Kontrola malware - problém s start.qone8.com Vyřešeno

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[Reklama]

[Wenca9]

ComboFix 13-10-12.01 - Owner 12.10.2013 13:19:46.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1033.18.4094.2204 [GMT 2:00]
Spuštěný z: c:\users\Owner\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\frapsvid.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-12 do 2013-10-12 )))))))))))))))))))))))))))))))
.
.
2013-10-12 11:28 . 2013-10-12 11:28 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-10-12 11:28 . 2013-10-12 11:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-12 10:49 . 2013-10-12 10:49 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B32D23B-6420-43F0-AE4C-199A8BD9935E}\offreg.dll
2013-10-11 19:19 . 2013-10-11 19:19 -------- d-----w- c:\program files (x86)\Lame For Audacity
2013-10-11 16:52 . 2013-10-11 16:52 -------- d-----w- c:\programdata\boost_interprocess
2013-10-11 11:42 . 2013-10-11 19:21 -------- d-----w- c:\users\Owner\AppData\Roaming\Audacity
2013-10-11 11:42 . 2013-10-11 11:42 -------- d-----w- c:\program files (x86)\Audacity
2013-10-10 22:15 . 2013-10-10 22:21 -------- d-----w- C:\WMP3E_Temp
2013-10-10 22:13 . 2013-10-10 22:13 -------- d-----w- c:\windows\Downloaded Installations
2013-10-10 20:22 . 2013-10-10 20:22 -------- d-----w- c:\windows\ERUNT
2013-10-07 21:22 . 2013-10-10 20:18 -------- d-----w- C:\AdwCleaner
2013-10-07 18:19 . 2013-10-07 18:19 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-10-07 18:19 . 2013-10-07 18:19 -------- d-----w- c:\program files (x86)\Trend Micro
2013-10-07 18:18 . 2013-10-07 18:18 -------- d-----w- c:\windows\system32\appmgmt
2013-10-06 22:16 . 2013-10-06 22:16 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2013-10-06 22:15 . 2013-10-06 22:15 -------- d-----w- c:\programdata\Malwarebytes
2013-10-06 22:15 . 2013-10-06 22:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-06 22:15 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-05 18:41 . 2013-10-05 18:41 -------- d-----w- c:\users\Owner\AppData\Local\ESET
2013-10-05 18:00 . 2013-10-05 18:00 -------- d-----w- c:\program files\ESET
2013-10-03 11:24 . 2013-10-07 08:15 -------- d-----w- c:\programdata\QuteClient
2013-10-03 11:23 . 2013-10-06 21:09 -------- d-----w- c:\program files (x86)\Seznam.cz
2013-10-03 11:23 . 2013-10-06 21:09 -------- d-----w- c:\users\Owner\AppData\Roaming\Seznam.cz
2013-10-02 19:22 . 2013-10-02 19:22 -------- d-----w- c:\users\Owner\AppData\Roaming\LolClient
2013-10-02 18:02 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2013-10-02 18:02 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2013-10-02 18:02 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2013-10-02 18:01 . 2013-10-02 18:01 -------- d-----w- C:\Riot Games
2013-10-02 17:58 . 2013-10-02 17:58 -------- d-----w- c:\program files (x86)\Pando Networks
2013-10-02 17:56 . 2013-10-02 18:02 -------- d-----w- c:\users\Owner\AppData\Roaming\Riot Games
2013-09-19 21:00 . 2013-09-19 22:33 -------- d-----w- c:\users\Owner\AppData\Roaming\Shifters Anticheat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-12 10:36 . 2013-04-12 15:30 25640 ----a-w- c:\windows\gdrv.sys
2013-09-29 12:26 . 2013-04-14 12:19 156176 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys
2013-07-14 20:11 . 2013-07-14 20:11 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2013-04-11 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2013-04-11 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Steam"="c:\program files\Valve\Steam\steam.exe" [2013-10-09 1813928]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-04-23 1561968]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184]
"AGupdate"="c:\program files (x86)\AppGraffiti\AGupdate.exe" [2013-03-19 894048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-04-23 311152]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2013-03-26 703888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 Peerinator;Peerinator;c:\program files (x86)\Peerinator\Peerinator.exe;c:\program files (x86)\Peerinator\Peerinator.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 msvsmon100;Visual Studio 10 Remote Debugger;c:\program files\Microsoft Visual Studio 10.0\Common7\IDE\Remote Debugger\x64\rdbgservice.exe msvsmon100;c:\program files\Microsoft Visual Studio 10.0\Common7\IDE\Remote Debugger\x64\rdbgservice.exe msvsmon100 [x]
S0 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys;c:\windows\SYSNATIVE\drivers\ESLWireACD.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [x]
S2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe;c:\program files\EslWire\service\WireHelperSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-05 12:29 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-12 14:59]
.
2013-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-12 14:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2716216]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{0704128B-CBAD-4F65-A4CD-2F432D0DD878}: NameServer = 62.240.163.170,62.204.224.3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
Wow6432Node-HKCU-Run-CPN Notifier - c:\program files (x86)\CardCasino\PokerNotifier.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1350712492-281408177-1238760579-1000\Software\SecuROM\License information*]
"datasecu"=hex:65,20,ec,4a,75,9d,54,c3,eb,2b,ca,2b,17,c1,6e,0d,65,92,43,70,c9,
d2,48,46,bf,62,59,c1,e5,15,8e,2f,f3,3d,ba,d6,a3,af,b1,ba,0d,2b,ba,cb,d5,ea,\
"rkeysecu"=hex:d6,8c,3e,d9,63,64,75,35,8e,69,17,7c,71,d9,b9,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-10-12 13:39:13
ComboFix-quarantined-files.txt 2013-10-12 11:39
.
Před spuštěním: 154 792 419 328 bytes free
Po spuštění: 158 023 684 096 bytes free
.
- - End Of File - - 5F14969DEE35147444FC4BDEFE39C1B3
A36C5E4F47E84449FF07ED3517B43A31

[jaro3]

Odinstaluj:
Seznam.cz
boost_interprocess


Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Seznam.cz
c:\users\Owner\AppData\Roaming\Seznam.cz
c:\programdata\boost_interprocess
c:\program files (x86)\Google\Update

Driver::
SkypeUpdate

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

udělej znovu adwcleaner.

Stáhni si aswMBR
http://files.avast.com/files/rootkit-scanner/aswmbr.exe
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[Wenca9]

ComboFix 13-10-12.01 - Owner 14.10.2013 11:36:24.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1033.18.4094.2730 [GMT 2:00]
Spuštěný z: c:\users\Owner\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Owner\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.21.165\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.21.165\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.21.165\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.21.165\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.21.165\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.21.165\goopdate.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.21.165\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.21.165\psmachine.dll
c:\program files (x86)\Google\Update\1.3.21.165\psuser.dll
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.165\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\30.0.1599.69\30.0.1599.69_30.0.1599.66_chrome_updater.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Seznam.cz
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\programdata\boost_interprocess
c:\users\Owner\AppData\Roaming\Seznam.cz
c:\users\Owner\AppData\Roaming\Seznam.cz\~~erase-39747323-1856-51766.$$$
c:\users\Owner\AppData\Roaming\Seznam.cz\~~erase-39747323-1856-69288.$$$
c:\users\Owner\AppData\Roaming\Seznam.cz\~~erase-39747401-1856-47813.$$$\~~erase-39747323-1856-48030.$$$
c:\users\Owner\AppData\Roaming\Seznam.cz\install.log
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
c:\windows\system32\Services.exe . . . je infikován!!
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-14 do 2013-10-14 )))))))))))))))))))))))))))))))
.
.
2013-10-14 09:52 . 2013-10-14 09:52 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-10-14 09:52 . 2013-10-14 09:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-11 19:19 . 2013-10-11 19:19 -------- d-----w- c:\program files (x86)\Lame For Audacity
2013-10-11 11:42 . 2013-10-11 19:21 -------- d-----w- c:\users\Owner\AppData\Roaming\Audacity
2013-10-11 11:42 . 2013-10-11 11:42 -------- d-----w- c:\program files (x86)\Audacity
2013-10-10 22:15 . 2013-10-10 22:21 -------- d-----w- C:\WMP3E_Temp
2013-10-10 22:13 . 2013-10-10 22:13 -------- d-----w- c:\windows\Downloaded Installations
2013-10-10 20:22 . 2013-10-10 20:22 -------- d-----w- c:\windows\ERUNT
2013-10-07 21:22 . 2013-10-10 20:18 -------- d-----w- C:\AdwCleaner
2013-10-07 18:19 . 2013-10-07 18:19 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-10-07 18:19 . 2013-10-07 18:19 -------- d-----w- c:\program files (x86)\Trend Micro
2013-10-07 18:18 . 2013-10-07 18:18 -------- d-----w- c:\windows\system32\appmgmt
2013-10-06 22:16 . 2013-10-06 22:16 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2013-10-06 22:15 . 2013-10-06 22:15 -------- d-----w- c:\programdata\Malwarebytes
2013-10-06 22:15 . 2013-10-06 22:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-06 22:15 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-05 18:41 . 2013-10-05 18:41 -------- d-----w- c:\users\Owner\AppData\Local\ESET
2013-10-05 18:00 . 2013-10-05 18:00 -------- d-----w- c:\program files\ESET
2013-10-03 11:24 . 2013-10-07 08:15 -------- d-----w- c:\programdata\QuteClient
2013-10-02 19:22 . 2013-10-02 19:22 -------- d-----w- c:\users\Owner\AppData\Roaming\LolClient
2013-10-02 18:02 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2013-10-02 18:02 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2013-10-02 18:02 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2013-10-02 18:01 . 2013-10-02 18:01 -------- d-----w- C:\Riot Games
2013-10-02 17:58 . 2013-10-02 17:58 -------- d-----w- c:\program files (x86)\Pando Networks
2013-10-02 17:56 . 2013-10-02 18:02 -------- d-----w- c:\users\Owner\AppData\Roaming\Riot Games
2013-09-19 21:00 . 2013-09-19 22:33 -------- d-----w- c:\users\Owner\AppData\Roaming\Shifters Anticheat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-14 09:53 . 2013-04-12 15:30 25640 ----a-w- c:\windows\gdrv.sys
2013-09-29 12:26 . 2013-04-14 12:19 156176 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2013-04-11 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2013-04-11 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Steam"="c:\program files\Valve\Steam\steam.exe" [2013-10-09 1813928]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-04-23 1561968]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184]
"AGupdate"="c:\program files (x86)\AppGraffiti\AGupdate.exe" [2013-03-19 894048]
"CPN Notifier"="c:\program files (x86)\CardCasino\PokerNotifier.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-04-23 311152]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2013-03-26 703888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 Peerinator;Peerinator;c:\program files (x86)\Peerinator\Peerinator.exe;c:\program files (x86)\Peerinator\Peerinator.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 msvsmon100;Visual Studio 10 Remote Debugger;c:\program files\Microsoft Visual Studio 10.0\Common7\IDE\Remote Debugger\x64\rdbgservice.exe msvsmon100;c:\program files\Microsoft Visual Studio 10.0\Common7\IDE\Remote Debugger\x64\rdbgservice.exe msvsmon100 [x]
S0 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys;c:\windows\SYSNATIVE\drivers\ESLWireACD.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [x]
S2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe;c:\program files\EslWire\service\WireHelperSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-05 12:29 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2716216]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{0704128B-CBAD-4F65-A4CD-2F432D0DD878}: NameServer = 62.240.163.170,62.204.224.3
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1350712492-281408177-1238760579-1000\Software\SecuROM\License information*]
"datasecu"=hex:65,20,ec,4a,75,9d,54,c3,eb,2b,ca,2b,17,c1,6e,0d,65,92,43,70,c9,
d2,48,46,bf,62,59,c1,e5,15,8e,2f,f3,3d,ba,d6,a3,af,b1,ba,0d,2b,ba,cb,d5,ea,\
"rkeysecu"=hex:d6,8c,3e,d9,63,64,75,35,8e,69,17,7c,71,d9,b9,00
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
.
**************************************************************************
.
Celkový čas: 2013-10-14 11:57:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-10-14 09:57
ComboFix2.txt 2013-10-12 11:39
.
Před spuštěním: 156 451 840 000 bytes free
Po spuštění: 155 915 141 120 bytes free
.
- - End Of File - - BD5E7B4DB39119C87F3CC49F442313A8
A36C5E4F47E84449FF07ED3517B43A31

[Wenca9]

# AdwCleaner v3.007 - Report created 14/10/2013 at 12:00:56
# Updated 09/10/2013 by Xplode
# Operating System : Windows 7 Ultimate (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\Program Files (x86)\AppGraffiti
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti
Folder Found C:\Users\Owner\AppData\LocalLow\AppGraffiti
Folder Found C:\Users\Owner\AppData\Roaming\OpenCandy

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppGraffiti
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\CToolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Found : [x64] HKCU\Software\AppGraffiti
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\CToolbar
Key Found : HKLM\Software\AppGraffiti
Key Found : HKLM\SOFTWARE\Classes\AppGraffiti.AppGraffitiJS
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB02BC6B-B0F0-4074-99E6-884B70FCB6AE}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\CToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Mozilla Firefox v

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\prefs.js ]


-\\ Google Chrome v30.0.1599.69

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4933 octets] - [07/10/2013 23:23:37]
AdwCleaner[R1].txt - [4993 octets] - [07/10/2013 23:26:48]
AdwCleaner[R2].txt - [5311 octets] - [10/10/2013 22:16:28]
AdwCleaner[R3].txt - [2386 octets] - [14/10/2013 12:00:56]
AdwCleaner[S0].txt - [4532 octets] - [10/10/2013 22:17:50]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [2506 octets] ##########

[Wenca9]

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-10-14 12:03:41
-----------------------------
12:03:41.271 OS Version: Windows x64 6.1.7600
12:03:41.271 Number of processors: 4 586 0x502
12:03:41.271 ComputerName: OWNER-PC UserName: Owner
12:03:42.067 Initialize success
12:03:50.525 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
12:03:50.525 Disk 0 Vendor: SAMSUNG_HD322HJ 1AC01118 Size: 305245MB BusType: 3
12:03:50.681 Disk 0 MBR read successfully
12:03:50.681 Disk 0 MBR scan
12:03:50.681 Disk 0 Windows 7 default MBR code
12:03:50.681 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
12:03:50.697 Disk 0 scanning C:\Windows\system32\drivers
12:03:55.377 Service scanning
12:04:06.203 Modules scanning
12:04:06.203 Disk 0 trace - called modules:
12:04:06.234 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
12:04:06.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d35060]
12:04:06.234 3 CLASSPNP.SYS[fffff880018ff43f] -> nt!IofCallDriver -> [0xfffffa8004ad9520]
12:04:06.250 5 ACPI.sys[fffff88000f73781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8004acb680]
12:04:06.250 Scan finished successfully
12:04:11.039 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
12:04:11.039 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

[jaro3]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Vymazat-Clean“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\Services.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

[Wenca9]

# AdwCleaner v3.007 - Report created 15/10/2013 at 10:20:19
# Updated 09/10/2013 by Xplode
# Operating System : Windows 7 Ultimate (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\Users\Owner\AppData\Roaming\OpenCandy

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\CToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\CToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Mozilla Firefox v

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\prefs.js ]


-\\ Google Chrome v30.0.1599.69

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4933 octets] - [07/10/2013 23:23:37]
AdwCleaner[R1].txt - [4993 octets] - [07/10/2013 23:26:48]
AdwCleaner[R2].txt - [5311 octets] - [10/10/2013 22:16:28]
AdwCleaner[R3].txt - [2602 octets] - [14/10/2013 12:00:56]
AdwCleaner[R4].txt - [1553 octets] - [15/10/2013 10:19:33]
AdwCleaner[S0].txt - [4532 octets] - [10/10/2013 22:17:50]
AdwCleaner[S1].txt - [1409 octets] - [15/10/2013 10:20:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1469 octets] ##########

[Wenca9]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by Owner on Łt 15.10.2013 at 10:24:00,38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 15.10.2013 at 10:29:01,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Wenca9]

https://www.virustotal.com/cs/file/e3b0 ... 381828709/

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.


Stáhni si aswMBR
http://files.avast.com/files/rootkit-scanner/aswmbr.exe
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[Wenca9]

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-10-15 14:32:50
-----------------------------
14:32:50.361 OS Version: Windows x64 6.1.7600
14:32:50.361 Number of processors: 4 586 0x502
14:32:50.361 ComputerName: OWNER-PC UserName: Owner
14:32:50.917 Initialize success
14:32:55.458 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
14:32:55.463 Disk 0 Vendor: SAMSUNG_HD322HJ 1AC01118 Size: 305245MB BusType: 3
14:32:55.565 Disk 0 MBR read successfully
14:32:55.570 Disk 0 MBR scan
14:32:55.576 Disk 0 Windows 7 default MBR code
14:32:55.581 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
14:32:55.603 Disk 0 scanning C:\Windows\system32\drivers
14:33:04.443 Service scanning
14:33:16.044 Modules scanning
14:33:16.058 Disk 0 trace - called modules:
14:33:16.080 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:33:16.088 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d3a060]
14:33:16.096 3 CLASSPNP.SYS[fffff8800194143f] -> nt!IofCallDriver -> [0xfffffa8004ab89b0]
14:33:16.105 5 ACPI.sys[fffff88000f95781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8004ad2060]
14:33:16.115 Scan finished successfully
14:33:21.715 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Documents\MBR.dat"
14:33:21.726 The log file has been saved successfully to "C:\Users\Owner\Documents\aswMBR.txt"