kontrola logu Vyřešeno

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O4 - HKLM\..\Run: [mnchvhckkSrv] C:\Windows\inf\mnchvhckk.vbe
O4 - HKLM\..\Run: [LchDrvKey] LchDrvKey.exe


Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\windows\explorer_2.exe
C:\Windows\inf\mnchvhckk.vbe
c:\windows\mpir.dll
c:\windows\libwinpthread-1.dll
c:\windows\pthreadGC2-w64.dll

Folder::
c:\program files (x86)\Skype\Updater

Driver::
SkypeUpdate

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
 d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,38,5a,47,62,5e,e0,42,87,fd,1f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
 d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,38,5a,47,62,5e,e0,42,87,fd,1f,\
.
[HKEY_USERS\S-1-5-21-1595650876-3556912388-1829575210-1000\Software\SecuROM\License information*]
"datasecu"=hex:36,0f,bf,fb,bd,06,02,e6,75,b6,ab,5f,ab,91,fa,b1,48,ac,11,9b,0a,
 66,0b,ec,64,3f,e9,61,09,75,38,3c,31,e0,0c,66,e3,50,8a,bd,4d,54,8f,28,68,f5,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\Windows\System32\Printing_Admin_Scripts\en-US\driverupd.vbs

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

[Reklama]

[sisjarda]

ComboFix 14-02-24.02 - Uzivatel 03.03.2014 15:55:57.6.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.3.1250.420.1029.18.4095.2458 [GMT 1:00]
Spuštěný z: c:\users\Uzivatel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Uzivatel\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\explorer_2.exe"
"c:\windows\inf\mnchvhckk.vbe"
"c:\windows\libwinpthread-1.dll"
"c:\windows\mpir.dll"
"c:\windows\pthreadGC2-w64.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\windows\explorer_2.exe
c:\windows\inf\mnchvhckk.vbe
c:\windows\libwinpthread-1.dll
c:\windows\mpir.dll
c:\windows\pthreadGC2-w64.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . nemohl být smazán
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . nemohl být smazán
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-03 do 2014-03-03 )))))))))))))))))))))))))))))))
.
.
2014-03-03 15:07 . 2014-03-03 15:07 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-03-03 15:07 . 2014-03-03 15:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-03 14:26 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E90DE13A-B18B-42AB-982F-BA16547A0DDE}\mpengine.dll
2014-03-02 10:12 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-27 14:09 . 2014-02-20 14:32 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7FF0131-5DC0-42ED-A5E9-2ACA13F833E1}\gapaengine.dll
2014-02-26 19:20 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-02-26 19:20 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-02-25 14:31 . 2014-02-25 14:31 -------- d-----w- C:\TDSSKiller_Quarantine
2014-02-23 17:51 . 2014-02-23 17:51 -------- d-----w- c:\users\Uzivatel\AppData\Local\ATI
2014-02-21 20:51 . 2014-02-21 20:51 -------- d-----w- c:\windows\Migration
2014-02-19 14:13 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-02-19 14:13 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-02-16 10:36 . 2014-02-16 10:36 -------- d---a-w- c:\windows\bitstreams
2014-02-16 10:36 . 2013-05-31 15:32 279955 ----a-w- c:\windows\libidn-11.dll
2014-02-16 10:36 . 2013-05-31 15:32 183382 ----a-w- c:\windows\librtmp.dll
2014-02-16 10:36 . 2013-05-31 15:32 171008 ----a-w- c:\windows\libssh2.dll
2014-02-16 10:36 . 2013-05-31 15:32 110094 ----a-w- c:\windows\libusb-1.0.dll
2014-02-16 10:31 . 2014-03-02 19:27 -------- d-----w- c:\users\Uzivatel\AppData\Roaming\.minecraft
2014-02-13 09:02 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 09:02 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-12 15:05 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-10 15:07 . 2014-02-10 15:07 -------- d-----w- c:\windows\SysWow64\Adobe
2014-02-09 18:07 . 2010-06-02 03:55 239960 ----a-w- c:\windows\SysWow64\xactengine3_7.dll
2014-02-09 18:07 . 2010-06-02 03:55 176984 ----a-w- c:\windows\system32\xactengine3_7.dll
2014-02-09 18:07 . 2010-05-26 10:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2014-02-09 18:07 . 2010-05-26 10:41 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll
2014-02-09 18:07 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
2014-02-09 18:07 . 2010-05-26 10:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2014-02-09 18:07 . 2010-05-26 10:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2014-02-09 18:07 . 2010-05-26 10:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2014-02-09 18:00 . 2014-02-09 18:04 -------- d-----w- c:\users\Uzivatel\AppData\Roaming\rmi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 14:06 . 2012-04-29 07:44 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-21 14:06 . 2011-05-26 18:15 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-20 14:32 . 2012-06-13 06:13 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-02-17 07:47 . 2010-10-07 14:55 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-01-26 09:17 . 2014-01-26 09:17 608080 ----a-w- c:\windows\msvcp100.dll
2014-01-26 09:17 . 2014-01-26 09:17 829264 ----a-w- c:\windows\msvcr100.dll
2014-01-26 09:17 . 2014-01-26 09:17 314 ----a-w- c:\windows\uninstall_cp.bat
2014-01-19 07:33 . 2010-09-23 21:35 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-10 21:34 . 2013-12-10 21:34 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-10 21:34 . 2013-12-10 21:34 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-10 21:34 . 2013-12-10 21:34 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-10 21:34 . 2013-12-10 21:34 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-10 21:34 . 2013-12-10 21:34 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-10 21:34 . 2013-12-10 21:34 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-10 21:34 . 2013-12-10 21:34 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-10 21:34 . 2013-12-10 21:34 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-10 21:34 . 2013-12-10 21:34 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-10 21:34 . 2013-12-10 21:34 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-10 21:34 . 2013-12-10 21:34 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-10 21:34 . 2013-12-10 21:34 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-10 21:34 . 2013-12-10 21:34 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-10 21:34 . 2013-12-10 21:34 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-10 21:34 . 2013-12-10 21:34 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-10 21:34 . 2013-12-10 21:34 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-10 21:34 . 2013-12-10 21:34 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-10 21:34 . 2013-12-10 21:34 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-10 21:34 . 2013-12-10 21:34 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-10 21:34 . 2013-12-10 21:34 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-10 21:34 . 2013-12-10 21:34 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-10 21:34 . 2013-12-10 21:34 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-10 21:34 . 2013-12-10 21:34 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-10 21:34 . 2013-12-10 21:34 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-10 21:34 . 2013-12-10 21:34 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-10 21:34 . 2013-12-10 21:34 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-10 21:34 . 2013-12-10 21:34 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-10 21:34 . 2013-12-10 21:34 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-10 21:34 . 2013-12-10 21:34 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-10 21:34 . 2013-12-10 21:34 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-10 21:34 . 2013-12-10 21:34 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-10 21:34 . 2013-12-10 21:34 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-10 21:34 . 2013-12-10 21:34 413696 ----a-w- c:\windows\system32\html.iec
2013-12-10 21:34 . 2013-12-10 21:34 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-10 21:34 . 2013-12-10 21:34 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-10 21:34 . 2013-12-10 21:34 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-10 21:34 . 2013-12-10 21:34 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-10 21:34 . 2013-12-10 21:34 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-10 21:34 . 2013-12-10 21:34 235520 ----a-w- c:\windows\system32\url.dll
2013-12-10 21:34 . 2013-12-10 21:34 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-10 21:34 . 2013-12-10 21:34 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-10 21:34 . 2013-12-10 21:34 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-10 21:34 . 2013-12-10 21:34 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-10 21:34 . 2013-12-10 21:34 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-10 21:34 . 2013-12-10 21:34 101376 ----a-w- c:\windows\system32\inseng.dll
2013-12-10 21:34 . 2013-12-10 21:34 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-10 21:34 . 2013-12-10 21:34 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-10 21:34 . 2013-12-10 21:34 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-10 21:34 . 2013-12-10 21:34 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-10 21:34 . 2013-12-10 21:34 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-10 21:34 . 2013-12-10 21:34 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-10 21:34 . 2013-12-10 21:34 135680 ----a-w- c:\windows\system32\iepeers.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"Printsrv"="c:\windows\System32\Printing_Admin_Scripts\en-US\driverupd.vbs" [2013-12-04 559]
.
c:\users\Uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 iWinTrusted;iWinTrusted;e:\program files\iWin Games\iWinTrusted.exe;e:\program files\iWin Games\iWinTrusted.exe [x]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys;c:\windows\SYSNATIVE\DRIVERS\adusbser.sys [x]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe;c:\program files (x86)\BitComet\tools\BitCometService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 14:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"Printsrv"="c:\windows\System32\Printing_Admin_Scripts\en-US\driverupd.vbs" [BU]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\sign
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojeplatba.cz\www
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 82.144.128.1 82.144.129.1
TCP: Interfaces\{E7D12EEA-3715-49ED-B9DE-C00C397FFCDA}: DhcpNameServer = 82.144.128.1 82.144.129.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1595650876-3556912388-1829575210-1000\Software\SecuROM\License information*]
"datasecu"=hex:36,0f,bf,fb,bd,06,02,e6,75,b6,ab,5f,ab,91,fa,b1,48,ac,11,9b,0a,
66,0b,ec,64,3f,e9,61,09,75,38,3c,31,e0,0c,66,e3,50,8a,bd,4d,54,8f,28,68,f5,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
.
**************************************************************************
.
Celkový čas: 2014-03-03 16:19:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-03-03 15:19
ComboFix2.txt 2014-02-28 13:42
ComboFix3.txt 2014-02-26 14:47
.
Před spuštěním: Volných bajtů: 836 070 744 064
Po spuštění: Volných bajtů: 835 887 034 368
.
- - End Of File - - F724AA98B1B90576F410478BA09C1C34
A36C5E4F47E84449FF07ED3517B43A31

[sisjarda]

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 16:23:26, on 3.3.2014
Platform: Windows 7 SP3 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
CHROME: 30.0.1599.101

Boot mode: Normal

Running processes:
C:\Users\Uzivatel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Uzivatel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Uzivatel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Uzivatel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Uzivatel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Uzivatel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Uzivatel\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Printsrv] c:\Windows\System32\Printing_Admin_Scripts\en-US\driverupd.vbs
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\Microsoft Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files (x86)\BitComet\tools\BitCometService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iWinTrusted - Unknown owner - E:\Program Files\iWin Games\iWinTrusted.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7088 bytes

[sisjarda]

www.virustotal.com/cs/file/d647aeb0bcb0 ... 1393860413

[sisjarda]

Špatně jsem to udělal tady je nový scan.

www.virustotal.com/cs/file/d647aeb0bcb0 ... 1393860700

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O4 - HKLM\..\Run: [Printsrv] c:\Windows\System32\Printing_Admin_Scripts\en-US\driverupd.vbs

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

KillAll::
File::
c:\Windows\System32\Printing_Admin_Scripts\en-US\driverupd.vbs

RegLock::
[HKEY_USERS\S-1-5-21-1595650876-3556912388-1829575210-1000\Software\SecuROM\License information*]
"datasecu"=hex:36,0f,bf,fb,bd,06,02,e6,75,b6,ab,5f,ab,91,fa,b1,48,ac,11,9b,0a,
 66,0b,ec,64,3f,e9,61,09,75,38,3c,31,e0,0c,66,e3,50,8a,bd,4d,54,8f,28,68,f5,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[sisjarda]

ComboFix 14-02-24.02 - Uzivatel 04.03.2014 15:23:28.7.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.3.1250.420.1029.18.4095.2820 [GMT 1:00]
Spuštěný z: c:\users\Uzivatel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Uzivatel\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.
FILE ::
"c:\windows\System32\Printing_Admin_Scripts\en-US\driverupd.vbs"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . nemohl být smazán
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . nemohl být smazán
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-04 do 2014-03-04 )))))))))))))))))))))))))))))))
.
.
2014-03-04 14:24 . 2014-03-04 14:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-03-04 14:24 . 2014-03-04 14:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-03 15:34 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{891F4206-7EA2-4093-959D-C27784CBEFE9}\mpengine.dll
2014-03-02 10:12 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-27 14:09 . 2014-02-20 14:32 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7FF0131-5DC0-42ED-A5E9-2ACA13F833E1}\gapaengine.dll
2014-02-26 19:20 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-02-26 19:20 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-02-25 14:31 . 2014-02-25 14:31 -------- d-----w- C:\TDSSKiller_Quarantine
2014-02-23 17:51 . 2014-02-23 17:51 -------- d-----w- c:\users\Uzivatel\AppData\Local\ATI
2014-02-21 20:51 . 2014-02-21 20:51 -------- d-----w- c:\windows\Migration
2014-02-19 14:13 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-02-19 14:13 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-02-16 10:36 . 2014-02-16 10:36 -------- d---a-w- c:\windows\bitstreams
2014-02-16 10:36 . 2013-05-31 15:32 279955 ----a-w- c:\windows\libidn-11.dll
2014-02-16 10:36 . 2013-05-31 15:32 183382 ----a-w- c:\windows\librtmp.dll
2014-02-16 10:36 . 2013-05-31 15:32 171008 ----a-w- c:\windows\libssh2.dll
2014-02-16 10:36 . 2013-05-31 15:32 110094 ----a-w- c:\windows\libusb-1.0.dll
2014-02-16 10:31 . 2014-03-03 18:22 -------- d-----w- c:\users\Uzivatel\AppData\Roaming\.minecraft
2014-02-13 09:02 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 09:02 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-12 15:05 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-10 15:07 . 2014-02-10 15:07 -------- d-----w- c:\windows\SysWow64\Adobe
2014-02-09 18:07 . 2010-06-02 03:55 239960 ----a-w- c:\windows\SysWow64\xactengine3_7.dll
2014-02-09 18:07 . 2010-06-02 03:55 176984 ----a-w- c:\windows\system32\xactengine3_7.dll
2014-02-09 18:07 . 2010-05-26 10:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2014-02-09 18:07 . 2010-05-26 10:41 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll
2014-02-09 18:07 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
2014-02-09 18:07 . 2010-05-26 10:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2014-02-09 18:07 . 2010-05-26 10:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2014-02-09 18:07 . 2010-05-26 10:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2014-02-09 18:00 . 2014-02-09 18:04 -------- d-----w- c:\users\Uzivatel\AppData\Roaming\rmi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 14:06 . 2012-04-29 07:44 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-21 14:06 . 2011-05-26 18:15 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-20 14:32 . 2012-06-13 06:13 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-02-17 07:47 . 2010-10-07 14:55 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-01-26 09:17 . 2014-01-26 09:17 608080 ----a-w- c:\windows\msvcp100.dll
2014-01-26 09:17 . 2014-01-26 09:17 829264 ----a-w- c:\windows\msvcr100.dll
2014-01-26 09:17 . 2014-01-26 09:17 314 ----a-w- c:\windows\uninstall_cp.bat
2014-01-19 07:33 . 2010-09-23 21:35 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-10 21:34 . 2013-12-10 21:34 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-10 21:34 . 2013-12-10 21:34 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-10 21:34 . 2013-12-10 21:34 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-10 21:34 . 2013-12-10 21:34 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-10 21:34 . 2013-12-10 21:34 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-10 21:34 . 2013-12-10 21:34 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-10 21:34 . 2013-12-10 21:34 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-10 21:34 . 2013-12-10 21:34 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-10 21:34 . 2013-12-10 21:34 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-10 21:34 . 2013-12-10 21:34 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-10 21:34 . 2013-12-10 21:34 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-10 21:34 . 2013-12-10 21:34 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-10 21:34 . 2013-12-10 21:34 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-10 21:34 . 2013-12-10 21:34 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-10 21:34 . 2013-12-10 21:34 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-10 21:34 . 2013-12-10 21:34 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-10 21:34 . 2013-12-10 21:34 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-10 21:34 . 2013-12-10 21:34 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-10 21:34 . 2013-12-10 21:34 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-10 21:34 . 2013-12-10 21:34 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-10 21:34 . 2013-12-10 21:34 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-10 21:34 . 2013-12-10 21:34 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-10 21:34 . 2013-12-10 21:34 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-10 21:34 . 2013-12-10 21:34 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-10 21:34 . 2013-12-10 21:34 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-10 21:34 . 2013-12-10 21:34 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-10 21:34 . 2013-12-10 21:34 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-10 21:34 . 2013-12-10 21:34 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-10 21:34 . 2013-12-10 21:34 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-10 21:34 . 2013-12-10 21:34 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-10 21:34 . 2013-12-10 21:34 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-10 21:34 . 2013-12-10 21:34 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-10 21:34 . 2013-12-10 21:34 413696 ----a-w- c:\windows\system32\html.iec
2013-12-10 21:34 . 2013-12-10 21:34 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-10 21:34 . 2013-12-10 21:34 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-10 21:34 . 2013-12-10 21:34 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-10 21:34 . 2013-12-10 21:34 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-10 21:34 . 2013-12-10 21:34 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-10 21:34 . 2013-12-10 21:34 235520 ----a-w- c:\windows\system32\url.dll
2013-12-10 21:34 . 2013-12-10 21:34 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-10 21:34 . 2013-12-10 21:34 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-10 21:34 . 2013-12-10 21:34 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-10 21:34 . 2013-12-10 21:34 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-10 21:34 . 2013-12-10 21:34 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-10 21:34 . 2013-12-10 21:34 101376 ----a-w- c:\windows\system32\inseng.dll
2013-12-10 21:34 . 2013-12-10 21:34 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-10 21:34 . 2013-12-10 21:34 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-10 21:34 . 2013-12-10 21:34 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-10 21:34 . 2013-12-10 21:34 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-10 21:34 . 2013-12-10 21:34 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-10 21:34 . 2013-12-10 21:34 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-10 21:34 . 2013-12-10 21:34 135680 ----a-w- c:\windows\system32\iepeers.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
.
c:\users\Uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 iWinTrusted;iWinTrusted;e:\program files\iWin Games\iWinTrusted.exe;e:\program files\iWin Games\iWinTrusted.exe [x]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys;c:\windows\SYSNATIVE\DRIVERS\adusbser.sys [x]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe;c:\program files (x86)\BitComet\tools\BitCometService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 14:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"Printsrv"="c:\windows\System32\Printing_Admin_Scripts\en-US\driverupd.vbs" [BU]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\sign
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojeplatba.cz\www
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: Interfaces\{E7D12EEA-3715-49ED-B9DE-C00C397FFCDA}: DhcpNameServer = 82.144.128.1 82.144.129.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1595650876-3556912388-1829575210-1000\Software\SecuROM\License information*]
"datasecu"=hex:36,0f,bf,fb,bd,06,02,e6,75,b6,ab,5f,ab,91,fa,b1,48,ac,11,9b,0a,
66,0b,ec,64,3f,e9,61,09,75,38,3c,31,e0,0c,66,e3,50,8a,bd,4d,54,8f,28,68,f5,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Celkový čas: 2014-03-04 15:30:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-03-04 14:30
ComboFix2.txt 2014-03-03 15:19
ComboFix3.txt 2014-02-28 13:42
ComboFix4.txt 2014-02-26 14:47
.
Před spuštěním: Volných bajtů: 835 452 760 064
Po spuštění: Volných bajtů: 835 258 056 704
.
- - End Of File - - 73041929FD50ED14F9219726998B2E7D
A36C5E4F47E84449FF07ED3517B43A31

[sisjarda]

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 15:41:46, on 4.3.2014
Platform: Windows 7 SP3 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
CHROME: 30.0.1599.101

Boot mode: Normal

Running processes:
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Users\Uzivatel\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\Microsoft Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files (x86)\BitComet\tools\BitCometService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iWinTrusted - Unknown owner - E:\Program Files\iWin Games\iWinTrusted.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6767 bytes

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.


Co problémy?

[sisjarda]

Prvotni chyba kvuli ktere jsem se ozval je pryc,akorat mi to zrusilo Daemon tools a Skype po chvili nejde vypnout z listy a musim ho vypinat pres Ctrl+Alt+Delete.
Na tvoji odpoved se budu mit moznost podivat az v nedeli nebo pondeli

[Orcus]

Daemon Tools a Skype přeinstaluj a bude to vyřešené.

[sisjarda]

Takze diky vsem za pomoc a snad tu nebudu zase za chvili.Diky