Facebook vir - prosím o pomoc!

Zpráva

vuinka · #16 Příspěvek od **vuinka** » 26 črc 2011 11:50

Nejdou mi přehrávat videa/písničky před WMP, může to mít spojitost s virem? Hlásí to "Provádění serveru selhalo". Přes Quick Time Player hudba jde, ale film ne (film běží, ale obraz je černý a zvuk také nejde). Díky za radu.

#17 Příspěvek od **Rudy** » 26 črc 2011 12:30

CF nemazal. Vytvořte znovu stejný skript a spusťte jím CF v nouz. režimu.

vuinka · #18 Příspěvek od **vuinka** » 26 črc 2011 15:24

ComboFix 11-07-25.03 - Verča 26.07.2011 16:09:16.4.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.4061.3042 [GMT 2:00]
Spuštěný z: c:\users\Verča\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Verča\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\assets\oobe\b.png
c:\program files (x86)\Ask.com\assets\oobe\bl.png
c:\program files (x86)\Ask.com\assets\oobe\br.png
c:\program files (x86)\Ask.com\assets\oobe\l.png
c:\program files (x86)\Ask.com\assets\oobe\pointer.png
c:\program files (x86)\Ask.com\assets\oobe\r.png
c:\program files (x86)\Ask.com\assets\oobe\t.png
c:\program files (x86)\Ask.com\assets\oobe\tl.png
c:\program files (x86)\Ask.com\assets\oobe\tr.png
c:\program files (x86)\Ask.com\cb_79dd.ico
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\fv_6e58.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
c:\windows\av_ico
c:\windows\av_ico\ico_avast_desktop.ico
c:\windows\av_ico\ico_avast_start.ico
c:\windows\phoenix
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
c:\windows\update.tray-7-0-lnk
c:\windows\update.tray-7-0
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AFS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 14:15 . 2011-07-26 14:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-26 09:28 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD420B71-45EC-40D8-8C38-138D10293BD2}\mpengine.dll
2011-07-25 21:29 . 2009-07-14 01:45 294992 ----a-w- c:\windows\SysWow64\drivers\Volsnap.sys
2011-07-25 20:05 . 2011-07-25 20:05 -------- d-----w- c:\users\Verča\AppData\Roaming\Malwarebytes
2011-07-25 20:04 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-25 20:04 . 2011-07-25 20:04 -------- d-----w- c:\programdata\Malwarebytes
2011-07-25 20:04 . 2011-07-25 20:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-25 20:04 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-25 19:46 . 2011-07-25 21:13 -------- d-----w- c:\program files (x86)\trend micro
2011-07-25 19:46 . 2011-07-25 19:47 -------- d-----w- C:\rsit
2011-07-24 08:50 . 2011-07-24 08:51 -------- d-----w- c:\users\Verča\AppData\Roaming\PhotoFiltre
2011-07-24 08:50 . 2011-07-24 08:50 -------- d-----w- c:\program files (x86)\PhotoFiltre
2011-07-07 17:29 . 2011-07-07 17:29 -------- d-----w- c:\users\Verča\AppData\Local\Apple Computer
2011-07-07 17:29 . 2011-07-07 17:29 -------- d-----w- c:\users\Verča\AppData\Roaming\Apple Computer
2011-07-07 17:25 . 2011-07-07 17:25 -------- d-----w- c:\programdata\Apple Computer
2011-07-07 17:23 . 2011-07-07 17:23 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-07-07 17:23 . 2011-07-07 17:23 -------- d-----w- c:\users\Verča\AppData\Local\Apple
2011-07-07 17:23 . 2011-07-07 17:23 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-07-07 17:23 . 2011-07-07 17:23 -------- d-----w- c:\programdata\Apple
2011-07-05 18:59 . 2011-07-05 18:59 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-06-27 06:53 . 2011-06-27 06:53 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-27 06:53 . 2011-06-27 06:53 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-23 19:35 . 2010-09-03 11:21 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-07-23 19:35 . 2010-09-20 16:57 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-07-04 11:43 . 2010-09-02 17:26 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-09-02 17:26 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-07-04 11:43 . 2011-01-23 09:29 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-03-23 20:43 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-09-02 17:26 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-09-02 17:26 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2010-09-02 17:26 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-09-02 17:26 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2010-09-02 17:26 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-21 18:50 . 2011-05-25 13:16 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-24 17:14 . 2010-09-02 17:27 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 02:52 . 2011-01-17 14:29 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-25_21.46.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-12-31 16:00 . 2011-07-25 21:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-12-31 16:00 . 2011-07-26 14:02 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2011-07-25 21:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-07-26 14:02 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-07-25 21:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-26 14:02 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-26 14:02 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-25 21:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-14 10:08 . 2011-07-26 14:03 35452 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-07-26 14:03 40564 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-01 15:50 . 2011-07-26 14:03 11158 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2009744136-884104365-578081264-1000_UserData.bin
+ 2010-09-02 17:23 . 2011-07-26 14:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-02 17:23 . 2011-07-25 21:47 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-02 17:23 . 2011-07-26 14:03 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-02 17:23 . 2011-07-25 21:47 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-02 17:23 . 2011-07-26 14:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-02 17:23 . 2011-07-25 21:47 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-01 15:55 . 2011-07-25 21:47 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-01 15:55 . 2011-07-26 14:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-01 15:55 . 2011-07-25 21:47 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-01 15:55 . 2011-07-26 14:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-25 21:45 . 2011-07-25 21:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-26 14:16 . 2011-07-26 14:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-25 21:45 . 2011-07-25 21:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-26 14:16 . 2011-07-26 14:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-01 19:09 . 2011-07-26 13:36 414412 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2009-07-14 05:01 . 2011-07-25 21:45 401520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-07-26 14:07 401520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-25 10:16 . 2011-07-26 14:07 4648977 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2009744136-884104365-578081264-1000-12288.dat
- 2009-07-14 02:34 . 2011-07-25 13:23 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-07-26 09:39 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-17 2245120]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-09-05 2429]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\users\Verźa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RollerCoaster Tycoon 3_ Wild Registration.lnk - c:\users\Verźa\AppData\Local\Temp\{0039A485-E5AD-4E54-80A2-20D2CBC91CEA}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-3-14 12862]
hp psc 1000 series.lnk - c:\program files (x86)\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-3-14 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
R2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF25162.cfxxe" [X]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-12-24 1736704]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"combofix"="c:\combofix\CF25162.cfxxe" [X]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://search.qip.ru
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Verča\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Verča\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 172.20.100.2 172.20.100.10
FF - ProfilePath - c:\users\Verča\AppData\Roaming\Mozilla\Firefox\Profiles\mf2m5tw8.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.http - herkules.knihovna.utb.cz
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-07-26 16:20:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-26 14:20
ComboFix2.txt 2011-07-26 08:41
ComboFix3.txt 2011-07-25 22:20
ComboFix4.txt 2011-07-25 21:53
.
Před spuštěním: Volných bajtů: 56 626 077 696
Po spuštění: Volných bajtů: 55 932 690 432
.
- - End Of File - - 8DDFAD0CC337E419300C9E57988D8F59

#19 Příspěvek od **Rudy** » 26 črc 2011 17:13

Teď to bylo v pořádku, log je již čistý. Nastala nějaká změna?

vuinka · #20 Příspěvek od **vuinka** » 27 črc 2011 09:40

Vše funguje tak, jak fungovalo před napadením

Jenom mi nejde spustit hudba ani videa, nejde to od napadení. Vyskočí okno "Provádění serveru selhalo", spustím-li film přes QuickTime Player, film běží, ale nefunguje zvuk ani obraz...

Dále se chci zeptat, mohu-li si zpět nainstalovat Avast jako hlavní antivir, nebo si mám nechat Anti-Malware, případně mohou-li oba pracovat společně.?.

#21 Příspěvek od **Rudy** » 27 črc 2011 11:41

MBAM si můžete ponechat, nemá rezidentní štít. Avast ale určitě nainstalujte. Co se týká těch videí. přeinstalujte přehrávače, kodeky a DirectX.

vuinka · #22 Příspěvek od **vuinka** » 27 črc 2011 17:32

Děkuji moc za všechny rady!!! Jsem Vám opravdu vděčná!

#23 Příspěvek od **Rudy** » 27 črc 2011 18:41

Nemáte zač!

VIRY.CZ

Facebook vir - prosím o pomoc!

Re: Facebook vir - prosím o pomoc!

Re: Facebook vir - prosím o pomoc!

Re: Facebook vir - prosím o pomoc!

Re: Facebook vir - prosím o pomoc!

Re: Facebook vir - prosím o pomoc!

Re: Facebook vir - prosím o pomoc!

Re: Facebook vir - prosím o pomoc!

Re: Facebook vir - prosím o pomoc!