Prosím o kontrolu logu

Příspěvekod **jaro3** » 11 lis 2016 19:21

Ještě to další,.

Reklama

peacer42 · Příspěvekod **peacer42** » 12 lis 2016 09:00

Zoek se mi nepodařilo dokončit, takže log nepřikládám - 2x za sebou se "zastavilo" za položkou Firefox Extension a čekal jsem 4 hodiny a nic to nedělalo, pokud to jde přeskočit, budu jedině rád. Log z ComboFix přikládám:

ComboFix 16-11-06.01 - lukeh 12.11.2016 8:23.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2037.189 [GMT 1:00]
Spuštěný z: c:\users\lukeh\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\lukeh\AppData\Roaming\vso_ts_preview.xml
c:\windows\IsUn0405.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
c:\windows\system32\winnt
c:\windows\system32\winnt\tx17.dll
c:\windows\system32\winnt\tx17_bmp.flt
c:\windows\system32\winnt\tx17_css.dll
c:\windows\system32\winnt\tx17_doc.dll
c:\windows\system32\winnt\tx17_dox.dll
c:\windows\system32\winnt\tx17_gif.flt
c:\windows\system32\winnt\tx17_htm.dll
c:\windows\system32\winnt\tx17_ic.dll
c:\windows\system32\winnt\tx17_ic.ini
c:\windows\system32\winnt\tx17_jpg.flt
c:\windows\system32\winnt\tx17_obj.dll
c:\windows\system32\winnt\tx17_pdf.dll
c:\windows\system32\winnt\tx17_png.flt
c:\windows\system32\winnt\tx17_rtf.dll
c:\windows\system32\winnt\tx17_tif.flt
c:\windows\system32\winnt\tx17_tls.dll
c:\windows\system32\winnt\tx17_wmf.flt
c:\windows\system32\winnt\tx17_wnd.dll
c:\windows\system32\winnt\tx17_xml.dll
c:\windows\system32\winnt\Tx4ole17.dep
c:\windows\system32\winnt\tx4ole17.ocx
c:\windows\TEMP\SafeZone Installer\installer.exe . . . . nemohl být smazán
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-10-12 do 2016-11-12 )))))))))))))))))))))))))))))))
.
.
2016-11-12 07:41 . 2016-11-12 07:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-11-12 04:25 . 2016-11-12 04:25 -------- d-----w- C:\zoek
2016-11-12 04:11 . 2016-11-12 04:11 -------- d-----w- c:\users\lukeh\AppData\Local\Apple
2016-11-10 17:44 . 2016-11-10 17:44 -------- d-----w- c:\programdata\Sophos
2016-11-10 17:42 . 2016-11-10 17:42 -------- d-----w- c:\program files\Sophos
2016-11-09 19:28 . 2016-11-09 19:28 -------- d-----w- c:\users\lukeh\AppData\Local\CEF
2016-11-09 19:25 . 2016-11-10 16:48 -------- d-----w- C:\AdwCleaner
2016-11-09 19:17 . 2016-11-09 20:15 -------- d-----w- c:\users\lukeh\AppData\Local\Adobe
2016-11-07 22:49 . 2016-11-07 22:49 63600 ----a-w- c:\windows\system32\drivers\dbx-stable.sys
2016-11-07 22:49 . 2016-11-07 22:49 63600 ----a-w- c:\windows\system32\drivers\dbx-dev.sys
2016-11-07 22:49 . 2016-11-07 22:49 63600 ----a-w- c:\windows\system32\drivers\dbx-canary.sys
2016-11-07 22:49 . 2016-11-07 22:49 35440 ----a-w- c:\windows\system32\DbxSvc.exe
2016-11-07 11:37 . 2016-11-07 11:40 -------- d-----w- c:\program files\LibreOffice 5
2016-10-29 01:12 . 2016-10-29 01:12 970912 ----a-w- c:\windows\system32\msvcr120.dll
2016-10-29 01:12 . 2016-10-29 01:12 455328 ----a-w- c:\windows\system32\msvcp120.dll
2016-10-19 18:13 . 2016-10-19 18:13 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-11-11 16:51 . 2015-08-05 15:57 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-11-10 17:11 . 2015-08-04 19:50 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-11-08 14:51 . 2012-04-08 19:21 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-11-08 14:51 . 2012-04-08 19:21 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-10-27 10:32 . 2016-10-27 10:32 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF7012F0-4B6C-4860-91CC-67DC18B6E3D4}\offreg.1016.dll
2016-10-19 18:09 . 2015-08-30 19:28 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2016-10-13 07:51 . 2016-10-13 07:51 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF7012F0-4B6C-4860-91CC-67DC18B6E3D4}\offreg.1012.dll
2016-09-25 21:00 . 2016-08-14 22:04 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF7012F0-4B6C-4860-91CC-67DC18B6E3D4}\offreg.1052.dll
2016-09-21 19:54 . 2016-09-21 19:53 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF7012F0-4B6C-4860-91CC-67DC18B6E3D4}\offreg.1024.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt10]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt9]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-07-10 08:50 831464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 129560]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"ACQTMOUSE"="c:\program files\TOSHIBA\Tilt Mouse Software\1.1\ACQTMAPP.exe" [2007-07-08 501760]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"MobileBroadband"="c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2013-03-25 76288]
"VmbNotifier"="c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe" [2013-03-25 1861632]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-08-08 8900328]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-09-04 148760]
"Dropbox"="c:\program files\Dropbox\Client\Dropbox.exe" [2016-11-07 25673776]
"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe" [2011-03-31 519328]
"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2011-03-31 605344]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2016-09-22 587288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2007-7-27 389120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox]
2016-11-07 22:58 25673776 ----a-w- c:\program files\Dropbox\Client\Dropbox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'
.
2016-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 14:51]
.
2016-11-12 c:\windows\Tasks\DropboxUpdateTaskMachineCore.job
- c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-06-22 00:42]
.
2016-11-12 c:\windows\Tasks\DropboxUpdateTaskMachineUA.job
- c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-06-22 00:42]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
mStart Page = www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.9.1 192.168.9.1
FF - ProfilePath - c:\users\lukeh\AppData\Roaming\Mozilla\Firefox\Profiles\um0cmndl.default-1441031397869\
FF - prefs.js: browser.startup.homepage - about:home
.
.
------- Asociace souborů -------
.
.txt=Word Reader-TXT
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-IDOS - MHD České Budějovice - c:\windows\IsUn0405.exe
AddRemove-IDOS - ProgramTT - c:\windows\IsUn0405.exe
AddRemove-Kalender - c:\windows\Uninstall_tkexe -kalender
AddRemove-{73683468-ef9e-4cfd-947b-23bdb3db09f7} - c:\programdata\Package Cache\{73683468-ef9e-4cfd-947b-23bdb3db09f7}\PDFXVE5.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-11-12 08:45
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(2472)
c:\program files\Bluetooth Suite\AthCopyHook.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Seagate\Schedule2\schedul2.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Bluetooth Suite\adminservice.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DbxSvc.exe
c:\windows\system32\NLSSRV32.EXE
c:\program files\PDF Architect\HelperService.exe
c:\program files\PDF Architect\ConversionService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\AVAST Software\Avast\AvastEmUpdate.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2016-11-12 08:55:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-11-12 07:55
.
Před spuštěním: 2 966 835 200
Po spuštění: 3 935 485 952
.
- - End Of File - - 2EA8E30FA5ED06DC7F82C8812E287D12
5C616939100B85E558DA92B899A0FC36

Příspěvekod **jaro3** » 12 lis 2016 10:01

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\DropboxUpdateTaskMachineUA.job

Folder::
c:\windows\Tasks\DropboxUpdateTaskMachineCore.job

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000000

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\TEMP\SafeZone Installer\installer.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

peacer42 · Příspěvekod **peacer42** » 12 lis 2016 13:54

ComboFix 16-11-06.01 - lukeh 12.11.2016 13:27:29.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2037.590 [GMT 1:00]
Spuštěný z: c:\users\lukeh\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\lukeh\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\DropboxUpdateTaskMachineUA.job"
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-10-12 do 2016-11-12 )))))))))))))))))))))))))))))))
.
.
2016-11-12 12:42 . 2016-11-12 12:45 -------- d-----w- c:\users\lukeh\AppData\Local\temp
2016-11-12 12:42 . 2016-11-12 12:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-11-12 04:25 . 2016-11-12 04:25 -------- d-----w- C:\zoek
2016-11-12 04:11 . 2016-11-12 04:11 -------- d-----w- c:\users\lukeh\AppData\Local\Apple
2016-11-10 17:44 . 2016-11-10 17:44 -------- d-----w- c:\programdata\Sophos
2016-11-10 17:42 . 2016-11-10 17:42 -------- d-----w- c:\program files\Sophos
2016-11-09 19:28 . 2016-11-09 19:28 -------- d-----w- c:\users\lukeh\AppData\Local\CEF
2016-11-09 19:25 . 2016-11-10 16:48 -------- d-----w- C:\AdwCleaner
2016-11-09 19:17 . 2016-11-09 20:15 -------- d-----w- c:\users\lukeh\AppData\Local\Adobe
2016-11-07 22:49 . 2016-11-07 22:49 63600 ----a-w- c:\windows\system32\drivers\dbx-stable.sys
2016-11-07 22:49 . 2016-11-07 22:49 63600 ----a-w- c:\windows\system32\drivers\dbx-dev.sys
2016-11-07 22:49 . 2016-11-07 22:49 63600 ----a-w- c:\windows\system32\drivers\dbx-canary.sys
2016-11-07 22:49 . 2016-11-07 22:49 35440 ----a-w- c:\windows\system32\DbxSvc.exe
2016-11-07 11:37 . 2016-11-07 11:40 -------- d-----w- c:\program files\LibreOffice 5
2016-10-29 01:12 . 2016-10-29 01:12 970912 ----a-w- c:\windows\system32\msvcr120.dll
2016-10-29 01:12 . 2016-10-29 01:12 455328 ----a-w- c:\windows\system32\msvcp120.dll
2016-10-19 18:13 . 2016-10-19 18:13 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-11-11 16:51 . 2015-08-05 15:57 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-11-10 17:11 . 2015-08-04 19:50 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-11-08 14:51 . 2012-04-08 19:21 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-11-08 14:51 . 2012-04-08 19:21 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-10-27 10:32 . 2016-10-27 10:32 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF7012F0-4B6C-4860-91CC-67DC18B6E3D4}\offreg.1016.dll
2016-10-19 18:09 . 2015-08-30 19:28 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2016-10-13 07:51 . 2016-10-13 07:51 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF7012F0-4B6C-4860-91CC-67DC18B6E3D4}\offreg.1012.dll
2016-09-25 21:00 . 2016-08-14 22:04 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF7012F0-4B6C-4860-91CC-67DC18B6E3D4}\offreg.1052.dll
2016-09-21 19:54 . 2016-09-21 19:53 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF7012F0-4B6C-4860-91CC-67DC18B6E3D4}\offreg.1024.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt10]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt9]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-07-10 08:50 831464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 129560]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"ACQTMOUSE"="c:\program files\TOSHIBA\Tilt Mouse Software\1.1\ACQTMAPP.exe" [2007-07-08 501760]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"MobileBroadband"="c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2013-03-25 76288]
"VmbNotifier"="c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe" [2013-03-25 1861632]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-08-08 8900328]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-09-04 148760]
"Dropbox"="c:\program files\Dropbox\Client\Dropbox.exe" [2016-11-07 25673776]
"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe" [2011-03-31 519328]
"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2011-03-31 605344]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2016-09-22 587288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2007-7-27 389120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox]
2016-11-07 22:58 25673776 ----a-w- c:\program files\Dropbox\Client\Dropbox.exe
.
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'
.
2016-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 14:51]
.
2016-11-12 c:\windows\Tasks\DropboxUpdateTaskMachineCore.job
- c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-06-22 00:42]
.
2016-11-12 c:\windows\Tasks\DropboxUpdateTaskMachineUA.job
- c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-06-22 00:42]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
mStart Page = www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.9.1 192.168.9.1
FF - ProfilePath - c:\users\lukeh\AppData\Roaming\Mozilla\Firefox\Profiles\um0cmndl.default-1441031397869\
FF - prefs.js: browser.startup.homepage - about:home
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-11-12 13:44
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(5888)
c:\program files\Bluetooth Suite\AthCopyHook.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Seagate\Schedule2\schedul2.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Bluetooth Suite\adminservice.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DbxSvc.exe
c:\windows\system32\NLSSRV32.EXE
c:\program files\PDF Architect\HelperService.exe
c:\program files\PDF Architect\ConversionService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\AVAST Software\Avast\AvastEmUpdate.exe
.
**************************************************************************
.
Celkový čas: 2016-11-12 13:52:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-11-12 12:52
ComboFix2.txt 2016-11-12 07:55
.
Před spuštěním: 3 860 238 336
Po spuštění: 3 770 560 512
.
- - End Of File - - 2156BAB04751BB785402ABD796AA3490
5C616939100B85E558DA92B899A0FC36

peacer42 · Příspěvekod **peacer42** » 12 lis 2016 14:46

Snad jsem udělal dobře, odkaz z Virustotal:
https://www.virustotal.com/cs/file/bb16 ... 478955706/

A log z ASWMBR:

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-11-12 14:04:26
-----------------------------
14:04:26.122 OS Version: Windows 6.0.6002 Service Pack 2
14:04:26.122 Number of processors: 2 586 0xF0D
14:04:26.124 ComputerName: LUKEH-PC UserName: lukeh
14:04:52.770 Initialize success
14:04:52.894 VM: initialized successfully
14:04:52.910 VM: Intel CPU virtualization not supported
14:05:03.861 AVAST engine defs: 16111100
14:05:08.635 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
14:05:08.635 Disk 0 Vendor: TOSHIBA_ LV01 Size: 152627MB BusType: 3
14:05:08.728 Disk 0 MBR read successfully
14:05:08.728 Disk 0 MBR scan
14:05:09.072 Disk 0 Windows VISTA default MBR code
14:05:09.118 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
14:05:09.212 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76154 MB offset 3074048
14:05:09.259 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 74971 MB offset 159037440
14:05:09.306 Disk 0 scanning sectors +312579760
14:05:09.618 Disk 0 scanning C:\Windows\system32\drivers
14:05:31.692 Service scanning
14:06:24.310 Modules scanning
14:06:24.310 Disk 0 trace - called modules:
14:06:24.342 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll dxgkrnl.sys igdkmd32.sys watchdog.sys
14:06:24.342 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x870a9780]
14:06:24.357 3 CLASSPNP.SYS[891598b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85ffa028]
14:06:24.903 AVAST engine scan C:\Windows
14:06:32.126 AVAST engine scan C:\Windows\system32
14:11:38.416 AVAST engine scan C:\Windows\system32\drivers
14:12:02.799 AVAST engine scan C:\Users\lukeh
14:18:35.404 File: C:\Users\lukeh\Desktop\zoek.exe **INFECTED** Win32:Malware-gen
14:31:11.162 AVAST engine scan C:\ProgramData
14:37:43.128 Disk 0 statistics 3326304/0/0 @ 1,00 MB/s
14:37:43.143 Scan finished successfully
14:44:31.895 Disk 0 MBR has been saved successfully to "C:\Users\lukeh\Desktop\MBR.dat"
14:44:31.910 The log file has been saved successfully to "C:\Users\lukeh\Desktop\aswMBR.txt"

peacer42 · Příspěvekod **peacer42** » 12 lis 2016 19:35

A ještě log z HJT

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:35:14, on 12.11.2016
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16789)

FIREFOX: 49.0.2 (x86 cs)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\Tilt Mouse Software\1.1\ACQTMAPP.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Dropbox\Client\Dropbox.exe
C:\Program Files\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Bluetooth Suite\BtvStack.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Users\lukeh\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [ACQTMOUSE] "C:\Program Files\TOSHIBA\Tilt Mouse Software\1.1\ACQTMAPP.exe"
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
O4 - HKLM\..\Run: [VmbNotifier] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [AthBtTray] "C:\Program Files\Bluetooth Suite\AthBtTray.exe"
O4 - HKLM\..\Run: [AtherosBtStack] "C:\Program Files\Bluetooth Suite\BtvStack.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files\Bluetooth Suite\adminservice.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Dropbox, Inc. - C:\Windows\system32\DbxSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files\PDF Architect\ConversionService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Vodafone Mobile Connect Service (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe

--
End of file - 10685 bytes

Příspěvekod **jaro3** » 13 lis 2016 09:34

VT , tam si testoval nějaký .pdf soubor , to není ono. Je to:
c:\windows\TEMP\SafeZone Installer\installer.exe

peacer42 · Příspěvekod **peacer42** » 13 lis 2016 15:51

Aha, pardon, teď už jsem pochopil.

https://www.virustotal.com/cs/file/e9ec ... 479048634/

Příspěvekod **jerabina** » 14 lis 2016 00:03

Tento soubor smaž pomocí shift+del
c:\windows\TEMP\SafeZone Installer\installer.exe

Co problémy?

peacer42 · Příspěvekod **peacer42** » 14 lis 2016 13:08

Ten soubor smazat nejde - "K provedení této akce je nutné oprávnění"

Jinak je znát zlepšení, to zcela určitě, nic už se nenačítá při práci.

Příspěvekod **Orcus** » 14 lis 2016 18:01

Když to nejde, tak ho zkusíme vzít combofixem.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený červeně:

ClearJavaCache::
KillAll::

File::
c:\windows\TEMP\SafeZone Installer\installer.exe

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

Obrázek

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu

Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

peacer42 · Příspěvekod **peacer42** » 14 lis 2016 18:44

ComboFix 16-11-06.01 - lukeh 14.11.2016 18:15:21.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2037.929 [GMT 1:00]
Spuštěný z: c:\users\lukeh\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\lukeh\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\TEMP\SafeZone Installer\installer.exe"
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-10-14 do 2016-11-14 )))))))))))))))))))))))))))))))
.
.
2016-11-14 17:28 . 2016-11-14 17:32 -------- d-----w- c:\users\lukeh\AppData\Local\temp
2016-11-14 17:28 . 2016-11-14 17:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-11-12 04:25 . 2016-11-12 04:25 -------- d-----w- C:\zoek
2016-11-12 04:11 . 2016-11-12 04:11 -------- d-----w- c:\users\lukeh\AppData\Local\Apple
2016-11-10 17:44 . 2016-11-10 17:44 -------- d-----w- c:\programdata\Sophos
2016-11-10 17:42 . 2016-11-10 17:42 -------- d-----w- c:\program files\Sophos
2016-11-09 19:28 . 2016-11-09 19:28 -------- d-----w- c:\users\lukeh\AppData\Local\CEF
2016-11-09 19:25 . 2016-11-10 16:48 -------- d-----w- C:\AdwCleaner
2016-11-09 19:17 . 2016-11-09 20:15 -------- d-----w- c:\users\lukeh\AppData\Local\Adobe
2016-11-07 22:49 . 2016-11-07 22:49 63600 ----a-w- c:\windows\system32\drivers\dbx-stable.sys
2016-11-07 22:49 . 2016-11-07 22:49 63600 ----a-w- c:\windows\system32\drivers\dbx-dev.sys
2016-11-07 22:49 . 2016-11-07 22:49 63600 ----a-w- c:\windows\system32\drivers\dbx-canary.sys
2016-11-07 22:49 . 2016-11-07 22:49 35440 ----a-w- c:\windows\system32\DbxSvc.exe
2016-11-07 11:37 . 2016-11-07 11:40 -------- d-----w- c:\program files\LibreOffice 5
2016-10-29 01:12 . 2016-10-29 01:12 970912 ----a-w- c:\windows\system32\msvcr120.dll
2016-10-29 01:12 . 2016-10-29 01:12 455328 ----a-w- c:\windows\system32\msvcp120.dll
2016-10-19 18:13 . 2016-10-19 18:13 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-11-11 16:51 . 2015-08-05 15:57 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-11-10 17:11 . 2015-08-04 19:50 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-11-08 14:51 . 2012-04-08 19:21 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-11-08 14:51 . 2012-04-08 19:21 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-10-27 10:32 . 2016-10-27 10:32 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF7012F0-4B6C-4860-91CC-67DC18B6E3D4}\offreg.1016.dll
2016-10-19 18:09 . 2015-08-30 19:28 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2016-10-13 07:51 . 2016-10-13 07:51 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF7012F0-4B6C-4860-91CC-67DC18B6E3D4}\offreg.1012.dll
2016-09-25 21:00 . 2016-08-14 22:04 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF7012F0-4B6C-4860-91CC-67DC18B6E3D4}\offreg.1052.dll
2016-09-21 19:54 . 2016-09-21 19:53 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF7012F0-4B6C-4860-91CC-67DC18B6E3D4}\offreg.1024.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt10]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt9]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-07 22:53 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-07-10 08:50 831464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 129560]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"ACQTMOUSE"="c:\program files\TOSHIBA\Tilt Mouse Software\1.1\ACQTMAPP.exe" [2007-07-08 501760]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"MobileBroadband"="c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2013-03-25 76288]
"VmbNotifier"="c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe" [2013-03-25 1861632]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-08-08 8900328]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-09-04 148760]
"Dropbox"="c:\program files\Dropbox\Client\Dropbox.exe" [2016-11-07 25673776]
"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe" [2011-03-31 519328]
"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2011-03-31 605344]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2016-09-22 587288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2007-7-27 389120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox]
2016-11-07 22:58 25673776 ----a-w- c:\program files\Dropbox\Client\Dropbox.exe
.
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'
.
2016-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 14:51]
.
2016-11-14 c:\windows\Tasks\DropboxUpdateTaskMachineCore.job
- c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-06-22 00:42]
.
2016-11-14 c:\windows\Tasks\DropboxUpdateTaskMachineUA.job
- c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-06-22 00:42]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
mStart Page = www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.9.1 192.168.9.1
FF - ProfilePath - c:\users\lukeh\AppData\Roaming\Mozilla\Firefox\Profiles\um0cmndl.default-1441031397869\
FF - prefs.js: browser.startup.homepage - about:home
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-11-14 18:31
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(4120)
c:\program files\Bluetooth Suite\AthCopyHook.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Seagate\Schedule2\schedul2.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Bluetooth Suite\adminservice.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DbxSvc.exe
c:\windows\system32\NLSSRV32.EXE
c:\program files\PDF Architect\HelperService.exe
c:\program files\PDF Architect\ConversionService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\AVAST Software\Avast\AvastEmUpdate.exe
.
**************************************************************************
.
Celkový čas: 2016-11-14 18:40:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-11-14 17:39
ComboFix2.txt 2016-11-12 12:52
ComboFix3.txt 2016-11-12 07:55
.
Před spuštěním: 2 489 577 472
Po spuštění: 4 661 972 992
.
- - End Of File - - AE1506EAC9AD71D87A86B88F91949105
5C616939100B85E558DA92B899A0FC36

Prosím o kontrolu logu Vyřešeno

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Kdo je online