Prosim o pomoc

Zpráva

Frikee · #1 Příspěvek od **Frikee** » 26 črc 2011 22:18

tady je vypis z logu
ComboFix 11-07-26.03 - Scorpion 26.07.2011 22:51:04.1.8 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1033.18.3582.1934 [GMT 2:00]
Spuštěný z: d:\desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Settings
c:\users\Scorpion\AppData\Roaming\Microsoft\Windows\Recent\Již je označen(a).URL
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix.rar
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\security\Database\tmp.edb
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\system32\userdata.dll
c:\windows\Temp\5031098.exe
c:\windows\Temp\78153559-loader2.exe
c:\windows\Temp\9093686.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.tray-15-0\svchost.exe
c:\windows\update.tray-2-0\svchost.exe
c:\windows\update.tray-8-0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
d:\desktop\Flash-Player.exe
d:\desktop\Setup.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_srvbtcclient
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 20:55 . 2011-07-26 20:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-26 20:20 . 2011-07-26 20:20 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-07-26 18:49 . 2011-07-26 18:49 -------- d-----w- c:\windows\ufa
2011-07-26 18:49 . 2011-07-26 18:49 -------- d-----w- c:\windows\rpcminer
2011-07-26 18:49 . 2011-07-26 18:49 -------- d-----w- c:\windows\phoenix
2011-07-26 18:29 . 2011-07-26 18:49 246272 ----a-w- c:\windows\unrar.exe
2011-07-26 18:25 . 2011-07-26 20:22 -------- d-----w- c:\windows\av_ico
2011-07-26 18:24 . 2011-07-26 20:55 -------- d--h--w- c:\windows\update.tray-8-0
2011-07-26 18:24 . 2011-07-26 20:55 -------- d--h--w- c:\windows\update.tray-15-0
2011-07-26 18:24 . 2011-07-26 18:24 -------- d--h--w- c:\windows\update.tray-8-0-lnk
2011-07-26 18:24 . 2011-07-26 18:24 -------- d--h--w- c:\windows\update.tray-15-0-lnk
2011-07-26 07:27 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F467E5B4-EBF4-4462-9AD7-5539EBC31631}\mpengine.dll
2011-07-23 10:49 . 2011-07-23 10:49 1409 ----a-w- c:\windows\system32\tmp8CD28.FOT
2011-07-22 15:35 . 2011-07-22 15:35 1409 ----a-w- c:\windows\system32\tmp99CC6.FOT
2011-07-21 12:25 . 2009-06-22 16:58 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2011-07-21 09:01 . 2011-07-21 09:01 1409 ----a-w- c:\windows\system32\tmpDEB83.FOT
2011-07-10 11:52 . 2011-07-10 11:52 1409 ----a-w- c:\windows\system32\tmp47BD2.FOT
2011-07-06 16:37 . 2011-07-06 16:37 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-07-06 16:37 . 2011-07-06 16:37 575704 ----a-w- c:\windows\system32\wuapi.dll
2011-07-06 16:37 . 2011-07-06 16:37 35552 ----a-w- c:\windows\system32\wups.dll
2011-07-06 16:36 . 2011-07-06 16:36 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-07-06 16:36 . 2011-07-06 16:36 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-07-06 16:36 . 2011-07-06 16:36 44768 ----a-w- c:\windows\system32\wups2.dll
2011-07-06 16:36 . 2011-07-06 16:36 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-07-06 16:36 . 2011-07-06 16:36 53472 ----a-w- c:\windows\system32\wuauclt.exe
2011-07-06 16:36 . 2011-07-06 16:36 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2011-07-05 19:35 . 2011-07-05 19:35 1409 ----a-w- c:\windows\system32\tmpECCBC.FOT
2011-06-29 05:15 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 05:15 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 05:15 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 05:14 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 05:14 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-29 05:14 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 05:14 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 05:14 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 05:14 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 05:14 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-28 15:24 . 2011-06-28 15:24 1409 ----a-w- c:\windows\system32\tmpC40F5.FOT
2011-06-28 15:22 . 2011-06-28 15:22 -------- d-----w- c:\programdata\QuickTime
2011-06-28 15:22 . 2011-06-28 15:22 -------- d-----w- c:\program files\MEDIA TRADE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-08 08:22 . 2011-04-30 09:39 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-08 08:22 . 2011-04-30 09:39 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-06 14:32 . 2010-09-08 18:34 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-07-06 14:32 . 2010-09-08 18:34 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-07-06 14:32 . 2010-09-08 18:34 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-07-06 14:32 . 2010-09-08 18:34 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-06-28 15:24 . 2011-03-28 08:04 871652 ----a-w- c:\windows\system32\spořič CHEMICUS.scr
2011-06-21 10:45 . 2011-05-23 10:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-16 14:54 . 2010-09-08 18:34 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-06-04 20:53 . 2011-06-04 20:53 1409 ----a-w- c:\windows\system32\tmp74B00.FOT
2011-06-03 16:12 . 2011-06-03 16:12 1409 ----a-w- c:\windows\system32\tmp29506.FOT
2011-06-02 19:57 . 2011-06-02 19:57 1409 ----a-w- c:\windows\system32\tmp7EE52.FOT
2011-05-28 03:00 . 2011-06-17 10:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 17:14 . 2010-09-06 20:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-20 18:37 . 2011-05-20 18:37 1409 ----a-w- c:\windows\system32\tmpC0FAE.FOT
2011-05-17 12:37 . 2011-05-17 12:37 1409 ----a-w- c:\windows\system32\tmpE8C0E.FOT
2011-05-16 18:23 . 2011-05-16 18:23 1409 ----a-w- c:\windows\system32\tmp24598.FOT
2011-05-04 02:43 . 2011-06-17 10:54 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:43 . 2011-06-17 10:54 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-04 02:43 . 2011-06-17 10:54 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-03 20:37 . 2011-05-03 20:37 1409 ----a-w- c:\windows\system32\tmp46867.FOT
2011-05-03 04:50 . 2011-06-17 10:55 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 12:09 . 2011-04-29 12:09 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-04-29 02:57 . 2011-06-17 10:55 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:57 . 2011-06-17 10:55 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:57 . 2011-06-17 10:55 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-26 18:03 . 2011-03-22 15:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-29 14:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2010-11-29 14:26 3908192 ----a-w- c:\program files\MyAshampoo\tbMyAs.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 11:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2010-11-29 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Scorpion\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Scorpion\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Scorpion\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Scorpion\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2010-11-17 1242448]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"NBKeyScan"="c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe" [2008-09-24 2254120]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
.
c:\users\Scorpion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-7-5 0]
Dropbox.lnk - c:\users\Scorpion\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
R3 ALSysIO;ALSysIO;c:\users\Scorpion\AppData\Local\Temp\ALSysIO.sys [x]
R3 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
R3 GGSAFERDriver;GGSAFER Driver;d:\program files\Garena\safedrv.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-01 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 95384]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2011-07-06 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-01-27 12856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-09-21 1957672]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S3 HideMyIpSRV;HideMyIpSRV;d:\program files\Hide My IP\HideMyIpSrv.exe [2010-07-06 3039536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\HMIPCore.dll
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Scorpion\AppData\Roaming\Mozilla\Firefox\Profiles\a2i6l5up.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU3&o=15380&locale=en_EU&apn_uid=19785665-D164-45E7-9CFD-524CBE116334&apn_ptnrs=UJ&apn_sauid=D593FAFB-92C1-46E6-A627-9F3E75F060B9&apn_dtid=YYYYYYYYCZ&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
HKLM-Run-wxpdrv - c:\windows\services32.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico0 - c:\windows\update.tray-8-0\svchost.exe
HKLM-Run-tray_ico1 - c:\windows\update.tray-15-0\svchost.exe
HKLM-Run-tray_ico2 - c:\windows\update.tray-2-0\svchost.exe
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-l1rezerv.exe - c:\windows\l1rezerv.exe
HKLM-Run-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
AddRemove-Avira AntiVir Desktop - c:\program files\Avira\AntiVir Desktop\setup.exe
AddRemove-Rev_Loader for Killing Floor v1017 - d:\desktop\Killing floor\Uninstall_RevLoader.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(5644)
c:\users\Scorpion\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\windows\system32\taskhost.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
c:\program files\Nero\Nero BackItUp 4\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\sppsvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\TeamViewer\Version5\TeamViewer.exe
c:\windows\system32\taskhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2011-07-26 23:01:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-26 21:01
.
Před spuštěním: Volných bajtů: 38 690 373 632
Po spuštění: Volných bajtů: 39 799 443 456
.
- - End Of File - - EACB5AB9EF1D1A0AA132B4CE321DCF82

#2 Příspěvek od **vyosek** » 27 črc 2011 07:47

Zdravim a pekny den preji

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Zvolte moznost 2 a potvrte enterem
Utilita provede svou cinnost a da log - ten sem vlozte
Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte

Prejmenujte ComboFix na pitomec.com at si uvedomite ze na blbiny se neklika

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Folder::
c:\windows\update.tray-2-0-lnk
c:\windows\ufa
c:\windows\rpcminer
c:\windows\phoenix
c:\windows\av_ico
c:\windows\update.tray-8-0
c:\windows\update.tray-15-0
c:\windows\update.tray-8-0-lnk
c:\windows\update.tray-15-0-lnk
c:\program files\Ask.com

File::
c:\windows\unrar.exe
c:\program files\MyAshampoo\tbMyAs.dll

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DivXUpdate"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"NBKeyScan"=-
"AdobeCS4ServiceManager"=-
"AdobeAAMUpdater-1.0"=-
"AdobeCS5ServiceManager"=-
"SunJavaUpdateSched"=-
"ApnUpdater"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2475029

Firefox::
FF - ProfilePath - c:\users\Scorpion\AppData\Roaming\Mozilla\Firefox\Profiles\a2i6l5up.default\
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?clien ... YYYYYCZ&q=

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

VIRY.CZ

Prosim o pomoc

Prosim o pomoc

Re: Prosim o pomoc