Kontrola logu Vyřešeno

[Rebel]

Dobrý den prosím o pomoc ohledně mého noteboku. Mám podezření na viry. Odkazy na googlu jednou za čas odkazují na stránky s reklamou, a pokud spustím antivir (Comodo) asi po třech hodinách prohledávání se počítač neočekávaně vypne. Zde je výpis z HijackThis děkuji.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:54:27, on 13.2.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\totalcmd\TOTALCMD.EXE
C:\Users\Rebel\Downloads\HijackThis(1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=108298&ba ... 262d5cb469
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WEBIE.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ExtraBackup] C:\Program Files\Essential Data Tools\ExtraBackup\ExtraBackupWorker.exe
O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: AdeonaClientService - Unknown owner - C:\Program Files\Adeona\cygrunsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apache2Triad Apache2 Service (Apache2) - Apache Software Foundation - C:\apache2triad\bin\httpd.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2SSL) - Apache Software Foundation - C:\apache2triad\bin\httpd.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Program Files\Cobian Backup 10\cbVSCService.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EMP_NSWLSV - SEIKO EPSON CORPORATION - C:\Program Files\EPSON Projector\EasyMP Network Projection V2\EMP_NSWLSV.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Sentinel HASP License Manager (hasplms) - SafeNet Inc. - C:\Windows\system32\hasplms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: MCT10 Service - Unknown owner - C:\Program Files\Danfoss Drives\VLT Motion Control Tool\MCT 10 Set-up Software\MCTServ.exe
O23 - Service: MX-3 B-Cup XP (Mx-3 B-Cup Service) - n.v.t. MX-3 - C:\Windows\system32\Mx-3 B-Cup Service.exe
O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:\apache2triad\mysql\bin\mysqld.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\11.2.0\server\BIN\omtsreco.exe
O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE
O23 - Service: OracleXEClrAgent - Oracle Corporation - C:\oraclexe\app\oracle\product\11.2.0\server\bin\OraClrAgnt.exe
O23 - Service: OracleXETNSListener - Oracle Corporation - C:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe
O23 - Service: Apache2Triad PostgreSQL Service (PgSql) - PostgreSQL Global Development Group - C:\apache2triad\pgsql\bin\pg_ctl.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2triad\ftp\SlimFTPd.exe (file missing)
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: Apache2Triad Xmail Service (XMail) - Unknown owner - C:\apache2triad\mail\bin\XMail.exe

--
End of file - 10515 bytes

[Reklama]

[Žbeky]

Odinstaluj Daemon tools toolbar

Fixni:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=108298&ba ... 262d5cb469
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.

[Rebel]

Omlouvám se za zpoždění, jednotlivé úkony jsem provedl ale mám problém s programem Malwarebytes' Anti-Malware. Při zpuštění aktualizace se sám proces ukončí, pokud zadám, že nechci aktualizovat a provedu scan také se ukončí. Při spuštění Malwarebytes' Anti-Malware v nouzovém režimu stejný výsledek.

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Pokud budou problémy:
Stáhni znovu a při ukládání přepiš název Combofix.exe na:
winlogon.exe
pak postupuj jako s Combofixem.

[Rebel]

Tak jsem to spustil vypadalo to že vše proběhlo ok, akorát po dokončení mi nejdou spustit žádné programi hlásí mi to "Pokus opoužít neplatnou operaci na klíč, který je označen k odstranění ". Zde je výpis:


ComboFix 12-02-13.01 - Rebel 13.02.2012 22:50:25.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.3067.1841 [GMT 1:00]
Spuštěný z: c:\users\Rebel\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Rebel\AppData\Local\Microsoft\Windows\Temporary Internet Files\WTRAN32.INI
c:\windows\IsUn0405.exe
c:\windows\My.ini
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\GroupPolicy\Machine\Registry.pol
c:\windows\system32\html
c:\windows\system32\html\calendar.html
c:\windows\system32\html\calendarbottom.html
c:\windows\system32\html\calendartop.html
c:\windows\system32\html\crystalexportdialog.htm
c:\windows\system32\html\crystalprinthost.html
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
c:\windows\system32\SET5CCB.tmp
c:\windows\system32\SET8E2B.tmp
c:\windows\system32\UNWISE.EXE
c:\windows\system32\win.ini
.
Nakažená kopie c:\windows\system32\Drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-13 do 2012-02-13 )))))))))))))))))))))))))))))))
.
.
2012-02-13 19:45 . 2012-02-13 19:56 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-13 13:30 . 2012-02-13 13:30 -------- d-----w- c:\users\Rebel\AppData\Roaming\InstallShield
2012-02-12 13:07 . 2012-02-12 13:08 -------- d-----w- c:\program files\Advanced IP Scanner
2012-02-10 08:05 . 2012-02-10 08:05 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-02-07 09:45 . 2009-03-18 15:35 26176 ---ha-w- c:\windows\system32\hamachi.sys
2012-02-06 16:41 . 2012-02-06 16:41 -------- d-----w- c:\programdata\Amit s.r.o
2012-02-06 11:06 . 2012-02-06 11:34 -------- d-----w- c:\users\Rebel\AppData\Local\DetStudio
2012-02-06 11:04 . 2012-02-06 11:04 -------- d-----w- c:\program files\Amit
2012-02-06 09:01 . 2012-02-06 10:02 -------- d-----w- C:\ProtermZimniStadion
2012-01-28 12:43 . 2012-01-28 12:43 237 ----a-w- C:\user.js
2012-01-28 12:43 . 2012-01-28 12:43 -------- d-----w- c:\users\Rebel\AppData\Local\Babylon
2012-01-28 12:43 . 2012-01-28 12:43 -------- d-----w- c:\programdata\Babylon
2012-01-28 12:43 . 2012-01-28 12:43 -------- d-----w- c:\users\Rebel\AppData\Roaming\Babylon
2012-01-28 12:42 . 2012-01-28 12:42 30520 ----a-w- c:\windows\system32\midiwrap3405.deu
2012-01-28 12:42 . 2012-02-13 13:29 -------- d-----w- c:\programdata\KB Piano
2012-01-24 10:02 . 2011-12-19 18:58 33984 ----a-w- c:\windows\system32\cmdcsr.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-17 21:00 . 2010-04-08 23:25 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-12-19 18:59 . 2010-04-08 23:25 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-12-19 18:59 . 2010-04-08 23:25 39640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-19 18:59 . 2010-04-08 23:25 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-19 18:58 . 2010-04-08 23:26 301224 ----a-w- c:\windows\system32\guard32.dll
2011-12-10 14:24 . 2011-05-19 08:08 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-08 12:30 . 2011-12-08 12:30 421200 ----a-w- c:\windows\system32\msvcp100.dll
2011-12-08 12:30 . 2011-12-08 12:30 768848 ----a-w- c:\windows\system32\msvcr100.dll
2011-12-07 12:17 . 2011-12-07 13:14 237568 ----a-w- c:\windows\system\glut32.dll
2011-12-07 12:17 . 2011-12-07 12:23 237568 ----a-w- c:\windows\system32\glut32.dll
2011-11-23 13:13 . 2011-11-23 13:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-09 08:59 . 2011-05-12 17:24 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 6676808]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-09-09 523216]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-07 1987976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
R1 MpKsl11cc9329;MpKsl11cc9329;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{28301127-CBE3-4E39-8856-9AD077F26FC6}\MpKsl11cc9329.sys [x]
R1 MpKsl181e1440;MpKsl181e1440;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9AAD620B-0678-44DF-8345-3A763F76F070}\MpKsl181e1440.sys [x]
R1 MpKsl5f8a2656;MpKsl5f8a2656;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6296889-FCEC-4FE6-A090-628D441D3CB5}\MpKsl5f8a2656.sys [x]
R1 MpKsl66adb632;MpKsl66adb632;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{956F676C-F001-4990-9977-966E21AADC9C}\MpKsl66adb632.sys [x]
R1 MpKsl969ec622;MpKsl969ec622;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{379AACFF-E047-4F79-9361-3456DB1B91B4}\MpKsl969ec622.sys [x]
R1 MpKsl9d9cd91b;MpKsl9d9cd91b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06BDFA1D-0417-45A4-BBEB-49F16753EE0C}\MpKsl9d9cd91b.sys [x]
R1 MpKslebe6eec9;MpKslebe6eec9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{28301127-CBE3-4E39-8856-9AD077F26FC6}\MpKslebe6eec9.sys [x]
R1 MpKslee9b7211;MpKslee9b7211;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4893B278-6BDA-4E19-8760-C0F4C2B314F1}\MpKslee9b7211.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-24 135664]
R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE [x]
R2 SlimFTPd;Apache2Triad SlimFTPd Server;c:\apache2triad\ftp\SlimFTPd.exe [x]
R3 Apache2SSL;Apache2Triad Apache2 Service with SSL;c:\apache2triad\bin\httpd.exe [2011-01-09 17408]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-07-23 112128]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-24 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-02-13 40776]
R3 netr28u;RT2870 USB Wireless LAN Card Driver pro systém Windows Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 PgSql;Apache2Triad PostgreSQL Service;c:\apache2triad\pgsql\bin\pg_ctl.exe [2011-01-09 75207]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-12-01 31888]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-07 1343400]
R3 XHASP;XHASP;c:\windows\system32\drivers\XHASP.sys [2010-11-06 259584]
R3 XLHASP;XLHASP;c:\windows\system32\drivers\XLHASP.sys [2010-11-06 1282048]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe XE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2009-03-24 40560]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-05 691696]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2011-12-19 19600]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-01-17 491816]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-12-19 39640]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-12-01 143248]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-12-01 41936]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdeonaClientService;AdeonaClientService;c:\program files\Adeona\cygrunsrv.exe [2008-07-13 68096]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2010-03-04 24645]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744]
S2 EMP_NSWLSV;EMP_NSWLSV;c:\program files\EPSON Projector\EasyMP Network Projection V2\EMP_NSWLSV.exe [2010-12-15 98304]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-02-07 1373576]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 MCT10 Service;MCT10 Service;c:\program files\Danfoss Drives\VLT Motion Control Tool\MCT 10 Set-up Software\MCTServ.exe [2010-12-09 59392]
S2 Mx-3 B-Cup Service;MX-3 B-Cup XP;c:\windows\system32\Mx-3 B-Cup Service.exe s [x]
S2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe [2011-08-27 512000]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-09-09 475088]
S2 XMail;Apache2Triad Xmail Service;c:\apache2triad\mail\bin\XMail.exe [2011-01-09 339968]
S3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [2011-09-09 87976]
S3 EPPVAD2_simple;EPSON Projector ENP Audio Device;c:\windows\system32\drivers\EMP_NSAU.sys [2010-12-15 17792]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\DRIVERS\PPJoyBus.sys [2010-02-20 16056]
S3 PPortJoystick;Parallel Port Joystick Device Driver;c:\windows\system32\DRIVERS\PPortJoy.sys [2010-02-20 31928]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-12-01 100560]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-12-01 111504]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-24 16:19]
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-24 16:19]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WEBIE.DLL
TCP: DhcpNameServer = 84.16.106.1 84.16.96.2
FF - ProfilePath - c:\users\Rebel\AppData\Roaming\Mozilla\Firefox\Profiles\tbg316ce.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108298
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - fca9db6300000000000000262d5cb469
FF - user.js: extensions.BabylonToolbar_i.hardId - fca9db6300000000000000262d5cb469
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15367
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:43
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-ExtraBackup - c:\program files\Essential Data Tools\ExtraBackup\ExtraBackupWorker.exe
AddRemove-ADAM driver - c:\windows\IsUn0405.exe
AddRemove-Adobe Photoshop 7.0 CE - c:\windows\ISUN0405.EXE
AddRemove-Control Web DEV - c:\windows\IsUn0405.exe
AddRemove-Hardlock Device Drivers - c:\windows\system32\UNWISE.EXE
AddRemove-PokerStars - c:\program files\PokerStars\PokerStarsUninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ed,ff,1a,9a,09,02,38,49,91,d2,5b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ed,ff,1a,9a,09,02,38,49,91,d2,5b,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(512)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(612)
c:\windows\system32\guard32.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\WinSCP\DragExt.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\atieclxx.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\system32\rundll32.exe
c:\program files\Adeona\adeona-client.exe
c:\windows\system32\conhost.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\hasplms.exe
c:\program files\Borland\InterBase\bin\ibguard.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\system32\taskhost.exe
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\Mx-3 B-Cup Service.exe
c:\windows\system32\conhost.exe
c:\apache2triad\mysql\bin\mysqld.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Borland\InterBase\bin\ibserver.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2012-02-13 23:10:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-13 22:10
.
Před spuštěním: Volných bajtů: 36 301 414 400
Po spuštění: Volných bajtů: 40 015 970 304
.
- - End Of File - - 328D3CC40AE75FB52BED28A12FCBBCFB

[jaro3]

Tak jsem to spustil vypadalo to že vše proběhlo ok, akorát po dokončení mi nejdou spustit žádné programi hlásí mi to "Pokus opoužít neplatnou operaci na klíč, který je označen k odstranění ". Zde je výpis:

Zkus několikrát restartovat PC.

Dobrý den prosím o pomoc ohledně mého noteboku. Mám podezření na viry. Odkazy na googlu jednou za čas odkazují na stránky s reklamou, a pokud spustím antivir (Comodo) asi po třech hodinách prohledávání se počítač neočekávaně vypne. Zde je výpis z HijackThis děkuji.

Máš tam ale dva antiviry:
Microsoft Security Essentials
COMODO Internet Security
Jeden odinstaluj!

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Folder::
c:\programdata\Babylon
c:\users\Rebel\AppData\Roaming\Babylon

Firefox::
FF - ProfilePath - c:\users\Rebel\AppData\Roaming\Mozilla\Firefox\Profiles\tbg316ce.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108298
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - fca9db6300000000000000262d5cb469
FF - user.js: extensions.BabylonToolbar_i.hardId - fca9db6300000000000000262d5cb469
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15367
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:43
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\Drivers\atapi.sys

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

[Rebel]

Antivirový program Microsoft Security Essentials jsem měl dříve nainstalovaný ale niní jsem ho nikde v pc nenašel, takže předpokládám že je odinstalován, a zbyli po něm záznamy v registrech. Zde je výpis z ComboFix:

ComboFix 12-02-13.01 - Rebel 14.02.2012 22:49:50.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.3067.1709 [GMT 1:00]
Spuštěný z: c:\users\Rebel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Rebel\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Babylon
c:\users\Rebel\AppData\Roaming\Babylon
c:\users\Rebel\AppData\Roaming\Babylon\log_file.txt
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-14 do 2012-02-14 )))))))))))))))))))))))))))))))
.
.
2012-02-14 21:58 . 2012-02-14 21:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-14 21:58 . 2012-02-14 21:58 -------- d-----w- c:\users\apache2triad\AppData\Local\temp
2012-02-13 19:45 . 2012-02-13 19:56 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-13 13:30 . 2012-02-13 13:30 -------- d-----w- c:\users\Rebel\AppData\Roaming\InstallShield
2012-02-12 13:07 . 2012-02-12 13:08 -------- d-----w- c:\program files\Advanced IP Scanner
2012-02-10 08:05 . 2012-02-10 08:05 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-02-07 09:45 . 2009-03-18 15:35 26176 ---ha-w- c:\windows\system32\hamachi.sys
2012-02-06 16:41 . 2012-02-06 16:41 -------- d-----w- c:\programdata\Amit s.r.o
2012-02-06 11:06 . 2012-02-06 11:34 -------- d-----w- c:\users\Rebel\AppData\Local\DetStudio
2012-02-06 11:04 . 2012-02-06 11:04 -------- d-----w- c:\program files\Amit
2012-02-06 09:01 . 2012-02-06 10:02 -------- d-----w- C:\ProtermZimniStadion
2012-01-28 12:43 . 2012-01-28 12:43 237 ----a-w- C:\user.js
2012-01-28 12:43 . 2012-01-28 12:43 -------- d-----w- c:\users\Rebel\AppData\Local\Babylon
2012-01-28 12:42 . 2012-01-28 12:42 30520 ----a-w- c:\windows\system32\midiwrap3405.deu
2012-01-28 12:42 . 2012-02-13 13:29 -------- d-----w- c:\programdata\KB Piano
2012-01-24 10:02 . 2011-12-19 18:58 33984 ----a-w- c:\windows\system32\cmdcsr.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-17 21:00 . 2010-04-08 23:25 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-12-19 18:59 . 2010-04-08 23:25 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-12-19 18:59 . 2010-04-08 23:25 39640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-19 18:59 . 2010-04-08 23:25 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-19 18:58 . 2010-04-08 23:26 301224 ----a-w- c:\windows\system32\guard32.dll
2011-12-10 14:24 . 2011-05-19 08:08 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-08 12:30 . 2011-12-08 12:30 421200 ----a-w- c:\windows\system32\msvcp100.dll
2011-12-08 12:30 . 2011-12-08 12:30 768848 ----a-w- c:\windows\system32\msvcr100.dll
2011-12-07 12:17 . 2011-12-07 13:14 237568 ----a-w- c:\windows\system\glut32.dll
2011-12-07 12:17 . 2011-12-07 12:23 237568 ----a-w- c:\windows\system32\glut32.dll
2011-11-23 13:13 . 2011-11-23 13:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-09 08:59 . 2011-05-12 17:24 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 6676808]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-09-09 523216]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-07 1987976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
R1 MpKsl11cc9329;MpKsl11cc9329;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{28301127-CBE3-4E39-8856-9AD077F26FC6}\MpKsl11cc9329.sys [x]
R1 MpKsl181e1440;MpKsl181e1440;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9AAD620B-0678-44DF-8345-3A763F76F070}\MpKsl181e1440.sys [x]
R1 MpKsl5f8a2656;MpKsl5f8a2656;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6296889-FCEC-4FE6-A090-628D441D3CB5}\MpKsl5f8a2656.sys [x]
R1 MpKsl66adb632;MpKsl66adb632;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{956F676C-F001-4990-9977-966E21AADC9C}\MpKsl66adb632.sys [x]
R1 MpKsl969ec622;MpKsl969ec622;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{379AACFF-E047-4F79-9361-3456DB1B91B4}\MpKsl969ec622.sys [x]
R1 MpKsl9d9cd91b;MpKsl9d9cd91b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06BDFA1D-0417-45A4-BBEB-49F16753EE0C}\MpKsl9d9cd91b.sys [x]
R1 MpKslebe6eec9;MpKslebe6eec9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{28301127-CBE3-4E39-8856-9AD077F26FC6}\MpKslebe6eec9.sys [x]
R1 MpKslee9b7211;MpKslee9b7211;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4893B278-6BDA-4E19-8760-C0F4C2B314F1}\MpKslee9b7211.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-24 135664]
R2 SlimFTPd;Apache2Triad SlimFTPd Server;c:\apache2triad\ftp\SlimFTPd.exe [x]
R3 Apache2SSL;Apache2Triad Apache2 Service with SSL;c:\apache2triad\bin\httpd.exe [2011-01-09 17408]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-07-23 112128]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-24 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-02-13 40776]
R3 netr28u;RT2870 USB Wireless LAN Card Driver pro systém Windows Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 PgSql;Apache2Triad PostgreSQL Service;c:\apache2triad\pgsql\bin\pg_ctl.exe [2011-01-09 75207]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-12-01 31888]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-07 1343400]
R3 XHASP;XHASP;c:\windows\system32\drivers\XHASP.sys [2010-11-06 259584]
R3 XLHASP;XLHASP;c:\windows\system32\drivers\XLHASP.sys [2010-11-06 1282048]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe XE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2009-03-24 40560]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-05 691696]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2011-12-19 19600]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-01-17 491816]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-12-19 39640]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-12-01 143248]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-12-01 41936]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdeonaClientService;AdeonaClientService;c:\program files\Adeona\cygrunsrv.exe [2008-07-13 68096]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2010-03-04 24645]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744]
S2 EMP_NSWLSV;EMP_NSWLSV;c:\program files\EPSON Projector\EasyMP Network Projection V2\EMP_NSWLSV.exe [2010-12-15 98304]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-02-07 1373576]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 MCT10 Service;MCT10 Service;c:\program files\Danfoss Drives\VLT Motion Control Tool\MCT 10 Set-up Software\MCTServ.exe [2010-12-09 59392]
S2 Mx-3 B-Cup Service;MX-3 B-Cup XP;c:\windows\system32\Mx-3 B-Cup Service.exe s [x]
S2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE [x]
S2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe [2011-08-27 512000]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-09-09 475088]
S2 XMail;Apache2Triad Xmail Service;c:\apache2triad\mail\bin\XMail.exe [2011-01-09 339968]
S3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [2011-09-09 87976]
S3 EPPVAD2_simple;EPSON Projector ENP Audio Device;c:\windows\system32\drivers\EMP_NSAU.sys [2010-12-15 17792]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\DRIVERS\PPJoyBus.sys [2010-02-20 16056]
S3 PPortJoystick;Parallel Port Joystick Device Driver;c:\windows\system32\DRIVERS\PPortJoy.sys [2010-02-20 31928]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-12-01 100560]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-12-01 111504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-24 16:19]
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-24 16:19]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WEBIE.DLL
FF - ProfilePath - c:\users\Rebel\AppData\Roaming\Mozilla\Firefox\Profiles\tbg316ce.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ed,ff,1a,9a,09,02,38,49,91,d2,5b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ed,ff,1a,9a,09,02,38,49,91,d2,5b,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(516)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(200)
c:\windows\system32\guard32.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\WinSCP\DragExt.dll
c:\windows\System32\SyncCenter.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\atieclxx.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Adeona\adeona-client.exe
c:\windows\system32\conhost.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\hasplms.exe
c:\program files\Borland\InterBase\bin\ibguard.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\Mx-3 B-Cup Service.exe
c:\apache2triad\mysql\bin\mysqld.exe
c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\taskhost.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Borland\InterBase\bin\ibserver.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2012-02-14 23:12:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-14 22:12
ComboFix2.txt 2012-02-13 22:10
.
Před spuštěním: Volných bajtů: 40 106 553 344
Po spuštění: Volných bajtů: 39 989 841 920
.
- - End Of File - - A0247C968E7F1E6A57B340C132F680B8


Zde je výpis z HijackThis:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:27:30, on 14.2.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wuauclt.exe
C:\totalcmd\TOTALCMD.EXE
C:\Users\Rebel\Downloads\HijackThis(1).exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WEBIE.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll
O23 - Service: AdeonaClientService - Unknown owner - C:\Program Files\Adeona\cygrunsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apache2Triad Apache2 Service (Apache2) - Apache Software Foundation - C:\apache2triad\bin\httpd.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2SSL) - Apache Software Foundation - C:\apache2triad\bin\httpd.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Program Files\Cobian Backup 10\cbVSCService.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EMP_NSWLSV - SEIKO EPSON CORPORATION - C:\Program Files\EPSON Projector\EasyMP Network Projection V2\EMP_NSWLSV.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Sentinel HASP License Manager (hasplms) - SafeNet Inc. - C:\Windows\system32\hasplms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: MCT10 Service - Unknown owner - C:\Program Files\Danfoss Drives\VLT Motion Control Tool\MCT 10 Set-up Software\MCTServ.exe
O23 - Service: MX-3 B-Cup XP (Mx-3 B-Cup Service) - n.v.t. MX-3 - C:\Windows\system32\Mx-3 B-Cup Service.exe
O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:\apache2triad\mysql\bin\mysqld.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\11.2.0\server\BIN\omtsreco.exe
O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE
O23 - Service: OracleXEClrAgent - Oracle Corporation - C:\oraclexe\app\oracle\product\11.2.0\server\bin\OraClrAgnt.exe
O23 - Service: OracleXETNSListener - Oracle Corporation - C:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe
O23 - Service: Apache2Triad PostgreSQL Service (PgSql) - PostgreSQL Global Development Group - C:\apache2triad\pgsql\bin\pg_ctl.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2triad\ftp\SlimFTPd.exe (file missing)
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: Apache2Triad Xmail Service (XMail) - Unknown owner - C:\apache2triad\mail\bin\XMail.exe

--
End of file - 8079 bytes




Scan VirusTotal: https://www.virustotal.com/file/f28cc53 ... 329258792/

[jaro3]

MSE-- jsou tam soubory i ovladače , odmažeme..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
SecCenter::
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

File::
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{28301127-CBE3-4E39-8856-9AD077F26FC6}\MpKsl11cc9329.sys
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9AAD620B-0678-44DF-8345-3A763F76F070}\MpKsl181e1440.sys
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6296889-FCEC-4FE6-A090-628D441D3CB5}\MpKsl5f8a2656.sys
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{956F676C-F001-4990-9977-966E21AADC9C}\MpKsl66adb632.sys
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{379AACFF-E047-4F79-9361-3456DB1B91B4}\MpKsl969ec622.sys
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06BDFA1D-0417-45A4-BBEB-49F16753EE0C}\MpKsl9d9cd91b.sys
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{28301127-CBE3-4E39-8856-9AD077F26FC6}\MpKslebe6eec9.sys
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4893B278-6BDA-4E19-8760-C0F4C2B314F1}\MpKslee9b7211.sys

Folder::
c:\programdata\Microsoft\Microsoft Antimalware

Driver::
MpKsl11cc9329
MpKsl181e1440
MpKsl5f8a2656
MpKsl66adb632
MpKsl969ec622
MpKsl9d9cd91b
MpKslebe6eec9
MpKslee9b7211

RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu .

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

VT-- to bude asi chyba eSafe..

Aktualizuj javu:
Java SE Runtime Environment 7

Klikni na Accept License Agreement
Vyber si OS (Windows nebo Windows x64, Offline Installation)
jre-7-windows-i586-p.exe nebo
jre-7-windows-x64.exe
Stáhni ( download) a nainstaluj.
Ostatní javy odeber v přidat/odebrat programy.

[Rebel]

Moc jsem jsem nepochopil :"MSE-- jsou tam soubory i ovladače , odmažeme.." a " VT-- to bude asi chyba eSafe.."
Výpis z z comboFixu je:

ComboFix 12-02-13.01 - Rebel 15.02.2012 22:15:24.3.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.3067.2022 [GMT 1:00]
Spuštěný z: c:\users\Rebel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Rebel\Desktop\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06BDFA1D-0417-45A4-BBEB-49F16753EE0C}\MpKsl9d9cd91b.sys"
"c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{28301127-CBE3-4E39-8856-9AD077F26FC6}\MpKsl11cc9329.sys"
"c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{28301127-CBE3-4E39-8856-9AD077F26FC6}\MpKslebe6eec9.sys"
"c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{379AACFF-E047-4F79-9361-3456DB1B91B4}\MpKsl969ec622.sys"
"c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4893B278-6BDA-4E19-8760-C0F4C2B314F1}\MpKslee9b7211.sys"
"c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{956F676C-F001-4990-9977-966E21AADC9C}\MpKsl66adb632.sys"
"c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9AAD620B-0678-44DF-8345-3A763F76F070}\MpKsl181e1440.sys"
"c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6296889-FCEC-4FE6-A090-628D441D3CB5}\MpKsl5f8a2656.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Microsoft Antimalware
c:\programdata\Microsoft\Microsoft Antimalware\Network Inspection System\Support\NisLog.txt
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MPKSL11CC9329
-------\Legacy_MPKSL181E1440
-------\Legacy_MPKSL5F8A2656
-------\Legacy_MPKSL66ADB632
-------\Legacy_MPKSL969EC622
-------\Legacy_MPKSL9D9CD91B
-------\Legacy_MPKSLEBE6EEC9
-------\Legacy_MPKSLEE9B7211
-------\Service_MpKsl11cc9329
-------\Service_MpKsl181e1440
-------\Service_MpKsl5f8a2656
-------\Service_MpKsl66adb632
-------\Service_MpKsl969ec622
-------\Service_MpKsl9d9cd91b
-------\Service_MpKslebe6eec9
-------\Service_MpKslee9b7211
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-15 do 2012-02-15 )))))))))))))))))))))))))))))))
.
.
2012-02-13 19:45 . 2012-02-13 19:56 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-13 13:30 . 2012-02-13 13:30 -------- d-----w- c:\users\Rebel\AppData\Roaming\InstallShield
2012-02-12 13:07 . 2012-02-12 13:08 -------- d-----w- c:\program files\Advanced IP Scanner
2012-02-10 08:05 . 2012-02-10 08:05 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-02-07 09:45 . 2009-03-18 15:35 26176 ---ha-w- c:\windows\system32\hamachi.sys
2012-02-06 16:41 . 2012-02-06 16:41 -------- d-----w- c:\programdata\Amit s.r.o
2012-02-06 11:06 . 2012-02-06 11:34 -------- d-----w- c:\users\Rebel\AppData\Local\DetStudio
2012-02-06 11:04 . 2012-02-06 11:04 -------- d-----w- c:\program files\Amit
2012-02-06 09:01 . 2012-02-06 10:02 -------- d-----w- C:\ProtermZimniStadion
2012-01-28 12:43 . 2012-01-28 12:43 237 ----a-w- C:\user.js
2012-01-28 12:43 . 2012-01-28 12:43 -------- d-----w- c:\users\Rebel\AppData\Local\Babylon
2012-01-28 12:42 . 2012-01-28 12:42 30520 ----a-w- c:\windows\system32\midiwrap3405.deu
2012-01-28 12:42 . 2012-02-13 13:29 -------- d-----w- c:\programdata\KB Piano
2012-01-24 10:02 . 2011-12-19 18:58 33984 ----a-w- c:\windows\system32\cmdcsr.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-17 21:00 . 2010-04-08 23:25 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-12-19 18:59 . 2010-04-08 23:25 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-12-19 18:59 . 2010-04-08 23:25 39640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-19 18:59 . 2010-04-08 23:25 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-19 18:58 . 2010-04-08 23:26 301224 ----a-w- c:\windows\system32\guard32.dll
2011-12-10 14:24 . 2011-05-19 08:08 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-08 12:30 . 2011-12-08 12:30 421200 ----a-w- c:\windows\system32\msvcp100.dll
2011-12-08 12:30 . 2011-12-08 12:30 768848 ----a-w- c:\windows\system32\msvcr100.dll
2011-12-07 12:17 . 2011-12-07 13:14 237568 ----a-w- c:\windows\system\glut32.dll
2011-12-07 12:17 . 2011-12-07 12:23 237568 ----a-w- c:\windows\system32\glut32.dll
2011-11-23 13:13 . 2011-11-23 13:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-09 08:59 . 2011-05-12 17:24 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 6676808]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-09-09 523216]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-07 1987976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-24 135664]
R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE [x]
R2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe [2011-08-27 512000]
R2 SlimFTPd;Apache2Triad SlimFTPd Server;c:\apache2triad\ftp\SlimFTPd.exe [x]
R3 Apache2SSL;Apache2Triad Apache2 Service with SSL;c:\apache2triad\bin\httpd.exe [2011-01-09 17408]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-07-23 112128]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-24 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-02-13 40776]
R3 netr28u;RT2870 USB Wireless LAN Card Driver pro systém Windows Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 PgSql;Apache2Triad PostgreSQL Service;c:\apache2triad\pgsql\bin\pg_ctl.exe [2011-01-09 75207]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-12-01 31888]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-07 1343400]
R3 XHASP;XHASP;c:\windows\system32\drivers\XHASP.sys [2010-11-06 259584]
R3 XLHASP;XLHASP;c:\windows\system32\drivers\XLHASP.sys [2010-11-06 1282048]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe XE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2009-03-24 40560]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-05 691696]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2011-12-19 19600]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-01-17 491816]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-12-19 39640]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-12-01 143248]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-12-01 41936]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdeonaClientService;AdeonaClientService;c:\program files\Adeona\cygrunsrv.exe [2008-07-13 68096]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2010-03-04 24645]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744]
S2 EMP_NSWLSV;EMP_NSWLSV;c:\program files\EPSON Projector\EasyMP Network Projection V2\EMP_NSWLSV.exe [2010-12-15 98304]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-02-07 1373576]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 MCT10 Service;MCT10 Service;c:\program files\Danfoss Drives\VLT Motion Control Tool\MCT 10 Set-up Software\MCTServ.exe [2010-12-09 59392]
S2 Mx-3 B-Cup Service;MX-3 B-Cup XP;c:\windows\system32\Mx-3 B-Cup Service.exe s [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-09-09 475088]
S2 XMail;Apache2Triad Xmail Service;c:\apache2triad\mail\bin\XMail.exe [2011-01-09 339968]
S3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [2011-09-09 87976]
S3 EPPVAD2_simple;EPSON Projector ENP Audio Device;c:\windows\system32\drivers\EMP_NSAU.sys [2010-12-15 17792]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\DRIVERS\PPJoyBus.sys [2010-02-20 16056]
S3 PPortJoystick;Parallel Port Joystick Device Driver;c:\windows\system32\DRIVERS\PPortJoy.sys [2010-02-20 31928]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-12-01 100560]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-12-01 111504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-24 16:19]
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-24 16:19]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WEBIE.DLL
FF - ProfilePath - c:\users\Rebel\AppData\Roaming\Mozilla\Firefox\Profiles\tbg316ce.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ed,ff,1a,9a,09,02,38,49,91,d2,5b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ed,ff,1a,9a,09,02,38,49,91,d2,5b,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(512)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(2508)
c:\windows\system32\guard32.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\WinSCP\DragExt.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\atieclxx.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Adeona\adeona-client.exe
c:\windows\system32\conhost.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\hasplms.exe
c:\program files\Borland\InterBase\bin\ibguard.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\taskhost.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\conhost.exe
c:\windows\system32\Mx-3 B-Cup Service.exe
c:\apache2triad\mysql\bin\mysqld.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\program files\Borland\InterBase\bin\ibserver.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2012-02-15 22:36:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-15 21:36
ComboFix2.txt 2012-02-14 22:12
ComboFix3.txt 2012-02-13 22:10
.
Před spuštěním: Volných bajtů: 40 082 759 680
Po spuštění: Volných bajtů: 39 711 526 912
.
- - End Of File - - 33D5E942548FB1E857D8EAB4DB660CA8

[Žbeky]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[Rebel]

ComboFix 12-02-13.01 - Rebel 16.02.2012 21:10:51.4.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.3067.1751 [GMT 1:00]
Spuštěný z: c:\users\Rebel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Rebel\Desktop\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-16 do 2012-02-16 )))))))))))))))))))))))))))))))
.
.
2012-02-16 20:23 . 2012-02-16 20:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-16 20:23 . 2012-02-16 20:23 -------- d-----w- c:\users\apache2triad\AppData\Local\temp
2012-02-15 21:47 . 2012-02-15 21:47 -------- d-----w- c:\program files\Common Files\Java
2012-02-13 19:45 . 2012-02-13 19:56 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-13 13:30 . 2012-02-13 13:30 -------- d-----w- c:\users\Rebel\AppData\Roaming\InstallShield
2012-02-12 13:07 . 2012-02-12 13:08 -------- d-----w- c:\program files\Advanced IP Scanner
2012-02-10 08:05 . 2012-02-10 08:05 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-02-07 09:45 . 2009-03-18 15:35 26176 ---ha-w- c:\windows\system32\hamachi.sys
2012-02-06 16:41 . 2012-02-06 16:41 -------- d-----w- c:\programdata\Amit s.r.o
2012-02-06 11:06 . 2012-02-06 11:34 -------- d-----w- c:\users\Rebel\AppData\Local\DetStudio
2012-02-06 11:04 . 2012-02-06 11:04 -------- d-----w- c:\program files\Amit
2012-02-06 09:01 . 2012-02-06 10:02 -------- d-----w- C:\ProtermZimniStadion
2012-01-28 12:43 . 2012-01-28 12:43 237 ----a-w- C:\user.js
2012-01-28 12:43 . 2012-01-28 12:43 -------- d-----w- c:\users\Rebel\AppData\Local\Babylon
2012-01-28 12:42 . 2012-01-28 12:42 30520 ----a-w- c:\windows\system32\midiwrap3405.deu
2012-01-28 12:42 . 2012-02-13 13:29 -------- d-----w- c:\programdata\KB Piano
2012-01-24 10:02 . 2011-12-19 18:58 33984 ----a-w- c:\windows\system32\cmdcsr.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-15 21:46 . 2010-10-31 16:35 544656 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-17 21:00 . 2010-04-08 23:25 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-12-19 18:59 . 2010-04-08 23:25 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-12-19 18:59 . 2010-04-08 23:25 39640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-19 18:59 . 2010-04-08 23:25 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-19 18:58 . 2010-04-08 23:26 301224 ----a-w- c:\windows\system32\guard32.dll
2011-12-10 14:24 . 2011-05-19 08:08 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-08 12:30 . 2011-12-08 12:30 421200 ----a-w- c:\windows\system32\msvcp100.dll
2011-12-08 12:30 . 2011-12-08 12:30 768848 ----a-w- c:\windows\system32\msvcr100.dll
2011-12-07 12:17 . 2011-12-07 13:14 237568 ----a-w- c:\windows\system\glut32.dll
2011-12-07 12:17 . 2011-12-07 12:23 237568 ----a-w- c:\windows\system32\glut32.dll
2011-11-23 13:13 . 2011-11-23 13:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-09 08:59 . 2011-05-12 17:24 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 6676808]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-09-09 523216]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-07 1987976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
R2 AdeonaClientService;AdeonaClientService;c:\program files\Adeona\cygrunsrv.exe [2008-07-13 68096]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-24 135664]
R2 MCT10 Service;MCT10 Service;c:\program files\Danfoss Drives\VLT Motion Control Tool\MCT 10 Set-up Software\MCTServ.exe [2010-12-09 59392]
R2 SlimFTPd;Apache2Triad SlimFTPd Server;c:\apache2triad\ftp\SlimFTPd.exe [x]
R2 XMail;Apache2Triad Xmail Service;c:\apache2triad\mail\bin\XMail.exe [2011-01-09 339968]
R3 Apache2SSL;Apache2Triad Apache2 Service with SSL;c:\apache2triad\bin\httpd.exe [2011-01-09 17408]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-07-23 112128]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-24 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-02-13 40776]
R3 netr28u;RT2870 USB Wireless LAN Card Driver pro systém Windows Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 PgSql;Apache2Triad PostgreSQL Service;c:\apache2triad\pgsql\bin\pg_ctl.exe [2011-01-09 75207]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-12-01 31888]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-07 1343400]
R3 XHASP;XHASP;c:\windows\system32\drivers\XHASP.sys [2010-11-06 259584]
R3 XLHASP;XLHASP;c:\windows\system32\drivers\XLHASP.sys [2010-11-06 1282048]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe XE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2009-03-24 40560]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-05 691696]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2011-12-19 19600]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-01-17 491816]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-12-19 39640]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-12-01 143248]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-12-01 41936]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2010-03-04 24645]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744]
S2 EMP_NSWLSV;EMP_NSWLSV;c:\program files\EPSON Projector\EasyMP Network Projection V2\EMP_NSWLSV.exe [2010-12-15 98304]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-02-07 1373576]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 Mx-3 B-Cup Service;MX-3 B-Cup XP;c:\windows\system32\Mx-3 B-Cup Service.exe s [x]
S2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE [x]
S2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe [2011-08-27 512000]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-09-09 475088]
S3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [2011-09-09 87976]
S3 EPPVAD2_simple;EPSON Projector ENP Audio Device;c:\windows\system32\drivers\EMP_NSAU.sys [2010-12-15 17792]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\DRIVERS\PPJoyBus.sys [2010-02-20 16056]
S3 PPortJoystick;Parallel Port Joystick Device Driver;c:\windows\system32\DRIVERS\PPortJoy.sys [2010-02-20 31928]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-12-01 100560]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-12-01 111504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WEBIE.DLL
FF - ProfilePath - c:\users\Rebel\AppData\Roaming\Mozilla\Firefox\Profiles\tbg316ce.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ed,ff,1a,9a,09,02,38,49,91,d2,5b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ed,ff,1a,9a,09,02,38,49,91,d2,5b,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(512)
c:\windows\system32\guard32.dll
.
Celkový čas: 2012-02-16 21:26:46
ComboFix-quarantined-files.txt 2012-02-16 20:26
ComboFix2.txt 2012-02-15 21:36
ComboFix3.txt 2012-02-14 22:12
ComboFix4.txt 2012-02-13 22:10
.
Před spuštěním: Volných bajtů: 40 040 865 792
Po spuštění: Volných bajtů: 39 970 185 216
.
- - End Of File - - 448E9410D3BB9CD30564977B273912F4

[Žbeky]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

+ Nový log z HJT

Jak se chová PC?