (x86)\WinZip Driver Updater\Dutch_rcp.ini
c:\program files (x86)\WinZip Driver Updater\eng_rcp.ini
c:\program files (x86)\WinZip Driver Updater\Finnish_rcp_fi.ini
c:\program files (x86)\WinZip Driver Updater\French_rcp.ini
c:\program files (x86)\WinZip Driver Updater\German_rcp.ini
c:\program files (x86)\WinZip Driver Updater\Chinese_rcp.ini
c:\program files (x86)\WinZip Driver Updater\install_left.bmp
c:\program files (x86)\WinZip Driver Updater\isxdl.dll
c:\program files (x86)\WinZip Driver Updater\Italian_rcp.ini
c:\program files (x86)\WinZip Driver Updater\Japanese_rcp.ini
c:\program files (x86)\WinZip Driver Updater\Norwegian_rcp.ini
c:\program files (x86)\WinZip Driver Updater\Portuguese_rcp.ini
c:\program files (x86)\WinZip Driver Updater\russian_rcp_ru.ini
c:\program files (x86)\WinZip Driver Updater\Spanish_rcp.ini
c:\program files (x86)\WinZip Driver Updater\Swedish_rcp.ini
c:\program files (x86)\WinZip Driver Updater\unins000.dat
c:\program files (x86)\WinZip Driver Updater\unins000.exe
c:\program files (x86)\WinZip Driver Updater\unins000.msg
c:\program files (x86)\WinZip Driver Updater\unrar.dll
c:\program files (x86)\WinZip Driver Updater\updater\amd64Helper\difxapi.dll
c:\program files (x86)\WinZip Driver Updater\updater\amd64Helper\DriverUpdateHelper64.exe
c:\program files (x86)\WinZip Driver Updater\updater\amd64Helper\DriverUpdateHelper64.manifest
c:\program files (x86)\WinZip Driver Updater\updater\extract\7z.dll
c:\program files (x86)\WinZip Driver Updater\updater\extract\7z.exe
c:\program files (x86)\WinZip Driver Updater\updater\extract\copying.txt
c:\program files (x86)\WinZip Driver Updater\updater\extract\History.txt
c:\program files (x86)\WinZip Driver Updater\updater\extract\license.txt
c:\program files (x86)\WinZip Driver Updater\updater\extract\readme.txt
c:\program files (x86)\WinZip Driver Updater\WDUUninstall.exe
c:\program files (x86)\WinZip Driver Updater\winzipdu.exe
c:\programdata\6878002.js
c:\programdata\7999643.js
c:\programdata\jzqmjrdoab.cpp
c:\programdata\tflq9tr.dss
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-27 do 2014-02-27 )))))))))))))))))))))))))))))))
.
.
2014-02-27 14:01 . 2014-02-27 14:01 -------- d-----w- c:\users\Uja\AppData\Local\temp
2014-02-27 13:39 . 2014-02-27 13:39 -------- d-----w- C:\FRST
2014-02-27 13:00 . 2014-02-27 13:00 -------- d-----w- c:\users\Lukáš\AppData\Local\ElevatedDiagnostics
2014-02-27 12:42 . 2014-02-27 12:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-27 12:42 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-27 12:36 . 2014-02-27 13:49 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{131F20A1-7841-48B9-9242-620081BB6751}\offreg.dll
2014-02-27 10:08 . 2014-02-27 10:08 -------- d-----w- c:\users\Uja\AppData\Local\Macromedia
2014-02-27 10:07 . 2014-02-27 10:08 -------- d-----w- c:\users\Uja\AppData\Local\Mozilla
2014-02-27 08:31 . 2014-02-27 08:31 -------- d-----w- c:\users\Uja\AppData\Roaming\Avira
2014-02-27 08:28 . 2014-02-27 08:28 -------- d-----w- c:\users\Uja\AppData\Local\Google
2014-02-25 19:09 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{131F20A1-7841-48B9-9242-620081BB6751}\mpengine.dll
2014-02-13 08:54 . 2014-02-13 08:55 -------- d-----w- c:\windows\rescache
2014-02-12 22:38 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-12 22:38 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-12 13:36 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-07 13:30 . 2014-02-07 13:30 -------- d-----w- c:\programdata\CODEX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 18:31 . 2013-03-22 07:55 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-21 18:31 . 2012-01-30 13:33 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-18 01:03 . 2012-01-30 14:45 88567024 ----a-w- c:\windows\system32\MRT.exe
2013-12-23 11:38 . 2013-11-23 08:19 279 ----a-w- c:\programdata\rt9qlft.reg
2013-12-18 07:30 . 2013-08-31 06:04 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-12-18 07:30 . 2013-08-31 06:02 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-12-18 07:30 . 2013-08-31 06:02 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-12-18 05:13 . 2012-01-30 14:40 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-04 00:07 . 2013-12-04 00:07 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-04 00:07 . 2013-12-04 00:07 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-04 00:07 . 2013-12-04 00:07 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-04 00:07 . 2013-12-04 00:07 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-04 00:07 . 2013-12-04 00:07 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-04 00:07 . 2013-12-04 00:07 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-04 00:07 . 2013-12-04 00:07 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-04 00:07 . 2013-12-04 00:07 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-04 00:07 . 2013-12-04 00:07 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-04 00:07 . 2013-12-04 00:07 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-04 00:07 . 2013-12-04 00:07 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-04 00:07 . 2013-12-04 00:07 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-04 00:07 . 2013-12-04 00:07 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-04 00:07 . 2013-12-04 00:07 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-04 00:07 . 2013-12-04 00:07 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-04 00:07 . 2013-12-04 00:07 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-04 00:07 . 2013-12-04 00:07 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-04 00:07 . 2013-12-04 00:07 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-04 00:07 . 2013-12-04 00:07 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-04 00:07 . 2013-12-04 00:07 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-04 00:07 . 2013-12-04 00:07 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-04 00:07 . 2013-12-04 00:07 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-04 00:07 . 2013-12-04 00:07 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-04 00:07 . 2013-12-04 00:07 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-04 00:07 . 2013-12-04 00:07 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-04 00:07 . 2013-12-04 00:07 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-04 00:07 . 2013-12-04 00:07 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-04 00:07 . 2013-12-04 00:07 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-04 00:07 . 2013-12-04 00:07 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-04 00:07 . 2013-12-04 00:07 413696 ----a-w- c:\windows\system32\html.iec
2013-12-04 00:07 . 2013-12-04 00:07 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-04 00:07 . 2013-12-04 00:07 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-04 00:07 . 2013-12-04 00:07 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-04 00:07 . 2013-12-04 00:07 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-04 00:07 . 2013-12-04 00:07 235520 ----a-w- c:\windows\system32\url.dll
2013-12-04 00:07 . 2013-12-04 00:07 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-04 00:07 . 2013-12-04 00:07 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-04 00:07 . 2013-12-04 00:07 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-04 00:07 . 2013-12-04 00:07 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-04 00:07 . 2013-12-04 00:07 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-04 00:07 . 2013-12-04 00:07 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-04 00:07 . 2013-12-04 00:07 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-04 00:07 . 2013-12-04 00:07 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-04 00:07 . 2013-12-04 00:07 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-04 00:07 . 2013-12-04 00:07 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-04 00:07 . 2013-12-04 00:07 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-04 00:07 . 2013-12-04 00:07 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-04 00:07 . 2013-12-04 00:07 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-04 00:07 . 2013-12-04 00:07 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-04 00:07 . 2013-12-04 00:07 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-04 00:07 . 2013-12-04 00:07 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-12-04 00:07 . 2013-12-04 00:07 101376 ----a-w- c:\windows\system32\inseng.dll
2013-12-01 22:54 . 2013-08-31 06:02 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2010-08-03 09:11 819200 --sha-w- c:\windows\SysWOW64\xvidcore.dll
2010-08-03 09:11 180224 --sha-w- c:\windows\SysWOW64\xvidvfw.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2014-02-13 05:22 12240 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2014-02-13 12240]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"HPUsageTracking"="c:\program files (x86)\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-18 689744]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2014-02-13 1758160]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="d:\data\LUKAS\iTunes\iTunesHelper.exe" [2013-09-17 152392]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
.
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
nbmbpvmfvtnqohjgliu.lnk - c:\windows\System32\rundll32.exe c:\users\Petr\AppData\Local\Temp\uilgjhoqntvfmvpbmbn.bfg,OKL00 [2009-7-14 45568]
.
c:\users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
baodrjmqzj.lnk - c:\windows\System32\rundll32.exe c:\progra~3\jzqmjrdoab.cpp,XXS1 [2009-7-14 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
R2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys;c:\windows\SYSNATIVE\DRIVERS\appliand.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys;c:\windows\SYSNATIVE\DRIVERS\appliand.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-21 22:42 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-22 18:31]
.
2014-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 09:41]
.
2014-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 09:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2014-02-13 05:22 13776 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" [2014-02-13 13776]
.
[HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=4455002215DBED42&affID=120007&tsp=4959
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.100.1
FF - ProfilePath - c:\users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\c1zu50kc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&CUI=UN26090155933914276&UM=1&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BS Player ControlBar Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1750559&CUI=UN26090155933914276&UM=1&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN26090155933914276&UM=1&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-RtHDVCpl - c:\program files\Realtek\Audio\HDA\RAVCpl64.exe
HKLM-Run-Skytel - c:\program files\Realtek\Audio\HDA\Skytel.exe
AddRemove-FM Genie Scout 12_is1 - d:\data\LUKAS\FM Genie Scout 12\unins000.exe
AddRemove-Football Manager 2012_is1 - d:\data\LUKAS\New Games\Football Manager 2012\unins000.exe
AddRemove-funmoods - c:\program files (x86)\Funmoods\1.5.23.22\uninstall.exe
AddRemove-GOGPACKPAPERSPLEASE_is1 - d:\data\LUKAS\New Games\Papers
AddRemove-GotClip - c:\program files (x86)\GotClip\uninstall.exe
AddRemove-HP LaserJet P1000 series - c:\program files (x86)\Avago-HP\{e152e8e7-7a6b-4b52-83d6-f403e403ef6f}\uninstall.exe
AddRemove-NVIDIA StereoUSB Driver - c:\program files (x86)\InstallShield Installation Information\{714B9C6C-70FC-4750-98E2-61520B906C45}\setup.exe
AddRemove-Optimizer Pro_is1 - c:\program files (x86)\Optimizer Pro\unins000.exe
AddRemove-Pro Evolution Soccer 2013 Patch 1.03_is1 - d:\data\LUKAS\New Games\PES 2013\unins000.exe
AddRemove-Rockstar Games Social Club - c:\program files (x86)\Rockstar Games\Social Club\uninstallRGSCRedistributable.exe
AddRemove-The Walking Dead (c) 3_is1 - d:\data\LUKAS\New Games\The Walking Dead\unins000.exe
AddRemove-The Walking Dead Episode 3 (c) TellTale Games_is1 - d:\data\LUKAS\New Games\The Walking Dead Episode 1\The Walking Dead Episode 3\unins000.exe
AddRemove-The Walking Dead Episode 4 (c) Telltale Games_is1 - d:\data\LUKAS\New Games\The Walking Dead Episode 1\Pack\The Walking Dead Episode 4\unins000.exe
AddRemove-The Walking Dead Episode 5 (c) Telltales_is1 - d:\data\LUKAS\New Games\The Walking Dead Season 1\The Walking Dead Episode 1\The Walking Dead Episode 5\unins000.exe
AddRemove-The Walking Dead_is1 - d:\data\LUKAS\New Games\The Walking Dead\Pack\unins000.exe
AddRemove-TuneUp Utilities 2013 - c:\program files (x86)\TuneUp Utilities 2013\TUInstallHelper.exe
AddRemove-TWFzcyBFZmZlY3QgMyAoYykgQmlvd2FyZQ==_is1 - d:\data\LUKAS\New Games\Mass Effect 3\unins000.exe
AddRemove-Videora iPhone Converter - c:\program files (x86)\Red Kawa\Video Converter App\uninstaller.exe
AddRemove-VirtualCloneDrive - c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe
AddRemove-{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2} - c:\program files (x86)\InstallShield Installation Information\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}\setup.exe
AddRemove-{1AA94747-3BF6-4237-9E1A-7B3067738FE1} - c:\program files (x86)\InstallShield Installation Information\{1AA94747-3BF6-4237-9E1A-7B3067738FE1}\Setup.exe
AddRemove-{75983B66-804C-40D1-BA13-64DAF652A6F1} - c:\program files (x86)\InstallShield Installation Information\{75983B66-804C-40D1-BA13-64DAF652A6F1}\setup.exe
AddRemove-{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\InstallShield Installation Information\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}\ICQ7.exe
AddRemove-{7AEE1963-7001-4C37-BC20-2FAEB74AA41C} - c:\program files (x86)\InstallShield Installation Information\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}\setup.exe
AddRemove-{8789AED5-8F11-4922-8AF8-F1BCB824F681}_is1 - d:\data\LUKAS\New Games\City Life Deluxe\unins000.exe
AddRemove-{8833FFB6-5B0C-4764-81AA-06DFEED9A476} - c:\program files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.exe
AddRemove-{915726DF-7891-444A-AA03-0DF1D64F561A} - c:\program files (x86)\InstallShield Installation Information\{915726DF-7891-444A-AA03-0DF1D64F561A}\setup.exe
AddRemove-{9854A5C4-5BE5-46E2-A989-352DD8B37E20}_is1 - c:\program files (x86)\WinZip Driver Updater\unins000.exe
AddRemove-{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116} - d:\data\LUKAS\New Games\Simcity 4\EAUninstall.exe
AddRemove-{B95T9A00-40176-4AC6-N973-5A8AB71A09DJ}_is1 - d:\data\LUKAS\New Games\GTA 4 Complete\unins000.exe
AddRemove-{C0698BDA-0D29-40EE-8570-A31106DF9AB1} - c:\program files (x86)\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\setup.exe
AddRemove-{CEDDEE73-3D36-41C2-AA40-29355D9FBD63} - c:\program files (x86)\InstallShield Installation Information\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}\setup.exe
AddRemove-{F138762F-5A1F-4CF0-A5E1-1588EF6088A4} - c:\program files (x86)\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe
AddRemove-YourFileDownloader - c:\program files (x86)\YourFileDownloader\uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1384902393-1371703249-2906846261-1003\Software\G*e*n*i*e*"!\FM Genie Scout 12]
"Currency"=dword:00000016
"GameDir"="d:\\DATA\\LUKAS\\Dokumenty\\Sports Interactive\\Football Manager 2012\\games"
"ShortlistDir"="d:\\DATA\\LUKAS\\Dokumenty\\Sports Interactive\\Football Manager 2012\\shortlists"
"FMPath"=""
"ScreenshotsDir"="d:\\DATA\\LUKAS\\Dokumenty\\Sports Interactive\\Football Manager 2012"
"SaveDir"="d:\\DATA\\LUKAS\\Dokumenty\\Sports Interactive\\Football Manager 2012\\"
"HistoryDir"="d:\\DATA\\LUKAS\\FM Genie Scout 12\\History Points"
"LangDB"="d:\\DATA\\LUKAS\\FM Genie Scout 12\\lang_db.dat"
"LastSaveGame"="d:\\DATA\\LUKAS\\Dokumenty\\Sports Interactive\\Football Manager 2012\\games\\repre.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:0000a033
"VersionOf201"=dword:0000007b
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"ShowGuidNotification"=dword:00000000
"ShowDonateNotification"=dword:00000000
"Version"=dword:000000cd
"UniqueID"="45-E780-E27F"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000004
"StaffSearchFeatureNum"=dword:00000000
"ClubSearchFeatureNum"=dword:00000000
"FilterByClubFeatureNum"=dword:00000000
"CompareFeatureNum"=dword:00000000
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000004
"HintsFeatureNum"=dword:00000001
"GenieReportFeatureNum"=dword:00000002
"TopFormationFeatureNum"=dword:00000000
"ScreenshotFeatureNum"=dword:00000000
"AdClicksNum"=dword:00000000
"AdImpressionsNum"=dword:00000022
"GameLoadedCounter"=dword:00000004
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€5*]
@=multi:"\00\00\00\00\00@\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00č\00\00\00\0e\1fş\0e\00´\09Í!¸\01LÍ!This program cannot be run in DOS mode.\0d\0d\0a$\00\00\00\00\00\00\00«\1büĚďz’źďz’źďz’ź€\0c\0cźňz’ź€\0c8źfz’ź€\0c9źŐz’źć\02\01źâz’źďz“źJz’ź€\0c=źüz’ź€\0c\09źîz’ź€\0c\00\00"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-02-27 15:02:33
ComboFix-quarantined-files.txt 2014-02-27 14:02
.
Před spuštěním: 799 031 296
Po spuštění: 3 678 846 976
.
- - End Of File - - CA5CC71526010F833C468F1F2A66D49B
A36C5E4F47E84449FF07ED3517B43A31
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119534
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Vir Policie ČR

#4 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
KillAll::

Collect::
c:\programdata\rt9qlft.reg
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nbmbpvmfvtnqohjgliu.lnk
c:\windows\System32\rundll32.exe c:\progra~3\jzqmjrdoab.cpp,XXS1

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job


Folder::
c:\program files (x86)\AskPartnerNetwork

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"=-
[-HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]

RegLock::
[HKEY_USERS\S-1-5-21-1384902393-1371703249-2906846261-1003\Software\G*e*n*i*e*"!\FM Genie Scout 12]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Regnull::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€5*]

Reboot::
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“