Prosím o kontrolu logu

Bublifuk · Příspěvekod **Bublifuk** » 22 lis 2012 00:40

Ahoj, poslední dobou se mi počítač plni bordelem a program na defragmentaci nejde a to vede ke spomalení počítače. Věřím, že určitě se vám podaři nějakej bordel najit. Děkuji moc pánove!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:40:24, on 22.11.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Games\Age of Empires II\Config.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Macmillan Dictionaries\Macmillan English Dictionary 2nd Edition\med2.QZ_
C:\Windows\system32\conhost.exe
C:\Program Files\Macmillan Dictionaries\Macmillan English Dictionary 2nd Edition\med2.W_X
C:\Users\PC1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PC1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT3225826
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Config] C:\Program Files\Microsoft Games\Age Of Empires ii\Config.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Voobly] "C:\Program Files\Voobly\voobly.exe" --startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messenger ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28D4A759-9ED9-4962-A06F-EE0885196597}: NameServer = 77.48.254.254,77.48.100.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{28D4A759-9ED9-4962-A06F-EE0885196597}: NameServer = 77.48.254.254,77.48.100.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{28D4A759-9ED9-4962-A06F-EE0885196597}: NameServer = 77.48.254.254,77.48.100.254
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 7011 bytes

Reklama

Příspěvekod **jaro3** » 22 lis 2012 10:23

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT3225826
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

Bublifuk · Příspěvekod **Bublifuk** » 22 lis 2012 14:56

tito položky nelze fixnout (zústavaji po fixnuti, když dám znova analyzovat)=

Jinak děkuji za pomoc:)

EDIT: V nouzovým režimu se mi podařilo zbytek smazat až na tyhle

Bublifuk · Příspěvekod **Bublifuk** » 22 lis 2012 16:19

Provedl jsem ten malware kontrolu, ale myslim, že log je zbytečny přidavat, protože to nic nenašlo

► Zobrazit spoiler

Příspěvekod **jaro3** » 22 lis 2012 23:43

Nemáš málo místa na disku??

Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Bublifuk · Příspěvekod **Bublifuk** » 23 lis 2012 13:08

Ahoj,
diky moc.
Na disku mam ted 386GB volných

Jinak:
Ty logy se sem nevešly, tak jsem to dal na leteckou poštu:
http://leteckaposta.cz/620702951

Diky moc:)

Příspěvekod **memphisto** » 23 lis 2012 15:24

Nakopíruj je sem a rozděl je na více témat. V tom texťáku se to nedá číst...

Bublifuk · Příspěvekod **Bublifuk** » 23 lis 2012 16:20

ok

1. pulka TDSSkiller:

► Zobrazit spoiler

Bublifuk · Příspěvekod **Bublifuk** » 23 lis 2012 16:24

2. pulka TDSSkiller:

► Zobrazit spoiler

Bublifuk · Příspěvekod **Bublifuk** » 23 lis 2012 16:27

zbytek TDSSkiller

► Zobrazit spoiler

a
Combofix:
ComboFix 12-11-22.03 - PC1 23.11.2012 12:44:05.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3071.2189 [GMT 1:00]
Spuštěný z: c:\users\PC1\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\PC1\AppData\Roaming\Google Talk
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-23 do 2012-11-23 )))))))))))))))))))))))))))))))
.
.
2012-11-22 16:34 . 2012-11-22 16:34 -------- d-----w- c:\program files\Defraggler
2012-11-22 15:14 . 2012-11-22 15:14 -------- d-----w- c:\users\PC1\AppData\Roaming\Malwarebytes
2012-11-22 15:14 . 2012-11-22 15:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-22 15:14 . 2012-11-22 15:14 -------- d-----w- c:\programdata\Malwarebytes
2012-11-22 15:14 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-22 15:06 . 2012-11-22 15:06 -------- d-----w- c:\users\PC1\AppData\Local\ATI
2012-11-21 23:08 . 2012-11-21 23:08 388096 ----a-r- c:\users\PC1\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-11-21 23:08 . 2012-11-21 23:08 -------- d-----w- c:\program files\Trend Micro
2012-11-21 17:33 . 2012-11-21 17:33 -------- d-----w- c:\program files\AMD AVT
2012-11-21 17:02 . 2012-11-21 17:02 -------- d-----w- c:\programdata\ATI
2012-11-21 17:02 . 2012-11-21 17:02 -------- d-----w- c:\program files\AMD APP
2012-11-21 16:56 . 2012-11-21 16:56 -------- d-----w- C:\AMD
2012-11-21 16:54 . 2012-11-21 16:54 0 ----a-w- c:\windows\ativpsrm.bin
2012-11-21 16:38 . 2012-11-21 16:38 -------- d-----w- c:\users\PC1\AppData\Roaming\ATI
2012-11-21 16:37 . 2012-11-21 17:33 -------- d-----w- c:\programdata\AMD
2012-11-21 16:37 . 2012-11-21 16:37 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-11-21 16:30 . 2012-11-21 17:33 -------- d-----w- c:\program files\ATI Technologies
2012-11-21 16:30 . 2012-11-21 16:30 -------- d-----w- c:\program files\ATI
2012-11-20 18:38 . 2012-11-21 23:07 -------- d-----w- c:\program files\Google
2012-11-17 09:46 . 2012-11-17 09:47 -------- d-----w- c:\programdata\Battle.net
2012-11-14 18:18 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 18:18 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 18:18 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-14 18:17 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 18:17 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 18:17 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-14 18:17 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-14 18:17 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-14 18:17 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 18:17 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-14 18:14 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll
2012-11-14 18:14 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-14 18:14 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-14 18:14 . 2012-08-24 16:57 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-14 18:14 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2012-11-14 11:42 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-14 11:42 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-14 11:42 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-14 11:42 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-14 11:42 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-14 11:42 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-14 11:42 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-14 11:42 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-14 11:42 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 11:42 . 2012-10-18 17:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 11:42 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-14 11:42 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-21 18:45 . 2012-09-11 08:21 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-21 18:45 . 2011-06-16 17:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-21 17:56 . 2010-12-27 13:52 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-11-21 17:56 . 2010-12-27 13:52 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-11-21 17:56 . 2010-12-27 13:52 103736 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-10-09 17:54 . 2012-09-11 08:54 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-09-14 18:28 . 2012-10-10 09:27 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-31 17:18 . 2012-10-10 09:27 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:12 . 2012-10-10 09:26 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 09:26 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-13 19:41 . 2011-04-16 05:59 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Voobly"="c:\program files\Voobly\voobly.exe" [2012-09-08 135168]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-16 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-16 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-16 170520]
"Config"="c:\program files\Microsoft Games\Age Of Empires ii\Config.exe" [2006-07-06 151552]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"DisableThumbnailsOnNetworkFolders"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\PC1\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [x]
R3 cpuz135;cpuz135;c:\program files\CPUID\PC Wizard 2012\pcwiz_x32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-11 18:45]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-20 18:38]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-20 18:38]
.
2012-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4058290171-874746504-3276468450-1000Core.job
- c:\users\PC1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-21 08:37]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4058290171-874746504-3276468450-1000UA.job
- c:\users\PC1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-21 08:37]
.
.
------- Doplňkový sken -------
.
TCP: Interfaces\{28D4A759-9ED9-4962-A06F-EE0885196597}: NameServer = 77.48.254.254,77.48.100.254
FF - ProfilePath - c:\users\PC1\AppData\Roaming\Mozilla\Firefox\Profiles\9phns3sg.default\
FF - prefs.js: browser.search.selectedEngine - BitTorrentControl_v12 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT32258 ... hSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... chSource=2
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-04 17:57; TorrentHandler@TorrentHandler.com; c:\users\PC1\AppData\Roaming\Mozilla\Firefox\Profiles\9phns3sg.default\extensions\TorrentHandler@TorrentHandler.com.xpi
FF - ExtSQL: 2012-10-07 15:48; {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}; c:\users\PC1\AppData\Roaming\Mozilla\Firefox\Profiles\9phns3sg.default\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}
FF - ExtSQL: 2012-10-07 16:03; OneClickDownload@OneClickDownload.com; c:\users\PC1\AppData\Roaming\Mozilla\Firefox\Profiles\9phns3sg.default\extensions\OneClickDownload@OneClickDownload.com
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4058290171-874746504-3276468450-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4058290171-874746504-3276468450-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-4058290171-874746504-3276468450-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:29,b1,7d,6e,28,60,ba,8b,ad,74,36,cb,95,dd,9a,1c,3f,a9,03,b7,c1,2f,e6,
28,3e,c1,d0,2c,ae,cb,0e,38,3b,56,e2,65,aa,42,b3,65,bd,d7,4f,a1,47,c5,ad,9d,\
"??"=hex:e5,8e,78,fc,dc,64,00,81,31,fc,b9,16,71,79,c6,9f
.
[HKEY_USERS\S-1-5-21-4058290171-874746504-3276468450-1000\Software\SecuROM\License information*]
"datasecu"=hex:db,04,d7,ab,00,f9,e3,39,27,68,32,c6,fe,23,4c,bf,21,26,c6,48,d4,
e5,59,40,47,fa,4a,a0,f2,14,76,38,4a,25,8c,29,b9,62,5d,f9,ff,06,af,88,8a,93,\
"rkeysecu"=hex:b0,b7,00,7d,ac,16,23,8f,44,26,b2,e6,74,3d,ba,2b
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Celkový čas: 2012-11-23 13:01:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-23 12:01
.
Před spuštěním: Volných bajtů: 415 243 350 016
Po spuštění: Volných bajtů: 415 154 475 008
.
- - End Of File - - 1AED3DD309F24A885B11D202CD2B9E17

Příspěvekod **Žbeky** » 23 lis 2012 23:04

Nedávej logy do spoileru, čte se to fakt příšerně

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

Folder::
c:\program files\Skype\Updater
c:\program files\Google\Update
c:\users\PC1\AppData\Local\Google\Update

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4058290171-874746504-3276468450-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4058290171-874746504-3276468450-1000UA.job

Driver::
SkypeUpdate
cpuz134

Firefox::
FF - ProfilePath - c:\users\PC1\AppData\Roaming\Mozilla\Firefox\Profiles\9phns3sg.default\
FF - prefs.js: browser.search.selectedEngine - BitTorrentControl_v12 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT32258 ... hSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... chSource=2
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-07 16:03; OneClickDownload@OneClickDownload.com; c:\users\PC1\AppData\Roaming\Mozilla\Firefox\Profiles\9phns3sg.default\extensions\OneClickDownload@OneClickDownload.com
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Bublifuk · Příspěvekod **Bublifuk** » 24 lis 2012 10:32

Ahoj,
zde posílam log bez spoileru:

ComboFix 12-11-23.02 - PC1 24.11.2012 10:23:22.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3071.2316 [GMT 1:00]
Spuštěný z: c:\users\PC1\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\PC1\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4058290171-874746504-3276468450-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4058290171-874746504-3276468450-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.124\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.124\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.21.124\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.124\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.124\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.124\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.124\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.21.124\goopdate.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.124\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.124\psmachine.dll
c:\program files\Google\Update\1.3.21.124\psuser.dll
c:\program files\Google\Update\Download\{2BF2CA35-CCAF-4E58-BAB7-4163BFA03B88}\0.0.0.0\GoogleEarth-Win-Plugin-7.0.1.8244.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
c:\users\PC1\AppData\Local\Google\Update
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\GoogleUpdate.exe
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateBroker.exe
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateHelper.msi
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateSetup.exe
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdate.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_am.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_ar.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_bg.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_bn.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_ca.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_cs.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_da.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_de.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_el.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_en-GB.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_en.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_es-419.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_es.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_et.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_fa.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_fi.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_fil.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_fr.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_gu.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_hi.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_hr.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_hu.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_id.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_is.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_it.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_iw.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_ja.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_kn.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_ko.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_lt.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_lv.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_ml.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_mr.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_ms.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_nl.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_no.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_pl.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_pt-BR.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_pt-PT.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_ro.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_ru.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_sk.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_sl.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_sr.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_sv.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_sw.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_ta.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_te.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_th.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_tr.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_uk.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_ur.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_vi.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_zh-CN.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\goopdateres_zh-TW.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\psmachine.dll
c:\users\PC1\AppData\Local\Google\Update\1.3.21.123\psuser.dll
c:\users\PC1\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.123\GoogleUpdateSetup.exe
c:\users\PC1\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\23.0.1271.64\23.0.1271.64_22.0.1229.94_chrome_updater.exe
c:\users\PC1\AppData\Local\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4058290171-874746504-3276468450-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4058290171-874746504-3276468450-1000UA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CPUZ134
-------\Service_cpuz134
-------\Service_SkypeUpdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-24 do 2012-11-24 )))))))))))))))))))))))))))))))
.
.
2012-11-24 09:29 . 2012-11-24 09:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-23 12:28 . 2012-11-23 12:28 -------- d-----w- c:\users\PC1\AppData\Local\Adobe
2012-11-22 16:34 . 2012-11-22 16:34 -------- d-----w- c:\program files\Defraggler
2012-11-22 15:14 . 2012-11-22 15:14 -------- d-----w- c:\users\PC1\AppData\Roaming\Malwarebytes
2012-11-22 15:14 . 2012-11-22 15:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-22 15:14 . 2012-11-22 15:14 -------- d-----w- c:\programdata\Malwarebytes
2012-11-22 15:14 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-22 15:06 . 2012-11-22 15:06 -------- d-----w- c:\users\PC1\AppData\Local\ATI
2012-11-21 23:08 . 2012-11-21 23:08 388096 ----a-r- c:\users\PC1\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-11-21 23:08 . 2012-11-21 23:08 -------- d-----w- c:\program files\Trend Micro
2012-11-21 17:33 . 2012-11-21 17:33 -------- d-----w- c:\program files\AMD AVT
2012-11-21 17:02 . 2012-11-21 17:02 -------- d-----w- c:\programdata\ATI
2012-11-21 17:02 . 2012-11-21 17:02 -------- d-----w- c:\program files\AMD APP
2012-11-21 16:56 . 2012-11-21 16:56 -------- d-----w- C:\AMD
2012-11-21 16:54 . 2012-11-21 16:54 0 ----a-w- c:\windows\ativpsrm.bin
2012-11-21 16:38 . 2012-11-21 16:38 -------- d-----w- c:\users\PC1\AppData\Roaming\ATI
2012-11-21 16:37 . 2012-11-21 17:33 -------- d-----w- c:\programdata\AMD
2012-11-21 16:37 . 2012-11-21 16:37 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-11-21 16:30 . 2012-11-21 17:33 -------- d-----w- c:\program files\ATI Technologies
2012-11-21 16:30 . 2012-11-21 16:30 -------- d-----w- c:\program files\ATI
2012-11-20 18:38 . 2012-11-24 09:28 -------- d-----w- c:\program files\Google
2012-11-17 09:46 . 2012-11-17 09:47 -------- d-----w- c:\programdata\Battle.net
2012-11-14 18:18 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 18:18 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 18:18 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-14 18:17 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 18:17 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 18:17 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-14 18:17 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-14 18:17 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-14 18:17 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 18:17 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-14 18:14 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll
2012-11-14 18:14 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-14 18:14 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-14 18:14 . 2012-08-24 16:57 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-14 18:14 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2012-11-14 11:42 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-14 11:42 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-14 11:42 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-14 11:42 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-14 11:42 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-14 11:42 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-14 11:42 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-14 11:42 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-14 11:42 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 11:42 . 2012-10-18 17:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 11:42 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-14 11:42 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-21 18:45 . 2012-09-11 08:21 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-21 18:45 . 2011-06-16 17:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-21 17:56 . 2010-12-27 13:52 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-11-21 17:56 . 2010-12-27 13:52 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-11-21 17:56 . 2010-12-27 13:52 103736 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-10-09 17:54 . 2012-09-11 08:54 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-09-14 18:28 . 2012-10-10 09:27 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-31 17:18 . 2012-10-10 09:27 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:12 . 2012-10-10 09:26 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 09:26 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-13 19:41 . 2011-04-16 05:59 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Voobly"="c:\program files\Voobly\voobly.exe" [2012-09-08 135168]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-16 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-16 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-16 170520]
"Config"="c:\program files\Microsoft Games\Age Of Empires ii\Config.exe" [2006-07-06 151552]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"DisableThumbnailsOnNetworkFolders"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\PC1\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R3 cpuz135;cpuz135;c:\program files\CPUID\PC Wizard 2012\pcwiz_x32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-11 18:45]
.
.
------- Doplňkový sken -------
.
TCP: Interfaces\{28D4A759-9ED9-4962-A06F-EE0885196597}: NameServer = 77.48.254.254,77.48.100.254
FF - ProfilePath - c:\users\PC1\AppData\Roaming\Mozilla\Firefox\Profiles\9phns3sg.default\
FF - ExtSQL: 2012-10-04 17:57; TorrentHandler@TorrentHandler.com; c:\users\PC1\AppData\Roaming\Mozilla\Firefox\Profiles\9phns3sg.default\extensions\TorrentHandler@TorrentHandler.com.xpi
FF - ExtSQL: 2012-10-07 15:48; {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}; c:\users\PC1\AppData\Roaming\Mozilla\Firefox\Profiles\9phns3sg.default\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}
FF - ExtSQL: 2012-10-07 16:03; OneClickDownload@OneClickDownload.com; c:\users\PC1\AppData\Roaming\Mozilla\Firefox\Profiles\9phns3sg.default\extensions\OneClickDownload@OneClickDownload.com
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4058290171-874746504-3276468450-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4058290171-874746504-3276468450-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-4058290171-874746504-3276468450-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:29,b1,7d,6e,28,60,ba,8b,ad,74,36,cb,95,dd,9a,1c,3f,a9,03,b7,c1,2f,e6,
28,3e,c1,d0,2c,ae,cb,0e,38,3b,56,e2,65,aa,42,b3,65,bd,d7,4f,a1,47,c5,ad,9d,\
"??"=hex:e5,8e,78,fc,dc,64,00,81,31,fc,b9,16,71,79,c6,9f
.
[HKEY_USERS\S-1-5-21-4058290171-874746504-3276468450-1000\Software\SecuROM\License information*]
"datasecu"=hex:db,04,d7,ab,00,f9,e3,39,27,68,32,c6,fe,23,4c,bf,21,26,c6,48,d4,
e5,59,40,47,fa,4a,a0,f2,14,76,38,4a,25,8c,29,b9,62,5d,f9,ff,06,af,88,8a,93,\
"rkeysecu"=hex:b0,b7,00,7d,ac,16,23,8f,44,26,b2,e6,74,3d,ba,2b
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2012-11-24 10:33:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-24 09:33
ComboFix2.txt 2012-11-23 12:01
.
Před spuštěním: Volných bajtů: 415 045 513 216
Po spuštění: Volných bajtů: 414 821 634 048
.
- - End Of File - - 51368E3007F549940944B669EC6DDBA9

..............
Diky moc:)

Prosím o kontrolu logu Vyřešeno

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Kdo je online