Facebook virus - kontrola logu

Zpráva

klingoln · #1 Příspěvek od **klingoln** » 25 črc 2011 08:30

Ahoj,
moj znamy ma taktiez problem s Facebook virom, prikladam log, jeho stiahnutie sice prebehlo bez chybovych hlasok, ale nevyzera byt cely:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Michal at 2011-07-25 09:25:30
Microsoft Windows 7 Ultimate
System drive C: has 31 GB (41%) free of 75 GB
Total RAM: 1983 MB (63% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Norton Security Scan for Michal.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-07-24 305328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll [2011-06-07 1007160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-07-24 305328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-03-06 13605408]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-03-06 92704]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min []
"SysMon"=C:\ProgramData\SysMon\ASK.dll [2010-05-06 1268736]
"SystemKey"=C:\ProgramData\SystemKey\SystemKey.dll [2006-04-07 339968]
"wxpdrv"=C:\Windows\services32.exe [2011-07-23 1185792]
"tray_ico"= []
"tray_ico0"=C:\Windows\update.tray-8-0\svchost.exe [2011-07-23 1185792]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"2757377.exe"=C:\Users\Michal\AppData\Local\Temp\2757377.exe [2011-07-23 252928]
"sysdriver32.exe"=C:\Windows\sysdriver32.exe [2011-07-23 247296]
"sysdriver32_.exe"=C:\Windows\sysdriver32_.exe [2011-07-23 247296]
"9720459.exe"=C:\Windows\Temp\9720459.exe [2011-07-23 247296]
"566644.exe"=C:\Windows\Temp\566644.exe [2011-07-23 495616]
"89819922-loader2.exe"=C:\Windows\Temp\89819922-loader2.exe [2011-07-23 247296]
"l1rezerv.exe"=C:\Windows\l1rezerv.exe [2011-07-23 232960]
"2743329.exe"=C:\Windows\Temp\2743329.exe [2011-07-23 247296]
"systemup"=C:\Windows\systemup.exe [2011-07-23 114176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-04-10 39408]
"Sony Ericsson PC Companion"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2009-12-08 774144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2009-11-09 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-04-10 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-07-25 09:21:33 ----D---- C:\rsit
2011-07-25 09:21:33 ----D---- C:\Program Files\trend micro
2011-07-23 19:53:39 ----A---- C:\Windows\ddh_iplist.txt
2011-07-23 19:53:17 ----D---- C:\Windows\ufa
2011-07-23 19:53:17 ----D---- C:\Windows\rpcminer
2011-07-23 19:53:17 ----D---- C:\Windows\phoenix
2011-07-23 19:53:15 ----A---- C:\Windows\systemup.exe
2011-07-23 19:17:30 ----A---- C:\Windows\btc_client_iplist.txt
2011-07-23 18:33:46 ----HD---- C:\Windows\update.5.0
2011-07-23 18:31:15 ----A---- C:\Windows\l1rezerv.exe
2011-07-23 18:30:26 ----A---- C:\Windows\iecheck_iplist.txt
2011-07-23 18:29:58 ----HD---- C:\Windows\update.2
2011-07-23 18:28:47 ----A---- C:\Windows\unrar.exe
2011-07-23 18:27:00 ----A---- C:\Windows\iplist.txt
2011-07-23 18:25:33 ----A---- C:\Windows\sysdriver32_.exe
2011-07-23 18:25:19 ----A---- C:\Windows\sysdriver32.exe
2011-07-23 18:25:02 ----A---- C:\Windows\front_ip_list.txt
2011-07-23 18:24:16 ----AH---- C:\Windows\system32\ezsidmv.dat
2011-07-23 18:24:00 ----D---- C:\Windows\av_ico
2011-07-23 18:22:36 ----HD---- C:\Windows\update.1
2011-07-23 18:22:30 ----HD---- C:\Windows\update.tray-8-0-lnk
2011-07-23 18:22:30 ----HD---- C:\Windows\update.tray-8-0
2011-07-23 18:10:53 ----A---- C:\Windows\winlog-ids.txt
2011-07-23 18:10:53 ----A---- C:\Windows\winlog-dirs.txt
2011-07-23 18:10:48 ----A---- C:\Windows\services32.exe
2011-07-14 01:03:58 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-14 01:03:58 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-14 01:03:55 ----A---- C:\Windows\system32\kernel32.dll
2011-07-14 01:03:54 ----A---- C:\Windows\system32\winsrv.dll
2011-07-14 01:03:54 ----A---- C:\Windows\system32\conhost.exe
2011-07-14 01:03:50 ----A---- C:\Windows\system32\win32k.sys
2011-06-28 22:19:50 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-06-28 22:19:41 ----A---- C:\Windows\system32\tquery.dll
2011-06-28 22:19:41 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-06-28 22:19:41 ----A---- C:\Windows\system32\mssvp.dll
2011-06-28 22:19:41 ----A---- C:\Windows\system32\mssrch.dll
2011-06-28 22:19:40 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-06-28 22:19:40 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-06-28 22:19:40 ----A---- C:\Windows\system32\mssphtb.dll
2011-06-28 22:19:40 ----A---- C:\Windows\system32\mssph.dll
2011-06-28 22:19:40 ----A---- C:\Windows\system32\msscntrs.dll

======List of files/folders modified in the last 1 month======

2011-07-25 09:25:29 ----D---- C:\Windows\Temp
2011-07-25 09:24:53 ----D---- C:\Windows\System32
2011-07-25 09:24:53 ----D---- C:\Windows\inf
2011-07-25 09:24:53 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-25 09:22:34 ----D---- C:\Users\Michal\AppData\Roaming\Skype
2011-07-25 09:21:33 ----RD---- C:\Program Files
2011-07-25 09:19:16 ----D---- C:\ProgramData\Easybits GO
2011-07-25 09:19:04 ----D---- C:\Users\Michal\AppData\Roaming\skypePM
2011-07-24 21:26:20 ----D---- C:\Windows\system32\config
2011-07-24 20:27:12 ----D---- C:\Windows\system32\Tasks
2011-07-24 20:13:33 ----SHD---- C:\Windows\Installer
2011-07-24 19:54:43 ----D---- C:\Windows\Minidump
2011-07-24 19:54:43 ----D---- C:\Windows
2011-07-23 19:22:47 ----D---- C:\Program Files\Windows Defender
2011-07-23 18:30:26 ----D---- C:\Windows\system32\drivers\etc
2011-07-23 18:24:16 ----HD---- C:\ProgramData
2011-07-23 18:10:52 ----D---- C:\Windows\Prefetch
2011-07-23 17:56:01 ----SHD---- C:\System Volume Information
2011-07-19 23:07:42 ----D---- C:\Windows\system32\catroot2
2011-07-15 00:30:59 ----D---- C:\Windows\winsxs
2011-07-15 00:27:52 ----D---- C:\Windows\system32\DriverStore
2011-07-15 00:27:51 ----D---- C:\Windows\system32\drivers
2011-07-14 01:14:05 ----A---- C:\Windows\system32\MRT.exe
2011-07-14 01:03:49 ----D---- C:\Windows\system32\catroot
2011-07-12 22:55:57 ----D---- C:\Users\Michal\AppData\Roaming\AIMP
2011-07-08 16:26:48 ----D---- C:\Windows\LiveKernelReports
2011-07-04 00:08:48 ----D---- C:\Windows\rescache
2011-07-03 00:45:24 ----D---- C:\Windows\Microsoft.NET
2011-07-03 00:45:20 ----RSD---- C:\Windows\assembly
2011-07-02 13:51:03 ----D---- C:\Program Files\Opera
2011-06-29 06:56:56 ----RSD---- C:\Windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-11-09 59388]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-11-25 56816]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-14 1131008]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2009-04-20 9344]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2010-05-22 70656]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-14 347264]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 84992]
R3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-14 207360]
R3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-14 980992]
R3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-14 661504]
S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 dc3d;MS Hardware Device Detection Driver; C:\Windows\system32\DRIVERS\dc3d.sys [2009-03-23 16384]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2010-03-20 101504]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2010-03-25 105984]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2009-07-14 27648]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DCService.exe;DCService.exe; C:\ProgramData\DatacardService\DCService.exe [2010-05-08 229376]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-03-06 203296]
R2 srvbtcclient;srvbtcclient; C:\Windows\update.5.0\svchost.exe [2011-07-23 340992]
R2 srviecheck;srviecheck; C:\Windows\update.2\svchost.exe [2011-07-23 495616]
R2 srvsysdriver32;srvsysdriver32; C:\Windows\sysdriver32.exe [2011-07-23 247296]
R2 wxpdrivers;wxpdrivers; C:\Windows\update.1\svchost.exe [2011-07-23 1185792]
S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe []
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-10 135664]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-10 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-04-10 182768]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-14 1343400]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 25 črc 2011 09:06

Zdravím!
Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

klingoln · #3 Příspěvek od **klingoln** » 25 črc 2011 10:40

Tu je log z MBAM:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Verzia databázy: 7270

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

25. 7. 2011 11:36:04
mbam-log-2011-07-25 (11-35-52).txt

Typ kontroly: Úplná kontrola (C:\|D:\|E:\|)
Objektov kontrolovaných: 312151
Uplynutý čas: 41 min, 48 sek

Infikované služby pamäte: 11
Infikované moduly pamäte: 0
Infikované registračné kľúče: 6
Infikované registračné hodnoty: 11
Infikované položky registračných dát: 4
Infikované priečinky: 2
Infikované súbory: 45

Infikované služby pamäte:
c:\Windows\sysdriver32.exe (Trojan.Agent) -> 772 -> No action taken.
c:\Windows\sysdriver32.exe (Trojan.Agent) -> 3564 -> No action taken.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> 1432 -> No action taken.
c:\Windows\update.tray-8-0\svchost.exe (Trojan.Dropper) -> 3540 -> No action taken.
c:\Windows\sysdriver32_.exe (Trojan.Agent) -> 3664 -> No action taken.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> 3768 -> No action taken.
c:\Windows\systemup.exe (Trojan.Agent) -> 3808 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 1848 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 2732 -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 1780 -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 1864 -> No action taken.

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.

Infikované registračné hodnoty:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Trojan.Agent) -> Value: l1rezerv.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.Agent) -> Value: systemup -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Dropper) -> Value: wxpdrv -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2757377.exe (Trojan.Agent) -> Value: 2757377.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9720459.exe (Trojan.Agent) -> Value: 9720459.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\89819922-loader2.exe (Trojan.Agent) -> Value: 89819922-loader2.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2743329.exe (Trojan.Agent) -> Value: 2743329.exe -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.

Infikované položky registračných dát:
HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=241&q={searchTerms}) Good: (http://www.google.com/search?q={searchT ... {startPage}) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované priečinky:
c:\Windows\rpcminer (Trojan.BCMiner) -> No action taken.
c:\Users\Michal\AppData\Roaming\cleanup antivirus (Rogue.CleanUpAntivirus) -> No action taken.

Infikované súbory:
c:\Windows\sysdriver32.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-8-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\sysdriver32_.exe (Trojan.Agent) -> No action taken.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> No action taken.
c:\Windows\systemup.exe (Trojan.Agent) -> No action taken.
c:\Windows\services32.exe (Trojan.Dropper) -> No action taken.
c:\Users\Michal\AppData\Local\Temp\2757377.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\9720459.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\89819922-loader2.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\2743329.exe (Trojan.Agent) -> No action taken.
c:\$Recycle.Bin\s-1-5-21-1312092977-3017601953-3449580235-1000\$R8XBA3O.exe (Trojan.Dropper) -> No action taken.
c:\93eb1ae\cleanupav.exe (Trojan.FakeAlert) -> No action taken.
c:\93eb1ae\CU93eb.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Michal\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\2QWDTHNP\xp_7c44f[1].exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Michal\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\SQ5J0ER9\xp_4f999[1].exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Michal\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\SQ5J0ER9\xp_50b3e[1].exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Michal\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\SQ5J0ER9\xp_e2bec[1].exe (Trojan.FakeAlert) -> No action taken.
c:\Windows\Temp\3456949.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\4902924.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\67043711.exe (Trojan.Downloader) -> No action taken.
c:\Windows\Temp\8190657.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\8735287.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.tray-8-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Users\Michal\AppData\Roaming\microsoft\Windows\start menu\Programs\cleanup antivirus.lnk (Rogue.CleanUpAntivirus) -> No action taken.
c:\Users\Michal\AppData\Roaming\microsoft\internet explorer\quick launch\cleanup antivirus.lnk (Rogue.CleanUpAntivirus) -> No action taken.
c:\Users\Michal\AppData\Roaming\microsoft\Windows\start menu\cleanup antivirus.lnk (Rogue.CleanUpAntivirus) -> No action taken.
c:\Windows\Temp\372429346.exe (Trojan.FakeAlert.Gen) -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.
c:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> No action taken.
c:\Users\Michal\AppData\Roaming\cleanup antivirus\instructions.ini (Rogue.CleanUpAntivirus) -> No action taken.

#4 Příspěvek od **Rudy** » 25 črc 2011 18:00

Smažte vše, co MBAM nalezl. Pak dejte nový log z RSIT.

klingoln · #5 Příspěvek od **klingoln** » 25 črc 2011 19:46

Prikladám nový log z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Michal at 2011-07-25 20:42:55
Microsoft Windows 7 Ultimate
System drive C: has 30 GB (40%) free of 75 GB
Total RAM: 1983 MB (75% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Norton Security Scan for Michal.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-07-24 305328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll [2011-06-07 1007160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-07-24 305328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-03-06 13605408]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-03-06 92704]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min []
"SysMon"=C:\ProgramData\SysMon\ASK.dll [2010-05-06 1268736]
"SystemKey"=C:\ProgramData\SystemKey\SystemKey.dll [2006-04-07 339968]
"tray_ico"= []
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"566644.exe"=C:\Windows\Temp\566644.exe [2011-07-23 495616]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-07-06 449584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-04-10 39408]
"Sony Ericsson PC Companion"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2009-12-08 774144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2009-11-09 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-04-10 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-07-25 10:22:43 ----D---- C:\Users\Michal\AppData\Roaming\Malwarebytes
2011-07-25 10:22:36 ----D---- C:\ProgramData\Malwarebytes
2011-07-25 10:22:36 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-07-25 10:22:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-07-25 10:22:33 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-07-25 09:45:17 ----D---- C:\rsit
2011-07-25 09:21:33 ----D---- C:\Program Files\trend micro
2011-07-23 19:53:39 ----A---- C:\Windows\ddh_iplist.txt
2011-07-23 19:53:17 ----D---- C:\Windows\ufa
2011-07-23 19:53:17 ----D---- C:\Windows\phoenix
2011-07-23 19:17:30 ----A---- C:\Windows\btc_client_iplist.txt
2011-07-23 18:33:46 ----HD---- C:\Windows\update.5.0
2011-07-23 18:30:26 ----A---- C:\Windows\iecheck_iplist.txt
2011-07-23 18:29:58 ----HD---- C:\Windows\update.2
2011-07-23 18:28:47 ----A---- C:\Windows\unrar.exe
2011-07-23 18:27:00 ----A---- C:\Windows\iplist.txt
2011-07-23 18:25:02 ----A---- C:\Windows\front_ip_list.txt
2011-07-23 18:24:16 ----AH---- C:\Windows\system32\ezsidmv.dat
2011-07-23 18:24:00 ----D---- C:\Windows\av_ico
2011-07-23 18:22:36 ----HD---- C:\Windows\update.1
2011-07-23 18:22:30 ----HD---- C:\Windows\update.tray-8-0-lnk
2011-07-23 18:22:30 ----HD---- C:\Windows\update.tray-8-0
2011-07-23 18:10:53 ----A---- C:\Windows\winlog-ids.txt
2011-07-23 18:10:53 ----A---- C:\Windows\winlog-dirs.txt
2011-07-14 01:03:58 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-14 01:03:58 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-14 01:03:57 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-14 01:03:55 ----A---- C:\Windows\system32\kernel32.dll
2011-07-14 01:03:54 ----A---- C:\Windows\system32\winsrv.dll
2011-07-14 01:03:54 ----A---- C:\Windows\system32\conhost.exe
2011-07-14 01:03:50 ----A---- C:\Windows\system32\win32k.sys
2011-06-28 22:19:50 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-06-28 22:19:41 ----A---- C:\Windows\system32\tquery.dll
2011-06-28 22:19:41 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-06-28 22:19:41 ----A---- C:\Windows\system32\mssvp.dll
2011-06-28 22:19:41 ----A---- C:\Windows\system32\mssrch.dll
2011-06-28 22:19:40 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-06-28 22:19:40 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-06-28 22:19:40 ----A---- C:\Windows\system32\mssphtb.dll
2011-06-28 22:19:40 ----A---- C:\Windows\system32\mssph.dll
2011-06-28 22:19:40 ----A---- C:\Windows\system32\msscntrs.dll

======List of files/folders modified in the last 1 month======

2011-07-25 20:42:55 ----D---- C:\ProgramData\Easybits GO
2011-07-25 20:42:50 ----D---- C:\Users\Michal\AppData\Roaming\Skype
2011-07-25 20:42:38 ----D---- C:\Windows\Temp
2011-07-25 20:41:36 ----D---- C:\Windows\system32\drivers
2011-07-25 20:40:52 ----D---- C:\Windows\system32\config
2011-07-25 20:39:40 ----D---- C:\Windows
2011-07-25 20:39:39 ----SHD---- C:\93eb1ae
2011-07-25 20:39:34 ----D---- C:\Windows\Prefetch
2011-07-25 19:44:31 ----D---- C:\Users\Michal\AppData\Roaming\skypePM
2011-07-25 10:50:04 ----D---- C:\Windows\Minidump
2011-07-25 10:28:04 ----D---- C:\Windows\System32
2011-07-25 10:28:04 ----D---- C:\Windows\inf
2011-07-25 10:28:04 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-25 10:22:36 ----HD---- C:\ProgramData
2011-07-25 10:22:33 ----RD---- C:\Program Files
2011-07-25 09:59:10 ----D---- C:\Users\Michal\AppData\Roaming\AIMP
2011-07-24 20:27:12 ----D---- C:\Windows\system32\Tasks
2011-07-24 20:13:33 ----SHD---- C:\Windows\Installer
2011-07-23 19:22:47 ----D---- C:\Program Files\Windows Defender
2011-07-23 18:30:26 ----D---- C:\Windows\system32\drivers\etc
2011-07-23 17:56:01 ----SHD---- C:\System Volume Information
2011-07-19 23:07:42 ----D---- C:\Windows\system32\catroot2
2011-07-15 00:30:59 ----D---- C:\Windows\winsxs
2011-07-15 00:27:52 ----D---- C:\Windows\system32\DriverStore
2011-07-14 01:14:05 ----A---- C:\Windows\system32\MRT.exe
2011-07-14 01:03:49 ----D---- C:\Windows\system32\catroot
2011-07-08 16:26:48 ----D---- C:\Windows\LiveKernelReports
2011-07-04 00:08:48 ----D---- C:\Windows\rescache
2011-07-03 00:45:24 ----D---- C:\Windows\Microsoft.NET
2011-07-03 00:45:20 ----RSD---- C:\Windows\assembly
2011-07-02 13:51:03 ----D---- C:\Program Files\Opera
2011-06-29 06:56:56 ----RSD---- C:\Windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-11-09 59388]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-11-25 56816]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-14 1131008]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2009-04-20 9344]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2010-05-22 70656]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-14 347264]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 84992]
R3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-14 207360]
R3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-14 980992]
R3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-14 661504]
S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 dc3d;MS Hardware Device Detection Driver; C:\Windows\system32\DRIVERS\dc3d.sys [2009-03-23 16384]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2010-03-20 101504]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2010-03-25 105984]
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2009-07-14 27648]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DCService.exe;DCService.exe; C:\ProgramData\DatacardService\DCService.exe [2010-05-08 229376]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-03-06 203296]
R3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-04-10 182768]
S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe []
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-10 135664]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-10 135664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-14 1343400]

-----------------EOF-----------------

#6 Příspěvek od **Rudy** » 25 črc 2011 19:50

Ještě poprosím o log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

klingoln · #7 Příspěvek od **klingoln** » 25 črc 2011 20:25

Tu je log z Combofixu:

ComboFix 11-07-25.02 - Michal . 07. 2011 21:10:44.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.1983.1172 [GMT 2:00]
Running from: c:\users\Michal\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Michal\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll
c:\users\Michal\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv
c:\users\Michal\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys
c:\users\Michal\AppData\Roaming\Microsoft\Windows\Recent\cb.dll
c:\users\Michal\AppData\Roaming\Microsoft\Windows\Recent\CLSV.dll
c:\users\Michal\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp
c:\users\Michal\AppData\Roaming\Microsoft\Windows\Recent\energy.sys
c:\users\Michal\AppData\Roaming\Microsoft\Windows\Recent\exec.drv
c:\users\Michal\AppData\Roaming\Microsoft\Windows\Recent\fan.drv
c:\users\Michal\AppData\Roaming\Microsoft\Windows\Recent\grid.tmp
c:\users\Michal\AppData\Roaming\Microsoft\Windows\Recent\hymt.tmp
c:\users\Michal\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
c:\users\Michal\AppData\Roaming\Microsoft\Windows\Recent\kernel32.tmp
c:\users\Michal\AppData\Roaming\Microsoft\Windows\Recent\pal.exe
c:\users\Michal\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\Michal\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
c:\users\Michal\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
c:\users\Michal\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.sys
c:\users\Michal\AppData\Roaming\Microsoft\Windows\Recent\sld.exe
c:\users\Michal\AppData\Roaming\Microsoft\Windows\Recent\sld.sys
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix.rar
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Files Created from 2011-06-25 to 2011-07-25 )))))))))))))))))))))))))))))))
.
.
2011-07-25 19:18 . 2011-07-25 19:18 -------- d-----w- c:\users\Zuzi\AppData\Local\temp
2011-07-25 19:07 . 2011-07-25 19:08 -------- d-----w- C:\32788R22FWJFW
2011-07-25 08:22 . 2011-07-25 08:22 -------- d-----w- c:\users\Michal\AppData\Roaming\Malwarebytes
2011-07-25 08:22 . 2011-07-25 08:22 -------- d-----w- c:\programdata\Malwarebytes
2011-07-25 08:22 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-25 08:22 . 2011-07-25 08:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-25 08:22 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-25 07:45 . 2011-07-25 07:45 -------- d-----w- C:\rsit
2011-07-25 07:21 . 2011-07-25 07:21 -------- d-----w- c:\program files\trend micro
2011-07-23 17:53 . 2011-07-23 17:53 -------- d-----w- c:\windows\ufa
2011-07-23 17:53 . 2011-07-23 17:53 -------- d-----w- c:\windows\phoenix
2011-07-23 16:28 . 2011-07-23 17:53 246272 ----a-w- c:\windows\unrar.exe
2011-07-23 16:24 . 2011-07-23 16:24 -------- d-----w- c:\windows\av_ico
2011-07-23 16:22 . 2011-07-25 18:39 -------- d--h--w- c:\windows\update.tray-8-0
2011-07-23 16:22 . 2011-07-25 18:39 -------- d--h--w- c:\windows\update.tray-8-0-lnk
2011-07-23 15:56 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7F8DBE8-F1C5-4013-8A68-618B8BAE7105}\mpengine.dll
2011-06-28 20:19 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-28 20:19 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-06-28 20:19 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-28 20:19 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-06-28 20:19 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-28 20:19 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-28 20:19 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-28 20:19 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-28 20:19 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-28 20:19 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-28 03:00 . 2011-06-14 20:57 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 17:14 . 2010-02-02 09:32 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 02:43 . 2011-06-14 20:57 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:43 . 2011-06-14 20:57 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-04 02:43 . 2011-06-14 20:57 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-03 04:50 . 2011-06-14 20:58 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 02:57 . 2011-06-14 20:58 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:57 . 2011-06-14 20:58 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:57 . 2011-06-14 20:58 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:33 . 2011-06-14 20:58 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-10 39408]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2009-12-08 774144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"SysMon"="c:\programdata\SysMon\ASK.dll" [2010-05-06 1268736]
"SystemKey"="c:\programdata\SystemKey\SystemKey.dll" [2006-04-07 339968]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-04-10 18:57 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 135664]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2009-03-23 16384]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-03-20 101504]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-14 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-05-08 229376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-05-22 70656]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 19:31]
.
2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 19:31]
.
2011-07-20 c:\windows\Tasks\Norton Security Scan for Michal.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-10-12 22:51]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
AddRemove-Avira AntiVir Desktop - c:\program files\Avira\AntiVir Desktop\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-07-25 21:21:25
ComboFix-quarantined-files.txt 2011-07-25 19:21
.
Pre-Run: 32 482 025 472 bytes free
Post-Run: 33 428 856 832 bytes free
.
- - End Of File - - F2514FE563FAD69AC92AD80224EAF1C1

#8 Příspěvek od **Rudy** » 25 črc 2011 21:03

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\unrar.exe

Folder::
c:\windows\ufa
c:\windows\phoenix
c:\windows\av_ico
c:\windows\update.tray-8-0
c:\windows\update.tray-8-0-lnk

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

klingoln · #9 Příspěvek od **klingoln** » 25 črc 2011 21:34

Novy log z Combofixu:

ComboFix 11-07-25.02 - Michal . 07. 2011 22:16:25.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.1983.1109 [GMT 2:00]
Running from: c:\users\Michal\Desktop\ComboFix.exe
Command switches used :: c:\users\Michal\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
file zipped: c:\windows\unrar.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\av_ico
c:\windows\av_ico\ico_avira_start.ico
c:\windows\phoenix
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
c:\windows\update.tray-8-0-lnk
c:\windows\update.tray-8-0
.
.
((((((((((((((((((((((((( Files Created from 2011-06-25 to 2011-07-25 )))))))))))))))))))))))))))))))
.
.
2011-07-25 20:24 . 2011-07-25 20:24 0 ---ha-w- c:\users\Michal\AppData\Local\BITE31E.tmp
2011-07-25 20:23 . 2011-07-25 20:25 -------- d-----w- c:\users\Michal\AppData\Local\temp
2011-07-25 20:23 . 2011-07-25 20:23 -------- d-----w- c:\users\Zuzi\AppData\Local\temp
2011-07-25 08:22 . 2011-07-25 08:22 -------- d-----w- c:\users\Michal\AppData\Roaming\Malwarebytes
2011-07-25 08:22 . 2011-07-25 08:22 -------- d-----w- c:\programdata\Malwarebytes
2011-07-25 08:22 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-25 08:22 . 2011-07-25 08:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-25 08:22 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-25 07:45 . 2011-07-25 07:45 -------- d-----w- C:\rsit
2011-07-25 07:21 . 2011-07-25 07:21 -------- d-----w- c:\program files\trend micro
2011-07-23 15:56 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7F8DBE8-F1C5-4013-8A68-618B8BAE7105}\mpengine.dll
2011-06-28 20:19 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-28 20:19 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-06-28 20:19 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-28 20:19 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-06-28 20:19 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-28 20:19 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-28 20:19 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-28 20:19 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-28 20:19 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-28 20:19 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-28 03:00 . 2011-06-14 20:57 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 17:14 . 2010-02-02 09:32 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 02:43 . 2011-06-14 20:57 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:43 . 2011-06-14 20:57 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-04 02:43 . 2011-06-14 20:57 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-03 04:50 . 2011-06-14 20:58 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 02:57 . 2011-06-14 20:58 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:57 . 2011-06-14 20:58 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:57 . 2011-06-14 20:58 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:33 . 2011-06-14 20:58 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-10 39408]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2009-12-08 774144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"SysMon"="c:\programdata\SysMon\ASK.dll" [2010-05-06 1268736]
"SystemKey"="c:\programdata\SystemKey\SystemKey.dll" [2006-04-07 339968]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-04-10 18:57 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 135664]
R3 CFcatchme;CFcatchme;c:\users\Michal\AppData\Local\Temp\CFcatchme.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2009-03-23 16384]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-03-20 101504]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-14 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-05-08 229376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-05-22 70656]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 19:31]
.
2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 19:31]
.
2011-07-20 c:\windows\Tasks\Norton Security Scan for Michal.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-10-12 22:51]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: Interfaces\{7FD44252-5B17-4C8A-B7BC-32635CCB9825}: NameServer = 213.151.200.31 213.151.208.162
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2672)
c:\program files\RocketDock\RocketDock.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\Mobile Partner\Mobile Partner.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-07-25 22:29:21 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-25 20:29
ComboFix2.txt 2011-07-25 19:21
.
Pre-Run: 33 482 174 464 bytes free
Post-Run: 33 419 329 536 bytes free
.
- - End Of File - - 95F9CD89A3FBA9EAF0F727D65332BFBF

#10 Příspěvek od **Rudy** » 25 črc 2011 22:45

Smazáno, log již vypadá čistý. Nastala nějaká změna?

klingoln · #11 Příspěvek od **klingoln** » 26 črc 2011 07:59

Zdravim,

uz to vyzera dobre, este docistim PC Ccleanerom, Facebook taktiez funguje bez problemov...

Dik moc za pomoc

#12 Příspěvek od **Rudy** » 26 črc 2011 08:33

Nemáte zač!

VIRY.CZ

Facebook virus - kontrola logu

Facebook virus - kontrola logu

Re: Facebook virus - kontrola logu

Re: Facebook virus - kontrola logu

Re: Facebook virus - kontrola logu

Re: Facebook virus - kontrola logu

Re: Facebook virus - kontrola logu

Re: Facebook virus - kontrola logu

Re: Facebook virus - kontrola logu

Re: Facebook virus - kontrola logu

Re: Facebook virus - kontrola logu

Re: Facebook virus - kontrola logu

Re: Facebook virus - kontrola logu