zřejmě FB vir

Zpráva

ld3703 · #1 Příspěvek od **ld3703** » 13 srp 2011 19:58

Podle infa co jsem o problému dostal se jedná o fb vir. nechce se mi v tom samotnému moc hrabat tak prosím o pomoc...

Logfile of random's system information tool 1.09 (written by random/random)
Run by Kačka at 2011-08-13 20:47:05
Microsoft Windows 7 Home Premium
System drive C: has 88 GB (48%) free of 183 GB
Total RAM: 3957 MB (84% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\HP Usg Login.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110518093653.dll [2011-04-14 75848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2009-01-29 145424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2009-01-29 145424]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2010-11-21 1054520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"=C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"CLMLServer"=C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-06-03 103720]
"UpdateP2GoShortCut"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"UpdatePDRShortCut"=C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-01-04 222504]
"RemoteControl8"=C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [2009-04-15 91432]
"PDVD8LanguageShortcut"=C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [2009-04-15 50472]
"UpdatePPShortCut"=C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]
"UpdatePSTShortCut"=C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [2009-07-21 210216]
"NortonOnlineBackup"=C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2010-03-05 1112920]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"UCam_Menu"=C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2011-04-05 1486392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"=C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1479680]
"ICQ"=C:\Program Files (x86)\ICQ7.5\ICQ.exe [2011-06-29 124216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-08-13 20:47:06 ----D---- C:\Program Files (x86)\trend micro
2011-08-13 20:47:05 ----D---- C:\rsit
2011-07-17 11:17:58 ----D---- C:\ProgramData\FLEXnet
2011-07-17 11:10:31 ----D---- C:\Program Files (x86)\Common Files\Macrovision Shared
2011-07-17 11:07:28 ----D---- C:\Program Files (x86)\Common Files\Sonic Shared
2011-07-17 11:07:27 ----D---- C:\Program Files (x86)\Common Files\PX Storage Engine
2011-07-15 02:19:10 ----A---- C:\Windows\98Setup.exe
2011-07-15 02:19:06 ----D---- C:\Program Files (x86)\ANC
2011-07-15 02:19:06 ----A---- C:\Windows\SysWOW64\SP7302.ini
2011-07-15 02:19:05 ----A---- C:\Windows\SysWOW64\P7302USD.dll
2011-07-15 02:19:05 ----A---- C:\Windows\SysWOW64\drivers\PAC7302.sys
2011-07-15 02:19:04 ----D---- C:\Windows\PixArt
2011-07-15 02:19:04 ----D---- C:\Program Files (x86)\Common Files\PAC7302

======List of files/folders modified in the last 1 month======

2011-08-13 20:47:06 ----RD---- C:\Program Files (x86)
2011-08-13 20:47:06 ----D---- C:\Windows\Temp
2011-08-10 15:56:07 ----RD---- C:\Program Files
2011-08-10 15:54:42 ----D---- C:\Windows\System32
2011-08-10 15:54:42 ----D---- C:\Windows\inf
2011-08-10 15:31:12 ----D---- C:\Windows\SysWOW64
2011-08-10 15:31:11 ----RSD---- C:\Windows\Fonts
2011-08-10 15:31:08 ----D---- C:\Windows
2011-08-10 15:30:32 ----D---- C:\Windows\winsxs
2011-08-10 15:30:32 ----D---- C:\Windows\SysWOW64\cs-CZ
2011-08-10 15:30:32 ----D---- C:\Windows\AppPatch
2011-08-10 15:30:23 ----SHD---- C:\Windows\Installer
2011-08-10 15:30:23 ----D---- C:\Windows\twain_32
2011-08-10 15:30:23 ----D---- C:\Windows\Tasks
2011-08-10 15:30:23 ----D---- C:\Windows\SysWOW64\drivers
2011-08-10 15:30:23 ----D---- C:\Windows\rescache
2011-08-10 15:30:23 ----D---- C:\Windows\AppCompat
2011-08-10 15:30:21 ----D---- C:\ProgramData\WinClon
2011-08-10 15:30:15 ----D---- C:\Program Files (x86)\McAfee.com
2011-08-10 15:30:15 ----D---- C:\Program Files (x86)\Common Files
2011-08-10 15:30:14 ----D---- C:\Program Files (x86)\Common Files\McAfee
2011-08-10 15:30:10 ----D---- C:\Program Files (x86)\PhotoFiltre Studio X
2011-08-10 15:30:07 ----D---- C:\Windows\registration
2011-08-10 15:28:53 ----D---- C:\Users\Kačka\AppData\Roaming\Skype
2011-08-10 15:28:52 ----SD---- C:\Users\Kačka\AppData\Roaming\Microsoft
2011-08-10 15:28:36 ----HD---- C:\ProgramData
2011-08-10 15:28:34 ----D---- C:\ProgramData\McAfee
2011-08-10 15:28:31 ----D---- C:\ProgramData\Adobe
2011-08-10 15:28:06 ----D---- C:\Program Files (x86)\McAfee
2011-08-10 15:27:59 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-08-10 15:27:54 ----D---- C:\Program Files (x86)\Common Files\Adobe
2011-08-10 15:27:32 ----D---- C:\Program Files (x86)\Adobe
2011-08-07 20:29:03 ----SHD---- C:\System Volume Information
2011-08-03 12:08:15 ----D---- C:\Users\Kačka\AppData\Roaming\skypePM
2011-07-27 15:24:02 ----D---- C:\Users\Kačka\AppData\Roaming\ICQ
2011-07-26 16:34:57 ----D---- C:\Windows\Prefetch
2011-07-19 15:46:19 ----D---- C:\Users\Kačka\AppData\Roaming\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys []
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
S0 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys []
S1 mfenlfk;McAfee NDIS Light Filter; C:\Windows\system32\DRIVERS\mfenlfk.sys []
S1 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys []
S1 SABI;SAMSUNG Kernel Driver For Windows 7; \??\C:\Windows\system32\Drivers\SABI.sys []
S1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys []
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys []
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys []
S3 btwampfl;Bluetooth AMP USB Filter; C:\Windows\system32\drivers\btwampfl.sys []
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys []
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys []
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys []
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys []
S3 cfwids;McAfee Inc. cfwids; C:\Windows\system32\drivers\cfwids.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys []
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys []
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys []
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
S3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
S3 mfeapfk;McAfee Inc. mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys []
S3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys []
S3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys []
S3 mferkdet;McAfee Inc. mferkdet; C:\Windows\system32\drivers\mferkdet.sys []
S3 nmwcdcx64;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbox64.sys []
S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmbx64.sys []
S3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
S3 rtport;rtport; \??\C:\Windows\SysWOW64\drivers\rtport.sys [2010-11-02 15144]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys []
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys []
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8; C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
S2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-04-29 944928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280]
S2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McShield;McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2011-04-14 200056]
S2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service; C:\Windows\system32\mfevtps.exe []
S2 MpfService;McAfee Personal Firewall Service; C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]
S2 NOBU;Norton Online Backup; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-03-05 2782552]
S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
S2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-07-07 247152]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-07-17 867080]
S3 fsssvc;Služba Windows Live Zabezpečení rodiny; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2010-10-07 509416]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 13 srp 2011 20:06

Zdravim a pekny den preji

Priznaky FB haveti nevidim, ale mrknem na to poradne

Odinstalujte ICQ Toolbar

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Zvolte moznost 2 a potvrte enterem
Utilita provede svou cinnost a da log - ten sem vlozte
Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

Provedte aktualizaci - treti zalozka
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

ld3703 · #3 Příspěvek od **ld3703** » 13 srp 2011 21:06

No pc se spouští jenom v nouzovém režimu a prý bylo zkoušeno nainstalovat eset a házelo to nějakou chybovou hlášku tak co jsem o tom četl by to mohlo být ono.

RogueKiller V5.3.1 [08/06/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Safe mode
User: Kačka [Admin rights]
Mode: Remove -- Date : 08/13/2011 21:26:32

Bad processes: 0

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 7409

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

13.8.2011 22:05:29
mbam-log-2011-08-13 (22-05-07).txt

Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 359824
Uplynulý čas: 34 minut, 8 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 21

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\Users\Kačka\Desktop\eset smart security v4.2.58.5 32 bit cz+ tnod-1-4-1-beta-2-setup\tnod-1-4-1-beta-2-setup.exe (Trojan.Agent.CK) -> No action taken.
c:\Users\Kačka\Desktop\eset smart security v4.2.58.5 32 bit cz+ tnod-1-4-1-beta-2-setup\TNODUP.exe (Trojan.Agent.CK) -> No action taken.
c:\Users\Kačka\Desktop\eset smart security v4.2.58.5 32 bit cz+ tnod-1-4-1-beta-2-setup\uninst-tnod.exe (Trojan.Agent.CK) -> No action taken.
c:\Users\Kačka\Desktop\eset smart security v4.2.58.5 32 bit cz+ tnod-1-4-1-beta-2-setup\minodlogi3970\elf 3.9.7.0.exe (Riskware.KG) -> No action taken.
c:\Users\Kačka\Desktop\rk_quarantine\tnodup.exe.vir (Trojan.Agent.CK) -> No action taken.
c:\Windows\Temp\11132363.exe (Trojan.Downloader) -> No action taken.
c:\Windows\Temp\2465825.exe (Trojan.Agent.H) -> No action taken.
c:\Windows\Temp\489927.exe (Trojan.Agent.H) -> No action taken.
c:\Windows\Temp\505793.exe (Trojan.Agent.H) -> No action taken.
c:\Windows\Temp\5601830.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\6056284.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\68505187-loader2.exe (Trojan.Agent.H) -> No action taken.
c:\Windows\Temp\8406238.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\8778226.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\8987284.exe (Trojan.Agent.H) -> No action taken.
c:\Windows\Temp\987201.exe (Trojan.Agent.H) -> No action taken.
c:\Windows\Temp\3041291.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\9312714.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\9500185.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\459052031.exe (Trojan.FakeAlert.Gen) -> No action taken.
c:\Windows\Temp\498775553.exe (Trojan.FakeAlert.Gen) -> No action taken.

Registry Entries: 3
[SUSP PATH] HKLM\[...]\Run : TNOD UP ("C:\Users\Kačka\Desktop\Eset Smart Security v4.2.58.5 32 bit CZ+ tnod-1-4-1-beta-2-setup\TNODUP.exe" /i) -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:

Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V5.3.1 [08/06/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Safe mode
User: Kačka [Admin rights]
Mode: HOSTSFix -- Date : 08/13/2011 21:27:57

Bad processes: 0

HOSTS File:

Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

RogueKiller V5.3.1 [08/06/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Safe mode
User: Kačka [Admin rights]
Mode: ProxyFix -- Date : 08/13/2011 21:28:32

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

#4 Příspěvek od **vyosek** » 13 srp 2011 21:10

Myslite ten nelegalni (cracknuty) ESET, ten tam chcete porad nacpat

Nalezy MBAMu nemazte, poresime je jinak...

ld3703 · #5 Příspěvek od **ld3703** » 13 srp 2011 21:23

to pravděpodobně né, já mam v plánu nějakej asi avast home, jelikož pc není můj tak tam nic takového cpát rači nebudu.
jinak jsem byl trochu udivenej že tam snad ani žádnej funkční antivir není...
takže co s tím...?

#6 Příspěvek od **vyosek** » 13 srp 2011 21:26

Dle pravidel fora (viz zde a a zde bod c.3 ) se vsak nelegalnim SW nezabyvame, jelikoz nelegalni programy jsou vetsinou zdrojem haveti. Navic tim porusujete i autorska prava Obrázek

, pachate trestny cin a ten jako takovy nebude nasim forem podporovan. Uvedomte si, ze jste na bezpecnostnim foru - podpora warezu (zvlaste bezpecnostnich programu) by byla zcela proti logice fora

Takze po ukonceni leceni tam dame free reseni (Avast, Aviru ci MSE)

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete na plochu CKScanner

Spustte a kliknete na Search for files
Po dokonceni skenu kliknete na Save List to File a nasledne OK
Na plose se Vam vytvori log s nazvem ckfiles.txt, jeho obsah mi sem vlozte

ld3703 · #7 Příspěvek od **ld3703** » 13 srp 2011 22:22

Jak jsem říkal pc není můj a jelikož kamarádka není zrovna it expert. tak by pro ni asi nelegenální sw nebyl zrovna výhra...

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.XTCFNF
----- EOF -----

#8 Příspěvek od **vyosek** » 13 srp 2011 22:31

Fajn, jdeme dale

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

ld3703 · #9 Příspěvek od **ld3703** » 13 srp 2011 22:52

ComboFix 11-08-14.01 - Kačka 13.08.2011 23:44:06.1.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3957.3097 [GMT 2:00]
Spuštěný z: c:\users\Kačka\Desktop\ComboFix.exe
AV: McAfee Anti-Virus a Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee Anti-Virus a Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-13 do 2011-08-13 )))))))))))))))))))))))))))))))
.
.
2011-08-13 21:47 . 2011-08-13 21:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-13 21:46 . 2011-08-13 21:46 -------- d-----w- c:\users\Kacka
2011-08-13 19:11 . 2011-08-13 19:11 -------- d-----w- c:\users\Kačka\AppData\Roaming\Malwarebytes
2011-08-13 19:11 . 2011-08-13 19:11 -------- d-----w- c:\programdata\Malwarebytes
2011-08-13 19:11 . 2010-11-29 15:42 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-13 19:11 . 2011-08-13 19:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-13 19:11 . 2010-11-29 15:42 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-13 18:47 . 2011-08-13 18:47 -------- d-----w- c:\program files (x86)\trend micro
2011-08-13 18:47 . 2011-08-13 18:47 -------- d-----w- C:\rsit
2011-08-10 13:56 . 2011-08-10 13:56 -------- d-----w- c:\program files\CCleaner
2011-08-10 13:33 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B69A41F-CAE4-4AF4-91AF-C1948D146AF9}\mpengine.dll
2011-08-02 17:39 . 2011-08-13 18:43 -------- d-----w- c:\users\Kačka\AppData\Local\ElevatedDiagnostics
2011-07-17 09:17 . 2011-08-10 13:30 -------- d-----w- c:\programdata\FLEXnet
2011-07-17 09:10 . 2011-08-10 13:27 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2011-07-17 09:10 . 2008-06-16 01:00 55024 ----a-w- c:\windows\system32\drivers\PxHlpa64.sys
2011-07-17 09:07 . 2011-08-10 13:27 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2011-07-17 09:07 . 2011-08-10 13:30 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2011-07-15 00:19 . 2000-06-08 15:00 119568 ----a-w- c:\windows\SysWow64\KSPR7484.rra
2011-07-15 00:19 . 2004-11-22 11:37 40960 ----a-w- c:\windows\98Setup.exe
2011-07-15 00:19 . 2011-08-10 13:30 -------- d-----w- c:\program files (x86)\ANC
2011-07-15 00:19 . 2007-10-30 15:48 129024 ----a-w- c:\windows\SysWow64\SP7302.ax
2011-07-15 00:19 . 2007-11-08 08:30 454656 ----a-w- c:\windows\SysWow64\drivers\PAC7302.sys
2011-07-15 00:19 . 2006-10-12 09:57 14336 ----a-w- c:\windows\SysWow64\P7302USD.dll
2011-07-15 00:19 . 2011-08-10 13:30 -------- d-----w- c:\windows\PixArt
2011-07-15 00:19 . 2011-08-10 13:30 -------- d-----w- c:\program files (x86)\Common Files\PAC7302
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-11 02:56 . 2011-07-13 13:04 3134464 ----a-w- c:\windows\system32\win32k.sys
2011-06-02 06:45 . 2011-07-13 13:03 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-06-02 06:45 . 2011-07-13 13:03 243200 ----a-w- c:\windows\system32\wow64.dll
2011-06-02 06:45 . 2011-07-13 13:03 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-06-02 06:44 . 2011-07-13 13:03 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 06:42 . 2011-07-13 13:03 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-06-02 06:39 . 2011-07-13 13:04 422400 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-02 06:35 . 2011-07-13 13:03 338944 ----a-w- c:\windows\system32\conhost.exe
2011-06-02 06:23 . 2011-07-13 13:04 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-06-02 05:59 . 2011-07-13 13:03 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-06-02 05:56 . 2011-07-13 13:03 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-06-02 05:56 . 2011-07-13 13:03 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-06-02 05:54 . 2011-07-13 13:03 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-06-02 05:54 . 2011-07-13 13:04 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-06-02 05:45 . 2011-07-13 13:04 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-06-02 03:51 . 2011-07-13 13:03 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-06-02 03:50 . 2011-07-13 13:03 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-06-02 03:45 . 2011-07-13 13:04 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45 . 2011-07-13 13:04 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45 . 2011-07-13 13:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:25 . 2011-06-17 11:37 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-28 03:00 . 2011-06-17 11:37 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-05-24 17:14 . 2011-05-17 08:05 270720 ----a-w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:21 . 2011-06-29 08:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:34 . 2011-06-29 08:21 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:34 . 2011-06-29 08:21 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:34 . 2011-06-29 08:21 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32 . 2011-06-29 08:21 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-06-29 124216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"NortonOnlineBackup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-03-05 1112920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1486392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-11-29 443728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-4-29 1127712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
R2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10144288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-09 16413288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-08-13 23:48:54
ComboFix-quarantined-files.txt 2011-08-13 21:48
.
Před spuštěním: Volných bajtů: 98 909 032 448
Po spuštění: Volných bajtů: 98 541 232 128
.
- - End Of File - - 83148A1FE2573815F295A52F70EB84A5

#10 Příspěvek od **vyosek** » 14 srp 2011 07:10

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
msconfig
```
Kliknete na OK
Prepnete se na zalozku Spuštění počítače
Podivejte se, ci nemate zaskrtnute Bezpecne spousteni - pokud ano, tak odskrtnete
Nasledny restart by jiz mel vest do normalniho rezimu

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{855F3B16-6D32-4FE6-8A56-BBB695989046}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-

DDS::
uStart Page = hxxp://start.icq.com/

Driver::
ICQ Service

Folder::
C:\Program Files (x86)\ICQ6Toolbar

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
[HKEY_LOCAL_MACHINE\software\McAfee]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

ld3703 · #11 Příspěvek od **ld3703** » 14 srp 2011 08:31

ComboFix 11-08-14.01 - Kačka 14.08.2011 9:18.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3957.2683 [GMT 2:00]
Spuštěný z: c:\users\KaŔka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\KaŔka\Desktop\CFScript.txt
AV: McAfee Anti-Virus a Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee Anti-Virus a Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-14 do 2011-08-14 )))))))))))))))))))))))))))))))
.
.
2011-08-14 07:26 . 2011-08-14 07:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-13 21:46 . 2011-08-13 21:46 -------- d-----w- c:\users\Kacka
2011-08-13 19:11 . 2011-08-13 19:11 -------- d-----w- c:\users\Kačka\AppData\Roaming\Malwarebytes
2011-08-13 19:11 . 2011-08-13 19:11 -------- d-----w- c:\programdata\Malwarebytes
2011-08-13 19:11 . 2010-11-29 15:42 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-13 19:11 . 2011-08-13 19:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-13 19:11 . 2010-11-29 15:42 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-13 18:47 . 2011-08-13 18:47 -------- d-----w- c:\program files (x86)\trend micro
2011-08-13 18:47 . 2011-08-13 18:47 -------- d-----w- C:\rsit
2011-08-10 13:56 . 2011-08-10 13:56 -------- d-----w- c:\program files\CCleaner
2011-08-10 13:33 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B69A41F-CAE4-4AF4-91AF-C1948D146AF9}\mpengine.dll
2011-08-02 17:39 . 2011-08-13 18:43 -------- d-----w- c:\users\Kačka\AppData\Local\ElevatedDiagnostics
2011-07-17 09:17 . 2011-08-10 13:30 -------- d-----w- c:\programdata\FLEXnet
2011-07-17 09:10 . 2011-08-10 13:27 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2011-07-17 09:10 . 2008-06-16 01:00 55024 ----a-w- c:\windows\system32\drivers\PxHlpa64.sys
2011-07-17 09:07 . 2011-08-10 13:27 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2011-07-17 09:07 . 2011-08-10 13:30 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-11 02:56 . 2011-07-13 13:04 3134464 ----a-w- c:\windows\system32\win32k.sys
2011-06-02 06:45 . 2011-07-13 13:03 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-06-02 06:45 . 2011-07-13 13:03 243200 ----a-w- c:\windows\system32\wow64.dll
2011-06-02 06:45 . 2011-07-13 13:03 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-06-02 06:44 . 2011-07-13 13:03 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 06:42 . 2011-07-13 13:03 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-06-02 06:39 . 2011-07-13 13:04 422400 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-02 06:35 . 2011-07-13 13:03 338944 ----a-w- c:\windows\system32\conhost.exe
2011-06-02 06:23 . 2011-07-13 13:04 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-06-02 06:23 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-06-02 05:59 . 2011-07-13 13:03 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-06-02 05:56 . 2011-07-13 13:03 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-06-02 05:56 . 2011-07-13 13:03 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-06-02 05:54 . 2011-07-13 13:03 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-06-02 05:54 . 2011-07-13 13:04 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-06-02 05:45 . 2011-07-13 13:04 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-06-02 05:45 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-06-02 03:51 . 2011-07-13 13:03 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-06-02 03:50 . 2011-07-13 13:03 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-06-02 03:45 . 2011-07-13 13:04 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45 . 2011-07-13 13:04 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45 . 2011-07-13 13:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45 . 2011-07-13 13:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:25 . 2011-06-17 11:37 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-28 03:00 . 2011-06-17 11:37 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-05-24 17:14 . 2011-05-17 08:05 270720 ----a-w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:21 . 2011-06-29 08:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:34 . 2011-06-29 08:21 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:34 . 2011-06-29 08:21 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:34 . 2011-06-29 08:21 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32 . 2011-06-29 08:21 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-13_21.47.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 05:10 . 2011-07-26 20:35 37782 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-08-14 07:15 37782 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-16 20:23 . 2011-08-14 07:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-16 20:23 . 2011-07-26 20:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-16 20:23 . 2011-08-14 07:16 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-16 20:23 . 2011-07-26 20:33 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-16 20:23 . 2011-08-14 07:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-16 20:23 . 2011-07-26 20:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-03 13:45 . 2011-08-14 07:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-03 13:45 . 2011-07-26 20:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-11 03:52 . 2011-08-14 07:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-11 03:52 . 2011-07-26 20:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-03 13:20 . 2011-08-14 07:15 9042 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3291981487-3400977591-590997857-1000_UserData.bin
- 2011-08-13 20:37 . 2011-08-13 20:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-14 07:13 . 2011-08-14 07:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-13 20:37 . 2011-08-13 20:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-14 07:13 . 2011-08-14 07:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2011-08-14 07:20 616008 c:\windows\system32\perfh009.dat
+ 2010-08-11 17:57 . 2011-08-14 07:20 631292 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2011-08-14 07:20 106388 c:\windows\system32\perfc009.dat
+ 2010-08-11 17:57 . 2011-08-14 07:20 121914 c:\windows\system32\perfc005.dat
- 2009-07-14 02:34 . 2011-07-17 09:25 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-08-14 07:25 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-06-29 124216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"NortonOnlineBackup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-03-05 1112920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1486392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-4-29 1127712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - mfeavfk01
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10144288]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-09 16413288]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-08-14 09:29:33
ComboFix-quarantined-files.txt 2011-08-14 07:29
ComboFix2.txt 2011-08-13 21:48
.
Před spuštěním: Volných bajtů: 99 260 768 256
Po spuštění: Volných bajtů: 98 874 396 672
.
- - End Of File - - 2D11E8FD87750CA135CD57F40D56635E

#12 Příspěvek od **vyosek** » 14 srp 2011 14:10

Jak se chova PC

ld3703 · #13 Příspěvek od **ld3703** » 14 srp 2011 16:01

řekl bych že normálně... žádné problémy jsem nezaznamenal...

#14 Příspěvek od **vyosek** » 14 srp 2011 19:37

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Doporucuji provest defragmentaci disku

Nejjednodussi (ale nejmene ucinny) zpusob je pomoci utility ve windowsech
- Kliknete na Tento pocitac, dale na disk kliknete pravym tlacitkem, vyberte Vlastnosti
- prepnete se do zalozky Nastroje
- Nyni vidite pomucky Defragmentace - spustte ji kliknutim na Defragmentovat
- Toto provedte se vsemi disky
Dalsi moznosti (a mnou doporucenou) je pres programek Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
- Program stahnete, nainstalujte (dejte fajfku pryc u yahoo toolbaru) a spustte
- Kliknete na Analyzovat
- Pokud je ve sloupci Fragmentováno vice jak 5%, doporucuji provest defragmentaci (klik na Defragmentovat)
- Postup provedte se vsemi disky
Posledni moznost je pres jednoduchy programek JKDefrag http://www.stahuj.centrum.cz/utility_a_ ... /jkdefrag/
- Vyhodou programku je, ze se neinstaluje
- Staci tedy jen stahnout dle verze vaseho OS a rozbalit
- Nasledne spustit pomoci souboru JKDefrag pripadne JKDefrag64
- Probehne analyza disku a nasledne i defragmentace

Trvate na antiviru McAfee

Spise bych doporucil Avast, Aviru ci MSE

Napiste jak se chova PC

ld3703 · #15 Příspěvek od **ld3703** » 15 srp 2011 21:52

vše podle návodu proběhlo v pořádku, avast nainastalován a chování mi přijde normální. Takže bude asi vše v pořádku...

VIRY.CZ

zřejmě FB vir

zřejmě FB vir

Re: zřejmě FB vir

Re: zřejmě FB vir

Re: zřejmě FB vir

Re: zřejmě FB vir

Re: zřejmě FB vir

Re: zřejmě FB vir

Re: zřejmě FB vir

Re: zřejmě FB vir

Re: zřejmě FB vir

Re: zřejmě FB vir

Re: zřejmě FB vir

Re: zřejmě FB vir

Re: zřejmě FB vir

Re: zřejmě FB vir