Facebook vir

Zpráva

dr.uzel · #1 Příspěvek od **dr.uzel** » 26 črc 2011 06:57

Dobrý den prosím o pomoc s PC mé dcery , včera ho lapla :
Logfile of random's system information tool 1.09 (written by random/random)
Run by Katka at 2011-07-26 07:51:03
Microsoft Windows 7 Ultimate
System drive C: has 178 GB (80%) free of 221 GB
Total RAM: 1013 MB (38% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-26 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-06-16 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-06-16 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-06-16 150552]
"IntelWirelessWiMAX"=C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [2010-03-17 1445888]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-06-22 9292392]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"wxpdrv"=C:\Windows\services32.exe [2011-07-25 1185280]
"tray_ico"= []
"tray_ico0"=C:\Windows\update.tray-7-0\svchost.exe [2011-07-25 1185280]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"1658504.exe"=C:\Users\Katka\AppData\Local\Temp\1658504.exe [2011-07-25 247296]
"sysdriver32.exe"=C:\Windows\sysdriver32.exe [2011-07-25 256000]
"sysdriver32_.exe"=C:\Windows\sysdriver32_.exe [2011-07-25 256000]
"560391.exe"=C:\Windows\Temp\560391.exe [2011-07-25 256000]
"1288310.exe"=C:\Windows\Temp\1288310.exe [2011-07-25 256000]
"8253496.exe"=C:\Windows\Temp\8253496.exe [2011-07-25 495616]
"l1rezerv.exe"=C:\Windows\l1rezerv.exe [2011-07-25 232960]
"84823780-loader2.exe"=C:\Windows\Temp\84823780-loader2.exe [2011-07-25 252928]
"9052930.exe"=C:\Windows\Temp\9052930.exe [2011-07-25 256000]
"3185653.exe"=C:\Users\Katka\AppData\Local\Temp\3185653.exe [2011-07-25 256000]
"6229622.exe"=C:\Users\Katka\AppData\Local\Temp\6229622.exe [2011-07-25 256000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-04-19 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"vidc.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3filter"=ac3filter.acm
"msacm.avis"=ff_acm.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-07-26 07:51:04 ----D---- C:\Program Files\trend micro
2011-07-26 07:51:03 ----D---- C:\rsit
2011-07-25 23:13:09 ----D---- C:\Windows\ufa
2011-07-25 23:13:09 ----D---- C:\Windows\rpcminer
2011-07-25 23:13:09 ----D---- C:\Windows\phoenix
2011-07-25 23:06:54 ----A---- C:\Windows\iecheck_iplist.txt
2011-07-25 23:04:43 ----A---- C:\Windows\btc_client_iplist.txt
2011-07-25 23:04:10 ----HD---- C:\Windows\update.5.0
2011-07-25 23:02:26 ----A---- C:\Windows\l1rezerv.exe
2011-07-25 23:01:56 ----HD---- C:\Windows\update.2
2011-07-25 22:57:35 ----A---- C:\Windows\unrar.exe
2011-07-25 22:56:40 ----SHD---- C:\Config.Msi
2011-07-25 22:56:25 ----A---- C:\Windows\iplist.txt
2011-07-25 22:54:42 ----A---- C:\Windows\sysdriver32_.exe
2011-07-25 22:54:28 ----A---- C:\Windows\sysdriver32.exe
2011-07-25 22:54:11 ----A---- C:\Windows\front_ip_list.txt
2011-07-25 22:54:06 ----D---- C:\Windows\av_ico
2011-07-25 22:52:49 ----HD---- C:\Windows\update.1
2011-07-25 22:52:47 ----HD---- C:\Windows\update.tray-7-0-lnk
2011-07-25 22:52:47 ----HD---- C:\Windows\update.tray-7-0
2011-07-25 22:41:09 ----A---- C:\Windows\winlog-ids.txt
2011-07-25 22:41:09 ----A---- C:\Windows\winlog-dirs.txt
2011-07-25 22:41:01 ----A---- C:\Windows\services32.exe
2011-07-13 22:53:57 ----A---- C:\Windows\system32\kernel32.dll
2011-07-13 22:53:56 ----A---- C:\Windows\system32\winsrv.dll
2011-07-13 22:53:55 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-13 22:53:54 ----A---- C:\Windows\system32\conhost.exe
2011-07-13 22:53:53 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 22:53:47 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 22:53:47 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-13 22:53:46 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 22:53:46 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 22:53:46 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 22:53:46 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 22:53:46 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 22:53:46 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

#2 Příspěvek od **Rudy** » 26 črc 2011 08:15

Zdravím!
Log sice není kompletní, ale vir je tam vidět. Uděleje kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

dr.uzel · #3 Příspěvek od **dr.uzel** » 26 črc 2011 08:36

je tam toho fůra

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

26.7.2011 9:35:32
mbam-log-2011-07-26 (09-34-58).txt

Typ: Rychlá kontrola
Kontrolované objekty: 148474
Uplynulý čas: 7 minut, 6 sekund

Infikované procesy v paměti: 10
Infikované moduly v paměti: 0
Infikované klíče v registru: 6
Infikované hodnoty v registru: 13
Infikované datové položky v registru: 3
Infikované složky: 1
Infikované soubory: 38

Infikované procesy v paměti:
c:\Windows\sysdriver32.exe (Trojan.Agent) -> 456 -> No action taken.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> 1428 -> No action taken.
c:\Windows\update.tray-7-0\svchost.exe (Trojan.Dropper) -> 3912 -> No action taken.
c:\Windows\sysdriver32_.exe (Trojan.Agent) -> 4032 -> No action taken.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> 2312 -> No action taken.
c:\Windows\update.tray-7-0-lnk\svchost.exe (Trojan.Dropper) -> 1844 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 1956 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 2696 -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 1752 -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 1976 -> No action taken.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Trojan.Agent) -> Value: l1rezerv.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Dropper) -> Value: wxpdrv -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1658504.exe (Trojan.Agent) -> Value: 1658504.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\560391.exe (Trojan.Agent) -> Value: 560391.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1288310.exe (Trojan.Agent) -> Value: 1288310.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\84823780-loader2.exe (Trojan.Agent) -> Value: 84823780-loader2.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9052930.exe (Trojan.Agent) -> Value: 9052930.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3185653.exe (Trojan.Agent) -> Value: 3185653.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6229622.exe (Trojan.Agent) -> Value: 6229622.exe -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
c:\Windows\rpcminer (Trojan.BCMiner) -> No action taken.

Infikované soubory:
c:\Windows\sysdriver32.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-7-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\sysdriver32_.exe (Trojan.Agent) -> No action taken.
c:\Windows\l1rezerv.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.tray-7-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\services32.exe (Trojan.Dropper) -> No action taken.
c:\Users\Katka\AppData\Local\Temp\1658504.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\560391.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\1288310.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\84823780-loader2.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\9052930.exe (Trojan.Agent) -> No action taken.
c:\Users\Katka\AppData\Local\Temp\3185653.exe (Trojan.Agent) -> No action taken.
c:\Users\Katka\AppData\Local\Temp\6229622.exe (Trojan.Agent) -> No action taken.
c:\Users\Katka\AppData\Local\Temp\6773066.exe (Trojan.Agent) -> No action taken.
c:\Users\Katka\AppData\Local\Temp\9722887.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\19024509.exe (Trojan.Downloader) -> No action taken.
c:\Windows\Temp\4100438.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\4111050.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\5686641.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\5785541.exe (Trojan.Agent) -> No action taken.
c:\Users\Katka\local settings\temporary internet files\Content.IE5\LMXTBAJE\flash-player[1].exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.
c:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> No action taken.

#4 Příspěvek od **Rudy** » 26 črc 2011 08:54

Vše, co MBAM nalezl, smažte a dejte nový log z RSIT.

dr.uzel · #5 Příspěvek od **dr.uzel** » 26 črc 2011 09:06

Logfile of random's system information tool 1.09 (written by random/random)
Run by Katka at 2011-07-26 10:02:09
Microsoft Windows 7 Ultimate
System drive C: has 178 GB (80%) free of 221 GB
Total RAM: 1013 MB (34% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-26 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-06-16 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-06-16 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-06-16 150552]
"IntelWirelessWiMAX"=C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [2010-03-17 1445888]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-06-22 9292392]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"tray_ico"= []
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"8253496.exe"=C:\Windows\Temp\8253496.exe [2011-07-25 495616]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-07-06 449584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-04-19 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"vidc.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3filter"=ac3filter.acm
"msacm.avis"=ff_acm.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-07-26 09:26:28 ----D---- C:\Users\Katka\AppData\Roaming\Malwarebytes
2011-07-26 09:26:16 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-07-26 09:26:14 ----D---- C:\ProgramData\Malwarebytes
2011-07-26 09:26:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-07-26 09:26:11 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-07-26 07:51:04 ----D---- C:\Program Files\trend micro
2011-07-26 07:51:03 ----D---- C:\rsit
2011-07-25 23:13:09 ----D---- C:\Windows\ufa
2011-07-25 23:13:09 ----D---- C:\Windows\phoenix
2011-07-25 23:06:54 ----A---- C:\Windows\iecheck_iplist.txt
2011-07-25 23:04:43 ----A---- C:\Windows\btc_client_iplist.txt
2011-07-25 23:04:10 ----HD---- C:\Windows\update.5.0
2011-07-25 23:01:56 ----HD---- C:\Windows\update.2
2011-07-25 22:57:35 ----A---- C:\Windows\unrar.exe
2011-07-25 22:56:40 ----SHD---- C:\Config.Msi
2011-07-25 22:56:25 ----A---- C:\Windows\iplist.txt
2011-07-25 22:54:11 ----A---- C:\Windows\front_ip_list.txt
2011-07-25 22:54:06 ----D---- C:\Windows\av_ico
2011-07-25 22:52:49 ----HD---- C:\Windows\update.1
2011-07-25 22:52:47 ----HD---- C:\Windows\update.tray-7-0-lnk
2011-07-25 22:52:47 ----HD---- C:\Windows\update.tray-7-0
2011-07-25 22:41:09 ----A---- C:\Windows\winlog-ids.txt
2011-07-25 22:41:09 ----A---- C:\Windows\winlog-dirs.txt
2011-07-13 22:53:57 ----A---- C:\Windows\system32\kernel32.dll
2011-07-13 22:53:56 ----A---- C:\Windows\system32\winsrv.dll
2011-07-13 22:53:55 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-13 22:53:54 ----A---- C:\Windows\system32\conhost.exe
2011-07-13 22:53:53 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 22:53:47 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 22:53:47 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-13 22:53:46 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 22:53:46 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 22:53:46 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 22:53:46 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 22:53:46 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 22:53:46 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 22:53:46 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 22:53:46 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 22:53:46 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 22:53:46 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-13 22:53:45 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 22:53:45 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 22:53:45 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 22:53:44 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 22:53:44 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 22:53:44 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 22:53:44 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 22:53:44 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 22:53:44 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 22:53:43 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-13 22:53:43 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-13 22:53:43 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 22:53:43 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 22:53:43 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-13 22:53:43 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-13 22:53:36 ----A---- C:\Windows\system32\win32k.sys
2011-06-29 20:48:12 ----A---- C:\Windows\system32\umpnpmgr.dll

======List of files/folders modified in the last 1 month======

2011-07-26 10:02:15 ----D---- C:\Windows\Prefetch
2011-07-26 10:02:03 ----D---- C:\Windows\Temp
2011-07-26 09:58:01 ----D---- C:\Windows\Tasks
2011-07-26 09:58:01 ----D---- C:\Windows\system32\drivers
2011-07-26 09:57:28 ----D---- C:\Windows\system32\config
2011-07-26 09:55:37 ----D---- C:\Windows
2011-07-26 09:26:14 ----HD---- C:\ProgramData
2011-07-26 09:26:11 ----RD---- C:\Program Files
2011-07-26 07:54:31 ----D---- C:\Windows\System32
2011-07-26 07:54:31 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-26 07:54:30 ----D---- C:\Windows\inf
2011-07-26 00:17:18 ----D---- C:\Windows\system32\LogFiles
2011-07-25 23:02:19 ----D---- C:\Windows\system32\drivers\etc
2011-07-25 22:57:17 ----SHD---- C:\Windows\Installer
2011-07-17 16:45:08 ----D---- C:\Windows\winsxs
2011-07-17 16:44:33 ----D---- C:\Windows\system32\catroot2
2011-07-17 16:41:32 ----D---- C:\Windows\system32\DriverStore
2011-07-17 16:03:21 ----D---- C:\Katka
2011-07-17 15:12:55 ----A---- C:\Windows\system32\MRT.exe
2011-07-17 15:11:30 ----SHD---- C:\System Volume Information
2011-07-13 22:53:18 ----D---- C:\Windows\system32\catroot
2011-07-11 12:32:50 ----D---- C:\Windows\system32\NDF
2011-06-28 10:25:17 ----D---- C:\Windows\Microsoft.NET
2011-06-28 10:25:13 ----RSD---- C:\Windows\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2010-03-31 1792512]
R3 bpenum;bpenum; C:\Windows\system32\DRIVERS\bpenum.sys [2010-02-24 56832]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-04-19 4806144]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-06-22 3117672]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x86.sys [2010-05-20 68208]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-07-06 22712]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys [2010-01-18 27136]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2010-03-25 105984]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2010-03-20 101504]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-03-17 356352]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-03-17 1372160]
R2 WMCoreService;Mobile Broadband Service; C:\Program Files\Mobile Broadband drivers\WMCore\mini_WMCore.exe [2010-06-09 463912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-12-29 1343400]

#6 Příspěvek od **Rudy** » 26 črc 2011 09:14

Ještě poprosím o log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

dr.uzel · #7 Příspěvek od **dr.uzel** » 26 črc 2011 09:49

ComboFix 11-07-26.02 - Katka 26.07.2011 10:21:33.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.1013.407 [GMT 2:00]
Spuštěný z: c:\users\Katka\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 08:33 . 2011-07-26 08:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-26 07:26 . 2011-07-26 07:26 -------- d-----w- c:\users\Katka\AppData\Roaming\Malwarebytes
2011-07-26 07:26 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-26 07:26 . 2011-07-26 07:26 -------- d-----w- c:\programdata\Malwarebytes
2011-07-26 07:26 . 2011-07-26 07:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-26 07:26 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-26 05:51 . 2011-07-26 05:51 -------- d-----w- c:\program files\trend micro
2011-07-26 05:51 . 2011-07-26 05:51 -------- d-----w- C:\rsit
2011-07-25 21:13 . 2011-07-25 21:13 -------- d-----w- c:\windows\ufa
2011-07-25 21:13 . 2011-07-25 21:13 -------- d-----w- c:\windows\phoenix
2011-07-25 20:57 . 2011-07-25 21:13 246272 ----a-w- c:\windows\unrar.exe
2011-07-25 20:55 . 2011-07-25 20:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-25 20:54 . 2011-07-25 20:54 -------- d-----w- c:\windows\av_ico
2011-07-25 20:52 . 2011-07-26 07:55 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-25 20:52 . 2011-07-26 07:55 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-06-29 18:48 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-28 03:00 . 2011-06-17 12:04 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-04 02:43 . 2011-06-17 12:04 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:43 . 2011-06-17 12:04 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-04 02:43 . 2011-06-17 12:04 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-03 04:50 . 2011-06-17 12:05 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 02:57 . 2011-06-17 12:05 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:57 . 2011-06-17 12:05 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:57 . 2011-06-17 12:05 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-12-29 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-16 150552]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-03-17 1445888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-22 9292392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
2;2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [2010-01-18 27136]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2010-03-20 101504]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-29 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-03-17 1372160]
S2 WMCoreService;Mobile Broadband Service;c:\program files\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode [x]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [2010-02-24 56832]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-05-20 68208]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
.
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
TCP: DhcpNameServer = 77.48.254.254 77.48.100.254
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
AddRemove-avast5 - c:\program files\Alwil Software\Avast5\aswRunDll.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-07-26 10:41:18
ComboFix-quarantined-files.txt 2011-07-26 08:41
.
Před spuštěním: Volných bajtů: 186 232 369 152
Po spuštění: Volných bajtů: 186 002 575 360
.
- - End Of File - - A2D71DD49CC1D196EF2C380B1EDD8B6C

#8 Příspěvek od **Rudy** » 26 črc 2011 12:02

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\unrar.exe

Folder::
c:\windows\ufa
c:\windows\phoenix
c:\windows\av_ico
c:\windows\update.tray-7-0
c:\windows\update.tray-7-0-lnk

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

dr.uzel · #9 Příspěvek od **dr.uzel** » 29 črc 2011 09:19

tak už jsem nestihl totální kolabs nejde ani v nouzovém režimu

formát a noe win i tak díky za pomoc

#10 Příspěvek od **Rudy** » 29 črc 2011 10:33

Ani poslední známá funkční konfigurace?

VIRY.CZ

Facebook vir

Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir